Hello. Uses... Good Morning... So long back I mailing to Users List. I ownning two openser System are Linux... one is Fedora core 5. other is RedHat AS 4. I don't have any problem in Fedora core 5 while installing the FreeRadius1.1.3 , it working fine and clear When I using RHEL AS 4 with mysql database + FreeRadius. Problem... is below.... rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. -- Thanks and Regards Ravi Prakash Sunkara ravi.sunkara@hyperion-tech.com M:+91 9985077535 O:+91 40 23114549 F:+91 40 40208727 ravi.sunkara@hyperion-tech.com www.hyperion-tech.com
So we've been using FreeRADIUS talking to ActiveDirectory to authenticate our WinXP clients (Over 2000) for over a year now. Along comes Vista. Of COURSE it doesn't work. Microsoft changed something, and it broke a working config. Arrg. I'm attaching 2 debug outputs. The first is my working XP client. The second is Vista My (amatuer) analyis, (Aka my gut) is that Vista is Doing something in TLS, not PEAP. (I don't see my mschap module fire). Any thoughts on how to fix this? <------START OF XP CLIENT ---------> [root@radius1 mking]# /usr/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 768000 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:Us er-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "NULL" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/radius1.campus.bridgew.edu.key.pem" tls: certificate_file = "/etc/raddb/certs/radius1.campus.bridgew.edu.cer" tls: CA_file = "/etc/raddb/certs/Equifax_Secure_Certificate_Authority.cer" tls: private_key_password = "d0wnh1ll" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = yes peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m% d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.12:32769, id=35, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0202000e014253435c6d6b696e67 Message-Authenticator = 0x18bad9509bea192f1f4d2e6cabe5fbc7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 35 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdd27246a212e89aaebc5b72fb9b697b8 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=36, length=295 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0203007019800000006616030100610100005d03014523cca83a934082a3d7aaabd56a 7e60acbcb90646b0dde430726311381c2054201b953ad54d18bb269ea1630db140a3d975 e07b2d8a4884876ca5d83dc847ad57001600040005000a00090064006200030006001300 1200630100 State = 0xdd27246a212e89aaebc5b72fb9b697b8 Message-Authenticator = 0xe441f73fad7c493a0125ae2333e567d7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 36 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010403991900160301004a0200004603014523cca87e13d41fd13157d3e656fd7ce400 8b40ad683913b06fe7f886f60ec620445b2c7dd1811d50b1da26e1adbcc22a4fbfcae186 d07b7a989590c3bfc1339b00040016030103360b00033200032f00032c30820328308202 91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504 0613025553311c301a060355040a1313457175696661782053656375726520496e632e31 2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573 696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131 3534 EAP-Message = 0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373 616368757365747473311430120603550407130b42726964676577617465723122302006 0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06 0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d 7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d 0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74 36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d a8f1 EAP-Message = 0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30 81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78 8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470 3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63 726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30 1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d 1301 EAP-Message = 0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d 093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28 fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad 70695ee86ba8969fc9dc16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x22f42e8ec709eb9da8340b9a3a91e77b Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=37, length=375 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020400c01980000000b61603010086100000820080b00826875e5f5223a1a37a281d44 c8e05279730c295ebf4b0421b478f18a76b11d8ad58350d03dc0cf3dfe898eda4db0227c 8a0cb4881ea154676dc1bc2607516596648f5886eb623937b4508f41998b9f9c41d998b5 0919aecb6e286870c069f05f647ae250bc29baa90c549898ecb9adab7cfabb6ff066860a 15483bddb7ff14030100010116030100209f794546ee96366e4bec04efe5d699a99af715 d821757a86547a4960cac7ece4 State = 0x22f42e8ec709eb9da8340b9a3a91e77b Message-Authenticator = 0xbfc4493bee43c8b17c5fcb296074fa5e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 37 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0105003119001403010001011603010020657f175ee851a17e47b8370a16c83f56e223 7231f9da8b2d742d13dcf5b60412 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe72afea6ae1b1106e28b50b5a234d821 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=38, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020500061900 State = 0xe72afea6ae1b1106e28b50b5a234d821 Message-Authenticator = 0xa000f76900978cb8e0299c9785c1af4a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 38 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0106002019001703010015668895618d671026da3ce4284abadfb7ba0d622265 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40842ac5d2185a145a6dded75c395891 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=39, length=220 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020600251900170301001ab9b9562dab411f3e221fce21b27356b6a81cc3d8dc9f6d05 0af4 State = 0x40842ac5d2185a145a6dded75c395891 Message-Authenticator = 0x233111fbb57c67a85c4506cb651aa292 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 37 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - BSC\mking rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of BSC\mking PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to BSC\mking Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 39 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0107003a1900170301002f53ddb355b62c8a974d27b55d413157c8bc784f6c6a2be021 ec7abf02d3c33cc13c1666dc2a69c2a41f938b9d46f9dd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6170888e754102b293f0ea1424b17dc5 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=40, length=274 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207005b1900170301005019ce70863e79cb5dbae09fb721189e4d4ea25b6cbbfdec38 b936130205e6ecb5b91676b602a75ca1d77501a78af60884b7e2f120ae314fbf13975043 85959959cf50df946bb0341b98e42b469f639d72 State = 0x6170888e754102b293f0ea1424b17dc5 Message-Authenticator = 0x71db7dc82070cf0a374c2f05c7588284 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 91 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to BSC\mking PEAP: Adding old state with 18 c2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 68 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 5 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 36 radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --username=mking --challenge=4b7e7c1327afd20a --nt-response=e8040c080b7aa291f9ef0cfc52c741ea00b916b84ca45703' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=mking --challenge=4b7e7c1327afd20a --nt-response=e8040c080b7aa291f9ef0cfc52c741ea00b916b84ca45703 Exec-Program output: NT_KEY: 432E7C7653E43A57B7502B878B41AAD1 Exec-Program-Wait: plaintext: NT_KEY: 432E7C7653E43A57B7502B878B41AAD1 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 5 modcall: leaving group MS-CHAP (returns ok) for request 5 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 40 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0108004a1900170301003fa4cb48586e6559c4b9225d510d62d2daf87c17e6a18d50b7 2f94fcdbbf242f8939a41b04487f058d4cece2ebaf221df6ea6d78b4592e841e98ac1e75 b2b44d Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbdb4287d4fcfed4285d67494311d9ec1 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=41, length=212 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0208001d19001703010012c7f11eb2ab25ff1c379f33f2d3ab9c525429 State = 0xbdb4287d4fcfed4285d67494311d9ec1 Message-Authenticator = 0xc6730f2e83c68e118bd46a61da66edee Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 29 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to BSC\mking PEAP: Adding old state with 38 c5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 6 modcall: leaving group authenticate (returns ok) for request 6 Login OK: [BSC\\mking] (from client localhost port 0) PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS Saving tunneled attributes for later modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 41 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010900261900170301001bcd47d72fba75f3a316d1f9e72d4695596bab33629c6e4be0 6afddb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566a370221ef6b6aaefb3168e88b9acf Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=42, length=221 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020900261900170301001be7382138771e3eaacab08a10eef0c5dc919259a0defd75e6 19fd7d State = 0x566a370221ef6b6aaefb3168e88b9acf Message-Authenticator = 0xecd5358b3160401c2dabaae043286b09 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success Using saved attributes from the original Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 7 modcall: leaving group authenticate (returns ok) for request 7 Login OK: [BSC\\mking] (from client BUWiSM-1-2 port 29 cli 00-90-96-F4-2A-BB) Sending Access-Accept of id 42 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User User-Name = "BSC\\mking" MS-MPPE-Recv-Key = 0xc591ba3b08ad50131cfea98b977435acf2f1a67b8fa24bdc0f714f14a206dd4d MS-MPPE-Send-Key = 0x634a3e2ae5d2af29bb76b02f332a2ea216f4ee26a99beecf7d7de7e0d50fbbef EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 7 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 35 with timestamp 4523cca8 Cleaning up request 1 ID 36 with timestamp 4523cca8 Cleaning up request 2 ID 37 with timestamp 4523cca8 Cleaning up request 3 ID 38 with timestamp 4523cca8 Cleaning up request 4 ID 39 with timestamp 4523cca8 Cleaning up request 5 ID 40 with timestamp 4523cca8 Cleaning up request 6 ID 41 with timestamp 4523cca8 Cleaning up request 7 ID 42 with timestamp 4523cca8 Nothing to do. Sleeping until we see a request. <-------END OF XP CLIENT -----------> <-------Start of VISTA RC1----------> reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 768000 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "NULL" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/radius1.campus.bridgew.edu.key.pem" tls: certificate_file = "/etc/raddb/certs/radius1.campus.bridgew.edu.cer" tls: CA_file = "/etc/raddb/certs/Equifax_Secure_Certificate_Authority.cer" tls: private_key_password = "d0wnh1ll" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = yes peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.21:32769, id=19, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0206000e014253435c6d6b696e67 Message-Authenticator = 0x5335b5f1f1ea4714697ae8dab52086b6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 6 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 19 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010700061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x685d4c4ca48a8233080cf58401d7f9f1 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=20, length=303 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207007819800000006e16030100690100006503014523c425e392cdb6ab121e80093b 9f9e81b904340ed9459e4a41a2e2c44f4131000018002f00350005000ac009c00ac013c0 140032003800130004010000240000000e000c0000096273635c6d6b696e67000a000800 06001700180019000b00020100 State = 0x685d4c4ca48a8233080cf58401d7f9f1 Message-Authenticator = 0xf51ef72168597a5bb9c45304b987a595 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 7 length 120 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0069], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 20 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010803991900160301004a0200004603014523c42a153a389c33027a20676704673a54 28622b7c411ef7ef6d8f5f6744c820883f844c82333b95bbe6fb4eb98efeed7eed2c38c2 b3746ab33ba56acb4c5d69002f0016030103360b00033200032f00032c30820328308202 91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504 0613025553311c301a060355040a1313457175696661782053656375726520496e632e31 2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573 696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131 3534 EAP-Message = 0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373 616368757365747473311430120603550407130b42726964676577617465723122302006 0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06 0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d 7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d 0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74 36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d a8f1 EAP-Message = 0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30 81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78 8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470 3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63 726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30 1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d 1301 EAP-Message = 0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d 093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28 fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad 70695ee86ba8969fc9dc16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x12327d378a2b18e3dd3ed523aa62dd08 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=21, length=391 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020800d01980000000c61603010086100000820080a87da54999f079929063349f032a 8a5a70b5fe0a1808e34eaba4fff373fbe1cdda56af08f2f68aa10b5eb3690c4515f91660 b8320cd4d230e81b92515f4382569ada6bc8c077edff05fa72ef5fe36ad5025be16c510d 0d2c006f2423caa75d09b656c43edbdb1e035db2df2ef6367dc57c19605ecde7ac426ec8 10bc6179e61714030100010116030100303ae0192650047990238171481911ea4e9feddd 9623823978c81932b8991093f215abe8cc995678ca1cd047067014bfde State = 0x12327d378a2b18e3dd3ed523aa62dd08 Message-Authenticator = 0xe1f28c4f2db04be118f2f239a24d1a60 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 8 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 21 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x01090041190014030100010116030100309270ea6a0446f0123968db15e799d133de68 74d37fc4e465b2b158a0af023355f67c1bcfdfd3b55d4f41d9c315d2d4df Message-Authenticator = 0x00000000000000000000000000000000 State = 0x164cccd238c56b132a51201da9f606d2 Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 19 with timestamp 4523c42a Cleaning up request 1 ID 20 with timestamp 4523c42a Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 21 with timestamp 4523c42c Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.1.21:32769, id=22, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207000e014253435c6d6b696e67 Message-Authenticator = 0xa45c092bec3fa1f4a01ddd4a480353b2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 7 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 22 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010800061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7512e981ebfc531f0453b252179fb4a Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=23, length=303 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0208007819800000006e16030100690100006503014523c43a3bc16251e53783fce1a3 50bd27fc7b398f058ab700263b38fc84f224000018002f00350005000ac009c00ac013c0 140032003800130004010000240000000e000c0000096273635c6d6b696e67000a000800 06001700180019000b00020100 State = 0xb7512e981ebfc531f0453b252179fb4a Message-Authenticator = 0x4037dd061564388d985a7b15ecc94b3d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 8 length 120 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0069], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 23 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010903991900160301004a0200004603014523c43eff68a98755cb6584a2b320e55922 67754654e2e6b77e03123132255f200e707d292a2df0d266a16ff167e9388a81e1e000e6 b47e75fc69d66565e0b3b9002f0016030103360b00033200032f00032c30820328308202 91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504 0613025553311c301a060355040a1313457175696661782053656375726520496e632e31 2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573 696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131 3534 EAP-Message = 0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373 616368757365747473311430120603550407130b42726964676577617465723122302006 0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06 0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d 7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d 0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74 36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d a8f1 EAP-Message = 0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30 81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78 8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470 3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63 726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30 1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d 1301 EAP-Message = 0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d 093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28 fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad 70695ee86ba8969fc9dc16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x226dfc6025ceb41b405771a775872a0d Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=24, length=391 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020900d01980000000c61603010086100000820080788fe72ca8e92cf7aa5e1e9f6f4b a60be146ea01584bd65bde54340dfa90fc4103649b79a7af29527cd8e184a8ce2a5573d8 fe3a5d43ba54e2f595395c346262ca361c32cb98c372150af150fe43513e3796caddc08d 4d0dcad0f565a1c97077d49d493f68e838fa2253619e48eb520b29203b52b3a193576fce d8fbc9f6b202140301000101160301003059c9797e6fb369c06f076d0590caaa9cb8fdb1 6c4b0265ae88ea00b72cb1bf7fa5c24092b4b99fb81359264d323f895c State = 0x226dfc6025ceb41b405771a775872a0d Message-Authenticator = 0x4824add87ee247a89d31119669853a91 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 9 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 24 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010a004119001403010001011603010030e17abef72a1ea429834c869af1cfdacc591d c30a1dcaf3191eb11fcec9903709f065ecbb06360629c2a5da0e6c960790 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5ee10f39ff5d320a1966aeecffc1aef0 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=25, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020a00061900 State = 0x5ee10f39ff5d320a1966aeecffc1aef0 Message-Authenticator = 0xffd54fd01e3da0ecca0dc8c5e1ace252 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 10 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 25 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010b0050190017030100205a5b803b9936c9d7bc7bc1084668793262e8d92d5e9ab457 15a83905f499096d1703010020e1587586b0b2b020e4db4fe2e8ddc9f358dd65c45b41dc 3a4cb34437dadbffb6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6c277512990ce2e77f1b6a6f7b139385 Finished request 6 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 22 with timestamp 4523c43e Cleaning up request 4 ID 23 with timestamp 4523c43e Cleaning up request 5 ID 24 with timestamp 4523c43e Cleaning up request 6 ID 25 with timestamp 4523c43e Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.1.12:32769, id=9, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-03-30:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0202000e014253435c6d6b696e67 Message-Authenticator = 0xaf30e5052f2b362edac7d70e0ddabc3b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 2 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 9 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x71a759e20d229ec649d03cb02a88c9bc Finished request 7 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=10, length=335 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-03-30:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0203009819800000008e16030100890100008503014523c445c234dcb17883e1aa617a 83e3ed34a8f7d49fab119022f6ca86585db4200e707d292a2df0d266a16ff167e9388a81 e1e000e6b47e75fc69d66565e0b3b90018002f00350005000ac009c00ac013c014003200 3800130004010000240000000e000c0000096273635c6d6b696e67000a00080006001700 180019000b00020100 State = 0x71a759e20d229ec649d03cb02a88c9bc Message-Authenticator = 0x5a506d41bed77e362ea926f83b6db987 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 3 length 152 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0089], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read finished A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 10 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010400901900160301004a0200004603014523c44a7fd79f4548d9e376cd1a840f6239 08f7197de10c620c61dd470dce50200e707d292a2df0d266a16ff167e9388a81e1e000e6 b47e75fc69d66565e0b3b9002f0014030100010116030100304a718eb2b0428f0e39c83f 6c57c2a7ef44bffa928150bea6b0ad7c357740929d572fc96e7436ba17e9606093fe9a17 94 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x72bf131469256926f84c3cee3835349d Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 7 ID 9 with timestamp 4523c446 Waking up in 4 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=11, length=252 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-03-30:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0204004519800000003b14030100010116030100308888f68e6cf6de9c3653fdf6eed3 f2f0f341a6353fb6afb9fd6561fb1229bb07e79157e621d848fd988869da8bb98d41 State = 0x72bf131469256926f84c3cee3835349d Message-Authenticator = 0x1b607d95cc089995e6f435db18f0b317 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 4 length 69 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 9 modcall: leaving group authenticate (returns reject) for request 9 auth: Failed to validate the user. Login incorrect: [BSC\\mking] (from client BUWiSM-1-2 port 29 cli 00-13-02-1B-4F-01) Delaying request 9 for 1 seconds Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 10 with timestamp 4523c44a Sending Access-Reject of id 11 to 10.0.1.12 port 32769 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 9 ID 11 with timestamp 4523c44e Nothing to do. Sleeping until we see a request. <---END OF VISTA RC1 --->
"King, Michael" <MKing@bridgew.edu> wrote:
So we've been using FreeRADIUS talking to ActiveDirectory to authenticate our WinXP clients (Over 2000) for over a year now. Along comes Vista. Of COURSE it doesn't work. Microsoft changed something, and it broke a working config. Arrg.
Try: http://www.striker.ottawa.on.ca/~aland/vista.patch You'll have to re-build & re-install the EAP module (you don't need to touch the rest of the server). It won't help, but it will print out a little more information. We'll probably have to do a few cycles before it's tracked down, though.
My (amatuer) analyis, (Aka my gut) is that Vista is Doing something in TLS, not PEAP. (I don't see my mschap module fire).
The TLS tunnel is set up, BUT vista is doing something slightly different that confuses FreeRADIUS, so FreeRADIUS doesn't continue the EAP conversation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
-----Original Message----- Try: http://www.striker.ottawa.on.ca/~aland/vista.patch You'll have to re-build & re-install the EAP module (you don't need to touch the rest of the server). It won't help, but it will print out a little more information. We'll probably have to do a few cycles before it's tracked down, though. How do I "re-build & re-install the EAP module"? I originally installed from a self-made debian package.
Hi,
How do I "re-build & re-install the EAP module"? I originally installed from a self-made debian package.
apply the patch to the source code that you built your self-made debian package from and then redo the package build. it'll build freeradius with the new code in the EAP module. alan
Things didn't work so hot. :-( Seg Fault I created the vista.patch file by pasting the file you referenced into a vi session. I moved it into freeradius-1.1.3 I used the command: patch -p0 <vista.patch Which gave me a success. (Well two of them for each file) I recreated my .deb file and installed it. Let me know if I did this wrong. This is the Debug output. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1280000 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response} " Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.privkey.pem" tls: certificate_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.cer" tls: CA_file = "/etc/freeradius/certs/IPS-IPSCABUNDLE.CRT" tls: private_key_password = "(null)" tls: dh_file = "/etc/freeradius/certs/dh" tls: random_file = "/etc/freeradius/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.21:32769, id=0, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-64-E4-F0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0206000e014253435c6d6b696e67 Message-Authenticator = 0xa5e27d90fab88cf37d33c3fd649716b0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 6 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 VISTA[eap_compose:475]: reply->id 6 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:522]: Setting EAP type to 25 VISTA[eap_compose:526]: eap->request->code 1 VISTA[eap_compose:527]: eap->request->type.type 25 Segmentation fault
Just to double check that I didn't cut paste wrong, I wget'd the file from your server, repatched, recompiled, and reinstalled. Same seg fault, at same place. rlm_eap_tls: Start returned 1 VISTA[eap_compose:475]: reply->id 6 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:522]: Setting EAP type to 25 VISTA[eap_compose:526]: eap->request->code 1 VISTA[eap_compose:527]: eap->request->type.type 25 Segmentation fault
"King, Michael" <MKing@bridgew.edu> wrote:
Things didn't work so hot. :-( Seg Fault
Arg. I'll go back and poke the patch again. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Just reading thru the deployingradius.com pages.... On page: http://deployingradius.com/documents/configuration/active_directory.html You reference the krb5.conf file like this: [realms] ... realm.company.com = { kdc = nt-server-hostname.company.com } ... However, someone on the list once pointed out that this is a more robust approach (assuming your DNS infrastructure is solid). The objective is to have the server lookup the realms via DNS as opposed to having a statically linked server (that could be taken offline for maintenance) # more krb5.conf [libdefaults] default_realm = EXAMPLE.COM dns_lookup_kdc = on [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM # And like wise, the smb.conf file would changed as well. # Change this for the workgroup/NT-domain name your Samba server will part of workgroup = EXAMPLE #Domain ShortName if different realm = EXAMPLE.COM #Server string is the equivalent of the NT Description field server string = %h server (Samba %v) security = ADS encrypt passwords = true password server = * Granted, the above configs are for a single domain authentication source. (utilizing the default realm, I believe, instead of a named realm) But the concept of DNS resolving the password-server should apply.
Not to rude, have you had a chance to poke that Patch again? -----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, October 04, 2006 6:54 PM To: FreeRadius users mailing list Subject: Re: Windows Vista doing PEAP "King, Michael" <MKing@bridgew.edu> wrote:
Things didn't work so hot. :-( Seg Fault
Arg. I'll go back and poke the patch again. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"King, Michael" <MKing@bridgew.edu> wrote:
Not to rude, have you had a chance to poke that Patch again?
Reload it from the same URL as last time. If it still crashes, see doc/bugs. I don't see how it can crash at all, so the crash looks like a symptom of another issue. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Ok... It segfaulted again. I'm trying to follow the directions in the doc/bugs folder. It says to compile with --enable-developer. In the debian rules file, it has stamp-build: stamp-patch dh_testdir # dh_testroot ./configure \ $(confflags) \ --config-cache \ --prefix=/usr \ --exec-prefix=/usr \ --mandir=$(mandir) \ --sysconfdir=/etc \ --libdir=$(libdir) \ --datadir=/usr/share \ --localstatedir=/var \ --with-raddbdir=$(raddbdir) \ --with-logdir=/var/log/$(package) \ --with-system-libtool --disable-ltdl-install \ --with-large-files --with-udpfromto --with-edir \ --enable-strict-dependencies \ --enable-developer \ ${buildssl} I'm assuming it built it that way. Anways, here's what I got following those direcitons (Which is what leads me to think the symbols go stripped) Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1077729984 (LWP 14568)] 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 14568) 0x4018675b in strlen () from /lib/tls/libc.so.6 Thread 1 (Thread 1077729984 (LWP 14568)): #0 0x4018675b in strlen () from /lib/tls/libc.so.6 No symbol table info available. #1 0x4015a064 in vfprintf () from /lib/tls/libc.so.6 No symbol table info available. #2 0x40178161 in vsnprintf () from /lib/tls/libc.so.6 No symbol table info available. #3 0x08051805 in vradlog () No symbol table info available. #4 0x08051a4f in log_debug () No symbol table info available. #5 0x40403a08 in eap_compose () from /usr/lib/freeradius/rlm_eap-1.1.3.so No symbol table info available. #6 0x40402cbc in ?? () from /usr/lib/freeradius/rlm_eap-1.1.3.so No symbol table info available. #7 0x08165ec0 in ?? () No symbol table info available. #8 0x404053b5 in ?? () from /usr/lib/freeradius/rlm_eap-1.1.3.so No symbol table info available. #9 0x00000155 in ?? () No symbol table info available. #10 0x40059714 in ?? () from /usr/lib/freeradius/libradius-1.1.3.so No symbol table info available. #11 0x4005a424 in ?? () from /usr/lib/freeradius/libradius-1.1.3.so No symbol table info available. #12 0x4005addc in ?? () from /usr/lib/freeradius/libradius-1.1.3.so No symbol table info available. #13 0x00000000 in ?? () No symbol table info available. -----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, October 06, 2006 4:37 PM To: FreeRadius users mailing list Subject: Re: Windows Vista doing PEAP "King, Michael" <MKing@bridgew.edu> wrote:
Not to rude, have you had a chance to poke that Patch again?
Reload it from the same URL as last time. If it still crashes, see doc/bugs. I don't see how it can crash at all, so the crash looks like a symptom of another issue. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi On 10/10/06, King, Michael <MKing@bridgew.edu> wrote:
I'm assuming it built it that way.
Anways, here's what I got following those direcitons (Which is what leads me to think the symbols go stripped)
If you look at or around line 188, there should be dh_strip, which normally does live up to its name, i.e. stripping binaries off what it considers "unneeded symbols". For building a "debugging" package let DEB_BUILD_OPTIONS contain "nostrip". Uh, on a side note the ifeq/endif construct around seems unneeded to me, as dh_strip should honor "nostrip" internally. regards K. Hoercher
I'm still a little green at this stuff: How do I add nostrip to DEB_BUILD_OPTIONS? Do I define it in the rules file? I found a reference on google to doing: DEB_BUILD_OPTIONS="set options here" fakeroot debian/rules binary -----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of K. Hoercher Sent: Wednesday, October 11, 2006 2:06 AM To: FreeRadius users mailing list Subject: Re: Windows Vista doing PEAP Hi On 10/10/06, King, Michael <MKing@bridgew.edu> wrote:
I'm assuming it built it that way.
Anways, here's what I got following those direcitons (Which is what leads me to think the symbols go stripped)
If you look at or around line 188, there should be dh_strip, which normally does live up to its name, i.e. stripping binaries off what it considers "unneeded symbols". For building a "debugging" package let DEB_BUILD_OPTIONS contain "nostrip". Uh, on a side note the ifeq/endif construct around seems unneeded to me, as dh_strip should honor "nostrip" internally. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sometimes, the answer in not on the first 5 pages of google.... http://lists.cistron.nl/pipermail/freeradius-devel/2004-May/007186.html Raimund Sacherer wrote:
is there an easy way to create a package (i use the debian package management) with the files for debugging instead of the stripped once?
Copy the following line in your shell: DEB_BUILD_OPTIONS=nostrip fakeroot dpkg-buildpackage -- Nicolas Baradakis -----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of K. Hoercher Sent: Wednesday, October 11, 2006 2:06 AM To: FreeRadius users mailing list Subject: Re: Windows Vista doing PEAP Hi On 10/10/06, King, Michael <MKing@bridgew.edu> wrote:
I'm assuming it built it that way.
Anways, here's what I got following those direcitons (Which is what leads me to think the symbols go stripped)
If you look at or around line 188, there should be dh_strip, which normally does live up to its name, i.e. stripping binaries off what it considers "unneeded symbols". For building a "debugging" package let DEB_BUILD_OPTIONS contain "nostrip". Uh, on a side note the ifeq/endif construct around seems unneeded to me, as dh_strip should honor "nostrip" internally. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan, here is your requested capture. This was with RC1 I will be reattempting with RC2 in a little bit. rad2:~# gdb /usr/sbin/freeradius GNU gdb 6.4.90-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) set logging file gdb-radiusd.log (gdb) set logging on Copying output to gdb-radiusd.log. (gdb) set args -X (gdb) run Starting program: /usr/sbin/freeradius -X [Thread debugging using libthread_db enabled] [New Thread 1077729984 (LWP 5747)] Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1280000 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response} " Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.privkey.pem" tls: certificate_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.cer" tls: CA_file = "/etc/freeradius/certs/IPS-IPSCABUNDLE.CRT" tls: private_key_password = "(null)" tls: dh_file = "/etc/freeradius/certs/dh" tls: random_file = "/etc/freeradius/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.12:32769, id=5, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207000e014253435c6d6b696e67 Message-Authenticator = 0x18f6d0ae922dccd017b54b43a311261e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 7 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 7 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1077729984 (LWP 5747)] 0x4018675b in strlen () from /lib/tls/libc.so.6 (gdb) Quit (gdb) info threads * 1 Thread 1077729984 (LWP 5747) 0x4018675b in strlen () from /lib/tls/libc.so.6 (gdb) thread apply all bt full Thread 1 (Thread 1077729984 (LWP 5747)): #0 0x4018675b in strlen () from /lib/tls/libc.so.6 No symbol table info available. #1 0x4015a064 in vfprintf () from /lib/tls/libc.so.6 No symbol table info available. #2 0x40178161 in vsnprintf () from /lib/tls/libc.so.6 No symbol table info available. #3 0x08051805 in vradlog (lvl=-1073760262, fmt=0x40405cdf "VISTA[%s:%d]: rcode %d", ap=0xbfffd824 "\003") at log.c:132 s = <value optimized out> timeval = 1160589116 msgfd = (FILE *) 0xbfffb6ac p = <value optimized out> buffer = "Wed Oct 11 13:51:56 2006\n: Debug: VISTA[eap_compose:523]: Setting EAP type\n\00025\n\000e 0\n\000ct 11 13:51:56 2006 : Debug: VISTA[eap_authenticate:341]: here\n\000\200\001@=¹ÿ¿4¯\027@ô\217$@ \223$@ÀÚ<@¨¸ÿ¿ô\217$@ \223$@¨¸ÿ¿\002\005\027@ \223$@È\204\006\b"... #4 0x08051a4f in log_debug (msg=0x40405cdf "VISTA[%s:%d]: rcode %d") at log.c:205 ap = 0xbfffd824 "\003" r = 3 #5 0x40403a08 in eap_compose (handler=0x8165ee0) at eap.c:610 eap_len = 0 len = <value optimized out> eap_msg = <value optimized out> vp = <value optimized out> eap_packet = <value optimized out> ptr = (unsigned char *) 0x8176758 "\001\b" request = (REQUEST *) 0x81641a8 eap_ds = <value optimized out> reply = (EAP_PACKET *) 0x8165f60 rcode = 3 __FUNCTION__ = "eap_compose" #6 0x40402cbc in eap_authenticate (instance=0x814ddd8, request=0x81641a8) at rlm_eap.c:342 vp = <value optimized out> handler = (EAP_HANDLER *) 0x8165ee0 eap_packet = (eap_packet_t *) 0x0 rcode = <value optimized out> __FUNCTION__ = "eap_authenticate" #7 0x08055ad8 in modcall (component=0, c=0x815ea00, request=0x81641a8) at modcall.c:236 myresult = 0 #8 0x0805617c in call_one (component=3, p=0x40157393, request=0x3, priority=0xbfffd974, result=0xbfffd978) at modcall.c:269 r = <value optimized out> #9 0x08055cca in modcall (component=0, c=0x815e6a8, request=0x81641a8) at modcall.c:324 g = (modgroup *) 0x815e6a8 myresult = 0 #10 0x08053d2e in indexed_modcall (comp=0, idx=1075147667, request=0x81641a8) at modules.c:469 this = (indexed_modcallable *) 0x8159710 #11 0x0804ce93 in rad_check_password (request=0x81641a8) at auth.c:367 dval = (DICT_VALUE *) 0x3 auth_type_pair = <value optimized out> cur_config_item = <value optimized out> password_pair = (VALUE_PAIR *) 0x0 auth_item = <value optimized out> string = "\005\bðP\006\b\005@\006\b@w\a\bàL\006\b\000\000\000\000ô_\001@¡º\022@\000\000\000\000¨b\004@\002\000\000\000\aVF@ `\001@ô_\001@¡º\022@</-EÈ\204\006\b\nM\006\bÐu\a\bXÚÿ¿O\032\005\b\001\000\000\000PP\006\bdÚÿ¿|a\005\b\001\000\000\000H\025\026\b¨A\026\bÈ\204\006\bdÚÿ¿È\204\006\b¸Úÿ¿\\]\005\bPP\006\bk6\006\bÐu\a\b\nM\006\b\000\000\000\000|f\000@</-E¨Úÿ¿¤Úÿ¿\b\000\000\000¸Úÿ¿\220\221\025\b\001\000\000\000,H\006\b\000\000\000\000ô_\001@`m\004@\004\000"... auth_type = 6 result = <value optimized out> ---Type <return> to continue, or q <return> to quit--- auth_type_count = 1 #12 0x0804d3bf in rad_authenticate (request=0x81641a8) at auth.c:662 check_item = <value optimized out> vp = (VALUE_PAIR *) 0x40157393 namepair = (VALUE_PAIR *) 0x8164298 check_item = <value optimized out> reply_item = <value optimized out> auth_item = (VALUE_PAIR *) 0x0 module_msg = <value optimized out> tmp = (VALUE_PAIR *) 0x0 result = 3 r = <value optimized out> umsg = "çÿ¿çz\000@ çÿ¿Pf\001@\004\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000ô\217$@<\000\000\000 \223$@´æÿ¿\037¨\027@\n\000\000\000Øæÿ¿(±\027@ \223$@`çÿ¿ød\001@ ¡\004\b$É\b\b \227$\000\000\000\000\000\bçÿ¿-2\006@ð@\026\b\024\000\000\000hï\006@ \223$@\bçÿ¿9|\027@ \223$@hï\006@ \227$@\210T\026\b\210çÿ¿¶a\006@ð@\026\b\024\000\000\000\020\000\000\000\002\000\000\000D\232\005@¨b\004@ô_\001@ød\001@\001\000\000\000pçÿ¿é²\000@¤f\001@\000"... user_msg = <value optimized out> exec_program = <value optimized out> exec_wait = <value optimized out> seen_callback_id = <value optimized out> buf = "äúÿ¿\002\000\000\000\000\000\000\000ô_\001@üÿÿÿ\b\000\000\000¨ßÿ¿%¹\000@ðúÿ¿ÀgG@\000\000\000\000`m\004@äúÿ¿\002\000\000\000`;\026\b¨hG@äd\001@\b\000\000\000\213¸\000@ô\217$@À\\\001@`;\026\b\030àÿ¿\a¿!@ðúÿ¿\f=\026\b\001\000\000\000\000\000\000\000\b\211t$°´\000@\000\000\000\000ð\210\000@\223Ñ\027@¸:\026\b\001\000\000\200Nò\026@`åÿ¿`åÿ¿\000\000\000\000ô\217$@:È\006@\000\000\000\000ôåÿ¿\037o\025@\020æÿ¿:È\006@", '\0' <repeats 12 times>, " `\001@èj"... logstr = "`;\026\b\203fG@\000ãÿ¿\025\000\000\000\214Ûÿ¿\223Ñ\027@\000ãÿ¿\210T\026\bNò\026@¼È\006@¼È\006@\000\000\000\000ô\217$@»È\006@\001\000\000\000\210áÿ¿\037o\025@¬áÿ¿»È\006@\001\000\000\000\000\000\000\000\004\000\000\000`;\026\bèj\025@ø¨$@\020:\026\b`áÿ¿)\000\000\000ø¤$@ôàÿ¿@\"\000\000dÛ\000@\000\000\000\000\005\000\000\000\0000\000\000\000@\000\000\000\000\000\000Ð4\000\000@âÿ¿(\216$@â?\026\b-\000\000\000$Üÿ¿\223Ñ\027@â?\026\b\000\000\000\000ÿÿÿÿ\030\000\000\000¼È\006@¶È\006@"... autz_retry = 0 '\0' autz_type = <value optimized out> #13 0x08057347 in rad_respond (request=0x81641a8, fun=0x804d150 <rad_authenticate>) at radiusd.c:1653 rcode = <value optimized out> packet = <value optimized out> original = <value optimized out> secret = 0x81641cc "d0wnh1ll" finished = <value optimized out> reprocess = <value optimized out> #14 0x080591f6 in main (argc=2, argv=0xbffffae4) at radiusd.c:1427 cl = <value optimized out> fun = (RAD_REQUEST_FUNP) 0x804d150 <rad_authenticate> request = (REQUEST *) 0x81641a8 packet = (RADIUS_PACKET *) 0x81640b0 secret = (u_char *) 0x81454c0 "d0wnh1ll" buffer = "*", '\0' <repeats 651 times>, "\221ü\000@", '\0' <repeats 12 times>, "\221ü\000@\000\000\000\000\000\220;@èëÿ¿0Î<@,íÿ¿åQ\000@,Î<@\000\000\000\000\004\000\000\000\022\b\000\000\a\000\000\000\000 \001\000\001\000\000\000ød\001@øëÿ¿û\206\000@ ¸'@°µ'@\023\000\000\000\001\000\000\000\\Ù)@°µ'@\000\000\000\000\0000\001\000d+\001\000d+\001\000\000\000\000\000\005\000\000\000\0000\001\000\000@\001\000,>\001\0000>\001\000,íÿ\000¨l\004@\034ìÿ¿YÀ\000@\211\233;@´l\004@ô_\001@hj\004@lH\021@\234îÿ¿|f\000"... readfds = {fds_bits = {128, 0 <repeats 31 times>}} argval = <value optimized out> pid = <value optimized out> max_fd = <value optimized out> status = <value optimized out> tv = (struct timeval *) 0x0 act = {__sigaction_handler = {sa_handler = 0x8057100 <sig_fatal>, sa_sigaction = 0x8057100 <sig_fatal>}, sa_mask = {__val = { 0 <repeats 32 times>}}, sa_flags = 0, sa_restorer = 0} listener = <value optimized out>
I got the same results as below with RC2. -----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of King, Michael Sent: Wednesday, October 11, 2006 1:56 PM To: FreeRadius users mailing list Subject: RE: Windows Vista doing PEAP Alan, here is your requested capture. This was with RC1 I will be reattempting with RC2 in a little bit. rad2:~# gdb /usr/sbin/freeradius GNU gdb 6.4.90-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) set logging file gdb-radiusd.log (gdb) set logging on Copying output to gdb-radiusd.log. (gdb) set args -X (gdb) run Starting program: /usr/sbin/freeradius -X [Thread debugging using libthread_db enabled] [New Thread 1077729984 (LWP 5747)] Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1280000 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response} " Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.privkey.pem" tls: certificate_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.cer" tls: CA_file = "/etc/freeradius/certs/IPS-IPSCABUNDLE.CRT" tls: private_key_password = "(null)" tls: dh_file = "/etc/freeradius/certs/dh" tls: random_file = "/etc/freeradius/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.12:32769, id=5, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207000e014253435c6d6b696e67 Message-Authenticator = 0x18f6d0ae922dccd017b54b43a311261e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 7 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 7 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1077729984 (LWP 5747)] 0x4018675b in strlen () from /lib/tls/libc.so.6 (gdb) Quit (gdb) info threads * 1 Thread 1077729984 (LWP 5747) 0x4018675b in strlen () from /lib/tls/libc.so.6 (gdb) thread apply all bt full Thread 1 (Thread 1077729984 (LWP 5747)): #0 0x4018675b in strlen () from /lib/tls/libc.so.6 No symbol table info available. #1 0x4015a064 in vfprintf () from /lib/tls/libc.so.6 No symbol table info available. #2 0x40178161 in vsnprintf () from /lib/tls/libc.so.6 No symbol table info available. #3 0x08051805 in vradlog (lvl=-1073760262, fmt=0x40405cdf "VISTA[%s:%d]: rcode %d", ap=0xbfffd824 "\003") at log.c:132 s = <value optimized out> timeval = 1160589116 msgfd = (FILE *) 0xbfffb6ac p = <value optimized out> buffer = "Wed Oct 11 13:51:56 2006\n: Debug: VISTA[eap_compose:523]: Setting EAP type\n\00025\n\000e 0\n\000ct 11 13:51:56 2006 : Debug: VISTA[eap_authenticate:341]: here\n\000\200\001@=¹ÿ¿4¯\027@ô\217$@ \223$@ÀÚ<@¨¸ÿ¿ô\217$@ \223$@¨¸ÿ¿\002\005\027@ \223$@È\204\006\b"... #4 0x08051a4f in log_debug (msg=0x40405cdf "VISTA[%s:%d]: rcode %d") at log.c:205 ap = 0xbfffd824 "\003" r = 3 #5 0x40403a08 in eap_compose (handler=0x8165ee0) at eap.c:610 eap_len = 0 len = <value optimized out> eap_msg = <value optimized out> vp = <value optimized out> eap_packet = <value optimized out> ptr = (unsigned char *) 0x8176758 "\001\b" request = (REQUEST *) 0x81641a8 eap_ds = <value optimized out> reply = (EAP_PACKET *) 0x8165f60 rcode = 3 __FUNCTION__ = "eap_compose" #6 0x40402cbc in eap_authenticate (instance=0x814ddd8, request=0x81641a8) at rlm_eap.c:342 vp = <value optimized out> handler = (EAP_HANDLER *) 0x8165ee0 eap_packet = (eap_packet_t *) 0x0 rcode = <value optimized out> __FUNCTION__ = "eap_authenticate" #7 0x08055ad8 in modcall (component=0, c=0x815ea00, request=0x81641a8) at modcall.c:236 myresult = 0 #8 0x0805617c in call_one (component=3, p=0x40157393, request=0x3, priority=0xbfffd974, result=0xbfffd978) at modcall.c:269 r = <value optimized out> #9 0x08055cca in modcall (component=0, c=0x815e6a8, request=0x81641a8) at modcall.c:324 g = (modgroup *) 0x815e6a8 myresult = 0 #10 0x08053d2e in indexed_modcall (comp=0, idx=1075147667, request=0x81641a8) at modules.c:469 this = (indexed_modcallable *) 0x8159710 #11 0x0804ce93 in rad_check_password (request=0x81641a8) at auth.c:367 dval = (DICT_VALUE *) 0x3 auth_type_pair = <value optimized out> cur_config_item = <value optimized out> password_pair = (VALUE_PAIR *) 0x0 auth_item = <value optimized out> string = "\005\bðP\006\b\005@\006\b@w\a\bàL\006\b\000\000\000\000ô_\001@¡º\022@\000\000\000\000¨b\004@\002\000\000\000\aVF@ `\001@ô_\001@¡º\022@</-EÈ\204\006\b\nM\006\bÐu\a\bXÚÿ¿O\032\005\b\001\000\000\000PP\006\bdÚÿ¿|a\005\b\001\000\000\000H\025\026\b¨A\026\bÈ\204\006\bdÚÿ¿È\204\006\b¸Úÿ¿\\]\005\bPP\006\bk6\006\bÐu\a\b\nM\006\b\000\000\000\000|f\000@</-E¨Úÿ¿¤Úÿ¿\b\000\000\000¸Úÿ¿\220\221\025\b\001\000\000\000,H\006\b\000\000\000\000ô_\001@`m\004@\004\000"... auth_type = 6 result = <value optimized out> ---Type <return> to continue, or q <return> to quit--- auth_type_count = 1 #12 0x0804d3bf in rad_authenticate (request=0x81641a8) at auth.c:662 check_item = <value optimized out> vp = (VALUE_PAIR *) 0x40157393 namepair = (VALUE_PAIR *) 0x8164298 check_item = <value optimized out> reply_item = <value optimized out> auth_item = (VALUE_PAIR *) 0x0 module_msg = <value optimized out> tmp = (VALUE_PAIR *) 0x0 result = 3 r = <value optimized out> umsg = "çÿ¿çz\000@ çÿ¿Pf\001@\004\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000ô\217$@<\000\000\000 \223$@´æÿ¿\037¨\027@\n\000\000\000Øæÿ¿(±\027@ \223$@`çÿ¿ød\001@ ¡\004\b$É\b\b \227$\000\000\000\000\000\bçÿ¿-2\006@ð@\026\b\024\000\000\000hï\006@ \223$@\bçÿ¿9|\027@ \223$@hï\006@ \227$@\210T\026\b\210çÿ¿¶a\006@ð@\026\b\024\000\000\000\020\000\000\000\002\000\000\000D\232\005@¨b\004@ô_\001@ød\001@\001\000\000\000pçÿ¿é²\000@¤f\001@\000"... user_msg = <value optimized out> exec_program = <value optimized out> exec_wait = <value optimized out> seen_callback_id = <value optimized out> buf = "äúÿ¿\002\000\000\000\000\000\000\000ô_\001@üÿÿÿ\b\000\000\000¨ßÿ¿%¹\000@ðúÿ¿ÀgG@\000\000\000\000`m\004@äúÿ¿\002\000\000\000`;\026\b¨hG@äd\001@\b\000\000\000\213¸\000@ô\217$@À\\\001@`;\026\b\030àÿ¿\a¿!@ðúÿ¿\f=\026\b\001\000\000\000\000\000\000\000\b\211t$°´\000@\000\000\000\000ð\210\000@\223Ñ\027@¸:\026\b\001\000\000\200Nò\026@`åÿ¿`åÿ¿\000\000\000\000ô\217$@:È\006@\000\000\000\000ôåÿ¿\037o\025@\020æÿ¿:È\006@", '\0' <repeats 12 times>, " `\001@èj"... logstr = "`;\026\b\203fG@\000ãÿ¿\025\000\000\000\214Ûÿ¿\223Ñ\027@\000ãÿ¿\210T\026\bNò\026@¼È\006@¼È\006@\000\000\000\000ô\217$@»È\006@\001\000\000\000\210áÿ¿\037o\025@¬áÿ¿»È\006@\001\000\000\000\000\000\000\000\004\000\000\000`;\026\bèj\025@ø¨$@\020:\026\b`áÿ¿)\000\000\000ø¤$@ôàÿ¿@\"\000\000dÛ\000@\000\000\000\000\005\000\000\000\0000\000\000\000@\000\000\000\000\000\000Ð4\000\000@âÿ¿(\216$@â?\026\b-\000\000\000$Üÿ¿\223Ñ\027@â?\026\b\000\000\000\000ÿÿÿÿ\030\000\000\000¼È\006@¶È\006@"... autz_retry = 0 '\0' autz_type = <value optimized out> #13 0x08057347 in rad_respond (request=0x81641a8, fun=0x804d150 <rad_authenticate>) at radiusd.c:1653 rcode = <value optimized out> packet = <value optimized out> original = <value optimized out> secret = 0x81641cc "d0wnh1ll" finished = <value optimized out> reprocess = <value optimized out> #14 0x080591f6 in main (argc=2, argv=0xbffffae4) at radiusd.c:1427 cl = <value optimized out> fun = (RAD_REQUEST_FUNP) 0x804d150 <rad_authenticate> request = (REQUEST *) 0x81641a8 packet = (RADIUS_PACKET *) 0x81640b0 secret = (u_char *) 0x81454c0 "d0wnh1ll" buffer = "*", '\0' <repeats 651 times>, "\221ü\000@", '\0' <repeats 12 times>, "\221ü\000@\000\000\000\000\000\220;@èëÿ¿0Î<@,íÿ¿åQ\000@,Î<@\000\000\000\000\004\000\000\000\022\b\000\000\a\000\000\000\000 \001\000\001\000\000\000ød\001@øëÿ¿û\206\000@ ¸'@°µ'@\023\000\000\000\001\000\000\000\\Ù)@°µ'@\000\000\000\000\0000\001\000d+\001\000d+\001\000\000\000\000\000\005\000\000\000\0000\001\000\000@\001\000,>\001\0000>\001\000,íÿ\000¨l\004@\034ìÿ¿YÀ\000@\211\233;@´l\004@ô_\001@hj\004@lH\021@\234îÿ¿|f\000"... readfds = {fds_bits = {128, 0 <repeats 31 times>}} argval = <value optimized out> pid = <value optimized out> max_fd = <value optimized out> status = <value optimized out> tv = (struct timeval *) 0x0 act = {__sigaction_handler = {sa_handler = 0x8057100 <sig_fatal>, sa_sigaction = 0x8057100 <sig_fatal>}, sa_mask = {__val = { 0 <repeats 32 times>}}, sa_flags = 0, sa_restorer = 0} listener = <value optimized out> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"King, Michael" <MKing@bridgew.edu> wrote:
I got the same results as below with RC2.
Arg. Dumb mistake. Try it now: http://striker.ottawa.on.ca/~aland/vista.patch Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Here we are: I did it twice. Funny it sent an access reject the second time. rad2:/home/mking# /usr/sbin/freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls rlm_eap: Loaded and initialized type ttls rlm_eap: Loaded and initialized type peap rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded files Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail Module: Instantiated detail (detail) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.12:32769, id=37, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0206000e014253435c6d6b696e67 Message-Authenticator = 0xd86aa0b0694586d016ce8de479a5df3d Sending Access-Challenge of id 37 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010700061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69ccaa28bda899693a071dbb5766bb67 rad_recv: Access-Request packet from host 10.0.1.12:32769, id=38, length=303 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207007819800000006e16030100690100006503014536b7440a2cfc7f2553bb613d14 8a50aee2b084dba6c0e069cdd49c1ba25e38000018002f00350005000ac009c00ac013c0 140032003800130004010000240000000e000c0000096273635c6d6b696e67000a000800 06001700180019000b00020100 State = 0x69ccaa28bda899693a071dbb5766bb67 Message-Authenticator = 0x77b7071561e8f89f2292714822c97c81 TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Sending Access-Challenge of id 38 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0108040a19c000000f9f160301004a0200004603014536b744459cc67caa3c275338cf 89ec322fe3fd145b616a5d6f5053244f3e64202b564bd9b017fe5f134fefac96d0f4018f 5aafda4f05d68e58d7d8f45e4e8c85002f001603010f420b000f3e000f3b00068d308206 89308205f2a0030201020203009187300d06092a864886f70d010105050030820112310b 3009060355040613024553311230100603550408130942617263656c6f6e613112301006 03550407130942617263656c6f6e6131293027060355040a132049505320436572746966 69636174696f6e20417574686f7269747920732e6c2e312e302c060355040a142567656e 6572 EAP-Message = 0x616c4069707363612e636f6d20432e492e462e2020422d423632323130363935312e30 2c060355040b1325697073434120434c41534541312043657274696669636174696f6e20 417574686f72697479312e302c06035504031325697073434120434c4153454131204365 7274696669636174696f6e20417574686f726974793120301e06092a864886f70d010901 161167656e6572616c4069707363612e636f6d301e170d3036303530343232313331345a 170d3038303530333232313331345a3081c3310b30090603550406130255533116301406 03550408130d4d617373616368757365747473311430120603550407130b427269646765 7761 EAP-Message = 0x74657231223020060355040a1319427269646765776174657220537461746520436f6c 6c656765311b3019060355040b131254656c65636f6d6d756e69636174696f6e73312030 1e06035504031317726164322e63616d7075732e627269646765772e6564753123302106 092a864886f70d010901161474656c65636f6d6d40627269646765772e65647530819f30 0d06092a864886f70d010101050003818d0030818902818100bafacc8f16e6686769b809 7698e2aeef926367d3d91ab2eb0110ca80f484c9c0ca3ce4eb11e92ffc968e9b585444c9 557738f9ae5839a7b1d10ece940548abb5def53f18be41dc5a5c83a0011481450cfeafcd 7a7e EAP-Message = 0xd7ff87eb7e1ca346ee2a361e8093b98ba19c272f43d213c7d3f58847e6709ef86714eb f0736a01d0f4c44d0203010001a38203373082033330090603551d130402300030110609 6086480186f8420101040403020640300b0603551d0f0404030203f830130603551d2504 0c300a06082b06010505070301301d0603551d0e04160414788bb22abb6e8a41d4a35b01 66a8047f0746d9b7301f0603551d230418301680140e0760d439c91b5b5d907b23c8d234 9d4a9a4639301f0603551d1104183016811474656c65636f6d6d40627269646765772e65 6475301c0603551d1204153013811167656e6572616c4069707363612e636f6d30720609 6086 EAP-Message = 0x480186f842010d046516634f7267616e697a6174696f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb0e7b24bb6a549f703e6650340d92a4c rad_recv: Access-Request packet from host 10.0.1.12:32769, id=39, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020800061900 State = 0xb0e7b24bb6a549f703e6650340d92a4c Message-Authenticator = 0x7ffa22c6238e953e88a2b69e3c86ebb5 Sending Access-Challenge of id 39 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0109040619406e20496e666f726d6174696f6e204e4f542056414c4944415445442e20 434c41534541312053657276657220436572746966696361746520697373756564206279 2068747470733a2f2f7777772e69707363612e636f6d2f302f06096086480186f8420102 0422162068747470733a2f2f7777772e69707363612e636f6d2f6970736361323030322f 304306096086480186f84201040436163468747470733a2f2f7777772e69707363612e63 6f6d2f6970736361323030322f697073636132303032434c41534541312e63726c304606 096086480186f84201030439163768747470733a2f2f7777772e69707363612e636f6d2f 6970 EAP-Message = 0x736361323030322f7265766f636174696f6e434c41534541312e68746d6c3f30430609 6086480186f84201070436163468747470733a2f2f7777772e69707363612e636f6d2f69 70736361323030322f72656e6577616c434c41534541312e68746d6c3f30410609608648 0186f84201080434163268747470733a2f2f7777772e69707363612e636f6d2f69707363 61323030322f706f6c696379434c41534541312e68746d6c3081830603551d1f047c307a 3039a037a0358633687474703a2f2f7777772e69707363612e636f6d2f69707363613230 30322f697073636132303032434c41534541312e63726c303da03ba0398637687474703a 2f2f EAP-Message = 0x7777776261636b2e69707363612e636f6d2f6970736361323030322f69707363613230 3032434c41534541312e63726c303206082b0601050507010104263024302206082b0601 05050730018616687474703a2f2f6f6373702e69707363612e636f6d2f300d06092a8648 86f70d0101050500038181002f3dd42c1e10181bdd0c69894e19e045c958fd430fc2fd52 9a6c0c19db08b7df43ee5b948d26f7dbcfe04d0ae488f7ecee9dbedc296722a33c0d0291 c1244aa67c913c4e2fe2cae9087971f71e42f5da2fb52f5288ed6d4ed3e5b47165d4ba89 fd3a37d2fd6de04ad2ac3bb0873f97626c50338a20d91ea129be3539037cf4e80005ea30 8205 EAP-Message = 0xe63082054fa0030201020203009018300d06092a864886f70d01010505003081a3310b 3009060355040613024553311230100603550408130942415243454c4f4e413112301006 03550407130942415243454c4f4e4131193017060355040a131049505320536567757269 64616420434131183016060355040b130f43657274696669636163696f6e657331173015 0603550403130e495053205345525649444f524553311e301c06092a864886f70d010901 160f697073406d61696c2e6970732e6573301e170d3031313233303133333631315a170d 3235313232393133333631315a30820112310b3009060355040613024553311230100603 5504 EAP-Message = 0x08130942617263656c6f6e61311230100603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8357e0ccc642d5dab7a0b32d125f5fa7 rad_recv: Access-Request packet from host 10.0.1.12:32769, id=40, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020900061900 State = 0x8357e0ccc642d5dab7a0b32d125f5fa7 Message-Authenticator = 0x2938e33032fff8ed5bd77da0a6bc94ae Sending Access-Challenge of id 40 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010a04061940550407130942617263656c6f6e6131293027060355040a132049505320 43657274696669636174696f6e20417574686f7269747920732e6c2e312e302c06035504 0a142567656e6572616c4069707363612e636f6d20432e492e462e2020422d4236323231 30363935312e302c060355040b1325697073434120434c41534541312043657274696669 636174696f6e20417574686f72697479312e302c06035504031325697073434120434c41 534541312043657274696669636174696f6e20417574686f726974793120301e06092a86 4886f70d010901161167656e6572616c4069707363612e636f6d30819f300d06092a8648 86f7 EAP-Message = 0x0d010101050003818d0030818902818100a6f57366361da32f4fad2ad8ef0ca64befa7 1bacf7f246171bb202ab3e11898c6aa80fd8631499d71fbcb22768026ef43089ebadeb41 dcb44206fa481f138c64df872dc714d4a783e4723b32ead34d793165050933812b6ee636 ad211133362b68cabe432c37b73d69163be59dbe32a7d5df4a80fcda7370aad928822f68 bbb10203010001a38202b4308202b0300c0603551d13040530030101ff30110609608648 0186f8420101040403020007300c0603551d0f0405030307ff80306b0603551d25046430 6206082b0601050507030106082b0601050507030206082b0601050507030306082b0601 0505 EAP-Message = 0x07030406082b06010505070308060a2b060104018237020115060a2b06010401823702 0116060a2b0601040182370a0301060a2b0601040182370a0304301d0603551d0e041604 140e0760d439c91b5b5d907b23c8d2349d4a9a46393081ba0603551d230481b23081afa1 81a9a481a63081a3310b3009060355040613024553311230100603550408130942415243 454c4f4e41311230100603550407130942415243454c4f4e4131193017060355040a1310 4950532053656775726964616420434131183016060355040b130f436572746966696361 63696f6e6573311730150603550403130e495053205345525649444f524553311e301c06 092a EAP-Message = 0x864886f70d010901160f697073406d61696c2e6970732e6573820100301c0603551d11 04153013811167656e6572616c4069707363612e636f6d30090603551d12040230003043 06096086480186f842010d04361634434c41534541312043412043657274696669636174 65206973737565642062792068747470733a2f2f7777772e6970732e65732f3022060960 86480186f84201020415161368747470733a2f2f7777772e6970732e65732f3073060355 1d1f046c306a3031a02fa02d862b68747470733a2f2f7777772e6970732e65732f63726c 2f6970735345525649444f52455363726c2e63726c3035a033a031862f68747470733a2f 2f77 EAP-Message = 0x77776261636b2e6970732e65732f63726c2f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x27772332b97662d44eab925226b00a00 rad_recv: Access-Request packet from host 10.0.1.12:32769, id=41, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020a00061900 State = 0x27772332b97662d44eab925226b00a00 Message-Authenticator = 0x7ff27de94c0993b8c54e1a52a8327424 Sending Access-Challenge of id 41 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010b03a519006970735345525649444f52455363726c2e63726c302f06082b06010505 07010104233021301f06082b060105050730018613687474703a2f2f6f6373702e697073 2e45532f300d06092a864886f70d01010505000381810027054a0c74c9145dc875c8deee 890c631e1f0184c702cb19d791c8dd3ecfb0c8f3f592b5548254621f32eb80a17d56f1e4 e7285926a47df0ca2d31c6c9f3709dc1cf5e26a4efb212e788e81985ed80e43902688763 a9133c6cf5456a22ce9656075fa6a3ee370a6e928b9e40de143019289390b7f3fcb54ef2 f7960ebb1094d40002bb308202b730820220020100300d06092a864886f70d0101040500 3081 EAP-Message = 0xa3310b3009060355040613024553311230100603550408130942415243454c4f4e4131 1230100603550407130942415243454c4f4e4131193017060355040a1310495053205365 6775726964616420434131183016060355040b130f43657274696669636163696f6e6573 311730150603550403130e495053205345525649444f524553311e301c06092a864886f7 0d010901160f697073406d61696c2e6970732e6573301e170d3938303130313233323130 375a170d3039313232393233323130375a3081a3310b3009060355040613024553311230 100603550408130942415243454c4f4e41311230100603550407130942415243454c4f4e 4131 EAP-Message = 0x193017060355040a13104950532053656775726964616420434131183016060355040b 130f43657274696669636163696f6e6573311730150603550403130e4950532053455256 49444f524553311e301c06092a864886f70d010901160f697073406d61696c2e6970732e 657330819f300d06092a864886f70d010101050003818d0030818902818100ac4f52749f 39ea8edc25c4bc985d986424093c21b3cc19b58e948e87d1f8373ea1c82d58a480355ba1 756c1d450c1f61636a5e6f9b0a4cc1c8b861233581fffeac78702d68e13a0798950254dd cd23b78053d7c8374572062412ba1361218a6e7528e0c50f34fd36d8457fe1b836efb3e1 c620 EAP-Message = 0x8ee8b438bce13ef611de8c9d010203010001300d06092a864886f70d01010405000381 81002cf3c3795824dec63bd1e04269b8ee64b33d6201b9b384df237ddd98cf10a9fe00d8 22960513075457c5a7decbd9b88842f699db14771fb6fe253de1a23e03a981d22d6c47f5 96468c22abc8cc0d0e975e8b41b43bc40a06401ddd46f401ddba822e3c3d78709e7c18d0 abf8b877074671f1ca0b635c6af97294d5014fa0db4216030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8b6d71ad223cb4870914b959e657bb0c rad_recv: Access-Request packet from host 10.0.1.12:32769, id=42, length=391 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020b00d01980000000c61603010086100000820080673a6636279d2c5c8c22af699f1d f35ecf5c09e73efca3cff461c0edc859f9fc56ef6eee0508281625ec70687e0eba7d03f7 31a3ffacbcba3d0394a6ad5140d649d406ad10c895967895f5b4a1e9032751a72ec21e69 3d5fb5e81c7e2f2dc18467335813d5d77a042b6e5f30d1244c4244fec78b3fa59f1016aa 624fa7eec2db140301000101160301003050d5ca2580382b01878c42d34438827cb788cb 3edafe9ca2a59d440de6e98774384e5382098fbf9b2a03a01c6f09bf86 State = 0x8b6d71ad223cb4870914b959e657bb0c Message-Authenticator = 0x55793a1999c24705362d06a4aa98c48b rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Sending Access-Challenge of id 42 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010c004119001403010001011603010030eb5d2fdedc3a87043cba211fa0137ba62638 c15bb5048074a87f849ee893f8ecc446b6ea17432247ae2af0567cd2c6cf Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80d904459b28d0a9783c8dda3c1c3914 rad_recv: Access-Request packet from host 10.0.1.12:32769, id=43, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020c00061900 State = 0x80d904459b28d0a9783c8dda3c1c3914 Message-Authenticator = 0x319a078de1ce901658966ac1123fd7f7 Sending Access-Challenge of id 43 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010d005019001703010020d3a98e46a7c60cb1fc37403e5c19b307ba16193159b94c30 124cbb0fb8a4dfe81703010020d44d20a541bdd96fdccb6a5038d8f1827f8e5ca77de0e5 002b776e97008f7d30 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8900fe2d829cf4ccaa2a17851c652928 rad_recv: Access-Request packet from host 10.0.1.22:32769, id=0, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-64-E4-F0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207000e014253435c6d6b696e67 Message-Authenticator = 0x2c3b05dc545cd2c5a689f1c0b3c755a3 Sending Access-Challenge of id 0 to 10.0.1.22 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010800061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x630440f07d1a0e1ccd977539ad9901d9 rad_recv: Access-Request packet from host 10.0.1.22:32769, id=1, length=335 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-64-E4-F0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0208009819800000008e16030100890100008503014536b7533e2c946468b9cab22999 c94d0f6e24de262f637fdd2b59171deb478d202b564bd9b017fe5f134fefac96d0f4018f 5aafda4f05d68e58d7d8f45e4e8c850018002f00350005000ac009c00ac013c014003200 3800130004010000240000000e000c0000096273635c6d6b696e67000a00080006001700 180019000b00020100 State = 0x630440f07d1a0e1ccd977539ad9901d9 Message-Authenticator = 0xb777563d7c2eed8a9e1687d732083cc8 TLS_accept:error in SSLv3 read finished A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Sending Access-Challenge of id 1 to 10.0.1.22 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010900901900160301004a0200004603014536b7530c8118d1beb69888572f855ca033 136e2ca6745f5df11700b66cba7d202b564bd9b017fe5f134fefac96d0f4018f5aafda4f 05d68e58d7d8f45e4e8c85002f00140301000101160301003055c2d0b6df2c2a18aee94f 3f062f3b143cbce93110799befd9e43ddc0056f713ca6e952b2ac166f6702b922c4f4816 cd Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb6da0325e2c95a96f5036dbd6220ba0c rad_recv: Access-Request packet from host 10.0.1.22:32769, id=2, length=252 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-64-E4-F0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0209004519800000003b14030100010116030100300a0101eb29181ebece7ff68bb1c4 cffa74a5ada3bc69128bb4fddc6d7fe7a0707415dc342f4b07416f58042c27c32588 State = 0xb6da0325e2c95a96f5036dbd6220ba0c Message-Authenticator = 0x2b849928287668f2a334ac7dcb3db897 rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Login incorrect: [BSC\\mking] (from client BUWiSM-2-2 port 29 cli 00-13-02-1B-4F-01) rad_recv: Access-Request packet from host 10.0.1.22:32769, id=2, length=252 Sending Access-Reject of id 2 to 10.0.1.22 port 32769 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000
"King, Michael" <MKing@bridgew.edu> wrote: ...
rad2:/home/mking# /usr/sbin/freeradius -x
Please.... -X, not -x. The debug log you posted DOES NOT include the new messages, and therefore is of no help in solving the problem. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
I thought it looked a bit funny -----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, October 18, 2006 7:39 PM To: FreeRadius users mailing list Subject: Re: Windows Vista doing PEAP "King, Michael" <MKing@bridgew.edu> wrote: ...
rad2:/home/mking# /usr/sbin/freeradius -x
Please.... -X, not -x. The debug log you posted DOES NOT include the new messages, and therefore is of no help in solving the problem. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It seg faults when I do -X (or -sxx. But not with -x) Here is the gdb log rad2:/home/mking/freeradius-1.1.3/doc# more gdb-radiusd.log Starting program: /usr/sbin/freeradius -X [Thread debugging using libthread_db enabled] [New Thread 1077729984 (LWP 2603)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1077729984 (LWP 2603)] 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/tls/libc.so.6 Thread 1 (Thread 1077729984 (LWP 2603)): #0 0x4018675b in strlen () from /lib/tls/libc.so.6 No symbol table info available. #1 0x4015a064 in vfprintf () from /lib/tls/libc.so.6 No symbol table info available. #2 0x40178161 in vsnprintf () from /lib/tls/libc.so.6 No symbol table info available. #3 0x08051805 in vradlog (lvl=-1073760198, fmt=0x4040528c "VISTA[%s:%s]: here", ap=0xbfffd864 "µS@@U\001") at log.c:132 s = <value optimized out> timeval = 1161271351 msgfd = (FILE *) 0xbfffb6ec p = <value optimized out> buffer = "Thu Oct 19 11:22:31 2006\n: Debug: VISTA[eap_authenticate:ÿÿÿ3\000\000\000\230¸ÿ¿\000\200\001@-¹ÿ¿4¯\027@ô\217$@ \223$@ÀÚ<@\230¸ÿ¿ô\217$@ \ 223$@\230¸ÿ¿\002\005\027@ \223$@È\204\006\b \223$@\001\000\000\000èØÿ¿\224\031\005\b \223$@ \223$@ìO\006\b$Ùÿ¿ÿÿÿÿ6\000\000\000ø¸ÿ¿\000\200\001@ظÿ¿ú¸ÿ¿ú¸ÿ¿ \223$@ÀÚ<@ø¸ÿ¿Thu Oct "... #4 0x08051a4f in log_debug (msg=0x4040528c "VISTA[%s:%s]: here") at log.c:205 ap = 0xbfffd864 "µS@@U\001" r = 341 #5 0x40402cb4 in eap_authenticate (instance=0x814ddd8, request=0x8164170) at rlm_eap.c:341 vp = <value optimized out> handler = (EAP_HANDLER *) 0x8165eb8 eap_packet = (eap_packet_t *) 0x0 rcode = <value optimized out> __FUNCTION__ = "eap_authenticate" #6 0x08055ad8 in modcall (component=0, c=0x815ea00, request=0x8164170) at modcall.c:236 myresult = 0 #7 0x0805617c in call_one (component=341, p=0x40157393, request=0x1, priority=0xbfffd964, result=0xbfffd968) at modcall.c:269 r = <value optimized out> #8 0x08055cca in modcall (component=0, c=0x815eb10, request=0x8164170) at modcall.c:324 g = (modgroup *) 0x815eb10 myresult = 0 #9 0x08053d2e in indexed_modcall (comp=0, idx=1075147667, request=0x8164170) at modules.c:469 this = (indexed_modcallable *) 0x8159710 #10 0x0804ce93 in rad_check_password (request=0x8164170) at auth.c:367 dval = (DICT_VALUE *) 0x155 auth_type_pair = <value optimized out> cur_config_item = <value optimized out> password_pair = (VALUE_PAIR *) 0x0 auth_item = <value optimized out> string = "\005\bðP\006\b\005@\006\b@w\a\bàL\006\b\000\000\000\000ô_\001@¡º\022@\000\000\000\000¨b\004@\002\000\000\000\aVF@ `\001@ô_\001@¡º\022@7\230 7EÈ\204\006\b\nM\006\bÐu\a\bHÚÿ¿O\032\005\b\001\000\000\000PP\006\bTÚÿ¿|a\005\b\001\000\000\000à\024\026\bpA\026\bÈ\204\006\bTÚÿ¿È\204\006\b¨Úÿ¿\\]\005\bPP\0 06\bk6\006\bÐu\a\b\nM\006\b\000\000\000\000|f\000@7\2307E\230Úÿ¿\224Úÿ¿\b\000\000\000¨Úÿ¿p\221\025\b\001\000\000\000,H\006\b\000\000\000\000ô_\001@`m\004@\00 4\000"... auth_type = 6 result = <value optimized out> auth_type_count = 1 #11 0x0804d3bf in rad_authenticate (request=0x8164170) at auth.c:662 check_item = <value optimized out> vp = (VALUE_PAIR *) 0x40157393 namepair = (VALUE_PAIR *) 0x8164270 check_item = <value optimized out> reply_item = <value optimized out> auth_item = (VALUE_PAIR *) 0x0 module_msg = <value optimized out> tmp = (VALUE_PAIR *) 0x0 result = 3 r = <value optimized out> umsg = "çÿ¿çz\000@\020çÿ¿Pf\001@\004\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000ô\217$@<\000\000\000 \223$@¤æÿ¿\037¨\ 027@\n\000\000\000Èæÿ¿(±\027@ \223$@Pçÿ¿ød\001@ ¡\004\b$É\b\b \227$\000\000\000\000\000øæÿ¿-2\006@¸@\026\b\024\000\000\000hï\006@ \223$@øæÿ¿9|\027@ \223$@hï\ 006@ \227$@`T\026\bxçÿ¿¶a\006@¸@\026\b\024\000\000\000\020\000\000\000\002\000\000\000D\232\005@¨b\004@ô_\001@ød\001@\001\000\000\000`çÿ¿é²\000@¤f\001@\000". .. user_msg = <value optimized out> exec_program = <value optimized out> exec_wait = <value optimized out> seen_callback_id = <value optimized out> buf = "Ôúÿ¿\002\000\000\000\000\000\000\000ô_\001@üÿÿÿ\b\000\000\000\230ßÿ¿%¹\000@àúÿ¿ÀgG@\000\000\000\000`m\004@Ôúÿ¿\002\000\000\000P;\026\b¨hG@äd\0 01@\b\000\000\000\213¸\000@ô\217$@À\\\001@P;\026\b\bàÿ¿\a¿!@àúÿ¿ü<\026\b\001\000\000\000\000\000\000\000\b\211t$°´\000@\000\000\000\000ð\210\000@\223Ñ\027@¨: \026\b\001\000\000\200Nò\026@Påÿ¿Påÿ¿\000\000\000\000ô\217$@:È\006@\000\000\000\000äåÿ¿\037o\025@\000æÿ¿:È\006@", '\0' <repeats 12 times>, " `\001@èj"... logstr = "P;\026\b\203fG@ðâÿ¿\025\000\000\000|Ûÿ¿\223Ñ\027@ðâÿ¿`T\026\bNò\026@¼È\006@¼È\006@\000\000\000\000ô\217$@»È\006@\001\000\000\000xáÿ¿\037o\0 25@\234áÿ¿»È\006@\001\000\000\000\000\000\000\000\004\000\000\000P;\026\bèj\025@ø¨$@\000:\026\bPáÿ¿)\000\000\000ø¤$@äàÿ¿@\"\000\000dÛ\000@\000\000\000\000\00 5\000\000\000\0000\000\000\000@\000\000\000\000\000\000Ð4\000\0000âÿ¿(\216$@Ò?\026\b-\000\000\000\024Üÿ¿\223Ñ\027@Ò?\026\b\000\000\000\000ÿÿÿÿ\030\000\000\00 0¼È\006@¶È\006@"... autz_retry = 0 '\0' autz_type = <value optimized out> #12 0x08057347 in rad_respond (request=0x8164170, fun=0x804d150 <rad_authenticate>) at radiusd.c:1653 rcode = <value optimized out> packet = <value optimized out> original = <value optimized out> secret = 0x8164194 "d0wnh1ll" finished = <value optimized out> reprocess = <value optimized out> #13 0x080591f6 in main (argc=2, argv=0xbffffad4) at radiusd.c:1427 cl = <value optimized out> fun = (RAD_REQUEST_FUNP) 0x804d150 <rad_authenticate> request = (REQUEST *) 0x8164170 packet = (RADIUS_PACKET *) 0x8164078 secret = (u_char *) 0x81454c0 "d0wnh1ll" buffer = "*", '\0' <repeats 651 times>, "\221ü\000@", '\0' <repeats 12 times>, "\221ü\000@\000\000\000\000\000\220;@Øëÿ¿0Î<@\034íÿ¿åQ\000@,Î<@\000\00 0\000\000\004\000\000\000\022\b\000\000\a\000\000\000\000 \001\000\001\000\000\000ød\001@èëÿ¿û\206\000@ ¸'@°µ'@\023\000\000\000\001\000\000\000\\Ù)@°µ'@\000\ 000\000\000\0000\001\000d+\001\000d+\001\000\000\000\000\000\005\000\000\000\0000\001\000\000@\001\000,>\001\0000>\001\000\034íÿ\000¨l\004@\fìÿ¿YÀ\000@\211\2 33;@´l\004@ô_\001@hj\004@lH\021@\214îÿ¿|f\000"... readfds = {fds_bits = {128, 0 <repeats 31 times>}} argval = <value optimized out> pid = <value optimized out> max_fd = <value optimized out> status = <value optimized out> tv = (struct timeval *) 0x0 act = {__sigaction_handler = {sa_handler = 0x8057100 <sig_fatal>, sa_sigaction = 0x8057100 <sig_fatal>}, sa_mask = {__val = { 0 <repeats 32 times>}}, sa_flags = 0, sa_restorer = 0} listener = <value optimized out> The program is running. Exit anyway? (y or n) rad2:/home/mking/freeradius-1.1.3/doc#
"King, Michael" <MKing@bridgew.edu> wrote:
It seg faults when I do -X (or -sxx. But not with -x)
At this point, I have no clue why it's dying. I suggest editing the code yourself. The issue is that a decision is being made by the module to not continue processing the EAP session, but I don't know why. The patches were an attempt to have it print out more information, soe we could see what information was being used to make that wrong decision. Again, I have no idea why it's core dumping. It shouldn't be. I don't have Vista, and I can't debug this issue myself. It's up to you. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Alan DeKok wrote:
"King, Michael" <MKing@bridgew.edu> wrote:
It seg faults when I do -X (or -sxx. But not with -x)
At this point, I have no clue why it's dying.
I suggest editing the code yourself. The issue is that a decision is being made by the module to not continue processing the EAP session, but I don't know why. The patches were an attempt to have it print out more information, soe we could see what information was being used to make that wrong decision.
Again, I have no idea why it's core dumping. It shouldn't be. I don't have Vista, and I can't debug this issue myself. It's up to you.
Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working? josh.
-----Original Message----- Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working? It's most likely I'm the first to try it, and I've had..... Difficulties :-)
We have also posted here about our difficulties with Windows Vista and our FR. It isn't working for us either. Brian
-----Original Message----- From: freeradius-users- bounces+dourtyb=missouri.edu@lists.freeradius.org [mailto:freeradius- users-bounces+dourtyb=missouri.edu@lists.freeradius.org] On Behalf Of King, Michael Sent: Thursday, October 19, 2006 2:52 PM To: FreeRadius users mailing list Subject: RE: Windows Vista doing PEAP
-----Original Message----- Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working?
It's most likely I'm the first to try it, and I've had..... Difficulties :-)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Could you try the patch Alan has posted, run the server in debug mode, and post the logs? Please don't do this on a production server. For some reason, the patch is causing my server to segfault. (It doesn't matter what the OS is (WinXP, VISTA, they all cause it to seg fault with DEBUG printing) -----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of Dourty, Brian R. (IATS) Sent: Thursday, October 19, 2006 4:44 PM To: FreeRadius users mailing list Subject: RE: Windows Vista doing PEAP We have also posted here about our difficulties with Windows Vista and our FR. It isn't working for us either. Brian
-----Original Message----- From: freeradius-users- bounces+dourtyb=missouri.edu@lists.freeradius.org [mailto:freeradius- users-bounces+dourtyb=missouri.edu@lists.freeradius.org] On Behalf Of King, Michael Sent: Thursday, October 19, 2006 2:52 PM To: FreeRadius users mailing list Subject: RE: Windows Vista doing PEAP
-----Original Message----- Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working?
It's most likely I'm the first to try it, and I've had..... Difficulties :-)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yeah, I'll do it today. Brian
-----Original Message----- From: freeradius-users- bounces+dourtyb=missouri.edu@lists.freeradius.org [mailto:freeradius- users-bounces+dourtyb=missouri.edu@lists.freeradius.org] On Behalf Of King, Michael Sent: Thursday, October 19, 2006 4:24 PM To: FreeRadius users mailing list Subject: RE: Windows Vista doing PEAP
Could you try the patch Alan has posted, run the server in debug mode, and post the logs?
Please don't do this on a production server.
For some reason, the patch is causing my server to segfault. (It doesn't matter what the OS is (WinXP, VISTA, they all cause it to seg fault with DEBUG printing)
-----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users- bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of Dourty, Brian R. (IATS) Sent: Thursday, October 19, 2006 4:44 PM To: FreeRadius users mailing list Subject: RE: Windows Vista doing PEAP
We have also posted here about our difficulties with Windows Vista and our FR. It isn't working for us either.
Brian
-----Original Message----- From: freeradius-users- bounces+dourtyb=missouri.edu@lists.freeradius.org [mailto:freeradius- users-bounces+dourtyb=missouri.edu@lists.freeradius.org] On Behalf Of King, Michael Sent: Thursday, October 19, 2006 2:52 PM To: FreeRadius users mailing list Subject: RE: Windows Vista doing PEAP
-----Original Message----- Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working?
It's most likely I'm the first to try it, and I've had..... Difficulties :-)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Use this one if the one on the website doesn't work for you Index: src/modules/rlm_eap/rlm_eap.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/rlm_eap.c,v retrieving revision 1.26.2.1.2.1 diff -u -r1.26.2.1.2.1 rlm_eap.c --- src/modules/rlm_eap/rlm_eap.c 6 Feb 2006 16:23:52 -0000 1.26.2.1.2.1 +++ src/modules/rlm_eap/rlm_eap.c 18 Oct 2006 21:15:45 -0000 @@ -338,6 +338,7 @@ * We are done, wrap the EAP-request in RADIUS to send * with all other required radius attributes */ + DEBUG2("VISTA[%s:%d]: here", __func__, __LINE__); rcode = eap_compose(handler); /* @@ -515,6 +516,7 @@ * We are done, wrap the EAP-request in RADIUS to send * with all other required radius attributes */ + DEBUG2("VISTA[%s:%d]: here", __func__, __LINE__); rcode = eap_compose(handler); /* Index: src/modules/rlm_eap/eap.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/eap.c,v retrieving revision 1.52.4.1 diff -u -r1.52.4.1 eap.c --- src/modules/rlm_eap/eap.c 6 Feb 2006 16:23:49 -0000 1.52.4.1 +++ src/modules/rlm_eap/eap.c 18 Oct 2006 21:15:45 -0000 @@ -1,4 +1,4 @@ -/* + /* * eap.c rfc2284 & rfc2869 implementation * * Version: $Id: eap.c,v 1.52.4.1 2006/02/06 16:23:49 nbk Exp $ @@ -382,7 +382,10 @@ eap_packet_t *hdr; uint16_t total_length = 0; - if (reply == NULL) return EAP_INVALID; + if (reply == NULL) { + DEBUG2("VISTA[%s:%d]: eap_wireformat invalid", __func__, __LINE__); + return EAP_INVALID; + } total_length = EAP_HEADER_LEN; if (reply->code < 3) { @@ -469,6 +472,8 @@ * mentioned restriction. */ reply->id = handler->eap_ds->response->id; + DEBUG2("VISTA[%s:%d]: reply->id %d", __func__, __LINE__, reply->id); + DEBUG2("VISTA[%s:%d]: reply->code %d", __func__, __LINE__,reply->code); switch (reply->code) { /* @@ -506,16 +511,20 @@ * that the TTLS and PEAP modules can call it to do most * of their dirty work. */ + DEBUG2("VISTA[%s:%d]: eap->request->code %d", __func__, __LINE__, eap_ds->request->code); + DEBUG2("VISTA[%s:%d]: eap->request->type.type %d", __func__, __LINE__, eap_ds->request->type.type); + DEBUG2("VISTA[%s:%d]: handler->eap_type %d", __func__, __LINE__, handler->eap_type); + if (((eap_ds->request->code == PW_EAP_REQUEST) || (eap_ds->request->code == PW_EAP_RESPONSE)) && (eap_ds->request->type.type == 0)) { rad_assert(handler->eap_type >= PW_EAP_MD5); rad_assert(handler->eap_type <= PW_EAP_MAX_TYPES); + DEBUG2("VISTA[%s:%d]: Setting EAP type", __func__, __LINE__); eap_ds->request->type.type = handler->eap_type; } - if (eap_wireformat(reply) == EAP_INVALID) { return RLM_MODULE_INVALID; } @@ -598,6 +607,8 @@ break; } + DEBUG2("VISTA]: rcode %d", rcode); + return rcode; }
Josh Howlett <josh.howlett@bristol.ac.uk> wrote:
Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working?
It's not working at all. The failure mode is pretty opaque: the server decides to stop talking to Vista at some point, but it's not clear why. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Josh Howlett wrote:
Again, I have no idea why it's core dumping. It shouldn't be. I don't have Vista, and I can't debug this issue myself. It's up to you.
Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working?
It's a general problem. Sadly the "netsh ras set tracing * enable" thing seems not to be present or work under the vista RCs we've looked at and there was little of value in the event logs so the cause is somewhat hard to pin down. It's definitely PEAP (as opposed to EAP-TLS) related. Knowing MS they've made a TLV that was previously optional, mandatory, or similar. Given the problems seems to be windows-centred, someone with more windows experience may need to get info from the client as to why *it* thinks things are going awry
Got this patch to work with 1.1.3 without seg faulting... I've sent Alan the debug output. Can download it here: http://bengal.missouri.edu/~dourtyb/freeradius/vista.patch Index: src/modules/rlm_eap/rlm_eap.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/rlm_eap.c,v retrieving revision 1.26.2.1.2.1 diff -u -r1.26.2.1.2.1 rlm_eap.c --- src/modules/rlm_eap/rlm_eap.c 6 Feb 2006 16:23:52 -0000 1.26.2.1.2.1 +++ src/modules/rlm_eap/rlm_eap.c 18 Oct 2006 21:15:45 -0000 @@ -338,6 +338,7 @@ * We are done, wrap the EAP-request in RADIUS to send * with all other required radius attributes */ + DEBUG2("VISTA[%s:%d]: here", __func__, __LINE__); rcode = eap_compose(handler); /* @@ -515,6 +516,7 @@ * We are done, wrap the EAP-request in RADIUS to send * with all other required radius attributes */ + DEBUG2("VISTA[%s:%d]: here", __func__, __LINE__); rcode = eap_compose(handler); /* Index: src/modules/rlm_eap/eap.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/eap.c,v retrieving revision 1.52.4.1 diff -u -r1.52.4.1 eap.c --- src/modules/rlm_eap/eap.c 6 Feb 2006 16:23:49 -0000 1.52.4.1 +++ src/modules/rlm_eap/eap.c 18 Oct 2006 21:15:45 -0000 @@ -1,4 +1,4 @@ -/* + /* * eap.c rfc2284 & rfc2869 implementation * * Version: $Id: eap.c,v 1.52.4.1 2006/02/06 16:23:49 nbk Exp $ @@ -382,7 +382,10 @@ eap_packet_t *hdr; uint16_t total_length = 0; - if (reply == NULL) return EAP_INVALID; + if (reply == NULL) { + DEBUG2("VISTA[%s:%d]: eap_wireformat invalid", __func__, __LINE__); + return EAP_INVALID; + } total_length = EAP_HEADER_LEN; if (reply->code < 3) { @@ -469,6 +472,8 @@ * mentioned restriction. */ reply->id = handler->eap_ds->response->id; + DEBUG2("VISTA[%s:%d]: reply->id %d", __func__, __LINE__, reply->id); + DEBUG2("VISTA[%s:%d]: reply->code %d", __func__, __LINE__,reply->code); switch (reply->code) { /* @@ -506,16 +511,20 @@ * that the TTLS and PEAP modules can call it to do most * of their dirty work. */ + DEBUG2("VISTA[%s:%d]: eap->request->code %d", __func__, __LINE__, eap_ds->request->code); + DEBUG2("VISTA[%s:%d]: eap->request->type.type %d", __func__, __LINE__, eap_ds->request->type.type); + DEBUG2("VISTA[%s:%d]: handler->eap_type %d", __func__, __LINE__, handler->eap_type); + if (((eap_ds->request->code == PW_EAP_REQUEST) || (eap_ds->request->code == PW_EAP_RESPONSE)) && (eap_ds->request->type.type == 0)) { rad_assert(handler->eap_type >= PW_EAP_MD5); rad_assert(handler->eap_type <= PW_EAP_MAX_TYPES); + DEBUG2("VISTA[%s:%d]: Setting EAP type", __func__, __LINE__); eap_ds->request->type.type = handler->eap_type; } - if (eap_wireformat(reply) == EAP_INVALID) { return RLM_MODULE_INVALID; } @@ -598,6 +607,8 @@ break; } + DEBUG2("VISTA[%s:%d]: rcode %d", __func__, __LINE__, rcode); + return rcode; }
-----Original Message----- From: freeradius-users- bounces+dourtyb=missouri.edu@lists.freeradius.org [mailto:freeradius- users-bounces+dourtyb=missouri.edu@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Friday, October 20, 2006 6:42 PM To: FreeRadius users mailing list Subject: Re: Windows Vista doing PEAP
Josh Howlett wrote:
Again, I have no idea why it's core dumping. It shouldn't be. I don't have Vista, and I can't debug this issue myself. It's up to you.
Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working?
It's a general problem.
Sadly the "netsh ras set tracing * enable" thing seems not to be present or work under the vista RCs we've looked at and there was little of value in the event logs so the cause is somewhat hard to pin down. It's definitely PEAP (as opposed to EAP-TLS) related.
Knowing MS they've made a TLV that was previously optional, mandatory, or similar. Given the problems seems to be windows-centred, someone with more windows experience may need to get info from the client as to why *it* thinks things are going awry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-----Original Message-----
Again, I have no idea why it's core dumping. It shouldn't be. I don't have Vista, and I can't debug this issue myself. It's up to you.
Should this line be like this? DEBUG2("VISTA[%s:%s]: here", __FUNCTION__, __LINE__); I have not coded in C (or C++) for 5 years. I did some reading, and __LINE__ returns an integer (%d). Would that cause a segfault, I figured it would just cause a compile error. I changed __FUNCTION__ to __func__ and the second %s to %d, and the last line in the patch, I removed the two %s%s which had no varibles. I got this.. (The Patch worked) =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.10.19 17:52:44 =~=~=~=~=~=~=~=~=~=~=~= clear/usr/sbin/freeradius -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1280000 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response} " Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.privkey.pem" tls: certificate_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.cer" tls: CA_file = "/etc/freeradius/certs/IPS-IPSCABUNDLE.CRT" tls: private_key_password = "(null)" tls: dh_file = "/etc/freeradius/certs/dh" tls: random_file = "/etc/freeradius/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.12:32769, id=190, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0205000e014253435c6d6b696e67 Message-Authenticator = 0xe8ef97a7540606cbd99f433e66af4f2d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 5 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 5 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type VISTA]: rcode 3 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 190 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010600061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6a58879f717b5616d92188ef0508bf15 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=191, length=303 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0206007819800000006e16030100690100006503014537f3e34070df7f383882e6da6c 989a8dfdfc864b8d598806640919f33d4ed1000018002f00350005000ac009c00ac013c0 140032003800130004010000240000000e000c0000096273635c6d6b696e67000a000800 06001700180019000b00020100 State = 0x6a58879f717b5616d92188ef0508bf15 Message-Authenticator = 0x1152ca164579e5ab619574036ee4f556 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 6 length 120 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0069], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0f42], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 6 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type VISTA]: rcode 3 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 191 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0107040a19c000000f9f160301004a0200004603014537f3e3454e6e5b0a00defd26c0 8739c97c3e2459f7f87ec363cd62dae679ca20a832eea17a17b98b7f63304706f5837ced 53e36c6c701cc8bcabb9628ddf7bcd002f001603010f420b000f3e000f3b00068d308206 89308205f2a0030201020203009187300d06092a864886f70d010105050030820112310b 3009060355040613024553311230100603550408130942617263656c6f6e613112301006 03550407130942617263656c6f6e6131293027060355040a132049505320436572746966 69636174696f6e20417574686f7269747920732e6c2e312e302c060355040a142567656e 6572 EAP-Message = 0x616c4069707363612e636f6d20432e492e462e2020422d423632323130363935312e30 2c060355040b1325697073434120434c41534541312043657274696669636174696f6e20 417574686f72697479312e302c06035504031325697073434120434c4153454131204365 7274696669636174696f6e20417574686f726974793120301e06092a864886f70d010901 161167656e6572616c4069707363612e636f6d301e170d3036303530343232313331345a 170d3038303530333232313331345a3081c3310b30090603550406130255533116301406 03550408130d4d617373616368757365747473311430120603550407130b427269646765 7761 EAP-Message = 0x74657231223020060355040a1319427269646765776174657220537461746520436f6c 6c656765311b3019060355040b131254656c65636f6d6d756e69636174696f6e73312030 1e06035504031317726164322e63616d7075732e627269646765772e6564753123302106 092a864886f70d010901161474656c65636f6d6d40627269646765772e65647530819f30 0d06092a864886f70d010101050003818d0030818902818100bafacc8f16e6686769b809 7698e2aeef926367d3d91ab2eb0110ca80f484c9c0ca3ce4eb11e92ffc968e9b585444c9 557738f9ae5839a7b1d10ece940548abb5def53f18be41dc5a5c83a0011481450cfeafcd 7a7e EAP-Message = 0xd7ff87eb7e1ca346ee2a361e8093b98ba19c272f43d213c7d3f58847e6709ef86714eb f0736a01d0f4c44d0203010001a38203373082033330090603551d130402300030110609 6086480186f8420101040403020640300b0603551d0f0404030203f830130603551d2504 0c300a06082b06010505070301301d0603551d0e04160414788bb22abb6e8a41d4a35b01 66a8047f0746d9b7301f0603551d230418301680140e0760d439c91b5b5d907b23c8d234 9d4a9a4639301f0603551d1104183016811474656c65636f6d6d40627269646765772e65 6475301c0603551d1204153013811167656e6572616c4069707363612e636f6d30720609 6086 EAP-Message = 0x480186f842010d046516634f7267616e697a6174696f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399395fb535f7b5376b204e0c52f389b Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=192, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020700061900 State = 0x399395fb535f7b5376b204e0c52f389b Message-Authenticator = 0x379f503b31ccc665f1cad05a000d91b0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 7 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 7 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type VISTA]: rcode 3 modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 192 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0108040619406e20496e666f726d6174696f6e204e4f542056414c4944415445442e20 434c41534541312053657276657220436572746966696361746520697373756564206279 2068747470733a2f2f7777772e69707363612e636f6d2f302f06096086480186f8420102 0422162068747470733a2f2f7777772e69707363612e636f6d2f6970736361323030322f 304306096086480186f84201040436163468747470733a2f2f7777772e69707363612e63 6f6d2f6970736361323030322f697073636132303032434c41534541312e63726c304606 096086480186f84201030439163768747470733a2f2f7777772e69707363612e636f6d2f 6970 EAP-Message = 0x736361323030322f7265766f636174696f6e434c41534541312e68746d6c3f30430609 6086480186f84201070436163468747470733a2f2f7777772e69707363612e636f6d2f69 70736361323030322f72656e6577616c434c41534541312e68746d6c3f30410609608648 0186f84201080434163268747470733a2f2f7777772e69707363612e636f6d2f69707363 61323030322f706f6c696379434c41534541312e68746d6c3081830603551d1f047c307a 3039a037a0358633687474703a2f2f7777772e69707363612e636f6d2f69707363613230 30322f697073636132303032434c41534541312e63726c303da03ba0398637687474703a 2f2f EAP-Message = 0x7777776261636b2e69707363612e636f6d2f6970736361323030322f69707363613230 3032434c41534541312e63726c303206082b0601050507010104263024302206082b0601 05050730018616687474703a2f2f6f6373702e69707363612e636f6d2f300d06092a8648 86f70d0101050500038181002f3dd42c1e10181bdd0c69894e19e045c958fd430fc2fd52 9a6c0c19db08b7df43ee5b948d26f7dbcfe04d0ae488f7ecee9dbedc296722a33c0d0291 c1244aa67c913c4e2fe2cae9087971f71e42f5da2fb52f5288ed6d4ed3e5b47165d4ba89 fd3a37d2fd6de04ad2ac3bb0873f97626c50338a20d91ea129be3539037cf4e80005ea30 8205 EAP-Message = 0xe63082054fa0030201020203009018300d06092a864886f70d01010505003081a3310b 3009060355040613024553311230100603550408130942415243454c4f4e413112301006 03550407130942415243454c4f4e4131193017060355040a131049505320536567757269 64616420434131183016060355040b130f43657274696669636163696f6e657331173015 0603550403130e495053205345525649444f524553311e301c06092a864886f70d010901 160f697073406d61696c2e6970732e6573301e170d3031313233303133333631315a170d 3235313232393133333631315a30820112310b3009060355040613024553311230100603 5504 EAP-Message = 0x08130942617263656c6f6e61311230100603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5baca98753fda4ad09de51d30999b60 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=193, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020800061900 State = 0xc5baca98753fda4ad09de51d30999b60 Message-Authenticator = 0xe8f5fd61f9f1a9b0425cd24066c046f2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 8 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 8 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type VISTA]: rcode 3 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 193 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010904061940550407130942617263656c6f6e6131293027060355040a132049505320 43657274696669636174696f6e20417574686f7269747920732e6c2e312e302c06035504 0a142567656e6572616c4069707363612e636f6d20432e492e462e2020422d4236323231 30363935312e302c060355040b1325697073434120434c41534541312043657274696669 636174696f6e20417574686f72697479312e302c06035504031325697073434120434c41 534541312043657274696669636174696f6e20417574686f726974793120301e06092a86 4886f70d010901161167656e6572616c4069707363612e636f6d30819f300d06092a8648 86f7 EAP-Message = 0x0d010101050003818d0030818902818100a6f57366361da32f4fad2ad8ef0ca64befa7 1bacf7f246171bb202ab3e11898c6aa80fd8631499d71fbcb22768026ef43089ebadeb41 dcb44206fa481f138c64df872dc714d4a783e4723b32ead34d793165050933812b6ee636 ad211133362b68cabe432c37b73d69163be59dbe32a7d5df4a80fcda7370aad928822f68 bbb10203010001a38202b4308202b0300c0603551d13040530030101ff30110609608648 0186f8420101040403020007300c0603551d0f0405030307ff80306b0603551d25046430 6206082b0601050507030106082b0601050507030206082b0601050507030306082b0601 0505 EAP-Message = 0x07030406082b06010505070308060a2b060104018237020115060a2b06010401823702 0116060a2b0601040182370a0301060a2b0601040182370a0304301d0603551d0e041604 140e0760d439c91b5b5d907b23c8d2349d4a9a46393081ba0603551d230481b23081afa1 81a9a481a63081a3310b3009060355040613024553311230100603550408130942415243 454c4f4e41311230100603550407130942415243454c4f4e4131193017060355040a1310 4950532053656775726964616420434131183016060355040b130f436572746966696361 63696f6e6573311730150603550403130e495053205345525649444f524553311e301c06 092a EAP-Message = 0x864886f70d010901160f697073406d61696c2e6970732e6573820100301c0603551d11 04153013811167656e6572616c4069707363612e636f6d30090603551d12040230003043 06096086480186f842010d04361634434c41534541312043412043657274696669636174 65206973737565642062792068747470733a2f2f7777772e6970732e65732f3022060960 86480186f84201020415161368747470733a2f2f7777772e6970732e65732f3073060355 1d1f046c306a3031a02fa02d862b68747470733a2f2f7777772e6970732e65732f63726c 2f6970735345525649444f52455363726c2e63726c3035a033a031862f68747470733a2f 2f77 EAP-Message = 0x77776261636b2e6970732e65732f63726c2f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8e4448f009c6178344b4f186125a3a4c Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=194, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020900061900 State = 0x8e4448f009c6178344b4f186125a3a4c Message-Authenticator = 0xe452b64d08b70a932153d982511e0d12 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 9 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type VISTA]: rcode 3 modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 194 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010a03a519006970735345525649444f52455363726c2e63726c302f06082b06010505 07010104233021301f06082b060105050730018613687474703a2f2f6f6373702e697073 2e45532f300d06092a864886f70d01010505000381810027054a0c74c9145dc875c8deee 890c631e1f0184c702cb19d791c8dd3ecfb0c8f3f592b5548254621f32eb80a17d56f1e4 e7285926a47df0ca2d31c6c9f3709dc1cf5e26a4efb212e788e81985ed80e43902688763 a9133c6cf5456a22ce9656075fa6a3ee370a6e928b9e40de143019289390b7f3fcb54ef2 f7960ebb1094d40002bb308202b730820220020100300d06092a864886f70d0101040500 3081 EAP-Message = 0xa3310b3009060355040613024553311230100603550408130942415243454c4f4e4131 1230100603550407130942415243454c4f4e4131193017060355040a1310495053205365 6775726964616420434131183016060355040b130f43657274696669636163696f6e6573 311730150603550403130e495053205345525649444f524553311e301c06092a864886f7 0d010901160f697073406d61696c2e6970732e6573301e170d3938303130313233323130 375a170d3039313232393233323130375a3081a3310b3009060355040613024553311230 100603550408130942415243454c4f4e41311230100603550407130942415243454c4f4e 4131 EAP-Message = 0x193017060355040a13104950532053656775726964616420434131183016060355040b 130f43657274696669636163696f6e6573311730150603550403130e4950532053455256 49444f524553311e301c06092a864886f70d010901160f697073406d61696c2e6970732e 657330819f300d06092a864886f70d010101050003818d0030818902818100ac4f52749f 39ea8edc25c4bc985d986424093c21b3cc19b58e948e87d1f8373ea1c82d58a480355ba1 756c1d450c1f61636a5e6f9b0a4cc1c8b861233581fffeac78702d68e13a0798950254dd cd23b78053d7c8374572062412ba1361218a6e7528e0c50f34fd36d8457fe1b836efb3e1 c620 EAP-Message = 0x8ee8b438bce13ef611de8c9d010203010001300d06092a864886f70d01010405000381 81002cf3c3795824dec63bd1e04269b8ee64b33d6201b9b384df237ddd98cf10a9fe00d8 22960513075457c5a7decbd9b88842f699db14771fb6fe253de1a23e03a981d22d6c47f5 96468c22abc8cc0d0e975e8b41b43bc40a06401ddd46f401ddba822e3c3d78709e7c18d0 abf8b877074671f1ca0b635c6af97294d5014fa0db4216030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0259cf5b7108504dc773820306112957 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=195, length=391 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020a00d01980000000c616030100861000008200800c7a24a3d7f670a56ae0b1bfdee8 6f18da2f6dee934bc3c311bb4d49b40ae399b8238aaa42031231dd81d16fa2d80c8a7c87 74147ebd1d9e06921938f4da10e830bedadc4c3c9b998e599da0007c71def67db2756ec4 6ee55ed7996565e41c3e663fb5a23f4ae4cd4a95a51fb1e22e4126d537df741195717728 cbe240b422ff14030100010116030100305d5ade80b1d7bdeba4be62be65b74a255f625c 75630efce8a2ed9c07a596eb49c770536e996c0dbeeec10cd1d2ee30dc State = 0x0259cf5b7108504dc773820306112957 Message-Authenticator = 0x374248fb2c533feb42110fae8d52493f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 10 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 10 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type VISTA]: rcode 3 modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 195 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010b004119001403010001011603010030263cf9a0d40f3916cc2875a89475bba2943f 4e7aff9be5f0a89ed96e17ce1bd7e03ca1801ff9f39856b8012ea86741c3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xde18ef11757232719579055a046a93a6 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=196, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020b00061900 State = 0xde18ef11757232719579055a046a93a6 Message-Authenticator = 0xa8695b4f4d3b92922083d0d694b7ea3a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS VISTA[eap_authenticate:341]: here VISTA[eap_compose:475]: reply->id 11 VISTA[eap_compose:476]: reply->code 1 VISTA[eap_compose:514]: eap->request->code 1 VISTA[eap_compose:515]: eap->request->type.type 0 VISTA[eap_compose:516]: handler->eap_type 25 VISTA[eap_compose:523]: Setting EAP type VISTA]: rcode 3 modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 196 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010c005019001703010020388d4e0c86f5e81f5a3a12f8825aec1acbee45a540b156f7 9f8efebe31feed55170301002068620450a5430daa5f41ec40e12ab73f37589158a5fcce 083d35319c3915097f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x536badba63aaca35ec5cdf3002f3b1fb Finished request 6 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 190 with timestamp 4537f3e3 Cleaning up request 1 ID 191 with timestamp 4537f3e3 Cleaning up request 2 ID 192 with timestamp 4537f3e3 Cleaning up request 3 ID 193 with timestamp 4537f3e3 Cleaning up request 4 ID 194 with timestamp 4537f3e3 Cleaning up request 5 ID 195 with timestamp 4537f3e3 Cleaning up request 6 ID 196 with timestamp 4537f3e3 Nothing to do. Sleeping until we see a request. rad2:/home/mking#
"King, Michael" <MKing@bridgew.edu> wrote:
I did some reading, and __LINE__ returns an integer (%d). Would that cause a segfault, I figured it would just cause a compile error.
I changed __FUNCTION__ to __func__ and the second %s to %d, and the last line in the patch, I removed the two %s%s which had no varibles.
Ok. The previous patch had %s:%d, and that failed, so I'm not sure what's up...
I got this.. (The Patch worked)
Unfortunately, that debug output shows nothing special. The server sends a final Access-Challenge, and Vista doesn't respond. The original report was that FreeRADIUS discarded the EAP session, for unknown reasons. This debug log doesn't show that. Maybe Vista is expecting additional data inside of the TLS tunnel once the session is established... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
__LINE__ is an unsigned int... its being referenced in the patch as a string (%s as opposed to %u). --Mike On Oct 19, 2006, at 10:30 AM, King, Michael wrote:
It seg faults when I do -X (or -sxx. But not with -x)
Here is the gdb log
rad2:/home/mking/freeradius-1.1.3/doc# more gdb-radiusd.log Starting program: /usr/sbin/freeradius -X [Thread debugging using libthread_db enabled] [New Thread 1077729984 (LWP 2603)]
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1077729984 (LWP 2603)] 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/ tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/ tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/ tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/ tls/libc.so.6
Thread 1 (Thread 1077729984 (LWP 2603)): #0 0x4018675b in strlen () from /lib/tls/libc.so.6 No symbol table info available. #1 0x4015a064 in vfprintf () from /lib/tls/libc.so.6 No symbol table info available. #2 0x40178161 in vsnprintf () from /lib/tls/libc.so.6 No symbol table info available. #3 0x08051805 in vradlog (lvl=-1073760198, fmt=0x4040528c "VISTA[% s:%s]: here", ap=0xbfffd864 "µS@@U\001") at log.c:132 s = <value optimized out> timeval = 1161271351 msgfd = (FILE *) 0xbfffb6ec p = <value optimized out> buffer = "Thu Oct 19 11:22:31 2006\n: Debug: VISTA [eap_authenticate:ÿÿÿ3\000\000\000\230¸ÿ¿\000\200\001@-¹ÿ¿4¯\027@ô \217$@ \223$@ÀÚ<@\230¸ÿ¿ô\217$@ \ 223$@\230¸ÿ¿\002\005\027@ \223$@È\204\006\b \223$@\001\000\000 \000èØÿ¿\224\031\005\b \223$@ \223$@ìO\006\b$Ùÿ¿ÿÿÿÿ6\000\000 \000ø¸ÿ¿\000\200\001@ظÿ¿ú¸ÿ¿ú¸ÿ¿ \223$@ÀÚ<@ø¸ÿ¿Thu Oct "... #4 0x08051a4f in log_debug (msg=0x4040528c "VISTA[%s:%s]: here") at log.c:205 ap = 0xbfffd864 "µS@@U\001" r = 341 #5 0x40402cb4 in eap_authenticate (instance=0x814ddd8, request=0x8164170) at rlm_eap.c:341 vp = <value optimized out> handler = (EAP_HANDLER *) 0x8165eb8 eap_packet = (eap_packet_t *) 0x0 rcode = <value optimized out> __FUNCTION__ = "eap_authenticate" #6 0x08055ad8 in modcall (component=0, c=0x815ea00, request=0x8164170) at modcall.c:236 myresult = 0 #7 0x0805617c in call_one (component=341, p=0x40157393, request=0x1, priority=0xbfffd964, result=0xbfffd968) at modcall.c:269 r = <value optimized out> #8 0x08055cca in modcall (component=0, c=0x815eb10, request=0x8164170) at modcall.c:324 g = (modgroup *) 0x815eb10 myresult = 0 #9 0x08053d2e in indexed_modcall (comp=0, idx=1075147667, request=0x8164170) at modules.c:469 this = (indexed_modcallable *) 0x8159710 #10 0x0804ce93 in rad_check_password (request=0x8164170) at auth.c:367 dval = (DICT_VALUE *) 0x155 auth_type_pair = <value optimized out> cur_config_item = <value optimized out> password_pair = (VALUE_PAIR *) 0x0 auth_item = <value optimized out> string = "\005\bðP\006\b\005@\006\b@w\a\bàL\006\b\000\000 \000\000ô_\001@¡º\022@\000\000\000\000¨b\004@\002\000\000\000\aVF@ ` \001@ô_\001@¡º\022@7\230 7EÈ\204\006\b\nM\006\bÐu\a\bHÚÿ¿O\032\005\b\001\000\000\000PP\006 \bTÚÿ¿|a\005\b\001\000\000\000à\024\026\bpA\026\bÈ\204\006\bTÚÿ¿È \204\006\b¨Úÿ¿\\]\005\bPP\0 06\bk6\006\bÐu\a\b\nM\006\b\000\000\000\000|f\000@7\2307E\230Úÿ¿ \224Úÿ¿\b\000\000\000¨Úÿ¿p\221\025\b\001\000\000\000,H\006\b\000\000 \000\000ô_\001@`m\004@\00 4\000"... auth_type = 6 result = <value optimized out> auth_type_count = 1 #11 0x0804d3bf in rad_authenticate (request=0x8164170) at auth.c:662 check_item = <value optimized out> vp = (VALUE_PAIR *) 0x40157393 namepair = (VALUE_PAIR *) 0x8164270 check_item = <value optimized out> reply_item = <value optimized out> auth_item = (VALUE_PAIR *) 0x0 module_msg = <value optimized out> tmp = (VALUE_PAIR *) 0x0 result = 3 r = <value optimized out> umsg = "çÿ¿çz\000@\020çÿ¿Pf\001@\004\000\000\000\000\000\000 \000\001\000\000\000\000\000\000\000\001\000\000\000ô\217$@<\000\000 \000 \223$@¤æÿ¿\037¨\ 027@\n\000\000\000Èæÿ¿(±\027@ \223$@Pçÿ¿ød\001@ ¡\004\b$É\b\b \227$ \000\000\000\000\000øæÿ¿-2\006@¸@\026\b\024\000\000\000hï\006@ \223 $@øæÿ¿9|\027@ \223$@hï\ 006@ \227$@`T\026\bxçÿ¿¶a\006@¸@\026\b\024\000\000\000\020\000\000 \000\002\000\000\000D\232\005@¨b\004@ô_\001@ød\001@\001\000\000 \000`çÿ¿é²\000@¤f\001@\000". .. user_msg = <value optimized out> exec_program = <value optimized out> exec_wait = <value optimized out> seen_callback_id = <value optimized out> buf = "Ôúÿ¿\002\000\000\000\000\000\000\000ô_\001@üÿÿÿ\b\000 \000\000\230ßÿ¿%¹\000@àúÿ¿ÀgG@\000\000\000\000`m\004@Ôúÿ¿\002\000 \000\000P;\026\b¨hG@äd\0 01@\b\000\000\000\213¸\000@ô\217$@À\\\001@P;\026\b\bàÿ¿\a¿!@àúÿ¿ü< \026\b\001\000\000\000\000\000\000\000\b\211t$°´\000@\000\000\000 \000ð\210\000@\223Ñ\027@¨: \026\b\001\000\000\200Nò\026@Påÿ¿Påÿ¿\000\000\000\000ô\217$@:È\006@ \000\000\000\000äåÿ¿\037o\025@\000æÿ¿:È\006@", '\0' <repeats 12 times>, " `\001@èj"... logstr = "P;\026\b\203fG@ðâÿ¿\025\000\000\000|Ûÿ¿\223Ñ \027@ðâÿ¿`T\026\bNò\026@¼È\006@¼È\006@\000\000\000\000ô\217$@»È\006@ \001\000\000\000xáÿ¿\037o\0 25@\234áÿ¿»È\006@\001\000\000\000\000\000\000\000\004\000\000\000P; \026\bèj\025@ø¨$@\000:\026\bPáÿ¿)\000\000\000ø¤$@äàÿ¿@\"\000\000dÛ \000@\000\000\000\000\00 5\000\000\000\0000\000\000\000@\000\000\000\000\000\000Ð4\000 \0000âÿ¿(\216$@Ò?\026\b-\000\000\000\024Üÿ¿\223Ñ\027@Ò?\026\b\000 \000\000\000ÿÿÿÿ\030\000\000\00 0¼È\006@¶È\006@"... autz_retry = 0 '\0' autz_type = <value optimized out> #12 0x08057347 in rad_respond (request=0x8164170, fun=0x804d150 <rad_authenticate>) at radiusd.c:1653 rcode = <value optimized out> packet = <value optimized out> original = <value optimized out> secret = 0x8164194 "d0wnh1ll" finished = <value optimized out> reprocess = <value optimized out> #13 0x080591f6 in main (argc=2, argv=0xbffffad4) at radiusd.c:1427 cl = <value optimized out> fun = (RAD_REQUEST_FUNP) 0x804d150 <rad_authenticate> request = (REQUEST *) 0x8164170 packet = (RADIUS_PACKET *) 0x8164078 secret = (u_char *) 0x81454c0 "d0wnh1ll" buffer = "*", '\0' <repeats 651 times>, "\221ü\000@", '\0' <repeats 12 times>, "\221ü\000@\000\000\000\000\000\220;@Øëÿ¿0Î<@ \034íÿ¿åQ\000@,Î<@\000\00 0\000\000\004\000\000\000\022\b\000\000\a\000\000\000\000 \001\000 \001\000\000\000ød\001@èëÿ¿û\206\000@ ¸'@°µ'@\023\000\000\000\001 \000\000\000\\Ù)@°µ'@\000\ 000\000\000\0000\001\000d+\001\000d+\001\000\000\000\000\000\005\000 \000\000\0000\001\000\000@\001\000,>\001\0000>\001\000\034íÿ\000¨l \004@\fìÿ¿YÀ\000@\211\2 33;@´l\004@ô_\001@hj\004@lH\021@\214îÿ¿|f\000"... readfds = {fds_bits = {128, 0 <repeats 31 times>}} argval = <value optimized out> pid = <value optimized out> max_fd = <value optimized out> status = <value optimized out> tv = (struct timeval *) 0x0 act = {__sigaction_handler = {sa_handler = 0x8057100 <sig_fatal>, sa_sigaction = 0x8057100 <sig_fatal>}, sa_mask = {__val = { 0 <repeats 32 times>}}, sa_flags = 0, sa_restorer = 0} listener = <value optimized out> The program is running. Exit anyway? (y or n) rad2:/home/mking/freeradius-1.1.3/doc#
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
"King, Michael" <MKing@bridgew.edu> wrote:
Anways, here's what I got following those direcitons (Which is what leads me to think the symbols go stripped)
Program received signal SIGSEGV, Segmentation fault.
Are you sure you're using the new code? It looks to me like it's NOT installing the server with symbols, and it's NOT printing the new debugging messages. Try the install on a clean machine, without a previous version of the server. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
-----Original Message----- Are you sure you're using the new code? It looks to me like it's NOT installing the server with symbols, and it's NOT printing the new debugging messages. I was, I just wasn't building the server right. I figured it out a few hours later (See my later emails) The last one has the gdb logs pasted into it.
Hi,
I created the vista.patch file by pasting the file you referenced into a vi session. I moved it into freeradius-1.1.3 I used the command: patch -p0 <vista.patch Which gave me a success. (Well two of them for each file)
I recreated my .deb file and installed it.
Let me know if I did this wrong.
no, thats fine. getting the text file directly may sometimes help if there are non ascii characters etc but the process is sound. looks like the patch has a fault...oh! I see email from Alan stating this. alan
Hello Alan, The "Radiator" people are talking about problems with SSL empty fragments handing in Windows Vista ... I've tried to compile FreeRADIUS with SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS but the final result is the same, clients can't connect! in: http://www.open.com.au/radiator/history.html
# Enabled SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS in PEAP TLS, to work around a problem with Vista Beta 2 clients, where the extra empty fragment (sent as a security measure by OpenSSL) confuses the Vista PEAP supplicant. See http://www.openssl.org/~bodo/tls-cbc.txt for reasons behind the empty fragments. Reported by David Spindler.
Best Regards! Wednesday, October 4, 2006, 4:14:25 PM, you wrote:
"King, Michael" <MKing@bridgew.edu> wrote:
So we've been using FreeRADIUS talking to ActiveDirectory to authenticate our WinXP clients (Over 2000) for over a year now. Along comes Vista. Of COURSE it doesn't work. Microsoft changed something, and it broke a working config. Arrg.
You'll have to re-build & re-install the EAP module (you don't need to touch the rest of the server). It won't help, but it will print out a little more information. We'll probably have to do a few cycles before it's tracked down, though.
My (amatuer) analyis, (Aka my gut) is that Vista is Doing something in TLS, not PEAP. (I don't see my mschap module fire).
The TLS tunnel is set up, BUT vista is doing something slightly different that confuses FreeRADIUS, so FreeRADIUS doesn't continue the EAP conversation.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Best regards, =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pedro Ribeiro IPLNet - Rede de dados e comunicações Instituto Politécnico de Lisboa (IPL) Mail: mailto:pribeiro@net.ipl.pt VoIP: sip:pribeiro@net.ipl.pt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pedro Ribeiro <pribeiro-bulk@net.ipl.pt> wrote:
The "Radiator" people are talking about problems with SSL empty fragments handing in Windows Vista ... I've tried to compile FreeRADIUS with SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS but the final result is the same, clients can't connect!
i.e. the patch below MAY help. There is still an issue in the FreeRADIUS state machine where it MAY send an empty ACK once the SSL tunnel is set up. Most clients seem to be OK with this, but maybe Vista isn't. A solution, I *think* would be to have FreeRADIUS send an EAP Identity request inside of the tunneled session for PEAP, as soon as the session is established. This should work with third-party supplicants, and may allow Vista to work, too. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog Index: src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c,v retrieving revision 1.21.4.11 diff -u -r1.21.4.11 rlm_eap_tls.c --- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 26 Oct 2006 17:13:04 -0000 1.21.4.11 +++ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 28 Nov 2006 22:04:44 -0000 @@ -368,7 +368,7 @@ * time needed during negotiation, but it is not very * large. */ - ctx_options |= SSL_OP_SINGLE_DH_USE; + ctx_options |= SSL_OP_SINGLE_DH_USE | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; SSL_CTX_set_options(ctx, ctx_options); /*
hey, Vista now working with freeRADIUS? any debugging information needed? ca mIke Alan DeKok schrieb:
Pedro Ribeiro <pribeiro-bulk@net.ipl.pt> wrote:
The "Radiator" people are talking about problems with SSL empty fragments handing in Windows Vista ... I've tried to compile FreeRADIUS with SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS but the final result is the same, clients can't connect!
i.e. the patch below MAY help. There is still an issue in the FreeRADIUS state machine where it MAY send an empty ACK once the SSL tunnel is set up. Most clients seem to be OK with this, but maybe Vista isn't.
A solution, I *think* would be to have FreeRADIUS send an EAP Identity request inside of the tunneled session for PEAP, as soon as the session is established. This should work with third-party supplicants, and may allow Vista to work, too.
Michael Messner wrote:
Vista now working with freeRADIUS?
No idea.
any debugging information needed?
Yes, someone to test it would be nice. I don't have Vista, so I can't test it. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Alan DeKok schrieb:
Michael Messner wrote:
Vista now working with freeRADIUS?
No idea.
any debugging information needed?
Yes, someone to test it would be nice. I don't have Vista, so I can't test it.
I think you have not seen the mail from pribeiro-bulk@net.ipl.pt with subject: Re[4]: Windows Vista doing PEAP - WORKING!!!
Hello Alan, I can confirm it's working now!!!
so my question is when there will be the next freeRADIUS release with included vista support? ca mIke
Michael Messner wrote:
I think you have not seen the mail from pribeiro-bulk@net.ipl.pt with subject: Re[4]: Windows Vista doing PEAP - WORKING!!!
Hmm... I have noticed the occasional email show up in the list archives, but not in my inbox. Oh well. I've added the patch to 1.1.4 & CVS head. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Cool deal. I have also been able to confirm that adding the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option to the CTX makes Vista work. This is good news for us since we have a volume license deal and now have release copies beginning to be installed. :) --Mike On Nov 29, 2006, at 5:00 PM, Alan DeKok wrote:
Michael Messner wrote:
I think you have not seen the mail from pribeiro-bulk@net.ipl.pt with subject: Re[4]: Windows Vista doing PEAP - WORKING!!!
Hmm... I have noticed the occasional email show up in the list archives, but not in my inbox. Oh well.
I've added the patch to 1.1.4 & CVS head.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
The patch did improve things, but is still isn't perfect. If I configure my VISTA client to prompt me for my credentials the authentication works and I get connected. If I configure my VISTA client to use my windows login credentials (This is the default behavior) the Auth fails. For some reason the arguments to ntlm_auth aren't right. I've looked at the requests and don't see anything different as far as domain/username. It still functions fine under XP, even when XP uses windows credentials for the log in rather than prompting. Brian -----Original Message----- From: freeradius-users-bounces+dourtyb=missouri.edu@lists.freeradius.org [mailto:freeradius-users-bounces+dourtyb=missouri.edu@lists.freeradius.o rg] On Behalf Of Michael Griego Sent: Wednesday, November 29, 2006 9:30 PM To: FreeRadius users mailing list Subject: Re: Windows Vista doing PEAP Cool deal. I have also been able to confirm that adding the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option to the CTX makes Vista work. This is good news for us since we have a volume license deal and now have release copies beginning to be installed. :) --Mike On Nov 29, 2006, at 5:00 PM, Alan DeKok wrote:
Michael Messner wrote:
I think you have not seen the mail from pribeiro-bulk@net.ipl.pt with subject: Re[4]: Windows Vista doing PEAP - WORKING!!!
Hmm... I have noticed the occasional email show up in the list archives, but not in my inbox. Oh well.
I've added the patch to 1.1.4 & CVS head.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Hi,
The patch did improve things, but is still isn't perfect. If I configure my VISTA client to prompt me for my credentials the authentication works and I get connected. If I configure my VISTA client to use my windows login credentials (This is the default behavior) the Auth fails. For some reason the arguments to ntlm_auth aren't right. I've looked at the requests and don't see anything different as far as domain/username. It still functions fine under XP, even when XP uses windows credentials for the log in rather than prompting.
we need the complete 'radiusd -X' log of that large, relevant ntlm_auth section. alan
Hello Alan, I can confirm it's working now!!! When I've seen the comment in the release notes of Radiator I thought it was a conditional compiling (#ifdef) flag, thanks for the help! Tuesday, November 28, 2006, 10:06:11 PM, you wrote:
Pedro Ribeiro <pribeiro-bulk@net.ipl.pt> wrote:
The "Radiator" people are talking about problems with SSL empty fragments handing in Windows Vista ... I've tried to compile FreeRADIUS with SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS but the final result is the same, clients can't connect!
i.e. the patch below MAY help. There is still an issue in the FreeRADIUS state machine where it MAY send an empty ACK once the SSL tunnel is set up. Most clients seem to be OK with this, but maybe Vista isn't.
A solution, I *think* would be to have FreeRADIUS send an EAP Identity request inside of the tunneled session for PEAP, as soon as the session is established. This should work with third-party supplicants, and may allow Vista to work, too.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Index: src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c,v retrieving revision 1.21.4.11 diff -u -r1.21.4.11 rlm_eap_tls.c --- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 26 Oct 2006 17:13:04 -0000 1.21.4.11 +++ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 28 Nov 2006 22:04:44 -0000 @@ -368,7 +368,7 @@ * time needed during negotiation, but it is not very * large. */ - ctx_options |= SSL_OP_SINGLE_DH_USE; + ctx_options |= SSL_OP_SINGLE_DH_USE | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; SSL_CTX_set_options(ctx, ctx_options);
/*
-- Best regards, =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pedro Ribeiro IPLNet - Rede de dados e comunicações Instituto Politécnico de Lisboa (IPL) Mail: mailto:pribeiro@net.ipl.pt VoIP: sip:pribeiro@net.ipl.pt =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Instsll mysql libraries !!! (lib_mysql.rpm ??) or compile freeradius without mysql ect... Collen raviprakash sunkara wrote:
Hello. Uses... Good Morning... So long back I mailing to Users List.
I ownning two openser System are Linux... one is Fedora core 5. other is RedHat AS 4. I don't have any problem in Fedora core 5 while installing the FreeRadius1.1.3 , it working fine and clear When I using RHEL AS 4 with mysql database + FreeRadius. Problem... is below....
rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed.
-- Thanks and Regards Ravi Prakash Sunkara ravi.sunkara@hyperion-tech.com <mailto:ravi.sunkara@hyperion-tech.com> M:+91 9985077535 O:+91 40 23114549 F:+91 40 40208727 ravi.sunkara@hyperion-tech.com <mailto:ravi.sunkara@hyperion-tech.com> www.hyperion-tech.com <http://www.hyperion-tech.com> ------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (12)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Collen Blijenberg -
Dourty, Brian R. (IATS) -
Josh Howlett -
K. Hoercher -
King, Michael -
Michael Griego -
Michael Messner -
Pedro Ribeiro -
Phil Mayers -
raviprakash sunkara