Re: iOS mysterious issues on Freeradius 3.0.14
<quote author='Alan DeKok-2'> On Mar 22, 2017, at 7:39 AM, Igor Sousa <igorvolt@gmail.com> wrote:
PLEASE follow the instructions, and use "radiusd -X". Doing "-Xx" just makes the debug output harder to read. </quote> Quoted from: http://freeradius.1045715.n5.nabble.com/iOS-mysterious-issues-on-Freeradius-...
I'm so sorry. I used use "radiusd -Xx" because I like see timestamp, but it turns debug output harder to read and I agree with you. Now, I get two debug's output where the first when Iphone can't connect to network and second when I reboot the same Iphone and it can connect to the same network (same AP device too). PS: The certificate was generated during freeradius install. I think that certificate isn't problem because tunneled authentication was successful Glad to your help, Igor Sousa Debug outputs IPHONE CANNOT CONNECT TO WIFI NETWORK (19) Received Access-Request Id 0 from 10.41.17.64:1086 to 10.41.110.86:1812 length 210 (19) Message-Authenticator = 0xaff68abbae7d1c7ec3845b6e82d7820b (19) Service-Type = Framed-User (19) User-Name = "userTest" (19) Framed-MTU = 1488 (19) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (19) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (19) NAS-Identifier = "3Com Access Point 7760" (19) NAS-Port-Type = Wireless-802.11 (19) Connect-Info = "CONNECT 54Mbps 802.11g" (19) EAP-Message = 0x02000010013031383239353036333832 (19) NAS-IP-Address = 10.41.17.64 (19) NAS-Port = 1 (19) NAS-Port-Id = "STA port # 1" (19) # Executing section authorize from file /etc/raddb/sites-enabled/default (19) authorize { (19) [preprocess] = ok (19) eap: Peer sent EAP Response (code 2) ID 0 length 16 (19) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (19) [eap] = ok (19) } # authorize = ok (19) Found Auth-Type = eap (19) # Executing group from file /etc/raddb/sites-enabled/default (19) authenticate { (19) eap: Peer sent packet with method EAP Identity (1) (19) eap: Calling submodule eap_peap to process data (19) eap_peap: Initiating new EAP-TLS session (19) eap_peap: [eaptls start] = request (19) eap: Sending EAP Request (code 1) ID 1 length 6 (19) eap: EAP session adding &reply:State = 0x82e4cb1b82e5d244 (19) [eap] = handled (19) } # authenticate = handled (19) Using Post-Auth-Type Challenge (19) Post-Auth-Type sub-section not found. Ignoring. (19) # Executing group from file /etc/raddb/sites-enabled/default (19) Sent Access-Challenge Id 0 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (19) EAP-Message = 0x010100061920 (19) Message-Authenticator = 0x00000000000000000000000000000000 (19) State = 0x82e4cb1b82e5d244ae1bb12a174a7e27 (19) Finished request Waking up in 1.0 seconds. (20) Received Access-Request Id 1 from 10.41.17.64:1086 to 10.41.110.86:1812 length 339 (20) Message-Authenticator = 0x06ed06a6edcefe165e317699f3ab93bf (20) Service-Type = Framed-User (20) User-Name = "userTest" (20) Framed-MTU = 1488 (20) State = 0x82e4cb1b82e5d244ae1bb12a174a7e27 (20) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (20) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (20) NAS-Identifier = "3Com Access Point 7760" (20) NAS-Port-Type = Wireless-802.11 (20) Connect-Info = "CONNECT 54Mbps 802.11g" (20) EAP-Message = 0x0201007f19800000007516030100700100006c030158d2b994740bc0e95df6bd9e51c89c348c9061a2001932506837a83a2b96e1f800002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b00020100000500050100000000 (20) NAS-IP-Address = 10.41.17.64 (20) NAS-Port = 1 (20) NAS-Port-Id = "STA port # 1" (20) session-state: No cached attributes (20) # Executing section authorize from file /etc/raddb/sites-enabled/default (20) authorize { (20) [preprocess] = ok (20) eap: Peer sent EAP Response (code 2) ID 1 length 127 (20) eap: Continuing tunnel setup (20) [eap] = ok (20) } # authorize = ok (20) Found Auth-Type = eap (20) # Executing group from file /etc/raddb/sites-enabled/default (20) authenticate { (20) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (20) eap: Finished EAP session with state 0x82e4cb1b82e5d244 (20) eap: Previous EAP request found for state 0x82e4cb1b82e5d244, released from the list (20) eap: Peer sent packet with method EAP PEAP (25) (20) eap: Calling submodule eap_peap to process data (20) eap_peap: Continuing EAP-TLS (20) eap_peap: Peer indicated complete TLS record size will be 117 bytes (20) eap_peap: Got complete TLS record (117 bytes) (20) eap_peap: [eaptls verify] = length included (20) eap_peap: (other): before SSL initialization (20) eap_peap: TLS_accept: before SSL initialization (20) eap_peap: TLS_accept: before SSL initialization (20) eap_peap: <<< recv TLS 1.2 [length 0070] (20) eap_peap: TLS_accept: SSLv3/TLS read client hello (20) eap_peap: >>> send TLS 1.0 Handshake [length 005d], ServerHello (20) eap_peap: TLS_accept: SSLv3/TLS write server hello (20) eap_peap: >>> send TLS 1.0 Handshake [length 08d3], Certificate (20) eap_peap: TLS_accept: SSLv3/TLS write certificate (20) eap_peap: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange (20) eap_peap: TLS_accept: SSLv3/TLS write key exchange (20) eap_peap: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone (20) eap_peap: TLS_accept: SSLv3/TLS write server done (20) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done (20) eap_peap: In SSL Handshake Phase (20) eap_peap: In SSL Accept mode (20) eap_peap: [eaptls process] = handled (20) eap: Sending EAP Request (code 1) ID 2 length 1004 (20) eap: EAP session adding &reply:State = 0x82e4cb1b83e6d244 (20) [eap] = handled (20) } # authenticate = handled (20) Using Post-Auth-Type Challenge (20) Post-Auth-Type sub-section not found. Ignoring. (20) # Executing group from file /etc/raddb/sites-enabled/default (20) Sent Access-Challenge Id 1 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (20) EAP-Message = 0x010203ec19c000000a93160301005d02000059030137ff0e7945d630b967660ce9dfe075ed12322d81c073d418449d657776955cef20ad6b30ad91ec1d4a1cb29d7bcca8c64ffca1d37b284636e0af73a499a87943b5c014000011ff01000100000b0004030001020017000016030108d30b0008cf0008 (20) Message-Authenticator = 0x00000000000000000000000000000000 (20) State = 0x82e4cb1b83e6d244ae1bb12a174a7e27 (20) Finished request Waking up in 1.0 seconds. (21) Received Access-Request Id 2 from 10.41.17.64:1086 to 10.41.110.86:1812 length 218 (21) Message-Authenticator = 0x9e08ee72ba04c092cc95e8dc3c2b126d (21) Service-Type = Framed-User (21) User-Name = "userTest" (21) Framed-MTU = 1488 (21) State = 0x82e4cb1b83e6d244ae1bb12a174a7e27 (21) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (21) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (21) NAS-Identifier = "3Com Access Point 7760" (21) NAS-Port-Type = Wireless-802.11 (21) Connect-Info = "CONNECT 54Mbps 802.11g" (21) EAP-Message = 0x020200061900 (21) NAS-IP-Address = 10.41.17.64 (21) NAS-Port = 1 (21) NAS-Port-Id = "STA port # 1" (21) session-state: No cached attributes (21) # Executing section authorize from file /etc/raddb/sites-enabled/default (21) authorize { (21) [preprocess] = ok (21) eap: Peer sent EAP Response (code 2) ID 2 length 6 (21) eap: Continuing tunnel setup (21) [eap] = ok (21) } # authorize = ok (21) Found Auth-Type = eap (21) # Executing group from file /etc/raddb/sites-enabled/default (21) authenticate { (21) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (21) eap: Finished EAP session with state 0x82e4cb1b83e6d244 (21) eap: Previous EAP request found for state 0x82e4cb1b83e6d244, released from the list (21) eap: Peer sent packet with method EAP PEAP (25) (21) eap: Calling submodule eap_peap to process data (21) eap_peap: Continuing EAP-TLS (21) eap_peap: Peer ACKed our handshake fragment (21) eap_peap: [eaptls verify] = request (21) eap_peap: [eaptls process] = handled (21) eap: Sending EAP Request (code 1) ID 3 length 1000 (21) eap: EAP session adding &reply:State = 0x82e4cb1b80e7d244 (21) [eap] = handled (21) } # authenticate = handled (21) Using Post-Auth-Type Challenge (21) Post-Auth-Type sub-section not found. Ignoring. (21) # Executing group from file /etc/raddb/sites-enabled/default (21) Sent Access-Challenge Id 2 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (21) EAP-Message = 0x010303e81940b2c16fe1b0d484179f9cdaaba928edbe85ea947176542ea9646d2f16b8803f26bf43aa9d60ff2c5d4d9ec84c4c511d64d81b360765cd88159cbe3831e7f63102d7e95becbf76520288a093eefd7080eb3f1c6936e347b508b9916d3e4e10615ad52b4601565fedd7e976bdf1ec0004e830 (21) Message-Authenticator = 0x00000000000000000000000000000000 (21) State = 0x82e4cb1b80e7d244ae1bb12a174a7e27 (21) Finished request Waking up in 1.0 seconds. (22) Received Access-Request Id 3 from 10.41.17.64:1086 to 10.41.110.86:1812 length 218 (22) Message-Authenticator = 0x0e187ddb9e28534049f07abe7b3a792a (22) Service-Type = Framed-User (22) User-Name = "userTest" (22) Framed-MTU = 1488 (22) State = 0x82e4cb1b80e7d244ae1bb12a174a7e27 (22) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (22) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (22) NAS-Identifier = "3Com Access Point 7760" (22) NAS-Port-Type = Wireless-802.11 (22) Connect-Info = "CONNECT 54Mbps 802.11g" (22) EAP-Message = 0x020300061900 (22) NAS-IP-Address = 10.41.17.64 (22) NAS-Port = 1 (22) NAS-Port-Id = "STA port # 1" (22) session-state: No cached attributes (22) # Executing section authorize from file /etc/raddb/sites-enabled/default (22) authorize { (22) [preprocess] = ok (22) eap: Peer sent EAP Response (code 2) ID 3 length 6 (22) eap: Continuing tunnel setup (22) [eap] = ok (22) } # authorize = ok (22) Found Auth-Type = eap (22) # Executing group from file /etc/raddb/sites-enabled/default (22) authenticate { (22) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (22) eap: Finished EAP session with state 0x82e4cb1b80e7d244 (22) eap: Previous EAP request found for state 0x82e4cb1b80e7d244, released from the list (22) eap: Peer sent packet with method EAP PEAP (25) (22) eap: Calling submodule eap_peap to process data (22) eap_peap: Continuing EAP-TLS (22) eap_peap: Peer ACKed our handshake fragment (22) eap_peap: [eaptls verify] = request (22) eap_peap: [eaptls process] = handled (22) eap: Sending EAP Request (code 1) ID 4 length 725 (22) eap: EAP session adding &reply:State = 0x82e4cb1b81e0d244 (22) [eap] = handled (22) } # authenticate = handled (22) Using Post-Auth-Type Challenge (22) Post-Auth-Type sub-section not found. Ignoring. (22) # Executing group from file /etc/raddb/sites-enabled/default (22) Sent Access-Challenge Id 3 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (22) EAP-Message = 0x010402d519006361746520417574686f72697479820900f29e29fc64450db1300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500 (22) Message-Authenticator = 0x00000000000000000000000000000000 (22) State = 0x82e4cb1b81e0d244ae1bb12a174a7e27 (22) Finished request Waking up in 1.0 seconds. (23) Received Access-Request Id 4 from 10.41.17.64:1086 to 10.41.110.86:1812 length 356 (23) Message-Authenticator = 0xc77ca6450207ee96bc701c3e80013fa2 (23) Service-Type = Framed-User (23) User-Name = "userTest" (23) Framed-MTU = 1488 (23) State = 0x82e4cb1b81e0d244ae1bb12a174a7e27 (23) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (23) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (23) NAS-Identifier = "3Com Access Point 7760" (23) NAS-Port-Type = Wireless-802.11 (23) Connect-Info = "CONNECT 54Mbps 802.11g" (23) EAP-Message = 0x020400901980000000861603010046100000424104fc94c086c80412f32f419d7f1071bd4863294987aebe7139a5d92849080b9c602c5a61b8f8b8e65d7b8f08d5b4f75c942d77f7b0bfba1eb3c64cd9a4f24c9d4114030100010116030100304daead77f0532e3562ea1b4b112348d124a28151794774 (23) NAS-IP-Address = 10.41.17.64 (23) NAS-Port = 1 (23) NAS-Port-Id = "STA port # 1" (23) session-state: No cached attributes (23) # Executing section authorize from file /etc/raddb/sites-enabled/default (23) authorize { (23) [preprocess] = ok (23) eap: Peer sent EAP Response (code 2) ID 4 length 144 (23) eap: Continuing tunnel setup (23) [eap] = ok (23) } # authorize = ok (23) Found Auth-Type = eap (23) # Executing group from file /etc/raddb/sites-enabled/default (23) authenticate { (23) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (23) eap: Finished EAP session with state 0x82e4cb1b81e0d244 (23) eap: Previous EAP request found for state 0x82e4cb1b81e0d244, released from the list (23) eap: Peer sent packet with method EAP PEAP (25) (23) eap: Calling submodule eap_peap to process data (23) eap_peap: Continuing EAP-TLS (23) eap_peap: Peer indicated complete TLS record size will be 134 bytes (23) eap_peap: Got complete TLS record (134 bytes) (23) eap_peap: [eaptls verify] = length included (23) eap_peap: TLS_accept: SSLv3/TLS write server done (23) eap_peap: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange (23) eap_peap: TLS_accept: SSLv3/TLS read client key exchange (23) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec (23) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished (23) eap_peap: TLS_accept: SSLv3/TLS read finished (23) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001] (23) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec (23) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished (23) eap_peap: TLS_accept: SSLv3/TLS write finished (23) eap_peap: (other): SSL negotiation finished successfully (23) eap_peap: SSL Connection Established (23) eap_peap: [eaptls process] = handled (23) eap: Sending EAP Request (code 1) ID 5 length 65 (23) eap: EAP session adding &reply:State = 0x82e4cb1b86e1d244 (23) [eap] = handled (23) } # authenticate = handled (23) Using Post-Auth-Type Challenge (23) Post-Auth-Type sub-section not found. Ignoring. (23) # Executing group from file /etc/raddb/sites-enabled/default (23) Sent Access-Challenge Id 4 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (23) EAP-Message = 0x010500411900140301000101160301003092e53f04b9660df09297508db8e8fb3b4ad05e7b6ae5ec5d0120facf25d35fd262b1706180c33f72e235b2c3f3724cd9 (23) Message-Authenticator = 0x00000000000000000000000000000000 (23) State = 0x82e4cb1b86e1d244ae1bb12a174a7e27 (23) Finished request Waking up in 1.0 seconds. (24) Received Access-Request Id 5 from 10.41.17.64:1086 to 10.41.110.86:1812 length 218 (24) Message-Authenticator = 0x7b0940b6625998f02f43527bb1725e77 (24) Service-Type = Framed-User (24) User-Name = "userTest" (24) Framed-MTU = 1488 (24) State = 0x82e4cb1b86e1d244ae1bb12a174a7e27 (24) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (24) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (24) NAS-Identifier = "3Com Access Point 7760" (24) NAS-Port-Type = Wireless-802.11 (24) Connect-Info = "CONNECT 54Mbps 802.11g" (24) EAP-Message = 0x020500061900 (24) NAS-IP-Address = 10.41.17.64 (24) NAS-Port = 1 (24) NAS-Port-Id = "STA port # 1" (24) session-state: No cached attributes (24) # Executing section authorize from file /etc/raddb/sites-enabled/default (24) authorize { (24) [preprocess] = ok (24) eap: Peer sent EAP Response (code 2) ID 5 length 6 (24) eap: Continuing tunnel setup (24) [eap] = ok (24) } # authorize = ok (24) Found Auth-Type = eap (24) # Executing group from file /etc/raddb/sites-enabled/default (24) authenticate { (24) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (24) eap: Finished EAP session with state 0x82e4cb1b86e1d244 (24) eap: Previous EAP request found for state 0x82e4cb1b86e1d244, released from the list (24) eap: Peer sent packet with method EAP PEAP (25) (24) eap: Calling submodule eap_peap to process data (24) eap_peap: Continuing EAP-TLS (24) eap_peap: Peer ACKed our handshake fragment. handshake is finished (24) eap_peap: [eaptls verify] = success (24) eap_peap: [eaptls process] = success (24) eap_peap: Session established. Decoding tunneled attributes (24) eap_peap: PEAP state TUNNEL ESTABLISHED (24) eap: Sending EAP Request (code 1) ID 6 length 43 (24) eap: EAP session adding &reply:State = 0x82e4cb1b87e2d244 (24) [eap] = handled (24) } # authenticate = handled (24) Using Post-Auth-Type Challenge (24) Post-Auth-Type sub-section not found. Ignoring. (24) # Executing group from file /etc/raddb/sites-enabled/default (24) Sent Access-Challenge Id 5 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (24) EAP-Message = 0x0106002b19001703010020afa714d51b4477ae4fc0c892baab98cb04bd0762d895080477d237e60fdae1cb (24) Message-Authenticator = 0x00000000000000000000000000000000 (24) State = 0x82e4cb1b87e2d244ae1bb12a174a7e27 (24) Finished request Waking up in 0.9 seconds. (25) Received Access-Request Id 6 from 10.41.17.64:1086 to 10.41.110.86:1812 length 271 (25) Message-Authenticator = 0xdec0a89429f16c15bc1dc8a9a9a272c1 (25) Service-Type = Framed-User (25) User-Name = "userTest" (25) Framed-MTU = 1488 (25) State = 0x82e4cb1b87e2d244ae1bb12a174a7e27 (25) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (25) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (25) NAS-Identifier = "3Com Access Point 7760" (25) NAS-Port-Type = Wireless-802.11 (25) Connect-Info = "CONNECT 54Mbps 802.11g" (25) EAP-Message = 0x0206003b19001703010030657aea9089cf393fccfa7cce8b305fa7c1265fa8174415a9b45527c898b1b5178cb30fa0081511f2f971c4f46af30621 (25) NAS-IP-Address = 10.41.17.64 (25) NAS-Port = 1 (25) NAS-Port-Id = "STA port # 1" (25) session-state: No cached attributes (25) # Executing section authorize from file /etc/raddb/sites-enabled/default (25) authorize { (25) [preprocess] = ok (25) eap: Peer sent EAP Response (code 2) ID 6 length 59 (25) eap: Continuing tunnel setup (25) [eap] = ok (25) } # authorize = ok (25) Found Auth-Type = eap (25) # Executing group from file /etc/raddb/sites-enabled/default (25) authenticate { (25) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (25) eap: Finished EAP session with state 0x82e4cb1b87e2d244 (25) eap: Previous EAP request found for state 0x82e4cb1b87e2d244, released from the list (25) eap: Peer sent packet with method EAP PEAP (25) (25) eap: Calling submodule eap_peap to process data (25) eap_peap: Continuing EAP-TLS (25) eap_peap: [eaptls verify] = ok (25) eap_peap: Done initial handshake (25) eap_peap: [eaptls process] = ok (25) eap_peap: Session established. Decoding tunneled attributes (25) eap_peap: PEAP state WAITING FOR INNER IDENTITY (25) eap_peap: Identity - userTest (25) eap_peap: Got inner identity 'userTest' (25) eap_peap: Setting default EAP type for tunneled EAP session (25) eap_peap: Got tunneled request (25) eap_peap: EAP-Message = 0x02060010013031383239353036333832 (25) eap_peap: Setting User-Name to userTest (25) eap_peap: Sending tunneled request to inner-tunnel (25) eap_peap: EAP-Message = 0x02060010013031383239353036333832 (25) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (25) eap_peap: User-Name = "userTest" (25) eap_peap: Service-Type = Framed-User (25) eap_peap: Framed-MTU = 1488 (25) eap_peap: Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (25) eap_peap: Calling-Station-Id = "4C-57-CA-E2-E9-8D" (25) eap_peap: NAS-Identifier = "3Com Access Point 7760" (25) eap_peap: NAS-Port-Type = Wireless-802.11 (25) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11g" (25) eap_peap: NAS-IP-Address = 10.41.17.64 (25) eap_peap: NAS-Port = 1 (25) eap_peap: NAS-Port-Id = "STA port # 1" (25) eap_peap: Event-Timestamp = "Mar 22 2017 14:51:08 -03" (25) Virtual server inner-tunnel received request (25) EAP-Message = 0x02060010013031383239353036333832 (25) FreeRADIUS-Proxied-To = 127.0.0.1 (25) User-Name = "userTest" (25) Service-Type = Framed-User (25) Framed-MTU = 1488 (25) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (25) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (25) NAS-Identifier = "3Com Access Point 7760" (25) NAS-Port-Type = Wireless-802.11 (25) Connect-Info = "CONNECT 54Mbps 802.11g" (25) NAS-IP-Address = 10.41.17.64 (25) NAS-Port = 1 (25) NAS-Port-Id = "STA port # 1" (25) Event-Timestamp = "Mar 22 2017 14:51:08 -03" (25) WARNING: Outer and inner identities are the same. User privacy is compromised. (25) server inner-tunnel { (25) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (25) authorize { (25) eap: Peer sent EAP Response (code 2) ID 6 length 16 (25) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (25) [eap] = ok (25) } # authorize = ok (25) Found Auth-Type = eap (25) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (25) authenticate { (25) eap: Peer sent packet with method EAP Identity (1) (25) eap: Calling submodule eap_mschapv2 to process data (25) eap_mschapv2: Issuing Challenge (25) eap: Sending EAP Request (code 1) ID 7 length 43 (25) eap: EAP session adding &reply:State = 0xed05353eed022fbe (25) [eap] = handled (25) } # authenticate = handled (25) } # server inner-tunnel (25) Virtual server sending reply (25) EAP-Message = 0x0107002b1a01070026109ac249a45bf691de7fc75a3feed0cb60667265657261646975732d332e302e3134 (25) Message-Authenticator = 0x00000000000000000000000000000000 (25) State = 0xed05353eed022fbe5b1d8e8a916c26a0 (25) eap_peap: Got tunneled reply code 11 (25) eap_peap: EAP-Message = 0x0107002b1a01070026109ac249a45bf691de7fc75a3feed0cb60667265657261646975732d332e302e3134 (25) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (25) eap_peap: State = 0xed05353eed022fbe5b1d8e8a916c26a0 (25) eap_peap: Got tunneled reply RADIUS code 11 (25) eap_peap: EAP-Message = 0x0107002b1a01070026109ac249a45bf691de7fc75a3feed0cb60667265657261646975732d332e302e3134 (25) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (25) eap_peap: State = 0xed05353eed022fbe5b1d8e8a916c26a0 (25) eap_peap: Got tunneled Access-Challenge (25) eap: Sending EAP Request (code 1) ID 7 length 75 (25) eap: EAP session adding &reply:State = 0x82e4cb1b84e3d244 (25) [eap] = handled (25) } # authenticate = handled (25) Using Post-Auth-Type Challenge (25) Post-Auth-Type sub-section not found. Ignoring. (25) # Executing group from file /etc/raddb/sites-enabled/default (25) Sent Access-Challenge Id 6 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (25) EAP-Message = 0x0107004b190017030100400bebb44427586f4cbdcaad23463df25a067c4d45afc5e95fc61702ed797b15c868c9c4e14426bc4990166d0694dc72a2ba6e331ddf04fc1789e72561fe224c6d (25) Message-Authenticator = 0x00000000000000000000000000000000 (25) State = 0x82e4cb1b84e3d244ae1bb12a174a7e27 (25) Finished request Waking up in 0.9 seconds. (26) Received Access-Request Id 7 from 10.41.17.64:1086 to 10.41.110.86:1812 length 319 (26) Message-Authenticator = 0x4840c791be0e158ada74c3f7a5b1becf (26) Service-Type = Framed-User (26) User-Name = "userTest" (26) Framed-MTU = 1488 (26) State = 0x82e4cb1b84e3d244ae1bb12a174a7e27 (26) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (26) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (26) NAS-Identifier = "3Com Access Point 7760" (26) NAS-Port-Type = Wireless-802.11 (26) Connect-Info = "CONNECT 54Mbps 802.11g" (26) EAP-Message = 0x0207006b190017030100601e8bbbaa319f1ffc13c3fe11332e7601429bf2a151d6c4d99d3f91e0a79b3b59bc57498e3bf95cdcf978ffd69c15bc6ad68251cc197b0acbc713895da4ea84bb9abc0de37ab3c81c6819b636dae5e12fca59c5704d52cae6fd568351fe2c06d8 (26) NAS-IP-Address = 10.41.17.64 (26) NAS-Port = 1 (26) NAS-Port-Id = "STA port # 1" (26) session-state: No cached attributes (26) # Executing section authorize from file /etc/raddb/sites-enabled/default (26) authorize { (26) [preprocess] = ok (26) eap: Peer sent EAP Response (code 2) ID 7 length 107 (26) eap: Continuing tunnel setup (26) [eap] = ok (26) } # authorize = ok (26) Found Auth-Type = eap (26) # Executing group from file /etc/raddb/sites-enabled/default (26) authenticate { (26) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (26) eap: Finished EAP session with state 0x82e4cb1b84e3d244 (26) eap: Previous EAP request found for state 0x82e4cb1b84e3d244, released from the list (26) eap: Peer sent packet with method EAP PEAP (25) (26) eap: Calling submodule eap_peap to process data (26) eap_peap: Continuing EAP-TLS (26) eap_peap: [eaptls verify] = ok (26) eap_peap: Done initial handshake (26) eap_peap: [eaptls process] = ok (26) eap_peap: Session established. Decoding tunneled attributes (26) eap_peap: PEAP state phase2 (26) eap_peap: EAP method MSCHAPv2 (26) (26) eap_peap: Got tunneled request (26) eap_peap: EAP-Message = 0x020700461a02070041312878ab53f5a3bfc536df80a0cba47d180000000000000000613251667b283074a5abb46f3f3469403d8ba8a992319ef4003031383239353036333832 (26) eap_peap: Setting User-Name to userTest (26) eap_peap: Sending tunneled request to inner-tunnel (26) eap_peap: EAP-Message = 0x020700461a02070041312878ab53f5a3bfc536df80a0cba47d180000000000000000613251667b283074a5abb46f3f3469403d8ba8a992319ef4003031383239353036333832 (26) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (26) eap_peap: User-Name = "userTest" (26) eap_peap: State = 0xed05353eed022fbe5b1d8e8a916c26a0 (26) eap_peap: Service-Type = Framed-User (26) eap_peap: Framed-MTU = 1488 (26) eap_peap: Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (26) eap_peap: Calling-Station-Id = "4C-57-CA-E2-E9-8D" (26) eap_peap: NAS-Identifier = "3Com Access Point 7760" (26) eap_peap: NAS-Port-Type = Wireless-802.11 (26) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11g" (26) eap_peap: NAS-IP-Address = 10.41.17.64 (26) eap_peap: NAS-Port = 1 (26) eap_peap: NAS-Port-Id = "STA port # 1" (26) eap_peap: Event-Timestamp = "Mar 22 2017 14:51:08 -03" (26) Virtual server inner-tunnel received request (26) EAP-Message = 0x020700461a02070041312878ab53f5a3bfc536df80a0cba47d180000000000000000613251667b283074a5abb46f3f3469403d8ba8a992319ef4003031383239353036333832 (26) FreeRADIUS-Proxied-To = 127.0.0.1 (26) User-Name = "userTest" (26) State = 0xed05353eed022fbe5b1d8e8a916c26a0 (26) Service-Type = Framed-User (26) Framed-MTU = 1488 (26) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (26) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (26) NAS-Identifier = "3Com Access Point 7760" (26) NAS-Port-Type = Wireless-802.11 (26) Connect-Info = "CONNECT 54Mbps 802.11g" (26) NAS-IP-Address = 10.41.17.64 (26) NAS-Port = 1 (26) NAS-Port-Id = "STA port # 1" (26) Event-Timestamp = "Mar 22 2017 14:51:08 -03" (26) WARNING: Outer and inner identities are the same. User privacy is compromised. (26) server inner-tunnel { (26) session-state: No cached attributes (26) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (26) authorize { (26) eap: Peer sent EAP Response (code 2) ID 7 length 70 (26) eap: No EAP Start, assuming it's an on-going EAP conversation (26) [eap] = updated rlm_ldap (ldap): Reserved connection (4) (26) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (26) ldap: --> (uid=userTest) (26) ldap: Performing search in "ou=people,dc=test,dc=br" with filter "(uid=userTest)", scope "sub" (26) ldap: Waiting for search result... (26) ldap: User object found at DN "uid=userTest,ou=people,dc=test,dc=br" (26) ldap: Processing user attributes (26) ldap: control:NT-Password := 0x3145333941394139324632423038413045363942344435414441374535333332 rlm_ldap (ldap): Released connection (4) Need 1 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (9), 1 of 23 pending slots used rlm_ldap (ldap): Connecting to ldap://10.0.0.2:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (26) [ldap] = updated (26) [expiration] = noop (26) [logintime] = noop (26) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes (26) pap: WARNING: Auth-Type already set. Not setting to PAP (26) [pap] = noop (26) } # authorize = updated (26) Found Auth-Type = eap (26) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (26) authenticate { (26) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (26) eap: Finished EAP session with state 0xed05353eed022fbe (26) eap: Previous EAP request found for state 0xed05353eed022fbe, released from the list (26) eap: Peer sent packet with method EAP MSCHAPv2 (26) (26) eap: Calling submodule eap_mschapv2 to process data (26) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (26) eap_mschapv2: authenticate { (26) mschap: Found NT-Password (26) mschap: Creating challenge hash with username: userTest (26) mschap: Client is using MS-CHAPv2 (26) mschap: Adding MS-CHAPv2 MPPE keys (26) [mschap] = ok (26) } # authenticate = ok (26) MSCHAP Success (26) eap: Sending EAP Request (code 1) ID 8 length 51 (26) eap: EAP session adding &reply:State = 0xed05353eec0d2fbe (26) [eap] = handled (26) } # authenticate = handled (26) } # server inner-tunnel (26) Virtual server sending reply (26) EAP-Message = 0x010800331a0307002e533d38314538303844334446353432374642333142393841314444463533333238304435363930443534 (26) Message-Authenticator = 0x00000000000000000000000000000000 (26) State = 0xed05353eec0d2fbe5b1d8e8a916c26a0 (26) eap_peap: Got tunneled reply code 11 (26) eap_peap: EAP-Message = 0x010800331a0307002e533d38314538303844334446353432374642333142393841314444463533333238304435363930443534 (26) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (26) eap_peap: State = 0xed05353eec0d2fbe5b1d8e8a916c26a0 (26) eap_peap: Got tunneled reply RADIUS code 11 (26) eap_peap: EAP-Message = 0x010800331a0307002e533d38314538303844334446353432374642333142393841314444463533333238304435363930443534 (26) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (26) eap_peap: State = 0xed05353eec0d2fbe5b1d8e8a916c26a0 (26) eap_peap: Got tunneled Access-Challenge (26) eap: Sending EAP Request (code 1) ID 8 length 91 (26) eap: EAP session adding &reply:State = 0x82e4cb1b85ecd244 (26) [eap] = handled (26) } # authenticate = handled (26) Using Post-Auth-Type Challenge (26) Post-Auth-Type sub-section not found. Ignoring. (26) # Executing group from file /etc/raddb/sites-enabled/default (26) Sent Access-Challenge Id 7 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (26) EAP-Message = 0x0108005b19001703010050bf2b1c25d323d4882835f598fcfe8da6173e706e4c1d66b36965789bb836b404e89b5b21fa01ea32c48497cc0de0c17c7d2e5197be5bb9e75fec85fc9d6dce20211bc026bc74a7724da41853c158244e (26) Message-Authenticator = 0x00000000000000000000000000000000 (26) State = 0x82e4cb1b85ecd244ae1bb12a174a7e27 (26) Finished request (17) Cleaning up request packet ID 20 with timestamp +10 Waking up in 1.8 seconds. (27) Received Access-Request Id 8 from 10.41.17.64:1086 to 10.41.110.86:1812 length 255 (27) Message-Authenticator = 0xfa367a6fa8cf063157e227ebc3a6dc7c (27) Service-Type = Framed-User (27) User-Name = "userTest" (27) Framed-MTU = 1488 (27) State = 0x82e4cb1b85ecd244ae1bb12a174a7e27 (27) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (27) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (27) NAS-Identifier = "3Com Access Point 7760" (27) NAS-Port-Type = Wireless-802.11 (27) Connect-Info = "CONNECT 54Mbps 802.11g" (27) EAP-Message = 0x0208002b19001703010020051c0ad98ab4c77d2d4580c0e7e07c4055a8762345473a564dab19aafc402cb1 (27) NAS-IP-Address = 10.41.17.64 (27) NAS-Port = 1 (27) NAS-Port-Id = "STA port # 1" (27) session-state: No cached attributes (27) # Executing section authorize from file /etc/raddb/sites-enabled/default (27) authorize { (27) [preprocess] = ok (27) eap: Peer sent EAP Response (code 2) ID 8 length 43 (27) eap: Continuing tunnel setup (27) [eap] = ok (27) } # authorize = ok (27) Found Auth-Type = eap (27) # Executing group from file /etc/raddb/sites-enabled/default (27) authenticate { (27) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (27) eap: Finished EAP session with state 0x82e4cb1b85ecd244 (27) eap: Previous EAP request found for state 0x82e4cb1b85ecd244, released from the list (27) eap: Peer sent packet with method EAP PEAP (25) (27) eap: Calling submodule eap_peap to process data (27) eap_peap: Continuing EAP-TLS (27) eap_peap: [eaptls verify] = ok (27) eap_peap: Done initial handshake (27) eap_peap: [eaptls process] = ok (27) eap_peap: Session established. Decoding tunneled attributes (27) eap_peap: PEAP state phase2 (27) eap_peap: EAP method MSCHAPv2 (26) (27) eap_peap: Got tunneled request (27) eap_peap: EAP-Message = 0x020800061a03 (27) eap_peap: Setting User-Name to userTest (27) eap_peap: Sending tunneled request to inner-tunnel (27) eap_peap: EAP-Message = 0x020800061a03 (27) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (27) eap_peap: User-Name = "userTest" (27) eap_peap: State = 0xed05353eec0d2fbe5b1d8e8a916c26a0 (27) eap_peap: Service-Type = Framed-User (27) eap_peap: Framed-MTU = 1488 (27) eap_peap: Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (27) eap_peap: Calling-Station-Id = "4C-57-CA-E2-E9-8D" (27) eap_peap: NAS-Identifier = "3Com Access Point 7760" (27) eap_peap: NAS-Port-Type = Wireless-802.11 (27) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11g" (27) eap_peap: NAS-IP-Address = 10.41.17.64 (27) eap_peap: NAS-Port = 1 (27) eap_peap: NAS-Port-Id = "STA port # 1" (27) eap_peap: Event-Timestamp = "Mar 22 2017 14:51:12 -03" (27) Virtual server inner-tunnel received request (27) EAP-Message = 0x020800061a03 (27) FreeRADIUS-Proxied-To = 127.0.0.1 (27) User-Name = "userTest" (27) State = 0xed05353eec0d2fbe5b1d8e8a916c26a0 (27) Service-Type = Framed-User (27) Framed-MTU = 1488 (27) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (27) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (27) NAS-Identifier = "3Com Access Point 7760" (27) NAS-Port-Type = Wireless-802.11 (27) Connect-Info = "CONNECT 54Mbps 802.11g" (27) NAS-IP-Address = 10.41.17.64 (27) NAS-Port = 1 (27) NAS-Port-Id = "STA port # 1" (27) Event-Timestamp = "Mar 22 2017 14:51:12 -03" (27) WARNING: Outer and inner identities are the same. User privacy is compromised. (27) server inner-tunnel { (27) session-state: No cached attributes (27) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (27) authorize { (27) eap: Peer sent EAP Response (code 2) ID 8 length 6 (27) eap: No EAP Start, assuming it's an on-going EAP conversation (27) [eap] = updated rlm_ldap (ldap): Reserved connection (0) (27) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (27) ldap: --> (uid=userTest) (27) ldap: Performing search in "ou=people,dc=test,dc=br" with filter "(uid=userTest)", scope "sub" (27) ldap: Waiting for search result... (27) ldap: User object found at DN "uid=userTest,ou=people,dc=test,dc=br" (27) ldap: Processing user attributes (27) ldap: control:NT-Password := 0x3145333941394139324632423038413045363942344435414441374535333332 rlm_ldap (ldap): Released connection (0) (27) [ldap] = updated (27) [expiration] = noop (27) [logintime] = noop (27) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes (27) pap: WARNING: Auth-Type already set. Not setting to PAP (27) [pap] = noop (27) } # authorize = updated (27) Found Auth-Type = eap (27) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (27) authenticate { (27) eap: Expiring EAP session with state 0xfaf55ea1f2e347c8 (27) eap: Finished EAP session with state 0xed05353eec0d2fbe (27) eap: Previous EAP request found for state 0xed05353eec0d2fbe, released from the list (27) eap: Peer sent packet with method EAP MSCHAPv2 (26) (27) eap: Calling submodule eap_mschapv2 to process data (27) eap: Sending EAP Success (code 3) ID 8 length 4 (27) eap: Freeing handler (27) [eap] = ok (27) } # authenticate = ok (27) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel (27) post-auth { ... } # empty sub-section is ignored (27) } # server inner-tunnel (27) Virtual server sending reply (27) MS-MPPE-Encryption-Policy = Encryption-Allowed (27) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (27) MS-MPPE-Send-Key = 0x9753abfe82235c4216a0c1a4a959646f (27) MS-MPPE-Recv-Key = 0x757fbfa227358f8e820817a60ccf472c (27) EAP-Message = 0x03080004 (27) Message-Authenticator = 0x00000000000000000000000000000000 (27) User-Name = "userTest" (27) eap_peap: Got tunneled reply code 2 (27) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (27) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (27) eap_peap: MS-MPPE-Send-Key = 0x9753abfe82235c4216a0c1a4a959646f (27) eap_peap: MS-MPPE-Recv-Key = 0x757fbfa227358f8e820817a60ccf472c (27) eap_peap: EAP-Message = 0x03080004 (27) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (27) eap_peap: User-Name = "userTest" (27) eap_peap: Got tunneled reply RADIUS code 2 (27) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (27) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (27) eap_peap: MS-MPPE-Send-Key = 0x9753abfe82235c4216a0c1a4a959646f (27) eap_peap: MS-MPPE-Recv-Key = 0x757fbfa227358f8e820817a60ccf472c (27) eap_peap: EAP-Message = 0x03080004 (27) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (27) eap_peap: User-Name = "userTest" (27) eap_peap: Tunneled authentication was successful (27) eap_peap: SUCCESS (27) eap_peap: Saving tunneled attributes for later (27) eap: Sending EAP Request (code 1) ID 9 length 43 (27) eap: EAP session adding &reply:State = 0x82e4cb1b8aedd244 (27) [eap] = handled (27) } # authenticate = handled (27) Using Post-Auth-Type Challenge (27) Post-Auth-Type sub-section not found. Ignoring. (27) # Executing group from file /etc/raddb/sites-enabled/default (27) Sent Access-Challenge Id 8 from 10.41.110.86:1812 to 10.41.17.64:1086 length 0 (27) EAP-Message = 0x0109002b190017030100207a38b4c9aef9e5676a7616149de4a7c75be717b173d6106d60fe592bedcf7088 (27) Message-Authenticator = 0x00000000000000000000000000000000 (27) State = 0x82e4cb1b8aedd244ae1bb12a174a7e27 (27) Finished request (19) Cleaning up request packet ID 0 with timestamp +22 (20) Cleaning up request packet ID 1 with timestamp +22 (21) Cleaning up request packet ID 2 with timestamp +22 (22) Cleaning up request packet ID 3 with timestamp +22 (23) Cleaning up request packet ID 4 with timestamp +22 (24) Cleaning up request packet ID 5 with timestamp +22 (25) Cleaning up request packet ID 6 with timestamp +22 Waking up in 4.9 seconds. (27) Cleaning up request packet ID 8 with timestamp +26 Waking up in 1.8 seconds. (26) Cleaning up request packet ID 7 with timestamp +22 Ready to process requests ================================= IPHONE CAN CONNECT TO THE WIFI NETWORK OBS: I ran again "radiusd -X" to clear and understand where is the first request, but Iphone can connect everytime when I rebooted it. Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on proxy address * port 44713 Listening on proxy address :: port 42886 Ready to process requests (0) Received Access-Request Id 0 from 10.41.17.64:1090 to 10.41.110.86:1812 length 210 (0) Message-Authenticator = 0xdcad4806f8bc8cf27df0bfcbcabb5c3f (0) Service-Type = Framed-User (0) User-Name = "userTest" (0) Framed-MTU = 1488 (0) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (0) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (0) NAS-Identifier = "3Com Access Point 7760" (0) NAS-Port-Type = Wireless-802.11 (0) Connect-Info = "CONNECT 54Mbps 802.11g" (0) EAP-Message = 0x02000010013031383239353036333832 (0) NAS-IP-Address = 10.41.17.64 (0) NAS-Port = 1 (0) NAS-Port-Id = "STA port # 1" (0) # Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { (0) [preprocess] = ok (0) eap: Peer sent EAP Response (code 2) ID 0 length 16 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/raddb/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_peap to process data (0) eap_peap: Initiating new EAP-TLS session (0) eap_peap: Flushing SSL sessions (of #0) (0) eap_peap: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 1 length 6 (0) eap: EAP session adding &reply:State = 0x4f424a324f4353ce (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/raddb/sites-enabled/default (0) Sent Access-Challenge Id 0 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (0) EAP-Message = 0x010100061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x4f424a324f4353ce43a0ba7c4354ed56 (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 1 from 10.41.17.64:1090 to 10.41.110.86:1812 length 339 (1) Message-Authenticator = 0xdea1c2b48107147dddcaaddb6be770f0 (1) Service-Type = Framed-User (1) User-Name = "userTest" (1) Framed-MTU = 1488 (1) State = 0x4f424a324f4353ce43a0ba7c4354ed56 (1) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (1) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (1) NAS-Identifier = "3Com Access Point 7760" (1) NAS-Port-Type = Wireless-802.11 (1) Connect-Info = "CONNECT 54Mbps 802.11g" (1) EAP-Message = 0x0201007f19800000007516030100700100006c030158d2baf622703ad19984e484f38f9c0ff088678cca0370b25a5e56693df17d4a00002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b00020100000500050100000000 (1) NAS-IP-Address = 10.41.17.64 (1) NAS-Port = 1 (1) NAS-Port-Id = "STA port # 1" (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/raddb/sites-enabled/default (1) authorize { (1) [preprocess] = ok (1) eap: Peer sent EAP Response (code 2) ID 1 length 127 (1) eap: Continuing tunnel setup (1) [eap] = ok (1) } # authorize = ok (1) Found Auth-Type = eap (1) # Executing group from file /etc/raddb/sites-enabled/default (1) authenticate { (1) eap: Expiring EAP session with state 0x4f424a324f4353ce (1) eap: Finished EAP session with state 0x4f424a324f4353ce (1) eap: Previous EAP request found for state 0x4f424a324f4353ce, released from the list (1) eap: Peer sent packet with method EAP PEAP (25) (1) eap: Calling submodule eap_peap to process data (1) eap_peap: Continuing EAP-TLS (1) eap_peap: Peer indicated complete TLS record size will be 117 bytes (1) eap_peap: Got complete TLS record (117 bytes) (1) eap_peap: [eaptls verify] = length included (1) eap_peap: (other): before SSL initialization (1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: TLS_accept: before SSL initialization (1) eap_peap: <<< recv TLS 1.2 [length 0070] (1) eap_peap: TLS_accept: SSLv3/TLS read client hello (1) eap_peap: >>> send TLS 1.0 Handshake [length 005d], ServerHello (1) eap_peap: TLS_accept: SSLv3/TLS write server hello (1) eap_peap: >>> send TLS 1.0 Handshake [length 08d3], Certificate (1) eap_peap: TLS_accept: SSLv3/TLS write certificate (1) eap_peap: >>> send TLS 1.0 Handshake [length 014b], ServerKeyExchange (1) eap_peap: TLS_accept: SSLv3/TLS write key exchange (1) eap_peap: >>> send TLS 1.0 Handshake [length 0004], ServerHelloDone (1) eap_peap: TLS_accept: SSLv3/TLS write server done (1) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done (1) eap_peap: In SSL Handshake Phase (1) eap_peap: In SSL Accept mode (1) eap_peap: [eaptls process] = handled (1) eap: Sending EAP Request (code 1) ID 2 length 1004 (1) eap: EAP session adding &reply:State = 0x4f424a324e4053ce (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) Post-Auth-Type sub-section not found. Ignoring. (1) # Executing group from file /etc/raddb/sites-enabled/default (1) Sent Access-Challenge Id 1 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (1) EAP-Message = 0x010203ec19c000000a93160301005d020000590301a36dd518f829f99eb9d0363fe456ae7cb1723abe53d9b74ce635ba187578a6122069bc2cddecdc894b088e0f0e198964b4b15264826ce476af949a2aeabbc4a531c014000011ff01000100000b0004030001020017000016030108d30b0008cf0008 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x4f424a324e4053ce43a0ba7c4354ed56 (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 2 from 10.41.17.64:1090 to 10.41.110.86:1812 length 218 (2) Message-Authenticator = 0x708523ad3b241d8cb3cd6109c2210206 (2) Service-Type = Framed-User (2) User-Name = "userTest" (2) Framed-MTU = 1488 (2) State = 0x4f424a324e4053ce43a0ba7c4354ed56 (2) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (2) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (2) NAS-Identifier = "3Com Access Point 7760" (2) NAS-Port-Type = Wireless-802.11 (2) Connect-Info = "CONNECT 54Mbps 802.11g" (2) EAP-Message = 0x020200061900 (2) NAS-IP-Address = 10.41.17.64 (2) NAS-Port = 1 (2) NAS-Port-Id = "STA port # 1" (2) session-state: No cached attributes (2) # Executing section authorize from file /etc/raddb/sites-enabled/default (2) authorize { (2) [preprocess] = ok (2) eap: Peer sent EAP Response (code 2) ID 2 length 6 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/raddb/sites-enabled/default (2) authenticate { (2) eap: Expiring EAP session with state 0x4f424a324e4053ce (2) eap: Finished EAP session with state 0x4f424a324e4053ce (2) eap: Previous EAP request found for state 0x4f424a324e4053ce, released from the list (2) eap: Peer sent packet with method EAP PEAP (25) (2) eap: Calling submodule eap_peap to process data (2) eap_peap: Continuing EAP-TLS (2) eap_peap: Peer ACKed our handshake fragment (2) eap_peap: [eaptls verify] = request (2) eap_peap: [eaptls process] = handled (2) eap: Sending EAP Request (code 1) ID 3 length 1000 (2) eap: EAP session adding &reply:State = 0x4f424a324d4153ce (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) Post-Auth-Type sub-section not found. Ignoring. (2) # Executing group from file /etc/raddb/sites-enabled/default (2) Sent Access-Challenge Id 2 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (2) EAP-Message = 0x010303e81940b2c16fe1b0d484179f9cdaaba928edbe85ea947176542ea9646d2f16b8803f26bf43aa9d60ff2c5d4d9ec84c4c511d64d81b360765cd88159cbe3831e7f63102d7e95becbf76520288a093eefd7080eb3f1c6936e347b508b9916d3e4e10615ad52b4601565fedd7e976bdf1ec0004e830 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x4f424a324d4153ce43a0ba7c4354ed56 (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 3 from 10.41.17.64:1090 to 10.41.110.86:1812 length 218 (3) Message-Authenticator = 0x694b1490f6e3cd21dfc9199ca65ad6bb (3) Service-Type = Framed-User (3) User-Name = "userTest" (3) Framed-MTU = 1488 (3) State = 0x4f424a324d4153ce43a0ba7c4354ed56 (3) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (3) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (3) NAS-Identifier = "3Com Access Point 7760" (3) NAS-Port-Type = Wireless-802.11 (3) Connect-Info = "CONNECT 54Mbps 802.11g" (3) EAP-Message = 0x020300061900 (3) NAS-IP-Address = 10.41.17.64 (3) NAS-Port = 1 (3) NAS-Port-Id = "STA port # 1" (3) session-state: No cached attributes (3) # Executing section authorize from file /etc/raddb/sites-enabled/default (3) authorize { (3) [preprocess] = ok (3) eap: Peer sent EAP Response (code 2) ID 3 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/raddb/sites-enabled/default (3) authenticate { (3) eap: Expiring EAP session with state 0x4f424a324d4153ce (3) eap: Finished EAP session with state 0x4f424a324d4153ce (3) eap: Previous EAP request found for state 0x4f424a324d4153ce, released from the list (3) eap: Peer sent packet with method EAP PEAP (25) (3) eap: Calling submodule eap_peap to process data (3) eap_peap: Continuing EAP-TLS (3) eap_peap: Peer ACKed our handshake fragment (3) eap_peap: [eaptls verify] = request (3) eap_peap: [eaptls process] = handled (3) eap: Sending EAP Request (code 1) ID 4 length 725 (3) eap: EAP session adding &reply:State = 0x4f424a324c4653ce (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) Post-Auth-Type sub-section not found. Ignoring. (3) # Executing group from file /etc/raddb/sites-enabled/default (3) Sent Access-Challenge Id 3 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (3) EAP-Message = 0x010402d519006361746520417574686f72697479820900f29e29fc64450db1300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500 (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x4f424a324c4653ce43a0ba7c4354ed56 (3) Finished request Waking up in 4.8 seconds. (4) Received Access-Request Id 4 from 10.41.17.64:1090 to 10.41.110.86:1812 length 356 (4) Message-Authenticator = 0x78b058e28b654994f016c8e6d6856262 (4) Service-Type = Framed-User (4) User-Name = "userTest" (4) Framed-MTU = 1488 (4) State = 0x4f424a324c4653ce43a0ba7c4354ed56 (4) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (4) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (4) NAS-Identifier = "3Com Access Point 7760" (4) NAS-Port-Type = Wireless-802.11 (4) Connect-Info = "CONNECT 54Mbps 802.11g" (4) EAP-Message = 0x020400901980000000861603010046100000424104343bd0b5232f0b5e71d7c23886a9010adf7356a99fd44cc2cd7f07bf38ff2cc3c22b73845842ed44f3b0a7537745ab07ff8a5adf41d4580e95f2c49e45d7fdf5140301000101160301003094eb3ac531aaff7dc61a1544092a6491d5bd260cea28aa (4) NAS-IP-Address = 10.41.17.64 (4) NAS-Port = 1 (4) NAS-Port-Id = "STA port # 1" (4) session-state: No cached attributes (4) # Executing section authorize from file /etc/raddb/sites-enabled/default (4) authorize { (4) [preprocess] = ok (4) eap: Peer sent EAP Response (code 2) ID 4 length 144 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/raddb/sites-enabled/default (4) authenticate { (4) eap: Expiring EAP session with state 0x4f424a324c4653ce (4) eap: Finished EAP session with state 0x4f424a324c4653ce (4) eap: Previous EAP request found for state 0x4f424a324c4653ce, released from the list (4) eap: Peer sent packet with method EAP PEAP (25) (4) eap: Calling submodule eap_peap to process data (4) eap_peap: Continuing EAP-TLS (4) eap_peap: Peer indicated complete TLS record size will be 134 bytes (4) eap_peap: Got complete TLS record (134 bytes) (4) eap_peap: [eaptls verify] = length included (4) eap_peap: TLS_accept: SSLv3/TLS write server done (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0046], ClientKeyExchange (4) eap_peap: TLS_accept: SSLv3/TLS read client key exchange (4) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec (4) eap_peap: <<< recv TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3/TLS read finished (4) eap_peap: >>> send TLS 1.0 ChangeCipherSpec [length 0001] (4) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec (4) eap_peap: >>> send TLS 1.0 Handshake [length 0010], Finished (4) eap_peap: TLS_accept: SSLv3/TLS write finished (4) eap_peap: (other): SSL negotiation finished successfully (4) eap_peap: SSL Connection Established (4) eap_peap: [eaptls process] = handled (4) eap: Sending EAP Request (code 1) ID 5 length 65 (4) eap: EAP session adding &reply:State = 0x4f424a324b4753ce (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) Post-Auth-Type sub-section not found. Ignoring. (4) # Executing group from file /etc/raddb/sites-enabled/default (4) Sent Access-Challenge Id 4 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (4) EAP-Message = 0x01050041190014030100010116030100305ebd2608873fda32398dd285b4a181b94f12bc58d9f201e22d6dbdb53d406a52ca38c60ba0c717896b1a8901ef563f22 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x4f424a324b4753ce43a0ba7c4354ed56 (4) Finished request Waking up in 4.8 seconds. (5) Received Access-Request Id 5 from 10.41.17.64:1090 to 10.41.110.86:1812 length 218 (5) Message-Authenticator = 0x5db7e290140e326df8eab08383d2e765 (5) Service-Type = Framed-User (5) User-Name = "userTest" (5) Framed-MTU = 1488 (5) State = 0x4f424a324b4753ce43a0ba7c4354ed56 (5) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (5) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (5) NAS-Identifier = "3Com Access Point 7760" (5) NAS-Port-Type = Wireless-802.11 (5) Connect-Info = "CONNECT 54Mbps 802.11g" (5) EAP-Message = 0x020500061900 (5) NAS-IP-Address = 10.41.17.64 (5) NAS-Port = 1 (5) NAS-Port-Id = "STA port # 1" (5) session-state: No cached attributes (5) # Executing section authorize from file /etc/raddb/sites-enabled/default (5) authorize { (5) [preprocess] = ok (5) eap: Peer sent EAP Response (code 2) ID 5 length 6 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/raddb/sites-enabled/default (5) authenticate { (5) eap: Expiring EAP session with state 0x4f424a324b4753ce (5) eap: Finished EAP session with state 0x4f424a324b4753ce (5) eap: Previous EAP request found for state 0x4f424a324b4753ce, released from the list (5) eap: Peer sent packet with method EAP PEAP (25) (5) eap: Calling submodule eap_peap to process data (5) eap_peap: Continuing EAP-TLS (5) eap_peap: Peer ACKed our handshake fragment. handshake is finished (5) eap_peap: [eaptls verify] = success (5) eap_peap: [eaptls process] = success (5) eap_peap: Session established. Decoding tunneled attributes (5) eap_peap: PEAP state TUNNEL ESTABLISHED (5) eap: Sending EAP Request (code 1) ID 6 length 43 (5) eap: EAP session adding &reply:State = 0x4f424a324a4453ce (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) Post-Auth-Type sub-section not found. Ignoring. (5) # Executing group from file /etc/raddb/sites-enabled/default (5) Sent Access-Challenge Id 5 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (5) EAP-Message = 0x0106002b190017030100204fbeb67ecdd80f0d14c8533df8a2921cf85689339ba802443fbb7b4143c6e638 (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x4f424a324a4453ce43a0ba7c4354ed56 (5) Finished request Waking up in 4.8 seconds. (6) Received Access-Request Id 6 from 10.41.17.64:1090 to 10.41.110.86:1812 length 271 (6) Message-Authenticator = 0xe7b6266a72b2b6fc9b8f7c67f8405d94 (6) Service-Type = Framed-User (6) User-Name = "userTest" (6) Framed-MTU = 1488 (6) State = 0x4f424a324a4453ce43a0ba7c4354ed56 (6) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (6) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (6) NAS-Identifier = "3Com Access Point 7760" (6) NAS-Port-Type = Wireless-802.11 (6) Connect-Info = "CONNECT 54Mbps 802.11g" (6) EAP-Message = 0x0206003b19001703010030b1075bb4e12c13ae0e337bfca6841195aa45827fac9d354863e7706d5e066c1de365265b054e4374f86d3cd8ad7f0a14 (6) NAS-IP-Address = 10.41.17.64 (6) NAS-Port = 1 (6) NAS-Port-Id = "STA port # 1" (6) session-state: No cached attributes (6) # Executing section authorize from file /etc/raddb/sites-enabled/default (6) authorize { (6) [preprocess] = ok (6) eap: Peer sent EAP Response (code 2) ID 6 length 59 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/raddb/sites-enabled/default (6) authenticate { (6) eap: Expiring EAP session with state 0x4f424a324a4453ce (6) eap: Finished EAP session with state 0x4f424a324a4453ce (6) eap: Previous EAP request found for state 0x4f424a324a4453ce, released from the list (6) eap: Peer sent packet with method EAP PEAP (25) (6) eap: Calling submodule eap_peap to process data (6) eap_peap: Continuing EAP-TLS (6) eap_peap: [eaptls verify] = ok (6) eap_peap: Done initial handshake (6) eap_peap: [eaptls process] = ok (6) eap_peap: Session established. Decoding tunneled attributes (6) eap_peap: PEAP state WAITING FOR INNER IDENTITY (6) eap_peap: Identity - userTest (6) eap_peap: Got inner identity 'userTest' (6) eap_peap: Setting default EAP type for tunneled EAP session (6) eap_peap: Got tunneled request (6) eap_peap: EAP-Message = 0x02060010013031383239353036333832 (6) eap_peap: Setting User-Name to userTest (6) eap_peap: Sending tunneled request to inner-tunnel (6) eap_peap: EAP-Message = 0x02060010013031383239353036333832 (6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (6) eap_peap: User-Name = "userTest" (6) eap_peap: Service-Type = Framed-User (6) eap_peap: Framed-MTU = 1488 (6) eap_peap: Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (6) eap_peap: Calling-Station-Id = "4C-57-CA-E2-E9-8D" (6) eap_peap: NAS-Identifier = "3Com Access Point 7760" (6) eap_peap: NAS-Port-Type = Wireless-802.11 (6) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11g" (6) eap_peap: NAS-IP-Address = 10.41.17.64 (6) eap_peap: NAS-Port = 1 (6) eap_peap: NAS-Port-Id = "STA port # 1" (6) eap_peap: Event-Timestamp = "Mar 22 2017 14:57:02 -03" (6) Virtual server inner-tunnel received request (6) EAP-Message = 0x02060010013031383239353036333832 (6) FreeRADIUS-Proxied-To = 127.0.0.1 (6) User-Name = "userTest" (6) Service-Type = Framed-User (6) Framed-MTU = 1488 (6) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (6) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (6) NAS-Identifier = "3Com Access Point 7760" (6) NAS-Port-Type = Wireless-802.11 (6) Connect-Info = "CONNECT 54Mbps 802.11g" (6) NAS-IP-Address = 10.41.17.64 (6) NAS-Port = 1 (6) NAS-Port-Id = "STA port # 1" (6) Event-Timestamp = "Mar 22 2017 14:57:02 -03" (6) WARNING: Outer and inner identities are the same. User privacy is compromised. (6) server inner-tunnel { (6) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (6) authorize { (6) eap: Peer sent EAP Response (code 2) ID 6 length 16 (6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (6) authenticate { (6) eap: Peer sent packet with method EAP Identity (1) (6) eap: Calling submodule eap_mschapv2 to process data (6) eap_mschapv2: Issuing Challenge (6) eap: Sending EAP Request (code 1) ID 7 length 43 (6) eap: EAP session adding &reply:State = 0xf3cd2f37f3ca35ba (6) [eap] = handled (6) } # authenticate = handled (6) } # server inner-tunnel (6) Virtual server sending reply (6) EAP-Message = 0x0107002b1a010700261067d8cf1d5c0b22de6dca819f0ed63a21667265657261646975732d332e302e3134 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0xf3cd2f37f3ca35bae612626d1b2654f3 (6) eap_peap: Got tunneled reply code 11 (6) eap_peap: EAP-Message = 0x0107002b1a010700261067d8cf1d5c0b22de6dca819f0ed63a21667265657261646975732d332e302e3134 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0xf3cd2f37f3ca35bae612626d1b2654f3 (6) eap_peap: Got tunneled reply RADIUS code 11 (6) eap_peap: EAP-Message = 0x0107002b1a010700261067d8cf1d5c0b22de6dca819f0ed63a21667265657261646975732d332e302e3134 (6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (6) eap_peap: State = 0xf3cd2f37f3ca35bae612626d1b2654f3 (6) eap_peap: Got tunneled Access-Challenge (6) eap: Sending EAP Request (code 1) ID 7 length 75 (6) eap: EAP session adding &reply:State = 0x4f424a32494553ce (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) Post-Auth-Type sub-section not found. Ignoring. (6) # Executing group from file /etc/raddb/sites-enabled/default (6) Sent Access-Challenge Id 6 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (6) EAP-Message = 0x0107004b190017030100407ee01304c4502480e19242c7f750d012d233a5ea2d1d549713c489b9d008af01dc3ade2bce7451513c3505e6521aa348070036f24b83077b93713aeba346e895 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x4f424a32494553ce43a0ba7c4354ed56 (6) Finished request Waking up in 4.7 seconds. (7) Received Access-Request Id 7 from 10.41.17.64:1090 to 10.41.110.86:1812 length 319 (7) Message-Authenticator = 0x580b6f53691af232921c599c20c2aa51 (7) Service-Type = Framed-User (7) User-Name = "userTest" (7) Framed-MTU = 1488 (7) State = 0x4f424a32494553ce43a0ba7c4354ed56 (7) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (7) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (7) NAS-Identifier = "3Com Access Point 7760" (7) NAS-Port-Type = Wireless-802.11 (7) Connect-Info = "CONNECT 54Mbps 802.11g" (7) EAP-Message = 0x0207006b19001703010060c669e7ab79aa07c8499bfa9213bcaebc2d5d1e6e3430c227434a92ef9373471f606a32894c516daacea3cce9b586f7ce7c9d84961e2b80c3de6fa40766f4504a26b64e8fcf20c0a2f2e8dc4711e7e678c6d8a9a86ff7df602dc8286f128b7d2a (7) NAS-IP-Address = 10.41.17.64 (7) NAS-Port = 1 (7) NAS-Port-Id = "STA port # 1" (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/raddb/sites-enabled/default (7) authorize { (7) [preprocess] = ok (7) eap: Peer sent EAP Response (code 2) ID 7 length 107 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/raddb/sites-enabled/default (7) authenticate { (7) eap: Expiring EAP session with state 0xf3cd2f37f3ca35ba (7) eap: Finished EAP session with state 0x4f424a32494553ce (7) eap: Previous EAP request found for state 0x4f424a32494553ce, released from the list (7) eap: Peer sent packet with method EAP PEAP (25) (7) eap: Calling submodule eap_peap to process data (7) eap_peap: Continuing EAP-TLS (7) eap_peap: [eaptls verify] = ok (7) eap_peap: Done initial handshake (7) eap_peap: [eaptls process] = ok (7) eap_peap: Session established. Decoding tunneled attributes (7) eap_peap: PEAP state phase2 (7) eap_peap: EAP method MSCHAPv2 (26) (7) eap_peap: Got tunneled request (7) eap_peap: EAP-Message = 0x020700461a0207004131e4c34eceb5730484764dfd45bce48ff100000000000000009faa4c5cb899c5231ce4957cf16fc309db17b07a773a6342003031383239353036333832 (7) eap_peap: Setting User-Name to userTest (7) eap_peap: Sending tunneled request to inner-tunnel (7) eap_peap: EAP-Message = 0x020700461a0207004131e4c34eceb5730484764dfd45bce48ff100000000000000009faa4c5cb899c5231ce4957cf16fc309db17b07a773a6342003031383239353036333832 (7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (7) eap_peap: User-Name = "userTest" (7) eap_peap: State = 0xf3cd2f37f3ca35bae612626d1b2654f3 (7) eap_peap: Service-Type = Framed-User (7) eap_peap: Framed-MTU = 1488 (7) eap_peap: Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (7) eap_peap: Calling-Station-Id = "4C-57-CA-E2-E9-8D" (7) eap_peap: NAS-Identifier = "3Com Access Point 7760" (7) eap_peap: NAS-Port-Type = Wireless-802.11 (7) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11g" (7) eap_peap: NAS-IP-Address = 10.41.17.64 (7) eap_peap: NAS-Port = 1 (7) eap_peap: NAS-Port-Id = "STA port # 1" (7) eap_peap: Event-Timestamp = "Mar 22 2017 14:57:02 -03" (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x020700461a0207004131e4c34eceb5730484764dfd45bce48ff100000000000000009faa4c5cb899c5231ce4957cf16fc309db17b07a773a6342003031383239353036333832 (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = "userTest" (7) State = 0xf3cd2f37f3ca35bae612626d1b2654f3 (7) Service-Type = Framed-User (7) Framed-MTU = 1488 (7) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (7) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (7) NAS-Identifier = "3Com Access Point 7760" (7) NAS-Port-Type = Wireless-802.11 (7) Connect-Info = "CONNECT 54Mbps 802.11g" (7) NAS-IP-Address = 10.41.17.64 (7) NAS-Port = 1 (7) NAS-Port-Id = "STA port # 1" (7) Event-Timestamp = "Mar 22 2017 14:57:02 -03" (7) WARNING: Outer and inner identities are the same. User privacy is compromised. (7) server inner-tunnel { (7) session-state: No cached attributes (7) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (7) authorize { (7) eap: Peer sent EAP Response (code 2) ID 7 length 70 (7) eap: No EAP Start, assuming it's an on-going EAP conversation (7) [eap] = updated rlm_ldap (ldap): Reserved connection (0) (7) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (7) ldap: --> (uid=userTest) (7) ldap: Performing search in "ou=people,dc=test,dc=br" with filter "(uid=userTest)", scope "sub" (7) ldap: Waiting for search result... (7) ldap: User object found at DN "uid=userTest,ou=people,dc=test,dc=br" (7) ldap: Processing user attributes (7) ldap: control:NT-Password := 0x3145333941394139324632423038413045363942344435414441374535333332 rlm_ldap (ldap): Released connection (0) Need 5 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots used rlm_ldap (ldap): Connecting to ldap://10.0.0.2:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (7) [ldap] = updated (7) [expiration] = noop (7) [logintime] = noop (7) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes (7) pap: WARNING: Auth-Type already set. Not setting to PAP (7) [pap] = noop (7) } # authorize = updated (7) Found Auth-Type = eap (7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Expiring EAP session with state 0xf3cd2f37f3ca35ba (7) eap: Finished EAP session with state 0xf3cd2f37f3ca35ba (7) eap: Previous EAP request found for state 0xf3cd2f37f3ca35ba, released from the list (7) eap: Peer sent packet with method EAP MSCHAPv2 (26) (7) eap: Calling submodule eap_mschapv2 to process data (7) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (7) eap_mschapv2: authenticate { (7) mschap: Found NT-Password (7) mschap: Creating challenge hash with username: userTest (7) mschap: Client is using MS-CHAPv2 (7) mschap: Adding MS-CHAPv2 MPPE keys (7) [mschap] = ok (7) } # authenticate = ok (7) MSCHAP Success (7) eap: Sending EAP Request (code 1) ID 8 length 51 (7) eap: EAP session adding &reply:State = 0xf3cd2f37f2c535ba (7) [eap] = handled (7) } # authenticate = handled (7) } # server inner-tunnel (7) Virtual server sending reply (7) EAP-Message = 0x010800331a0307002e533d36353643383034344335374539324431353934314344333337323737433135443633453939343543 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0xf3cd2f37f2c535bae612626d1b2654f3 (7) eap_peap: Got tunneled reply code 11 (7) eap_peap: EAP-Message = 0x010800331a0307002e533d36353643383034344335374539324431353934314344333337323737433135443633453939343543 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0xf3cd2f37f2c535bae612626d1b2654f3 (7) eap_peap: Got tunneled reply RADIUS code 11 (7) eap_peap: EAP-Message = 0x010800331a0307002e533d36353643383034344335374539324431353934314344333337323737433135443633453939343543 (7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (7) eap_peap: State = 0xf3cd2f37f2c535bae612626d1b2654f3 (7) eap_peap: Got tunneled Access-Challenge (7) eap: Sending EAP Request (code 1) ID 8 length 91 (7) eap: EAP session adding &reply:State = 0x4f424a32484a53ce (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) # Executing group from file /etc/raddb/sites-enabled/default (7) Sent Access-Challenge Id 7 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (7) EAP-Message = 0x0108005b19001703010050ac2f44e2a3ed7acba66a1267f323eb6eae71a2bd254a14b8c51eea8b179c1a0ec40cc59af04ad38b953ba3e697ab8357949e573623914e6e5f3c1f165eddacca08316a41b4bfb822bd25c92ee3130e73 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x4f424a32484a53ce43a0ba7c4354ed56 (7) Finished request Waking up in 1.5 seconds. Waking up in 1.5 seconds. (8) Received Access-Request Id 8 from 10.41.17.64:1090 to 10.41.110.86:1812 length 255 (8) Message-Authenticator = 0x7dcc3d33a8e6f5ac1e603cc17197c534 (8) Service-Type = Framed-User (8) User-Name = "userTest" (8) Framed-MTU = 1488 (8) State = 0x4f424a32484a53ce43a0ba7c4354ed56 (8) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (8) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (8) NAS-Identifier = "3Com Access Point 7760" (8) NAS-Port-Type = Wireless-802.11 (8) Connect-Info = "CONNECT 54Mbps 802.11g" (8) EAP-Message = 0x0208002b19001703010020abc7b9d4379a98cc113dd952442471dc9a0a7631401d09e2600bae46ef769ad8 (8) NAS-IP-Address = 10.41.17.64 (8) NAS-Port = 1 (8) NAS-Port-Id = "STA port # 1" (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/raddb/sites-enabled/default (8) authorize { (8) [preprocess] = ok (8) eap: Peer sent EAP Response (code 2) ID 8 length 43 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /etc/raddb/sites-enabled/default (8) authenticate { (8) eap: Expiring EAP session with state 0xf3cd2f37f2c535ba (8) eap: Finished EAP session with state 0x4f424a32484a53ce (8) eap: Previous EAP request found for state 0x4f424a32484a53ce, released from the list (8) eap: Peer sent packet with method EAP PEAP (25) (8) eap: Calling submodule eap_peap to process data (8) eap_peap: Continuing EAP-TLS (8) eap_peap: [eaptls verify] = ok (8) eap_peap: Done initial handshake (8) eap_peap: [eaptls process] = ok (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state phase2 (8) eap_peap: EAP method MSCHAPv2 (26) (8) eap_peap: Got tunneled request (8) eap_peap: EAP-Message = 0x020800061a03 (8) eap_peap: Setting User-Name to userTest (8) eap_peap: Sending tunneled request to inner-tunnel (8) eap_peap: EAP-Message = 0x020800061a03 (8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1 (8) eap_peap: User-Name = "userTest" (8) eap_peap: State = 0xf3cd2f37f2c535bae612626d1b2654f3 (8) eap_peap: Service-Type = Framed-User (8) eap_peap: Framed-MTU = 1488 (8) eap_peap: Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (8) eap_peap: Calling-Station-Id = "4C-57-CA-E2-E9-8D" (8) eap_peap: NAS-Identifier = "3Com Access Point 7760" (8) eap_peap: NAS-Port-Type = Wireless-802.11 (8) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11g" (8) eap_peap: NAS-IP-Address = 10.41.17.64 (8) eap_peap: NAS-Port = 1 (8) eap_peap: NAS-Port-Id = "STA port # 1" (8) eap_peap: Event-Timestamp = "Mar 22 2017 14:57:06 -03" (8) Virtual server inner-tunnel received request (8) EAP-Message = 0x020800061a03 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = "userTest" (8) State = 0xf3cd2f37f2c535bae612626d1b2654f3 (8) Service-Type = Framed-User (8) Framed-MTU = 1488 (8) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (8) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (8) NAS-Identifier = "3Com Access Point 7760" (8) NAS-Port-Type = Wireless-802.11 (8) Connect-Info = "CONNECT 54Mbps 802.11g" (8) NAS-IP-Address = 10.41.17.64 (8) NAS-Port = 1 (8) NAS-Port-Id = "STA port # 1" (8) Event-Timestamp = "Mar 22 2017 14:57:06 -03" (8) WARNING: Outer and inner identities are the same. User privacy is compromised. (8) server inner-tunnel { (8) session-state: No cached attributes (8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel (8) authorize { (8) eap: Peer sent EAP Response (code 2) ID 8 length 6 (8) eap: No EAP Start, assuming it's an on-going EAP conversation (8) [eap] = updated rlm_ldap (ldap): Reserved connection (1) (8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (8) ldap: --> (uid=userTest) (8) ldap: Performing search in "ou=people,dc=test,dc=br" with filter "(uid=userTest)", scope "sub" (8) ldap: Waiting for search result... (8) ldap: User object found at DN "uid=userTest,ou=people,dc=test,dc=br" (8) ldap: Processing user attributes (8) ldap: control:NT-Password := 0x3145333941394139324632423038413045363942344435414441374535333332 rlm_ldap (ldap): Released connection (1) Need 4 more connections to reach 10 spares rlm_ldap (ldap): Opening additional connection (6), 1 of 26 pending slots used rlm_ldap (ldap): Connecting to ldap://10.0.0.2:389 rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful (8) [ldap] = updated (8) [expiration] = noop (8) [logintime] = noop (8) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes (8) pap: WARNING: Auth-Type already set. Not setting to PAP (8) [pap] = noop (8) } # authorize = updated (8) Found Auth-Type = eap (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel (8) authenticate { (8) eap: Expiring EAP session with state 0xf3cd2f37f2c535ba (8) eap: Finished EAP session with state 0xf3cd2f37f2c535ba (8) eap: Previous EAP request found for state 0xf3cd2f37f2c535ba, released from the list (8) eap: Peer sent packet with method EAP MSCHAPv2 (26) (8) eap: Calling submodule eap_mschapv2 to process data (8) eap: Sending EAP Success (code 3) ID 8 length 4 (8) eap: Freeing handler (8) [eap] = ok (8) } # authenticate = ok (8) # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel (8) post-auth { ... } # empty sub-section is ignored (8) } # server inner-tunnel (8) Virtual server sending reply (8) MS-MPPE-Encryption-Policy = Encryption-Allowed (8) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (8) MS-MPPE-Send-Key = 0x4aa9e16bdd36625e16a0d830524217af (8) MS-MPPE-Recv-Key = 0x0a5d092cf0335597ba092c656391f8ce (8) EAP-Message = 0x03080004 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) User-Name = "userTest" (8) eap_peap: Got tunneled reply code 2 (8) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (8) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (8) eap_peap: MS-MPPE-Send-Key = 0x4aa9e16bdd36625e16a0d830524217af (8) eap_peap: MS-MPPE-Recv-Key = 0x0a5d092cf0335597ba092c656391f8ce (8) eap_peap: EAP-Message = 0x03080004 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: User-Name = "userTest" (8) eap_peap: Got tunneled reply RADIUS code 2 (8) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed (8) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed (8) eap_peap: MS-MPPE-Send-Key = 0x4aa9e16bdd36625e16a0d830524217af (8) eap_peap: MS-MPPE-Recv-Key = 0x0a5d092cf0335597ba092c656391f8ce (8) eap_peap: EAP-Message = 0x03080004 (8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000 (8) eap_peap: User-Name = "userTest" (8) eap_peap: Tunneled authentication was successful (8) eap_peap: SUCCESS (8) eap_peap: Saving tunneled attributes for later (8) eap: Sending EAP Request (code 1) ID 9 length 43 (8) eap: EAP session adding &reply:State = 0x4f424a32474b53ce (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) # Executing group from file /etc/raddb/sites-enabled/default (8) Sent Access-Challenge Id 8 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (8) EAP-Message = 0x0109002b19001703010020eae9a042828d4a49005b266a1f74f0a2bf7014f3c8490968e2346a1102a797f0 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x4f424a32474b53ce43a0ba7c4354ed56 (8) Finished request (0) Cleaning up request packet ID 0 with timestamp +13 (1) Cleaning up request packet ID 1 with timestamp +13 (2) Cleaning up request packet ID 2 with timestamp +13 (3) Cleaning up request packet ID 3 with timestamp +13 (4) Cleaning up request packet ID 4 with timestamp +13 (5) Cleaning up request packet ID 5 with timestamp +13 (6) Cleaning up request packet ID 6 with timestamp +13 Waking up in 6.6 seconds. (9) Received Access-Request Id 9 from 10.41.17.64:1090 to 10.41.110.86:1812 length 255 (9) Message-Authenticator = 0x58645e92fdfebfe5a07ee2ca9e76d058 (9) Service-Type = Framed-User (9) User-Name = "userTest" (9) Framed-MTU = 1488 (9) State = 0x4f424a32474b53ce43a0ba7c4354ed56 (9) Called-Station-Id = "40-01-C6-D8-5C-00:AAA-Teste" (9) Calling-Station-Id = "4C-57-CA-E2-E9-8D" (9) NAS-Identifier = "3Com Access Point 7760" (9) NAS-Port-Type = Wireless-802.11 (9) Connect-Info = "CONNECT 54Mbps 802.11g" (9) EAP-Message = 0x0209002b19001703010020392369a6b70c5ffc43a71c35e3a7fdfedb1358e8be6145c943f3c8f7c084f2aa (9) NAS-IP-Address = 10.41.17.64 (9) NAS-Port = 1 (9) NAS-Port-Id = "STA port # 1" (9) session-state: No cached attributes (9) # Executing section authorize from file /etc/raddb/sites-enabled/default (9) authorize { (9) [preprocess] = ok (9) eap: Peer sent EAP Response (code 2) ID 9 length 43 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = eap (9) # Executing group from file /etc/raddb/sites-enabled/default (9) authenticate { (9) eap: Expiring EAP session with state 0x4f424a32474b53ce (9) eap: Finished EAP session with state 0x4f424a32474b53ce (9) eap: Previous EAP request found for state 0x4f424a32474b53ce, released from the list (9) eap: Peer sent packet with method EAP PEAP (25) (9) eap: Calling submodule eap_peap to process data (9) eap_peap: Continuing EAP-TLS (9) eap_peap: [eaptls verify] = ok (9) eap_peap: Done initial handshake (9) eap_peap: [eaptls process] = ok (9) eap_peap: Session established. Decoding tunneled attributes (9) eap_peap: PEAP state send tlv success (9) eap_peap: Received EAP-TLV response (9) eap_peap: Success (9) eap_peap: Using saved attributes from the original Access-Accept (9) eap_peap: User-Name = "userTest" (9) eap_peap: caching User-Name = "userTest" (9) eap_peap: Failed to find 'persist_dir' in TLS configuration. Session will not be cached on disk. (9) eap: Sending EAP Success (code 3) ID 9 length 4 (9) eap: Freeing handler (9) [eap] = ok (9) } # authenticate = ok (9) # Executing section post-auth from file /etc/raddb/sites-enabled/default (9) post-auth { (9) update { (9) No attributes updated (9) } # update = noop (9) [exec] = noop (9) policy remove_reply_message_if_eap { (9) if (&reply:EAP-Message && &reply:Reply-Message) { (9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (9) else { (9) [noop] = noop (9) } # else = noop (9) } # policy remove_reply_message_if_eap = noop (9) } # post-auth = noop (9) Sent Access-Accept Id 9 from 10.41.110.86:1812 to 10.41.17.64:1090 length 0 (9) User-Name = "userTest" (9) MS-MPPE-Recv-Key = 0x00a4bdf20b6b9a550a36b016997d3bb3bd83c0fdfdbcc0ddd6026d3daa2019bb (9) MS-MPPE-Send-Key = 0xaf0e20d1649dba2bd275bae0ce54905287ec784004b438eac1d71335a6a5df64 (9) EAP-Message = 0x03090004 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) Finished request Waking up in 4.9 seconds. (9) Cleaning up request packet ID 9 with timestamp +20 Waking up in 1.6 seconds. (7) Cleaning up request packet ID 7 with timestamp +13 Waking up in 3.3 seconds.
participants (1)
-
Igor Sousa