Hello, Until a couple of days ago, my FreeRadius setup was working perfectly normally - running FreeRadius 2.0.1 on a Centos 5 server. FreeRadius was compiled from source, not installed from a repository. Two days ago I received some automatic updates from standard Centos repo, and since then Radius has not worked. Running eapol test gives some output, including this (more of the output can be supplied on demand): EAPOL: SUPP_BE entering state RECEIVE Received 44 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=9 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 09 00 04 Attribute 80 (Message-Authenticator) length=18 Value: 43 9e 23 c8 74 b1 a0 9f 8c 3b 83 be e8 36 a8 30 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.20 sec RADIUS packet matching with station decapsulated EAP packet (code=4 id=9 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state HELD EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=0 EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE I checked and verified all the Freeradius configs. I recompiled 2.0.1 , and later compiled and installed 2.0.5 but this shows identical symptoms. I have attached the relevant section of my yum.log to show which packages were updated. The Radius server was tested once every minute by authenticating with a test account. This was first reported to fail at 10:48 I do not know which package could have caused this behaviour - has anyone else seen anything like this? It is quite urgent that I get this fixed asap as it is a production box at Bristol university. Currently we are running on the backup box, where I was luckily able to disable automatic updates before they were applied. Any advice will be gratefully received. Cheers, Jonathan ---------------------------- Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol ---------------------------- Jun 24 13:45:09 Updated: libgcc.i386 4.1.2-42.el5 Jun 24 13:45:25 Updated: glibc-common.i386 2.5-24 Jun 24 13:45:32 Updated: glibc.i686 2.5-24 Jun 24 13:45:34 Updated: bash.i386 3.2-21.el5 Jun 24 13:45:35 Updated: libselinux.i386 1.33.4-5.el5 Jun 24 13:45:36 Updated: chkconfig.i386 1.3.30.1-2 Jun 24 13:45:37 Updated: audit-libs.i386 1.6.5-9.el5 Jun 24 13:45:37 Updated: popt.i386 1.10.2-48.el5 Jun 24 13:45:42 Updated: shadow-utils.i386 2:4.0.17-13.el5 Jun 24 13:45:43 Updated: device-mapper.i386 1.02.24-1.el5 Jun 24 13:45:44 Updated: e2fsprogs-libs.i386 1.39-15.el5 Jun 24 13:45:44 Updated: libstdc++.i386 4.1.2-42.el5 Jun 24 13:45:51 Updated: perl.i386 4:5.8.8-10.el5_2.3 Jun 24 13:45:52 Updated: dbus.i386 1.0.0-7.el5 Jun 24 13:45:53 Updated: libX11.i386 1.0.3-9.el5 Jun 24 13:45:54 Updated: nspr.i386 4.7.0.99.2-1.el5 Jun 24 13:46:14 Updated: nss.i386 3.11.99.5-2.el5.centos Jun 24 13:46:15 Updated: freetype.i386 2.2.1-20.el5_2 Jun 24 13:46:16 Updated: cairo.i386 1.2.4-5.el5 Jun 24 13:46:16 Updated: libacl.i386 2.2.39-3.el5 Jun 24 13:46:20 Updated: coreutils.i386 5.97-14.el5 Jun 24 13:46:22 Updated: pam.i386 0.99.6.2-3.27.el5 Jun 24 13:46:23 Updated: krb5-libs.i386 1.6.1-25.el5 Jun 24 13:46:25 Updated: openssl.i686 0.9.8b-10.el5 Jun 24 13:46:30 Updated: python.i386 2.4.3-21.el5 Jun 24 13:46:31 Updated: module-init-tools.i386 3.3-0.pre3.1.37.el5 Jun 24 13:46:31 Updated: newt.i386 0.52.2-10.el5 Jun 24 13:46:32 Updated: cups-libs.i386 1:1.2.4-11.18.el5_2.1 Jun 24 13:46:36 Updated: gtk2.i386 2.10.4-20.el5 Jun 24 13:46:37 Updated: udev.i386 095-14.16.el5 Jun 24 13:46:39 Updated: util-linux.i386 2.13-0.47.el5 Jun 24 13:46:41 Updated: binutils.i386 2.17.50.0.6-6.el5 Jun 24 13:46:42 Updated: bind-libs.i386 30:9.3.4-6.P1.el5 Jun 24 13:46:43 Updated: mysql.i386 5.0.45-7.el5 Jun 24 13:46:44 Updated: kpartx.i386 0.4.7-17.el5 Jun 24 13:46:45 Updated: procps.i386 3.2.7-9.el5 Jun 24 13:46:45 Updated: hwdata.noarch 0.213.6-1.el5 Jun 24 13:46:46 Updated: pciutils.i386 2.2.3-5 Jun 24 13:46:47 Updated: e2fsprogs.i386 1.39-15.el5 Jun 24 13:46:48 Updated: iptables.i386 1.3.5-4.el5 Jun 24 13:46:49 Updated: psmisc.i386 22.2-6 Jun 24 13:46:49 Updated: make.i386 1:3.81-3.el5 Jun 24 13:46:50 Updated: diffutils.i386 2.8.1-15.2.3.el5 Jun 24 13:46:51 Updated: iproute.i386 2.6.18-7.el5 Jun 24 13:46:52 Updated: pcsc-lite-libs.i386 1.4.4-0.1.el5 Jun 24 13:46:53 Updated: dmraid.i386 1.0.0.rc13-9.el5 Jun 24 13:46:56 Updated: libgcj.i386 4.1.2-42.el5 Jun 24 13:46:57 Updated: libuser.i386 0.54.7-2.el5.5 Jun 24 13:46:58 Updated: usermode.i386 1.88-3.el5.1 Jun 24 13:46:59 Updated: libvolume_id.i386 095-14.16.el5 Jun 24 13:46:59 Updated: libgomp.i386 4.1.2-42.el5 Jun 24 13:47:00 Updated: libnl.i386 1.0-0.10.pre5.5 Jun 24 13:47:01 Updated: file.i386 4.17-13 Jun 24 13:47:02 Updated: libgfortran.i386 4.1.2-42.el5 Jun 24 13:47:03 Updated: iptables-ipv6.i386 1.3.5-4.el5 Jun 24 13:47:04 Updated: device-mapper-multipath.i386 0.4.7-17.el5 Jun 24 13:47:05 Updated: paps.i386 0.6.6-18.el5 Jun 24 13:47:05 Updated: yum-metadata-parser.i386 1.1.2-2.el5 Jun 24 13:47:06 Updated: libselinux-python.i386 1.33.4-5.el5 Jun 24 13:47:06 Updated: audit-libs-python.i386 1.6.5-9.el5 Jun 24 13:47:07 Updated: wpa_supplicant.i386 1:0.4.8-10.2.el5 Jun 24 13:47:09 Updated: samba-common.i386 3.0.28-0.el5.8 Jun 24 13:47:10 Updated: audit.i386 1.6.5-9.el5 Jun 24 13:47:11 Updated: nscd.i386 2.5-24 Jun 24 13:47:13 Updated: nss-tools.i386 3.11.99.5-2.el5.centos Jun 24 13:47:14 Updated: e2fsprogs-devel.i386 1.39-15.el5 Jun 24 13:47:15 Updated: net-tools.i386 1.60-78.el5 Jun 24 13:47:16 Updated: libselinux-devel.i386 1.33.4-5.el5 Jun 24 13:47:17 Updated: krb5-devel.i386 1.6.1-25.el5 Jun 24 13:47:19 Updated: openssl-devel.i386 0.9.8b-10.el5 Jun 24 13:47:20 Updated: gzip.i386 1.3.5-10.el5.centos Jun 24 13:47:20 Updated: pkgconfig.i386 1:0.21-2.el5 Jun 24 13:47:22 Updated: kernel-headers.i386 2.6.18-92.1.1.el5 Jun 24 13:47:23 Updated: glibc-headers.i386 2.5-24 Jun 24 13:47:25 Updated: glibc-devel.i386 2.5-24 Jun 24 13:47:25 Updated: centos-release-notes.i386 5.2-2 Jun 24 13:47:26 Updated: centos-release.i386 10:5-2.el5.centos Jun 24 13:47:28 Updated: initscripts.i386 8.45.19.EL-1.el5.centos.1 Jun 24 13:47:30 Updated: pcsc-lite.i386 1.4.4-0.1.el5 Jun 24 13:47:32 Updated: kbd.i386 1.12-20.el5 Jun 24 13:47:32 Updated: openssh.i386 4.3p2-26.el5 Jun 24 13:47:33 Updated: dhclient.i386 12:3.0.5-13.el5 Jun 24 13:47:34 Updated: coolkey.i386 1.1.0-6.el5 Jun 24 13:47:35 Updated: nss_ldap.i386 253-12.el5 Jun 24 13:47:36 Updated: nss_db.i386 2.2-35.3 Jun 24 13:47:37 Updated: crash.i386 4.0-5.0.3.el5.centos Jun 24 13:47:39 Updated: at-spi.i386 1.7.11-3.el5 Jun 24 13:47:39 Installed: python-iniparse.noarch 0.2.3-4.el5 Jun 24 13:47:40 Installed: gamin-python.i386 0.1.7-8.el5 Jun 24 13:47:40 Updated: libpcap.i386 14:0.9.4-12.el5 Jun 24 13:47:41 Updated: sudo.i386 1.6.8p12-12.el5 Jun 24 13:47:44 Updated: libstdc++-devel.i386 4.1.2-42.el5 Jun 24 13:47:45 Updated: parted.i386 1.8.1-17.el5 Jun 24 13:47:45 Updated: apr-util.i386 1.2.7-7.el5 Jun 24 13:47:46 Installed: device-mapper-event.i386 1.02.24-1.el5 Jun 24 13:47:48 Updated: lvm2.i386 2.02.32-4.el5 Jun 24 13:47:49 Updated: cpp.i386 4.1.2-42.el5 Jun 24 13:47:51 Updated: gcc.i386 4.1.2-42.el5 Jun 24 13:47:51 Updated: nash.i386 5.1.19.6-28 Jun 24 13:47:52 Updated: mkinitrd.i386 5.1.19.6-28 Jun 24 13:48:02 Installed: kernel.i686 2.6.18-92.1.1.el5 Jun 24 13:48:04 Updated: systemtap-runtime.i386 0.6.2-1.el5 Jun 24 13:48:06 Updated: systemtap.i386 0.6.2-1.el5 Jun 24 13:48:07 Updated: gcc-c++.i386 4.1.2-42.el5 Jun 24 13:48:08 Updated: gcc-gfortran.i386 4.1.2-42.el5 Jun 24 13:48:09 Updated: openssh-clients.i386 4.3p2-26.el5 Jun 24 13:48:10 Updated: openssh-server.i386 4.3p2-26.el5 Jun 24 13:48:11 Updated: irqbalance.i386 2:0.55-10.el5 Jun 24 13:48:13 Updated: sysklogd.i386 1.4.1-44.el5 Jun 24 13:48:14 Installed: dhcpv6-client.i386 1.0.10-4.el5_2.2 Jun 24 13:48:17 Updated: cups.i386 1:1.2.4-11.18.el5_2.1 Jun 24 13:48:21 Updated: samba.i386 3.0.28-0.el5.8 Jun 24 13:48:21 Updated: microcode_ctl.i386 1:1.17-1.47.el5 Jun 24 13:48:22 Updated: freetype-devel.i386 2.2.1-20.el5_2 Jun 24 13:48:23 Updated: mysql-devel.i386 5.0.45-7.el5 Jun 24 13:48:24 Updated: amtu.i386 1.0.6-1.el5 Jun 24 13:48:25 Updated: system-config-securitylevel-tui.i386 1.6.29.1-2.1.el5 Jun 24 13:48:26 Updated: authconfig.i386 5.3.21-3.el5 Jun 24 13:48:35 Updated: frysk.i686 0.0.1.2008.03.19.rh1-1.el5 Jun 24 13:48:36 Updated: grub.i386 0.97-13.2 Jun 24 13:48:37 Updated: autofs.i386 1:5.0.1-0.rc2.88 Jun 24 13:48:39 Updated: mysql-server.i386 5.0.45-7.el5 Jun 24 13:48:40 Updated: bind-utils.i386 30:9.3.4-6.P1.el5 Jun 24 13:48:42 Updated: oprofile.i386 0.9.3-16.el5 Jun 24 13:48:43 Updated: nfs-utils.i386 1:1.0.9-33.el5 Jun 24 13:48:44 Updated: krb5-workstation.i386 1.6.1-25.el5 Jun 24 13:48:46 Updated: pygtk2.i386 2.10.1-12.el5 Jun 24 13:48:48 Updated: notification-daemon.i386 0.3.5-9.el5 Jun 24 13:48:48 Updated: ntsysv.i386 1.3.30.1-2 Jun 24 13:48:50 Updated: m2crypto.i386 0.16-6.el5.2 Jun 24 13:48:52 Updated: ntp.i386 4.2.2p1-8.el5.centos.1 Jun 24 13:48:53 Updated: tcpdump.i386 14:3.9.4-12.el5 Jun 24 13:48:55 Updated: Deployment_Guide-en-US.noarch 5.2-9.el5.centos Jun 24 13:48:56 Updated: logwatch.noarch 7.3-6.el5 Jun 24 13:48:57 Updated: ksh.i386 20060214-1.7 Jun 24 13:48:58 Updated: xorg-x11-xinit.i386 1.0.2-15.el5 Jun 24 13:48:59 Updated: acl.i386 2.2.39-3.el5 Jun 24 13:49:01 Updated: libX11-devel.i386 1.0.3-9.el5 Jun 24 13:49:01 Updated: redhat-rpm-config.noarch 8.0.45-24.el5 Jun 24 13:49:02 Updated: cpuspeed.i386 1:1.2.1-3.el5 Jun 24 13:49:04 Updated: xorg-x11-server-Xvfb.i386 1.1.1-48.41.el5_2.1 Jun 24 13:49:05 Updated: shared-mime-info.i386 0.19-5.el5 Jun 24 13:49:07 Updated: gdb.i386 6.5-37.el5_2.2 Jun 24 13:49:08 Updated: mdadm.i386 2.6.4-1.el5 Jun 24 13:49:08 Updated: htmlview.noarch 4.0.0-2.el5 Jun 24 13:49:09 Updated: traceroute.i386 3:2.0.1-3.el5 Jun 24 13:49:10 Updated: ltrace.i386 0.5-7.45svn.el5 Jun 24 13:49:10 Updated: diffstat.i386 1.41-1.2.3.el5 Jun 24 13:49:11 Updated: checkpolicy.i386 1.33.1-4.el5 Jun 24 13:49:12 Installed: libhugetlbfs.i386 1.2-5.el5 Jun 24 13:49:13 Updated: hal.i386 0.5.8.1-35.el5 Jun 24 13:49:16 Updated: rpm.i386 4.4.2-48.el5 Jun 24 13:49:17 Updated: rpm-libs.i386 4.4.2-48.el5 Jun 24 13:49:18 Updated: policycoreutils.i386 1.33.12-14.el5 Jun 24 13:49:19 Updated: rpm-python.i386 4.4.2-48.el5 Jun 24 13:49:20 Updated: oddjob-libs.i386 0.27-9.el5 Jun 24 13:49:21 Updated: kudzu.i386 1.2.57.1.17-1 Jun 24 13:49:22 Updated: pm-utils.i386 0.99.3-6.el5.centos.19 Jun 24 13:49:24 Updated: selinux-policy.noarch 2.4.6-137.el5 Jun 24 13:49:25 Updated: bind.i386 30:9.3.4-6.P1.el5 Jun 24 13:49:26 Updated: NetworkManager.i386 1:0.6.4-8.el5 Jun 24 13:49:27 Updated: oddjob.i386 0.27-9.el5 Jun 24 13:49:28 Updated: bind-chroot.i386 30:9.3.4-6.P1.el5 Jun 24 13:50:11 Updated: selinux-policy-targeted.noarch 2.4.6-137.el5 Jun 24 13:50:13 Updated: system-config-network-tui.noarch 1.3.99.10-2.el5 Jun 24 13:50:14 Updated: rpm-build.i386 4.4.2-48.el5 Jun 24 13:50:15 Updated: smartmontools.i386 1:5.36-4.el5 Jun 24 13:50:16 Updated: yum.noarch 3.2.8-9.el5.centos.2.1 Jun 24 13:50:17 Installed: yum-fastestmirror.noarch 1.1.10-9.el5.centos Jun 24 13:50:17 Updated: yum-updatesd.noarch 1:0.9-2.el5 Jun 24 13:51:23 Erased: dhcpv6_client Jun 24 13:52:04 Erased: libhugetlbfs-lib Jun 24 13:52:30 Updated: Deployment_Guide-en-US.noarch 5.2-9.el5.centos Jun 24 13:52:31 Updated: bind-chroot.i386 30:9.3.4-6.P1.el5
Jonathan Gazeley wrote:
I have attached the relevant section of my yum.log to show which packages were updated. The Radius server was tested once every minute by authenticating with a test account. This was first reported to fail at 10:48 Sorry - please read that as 13:48, i.e. halfway through the update process.
Jonathan ---------------------------- Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol ----------------------------
And what does your Freeradius server tell? (i.e. the classical email of this mailing list: "What is the ouput of radiusd -X ?") Have a nice day! Am 26.06.2008 um 11:41 schrieb Jonathan Gazeley:
Hello,
Until a couple of days ago, my FreeRadius setup was working perfectly normally - running FreeRadius 2.0.1 on a Centos 5 server. FreeRadius was compiled from source, not installed from a repository. Two days ago I received some automatic updates from standard Centos repo, and since then Radius has not worked.
Running eapol test gives some output, including this (more of the output can be supplied on demand):
EAPOL: SUPP_BE entering state RECEIVE Received 44 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=9 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 09 00 04 Attribute 80 (Message-Authenticator) length=18 Value: 43 9e 23 c8 74 b1 a0 9f 8c 3b 83 be e8 36 a8 30 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.20 sec RADIUS packet matching with station decapsulated EAP packet (code=4 id=9 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state HELD EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=0 EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE
I checked and verified all the Freeradius configs. I recompiled 2.0.1 , and later compiled and installed 2.0.5 but this shows identical symptoms.
I have attached the relevant section of my yum.log to show which packages were updated. The Radius server was tested once every minute by authenticating with a test account. This was first reported to fail at 10:48
I do not know which package could have caused this behaviour - has anyone else seen anything like this?
It is quite urgent that I get this fixed asap as it is a production box at Bristol university. Currently we are running on the backup box, where I was luckily able to disable automatic updates before they were applied.
Any advice will be gratefully received.
Cheers, Jonathan
---------------------------- Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol ----------------------------
Jun 24 13:45:09 Updated: libgcc.i386 4.1.2-42.el5 Jun 24 13:45:25 Updated: glibc-common.i386 2.5-24 Jun 24 13:45:32 Updated: glibc.i686 2.5-24 Jun 24 13:45:34 Updated: bash.i386 3.2-21.el5 Jun 24 13:45:35 Updated: libselinux.i386 1.33.4-5.el5 Jun 24 13:45:36 Updated: chkconfig.i386 1.3.30.1-2 Jun 24 13:45:37 Updated: audit-libs.i386 1.6.5-9.el5 Jun 24 13:45:37 Updated: popt.i386 1.10.2-48.el5 Jun 24 13:45:42 Updated: shadow-utils.i386 2:4.0.17-13.el5 Jun 24 13:45:43 Updated: device-mapper.i386 1.02.24-1.el5 Jun 24 13:45:44 Updated: e2fsprogs-libs.i386 1.39-15.el5 Jun 24 13:45:44 Updated: libstdc++.i386 4.1.2-42.el5 Jun 24 13:45:51 Updated: perl.i386 4:5.8.8-10.el5_2.3 Jun 24 13:45:52 Updated: dbus.i386 1.0.0-7.el5 Jun 24 13:45:53 Updated: libX11.i386 1.0.3-9.el5 Jun 24 13:45:54 Updated: nspr.i386 4.7.0.99.2-1.el5 Jun 24 13:46:14 Updated: nss.i386 3.11.99.5-2.el5.centos Jun 24 13:46:15 Updated: freetype.i386 2.2.1-20.el5_2 Jun 24 13:46:16 Updated: cairo.i386 1.2.4-5.el5 Jun 24 13:46:16 Updated: libacl.i386 2.2.39-3.el5 Jun 24 13:46:20 Updated: coreutils.i386 5.97-14.el5 Jun 24 13:46:22 Updated: pam.i386 0.99.6.2-3.27.el5 Jun 24 13:46:23 Updated: krb5-libs.i386 1.6.1-25.el5 Jun 24 13:46:25 Updated: openssl.i686 0.9.8b-10.el5 Jun 24 13:46:30 Updated: python.i386 2.4.3-21.el5 Jun 24 13:46:31 Updated: module-init-tools.i386 3.3-0.pre3.1.37.el5 Jun 24 13:46:31 Updated: newt.i386 0.52.2-10.el5 Jun 24 13:46:32 Updated: cups-libs.i386 1:1.2.4-11.18.el5_2.1 Jun 24 13:46:36 Updated: gtk2.i386 2.10.4-20.el5 Jun 24 13:46:37 Updated: udev.i386 095-14.16.el5 Jun 24 13:46:39 Updated: util-linux.i386 2.13-0.47.el5 Jun 24 13:46:41 Updated: binutils.i386 2.17.50.0.6-6.el5 Jun 24 13:46:42 Updated: bind-libs.i386 30:9.3.4-6.P1.el5 Jun 24 13:46:43 Updated: mysql.i386 5.0.45-7.el5 Jun 24 13:46:44 Updated: kpartx.i386 0.4.7-17.el5 Jun 24 13:46:45 Updated: procps.i386 3.2.7-9.el5 Jun 24 13:46:45 Updated: hwdata.noarch 0.213.6-1.el5 Jun 24 13:46:46 Updated: pciutils.i386 2.2.3-5 Jun 24 13:46:47 Updated: e2fsprogs.i386 1.39-15.el5 Jun 24 13:46:48 Updated: iptables.i386 1.3.5-4.el5 Jun 24 13:46:49 Updated: psmisc.i386 22.2-6 Jun 24 13:46:49 Updated: make.i386 1:3.81-3.el5 Jun 24 13:46:50 Updated: diffutils.i386 2.8.1-15.2.3.el5 Jun 24 13:46:51 Updated: iproute.i386 2.6.18-7.el5 Jun 24 13:46:52 Updated: pcsc-lite-libs.i386 1.4.4-0.1.el5 Jun 24 13:46:53 Updated: dmraid.i386 1.0.0.rc13-9.el5 Jun 24 13:46:56 Updated: libgcj.i386 4.1.2-42.el5 Jun 24 13:46:57 Updated: libuser.i386 0.54.7-2.el5.5 Jun 24 13:46:58 Updated: usermode.i386 1.88-3.el5.1 Jun 24 13:46:59 Updated: libvolume_id.i386 095-14.16.el5 Jun 24 13:46:59 Updated: libgomp.i386 4.1.2-42.el5 Jun 24 13:47:00 Updated: libnl.i386 1.0-0.10.pre5.5 Jun 24 13:47:01 Updated: file.i386 4.17-13 Jun 24 13:47:02 Updated: libgfortran.i386 4.1.2-42.el5 Jun 24 13:47:03 Updated: iptables-ipv6.i386 1.3.5-4.el5 Jun 24 13:47:04 Updated: device-mapper-multipath.i386 0.4.7-17.el5 Jun 24 13:47:05 Updated: paps.i386 0.6.6-18.el5 Jun 24 13:47:05 Updated: yum-metadata-parser.i386 1.1.2-2.el5 Jun 24 13:47:06 Updated: libselinux-python.i386 1.33.4-5.el5 Jun 24 13:47:06 Updated: audit-libs-python.i386 1.6.5-9.el5 Jun 24 13:47:07 Updated: wpa_supplicant.i386 1:0.4.8-10.2.el5 Jun 24 13:47:09 Updated: samba-common.i386 3.0.28-0.el5.8 Jun 24 13:47:10 Updated: audit.i386 1.6.5-9.el5 Jun 24 13:47:11 Updated: nscd.i386 2.5-24 Jun 24 13:47:13 Updated: nss-tools.i386 3.11.99.5-2.el5.centos Jun 24 13:47:14 Updated: e2fsprogs-devel.i386 1.39-15.el5 Jun 24 13:47:15 Updated: net-tools.i386 1.60-78.el5 Jun 24 13:47:16 Updated: libselinux-devel.i386 1.33.4-5.el5 Jun 24 13:47:17 Updated: krb5-devel.i386 1.6.1-25.el5 Jun 24 13:47:19 Updated: openssl-devel.i386 0.9.8b-10.el5 Jun 24 13:47:20 Updated: gzip.i386 1.3.5-10.el5.centos Jun 24 13:47:20 Updated: pkgconfig.i386 1:0.21-2.el5 Jun 24 13:47:22 Updated: kernel-headers.i386 2.6.18-92.1.1.el5 Jun 24 13:47:23 Updated: glibc-headers.i386 2.5-24 Jun 24 13:47:25 Updated: glibc-devel.i386 2.5-24 Jun 24 13:47:25 Updated: centos-release-notes.i386 5.2-2 Jun 24 13:47:26 Updated: centos-release.i386 10:5-2.el5.centos Jun 24 13:47:28 Updated: initscripts.i386 8.45.19.EL-1.el5.centos.1 Jun 24 13:47:30 Updated: pcsc-lite.i386 1.4.4-0.1.el5 Jun 24 13:47:32 Updated: kbd.i386 1.12-20.el5 Jun 24 13:47:32 Updated: openssh.i386 4.3p2-26.el5 Jun 24 13:47:33 Updated: dhclient.i386 12:3.0.5-13.el5 Jun 24 13:47:34 Updated: coolkey.i386 1.1.0-6.el5 Jun 24 13:47:35 Updated: nss_ldap.i386 253-12.el5 Jun 24 13:47:36 Updated: nss_db.i386 2.2-35.3 Jun 24 13:47:37 Updated: crash.i386 4.0-5.0.3.el5.centos Jun 24 13:47:39 Updated: at-spi.i386 1.7.11-3.el5 Jun 24 13:47:39 Installed: python-iniparse.noarch 0.2.3-4.el5 Jun 24 13:47:40 Installed: gamin-python.i386 0.1.7-8.el5 Jun 24 13:47:40 Updated: libpcap.i386 14:0.9.4-12.el5 Jun 24 13:47:41 Updated: sudo.i386 1.6.8p12-12.el5 Jun 24 13:47:44 Updated: libstdc++-devel.i386 4.1.2-42.el5 Jun 24 13:47:45 Updated: parted.i386 1.8.1-17.el5 Jun 24 13:47:45 Updated: apr-util.i386 1.2.7-7.el5 Jun 24 13:47:46 Installed: device-mapper-event.i386 1.02.24-1.el5 Jun 24 13:47:48 Updated: lvm2.i386 2.02.32-4.el5 Jun 24 13:47:49 Updated: cpp.i386 4.1.2-42.el5 Jun 24 13:47:51 Updated: gcc.i386 4.1.2-42.el5 Jun 24 13:47:51 Updated: nash.i386 5.1.19.6-28 Jun 24 13:47:52 Updated: mkinitrd.i386 5.1.19.6-28 Jun 24 13:48:02 Installed: kernel.i686 2.6.18-92.1.1.el5 Jun 24 13:48:04 Updated: systemtap-runtime.i386 0.6.2-1.el5 Jun 24 13:48:06 Updated: systemtap.i386 0.6.2-1.el5 Jun 24 13:48:07 Updated: gcc-c++.i386 4.1.2-42.el5 Jun 24 13:48:08 Updated: gcc-gfortran.i386 4.1.2-42.el5 Jun 24 13:48:09 Updated: openssh-clients.i386 4.3p2-26.el5 Jun 24 13:48:10 Updated: openssh-server.i386 4.3p2-26.el5 Jun 24 13:48:11 Updated: irqbalance.i386 2:0.55-10.el5 Jun 24 13:48:13 Updated: sysklogd.i386 1.4.1-44.el5 Jun 24 13:48:14 Installed: dhcpv6-client.i386 1.0.10-4.el5_2.2 Jun 24 13:48:17 Updated: cups.i386 1:1.2.4-11.18.el5_2.1 Jun 24 13:48:21 Updated: samba.i386 3.0.28-0.el5.8 Jun 24 13:48:21 Updated: microcode_ctl.i386 1:1.17-1.47.el5 Jun 24 13:48:22 Updated: freetype-devel.i386 2.2.1-20.el5_2 Jun 24 13:48:23 Updated: mysql-devel.i386 5.0.45-7.el5 Jun 24 13:48:24 Updated: amtu.i386 1.0.6-1.el5 Jun 24 13:48:25 Updated: system-config-securitylevel-tui.i386 1.6.29.1-2.1.el5 Jun 24 13:48:26 Updated: authconfig.i386 5.3.21-3.el5 Jun 24 13:48:35 Updated: frysk.i686 0.0.1.2008.03.19.rh1-1.el5 Jun 24 13:48:36 Updated: grub.i386 0.97-13.2 Jun 24 13:48:37 Updated: autofs.i386 1:5.0.1-0.rc2.88 Jun 24 13:48:39 Updated: mysql-server.i386 5.0.45-7.el5 Jun 24 13:48:40 Updated: bind-utils.i386 30:9.3.4-6.P1.el5 Jun 24 13:48:42 Updated: oprofile.i386 0.9.3-16.el5 Jun 24 13:48:43 Updated: nfs-utils.i386 1:1.0.9-33.el5 Jun 24 13:48:44 Updated: krb5-workstation.i386 1.6.1-25.el5 Jun 24 13:48:46 Updated: pygtk2.i386 2.10.1-12.el5 Jun 24 13:48:48 Updated: notification-daemon.i386 0.3.5-9.el5 Jun 24 13:48:48 Updated: ntsysv.i386 1.3.30.1-2 Jun 24 13:48:50 Updated: m2crypto.i386 0.16-6.el5.2 Jun 24 13:48:52 Updated: ntp.i386 4.2.2p1-8.el5.centos.1 Jun 24 13:48:53 Updated: tcpdump.i386 14:3.9.4-12.el5 Jun 24 13:48:55 Updated: Deployment_Guide-en-US.noarch 5.2-9.el5.centos Jun 24 13:48:56 Updated: logwatch.noarch 7.3-6.el5 Jun 24 13:48:57 Updated: ksh.i386 20060214-1.7 Jun 24 13:48:58 Updated: xorg-x11-xinit.i386 1.0.2-15.el5 Jun 24 13:48:59 Updated: acl.i386 2.2.39-3.el5 Jun 24 13:49:01 Updated: libX11-devel.i386 1.0.3-9.el5 Jun 24 13:49:01 Updated: redhat-rpm-config.noarch 8.0.45-24.el5 Jun 24 13:49:02 Updated: cpuspeed.i386 1:1.2.1-3.el5 Jun 24 13:49:04 Updated: xorg-x11-server-Xvfb.i386 1.1.1-48.41.el5_2.1 Jun 24 13:49:05 Updated: shared-mime-info.i386 0.19-5.el5 Jun 24 13:49:07 Updated: gdb.i386 6.5-37.el5_2.2 Jun 24 13:49:08 Updated: mdadm.i386 2.6.4-1.el5 Jun 24 13:49:08 Updated: htmlview.noarch 4.0.0-2.el5 Jun 24 13:49:09 Updated: traceroute.i386 3:2.0.1-3.el5 Jun 24 13:49:10 Updated: ltrace.i386 0.5-7.45svn.el5 Jun 24 13:49:10 Updated: diffstat.i386 1.41-1.2.3.el5 Jun 24 13:49:11 Updated: checkpolicy.i386 1.33.1-4.el5 Jun 24 13:49:12 Installed: libhugetlbfs.i386 1.2-5.el5 Jun 24 13:49:13 Updated: hal.i386 0.5.8.1-35.el5 Jun 24 13:49:16 Updated: rpm.i386 4.4.2-48.el5 Jun 24 13:49:17 Updated: rpm-libs.i386 4.4.2-48.el5 Jun 24 13:49:18 Updated: policycoreutils.i386 1.33.12-14.el5 Jun 24 13:49:19 Updated: rpm-python.i386 4.4.2-48.el5 Jun 24 13:49:20 Updated: oddjob-libs.i386 0.27-9.el5 Jun 24 13:49:21 Updated: kudzu.i386 1.2.57.1.17-1 Jun 24 13:49:22 Updated: pm-utils.i386 0.99.3-6.el5.centos.19 Jun 24 13:49:24 Updated: selinux-policy.noarch 2.4.6-137.el5 Jun 24 13:49:25 Updated: bind.i386 30:9.3.4-6.P1.el5 Jun 24 13:49:26 Updated: NetworkManager.i386 1:0.6.4-8.el5 Jun 24 13:49:27 Updated: oddjob.i386 0.27-9.el5 Jun 24 13:49:28 Updated: bind-chroot.i386 30:9.3.4-6.P1.el5 Jun 24 13:50:11 Updated: selinux-policy-targeted.noarch 2.4.6-137.el5 Jun 24 13:50:13 Updated: system-config-network-tui.noarch 1.3.99.10-2.el5 Jun 24 13:50:14 Updated: rpm-build.i386 4.4.2-48.el5 Jun 24 13:50:15 Updated: smartmontools.i386 1:5.36-4.el5 Jun 24 13:50:16 Updated: yum.noarch 3.2.8-9.el5.centos.2.1 Jun 24 13:50:17 Installed: yum-fastestmirror.noarch 1.1.10-9.el5.centos Jun 24 13:50:17 Updated: yum-updatesd.noarch 1:0.9-2.el5 Jun 24 13:51:23 Erased: dhcpv6_client Jun 24 13:52:04 Erased: libhugetlbfs-lib Jun 24 13:52:30 Updated: Deployment_Guide-en-US.noarch 5.2-9.el5.centos Jun 24 13:52:31 Updated: bind-chroot.i386 30:9.3.4-6.P1.el5 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
Hi, Finally EAP-TNC is working with wpa_supplicant and freeradius over TTLS, but No user autentication only TTLS and TNC. Is posible execute TTLS-MSCHAPv2-TNC? Thanks, Fernando.
Alan DeKok wrote:
Fernando wrote:
Finally EAP-TNC is working with wpa_supplicant and freeradius over TTLS, but No user autentication only TTLS and TNC. Is posible execute TTLS-MSCHAPv2-TNC?
You will have to modify the code to get this to work.
can you give me some tips like files to do the modification?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fernando wrote:
You will have to modify the code to get this to work.
can you give me some tips like files to do the modification?
See the EAP types. rlm_eap_tnc.c && rlm_eap_ttls.c. I don't really know much about how TNC works, so I can't be more specific. Alan DeKok.
Hi Nicolas, Yes of course, the output of radiusd -X is attached to this email. Thanks for your help, Jonathan ---------------------------- Jonathan Gazeley ResNet | Wireless & VPN Team Information Services University of Bristol ---------------------------- Nicolas Goutte wrote:
And what does your Freeradius server tell? (i.e. the classical email of this mailing list: "What is the ouput of radiusd -X ?")
Have a nice day!
Am 26.06.2008 um 11:41 schrieb Jonathan Gazeley:
Hello,
Until a couple of days ago, my FreeRadius setup was working perfectly normally - running FreeRadius 2.0.1 on a Centos 5 server. FreeRadius was compiled from source, not installed from a repository. Two days ago I received some automatic updates from standard Centos repo, and since then Radius has not worked.
Running eapol test gives some output, including this (more of the output can be supplied on demand):
EAPOL: SUPP_BE entering state RECEIVE Received 44 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=9 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 09 00 04 Attribute 80 (Message-Authenticator) length=18 Value: 43 9e 23 c8 74 b1 a0 9f 8c 3b 83 be e8 36 a8 30 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.20 sec RADIUS packet matching with station decapsulated EAP packet (code=4 id=9 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state HELD EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=0 EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE
I checked and verified all the Freeradius configs. I recompiled 2.0.1 , and later compiled and installed 2.0.5 but this shows identical symptoms.
I have attached the relevant section of my yum.log to show which packages were updated. The Radius server was tested once every minute by authenticating with a test account. This was first reported to fail at 10:48
I do not know which package could have caused this behaviour - has anyone else seen anything like this?
It is quite urgent that I get this fixed asap as it is a production box at Bristol university. Currently we are running on the backup box, where I was luckily able to disable automatic updates before they were applied.
Any advice will be gratefully received.
Cheers, Jonathan
---------------------------- Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol ----------------------------
Jun 24 13:45:09 Updated: libgcc.i386 4.1.2-42.el5 Jun 24 13:45:25 Updated: glibc-common.i386 2.5-24 Jun 24 13:45:32 Updated: glibc.i686 2.5-24 Jun 24 13:45:34 Updated: bash.i386 3.2-21.el5 Jun 24 13:45:35 Updated: libselinux.i386 1.33.4-5.el5 Jun 24 13:45:36 Updated: chkconfig.i386 1.3.30.1-2 Jun 24 13:45:37 Updated: audit-libs.i386 1.6.5-9.el5 Jun 24 13:45:37 Updated: popt.i386 1.10.2-48.el5 Jun 24 13:45:42 Updated: shadow-utils.i386 2:4.0.17-13.el5 Jun 24 13:45:43 Updated: device-mapper.i386 1.02.24-1.el5 Jun 24 13:45:44 Updated: e2fsprogs-libs.i386 1.39-15.el5 Jun 24 13:45:44 Updated: libstdc++.i386 4.1.2-42.el5 Jun 24 13:45:51 Updated: perl.i386 4:5.8.8-10.el5_2.3 Jun 24 13:45:52 Updated: dbus.i386 1.0.0-7.el5 Jun 24 13:45:53 Updated: libX11.i386 1.0.3-9.el5 Jun 24 13:45:54 Updated: nspr.i386 4.7.0.99.2-1.el5 Jun 24 13:46:14 Updated: nss.i386 3.11.99.5-2.el5.centos Jun 24 13:46:15 Updated: freetype.i386 2.2.1-20.el5_2 Jun 24 13:46:16 Updated: cairo.i386 1.2.4-5.el5 Jun 24 13:46:16 Updated: libacl.i386 2.2.39-3.el5 Jun 24 13:46:20 Updated: coreutils.i386 5.97-14.el5 Jun 24 13:46:22 Updated: pam.i386 0.99.6.2-3.27.el5 Jun 24 13:46:23 Updated: krb5-libs.i386 1.6.1-25.el5 Jun 24 13:46:25 Updated: openssl.i686 0.9.8b-10.el5 Jun 24 13:46:30 Updated: python.i386 2.4.3-21.el5 Jun 24 13:46:31 Updated: module-init-tools.i386 3.3-0.pre3.1.37.el5 Jun 24 13:46:31 Updated: newt.i386 0.52.2-10.el5 Jun 24 13:46:32 Updated: cups-libs.i386 1:1.2.4-11.18.el5_2.1 Jun 24 13:46:36 Updated: gtk2.i386 2.10.4-20.el5 Jun 24 13:46:37 Updated: udev.i386 095-14.16.el5 Jun 24 13:46:39 Updated: util-linux.i386 2.13-0.47.el5 Jun 24 13:46:41 Updated: binutils.i386 2.17.50.0.6-6.el5 Jun 24 13:46:42 Updated: bind-libs.i386 30:9.3.4-6.P1.el5 Jun 24 13:46:43 Updated: mysql.i386 5.0.45-7.el5 Jun 24 13:46:44 Updated: kpartx.i386 0.4.7-17.el5 Jun 24 13:46:45 Updated: procps.i386 3.2.7-9.el5 Jun 24 13:46:45 Updated: hwdata.noarch 0.213.6-1.el5 Jun 24 13:46:46 Updated: pciutils.i386 2.2.3-5 Jun 24 13:46:47 Updated: e2fsprogs.i386 1.39-15.el5 Jun 24 13:46:48 Updated: iptables.i386 1.3.5-4.el5 Jun 24 13:46:49 Updated: psmisc.i386 22.2-6 Jun 24 13:46:49 Updated: make.i386 1:3.81-3.el5 Jun 24 13:46:50 Updated: diffutils.i386 2.8.1-15.2.3.el5 Jun 24 13:46:51 Updated: iproute.i386 2.6.18-7.el5 Jun 24 13:46:52 Updated: pcsc-lite-libs.i386 1.4.4-0.1.el5 Jun 24 13:46:53 Updated: dmraid.i386 1.0.0.rc13-9.el5 Jun 24 13:46:56 Updated: libgcj.i386 4.1.2-42.el5 Jun 24 13:46:57 Updated: libuser.i386 0.54.7-2.el5.5 Jun 24 13:46:58 Updated: usermode.i386 1.88-3.el5.1 Jun 24 13:46:59 Updated: libvolume_id.i386 095-14.16.el5 Jun 24 13:46:59 Updated: libgomp.i386 4.1.2-42.el5 Jun 24 13:47:00 Updated: libnl.i386 1.0-0.10.pre5.5 Jun 24 13:47:01 Updated: file.i386 4.17-13 Jun 24 13:47:02 Updated: libgfortran.i386 4.1.2-42.el5 Jun 24 13:47:03 Updated: iptables-ipv6.i386 1.3.5-4.el5 Jun 24 13:47:04 Updated: device-mapper-multipath.i386 0.4.7-17.el5 Jun 24 13:47:05 Updated: paps.i386 0.6.6-18.el5 Jun 24 13:47:05 Updated: yum-metadata-parser.i386 1.1.2-2.el5 Jun 24 13:47:06 Updated: libselinux-python.i386 1.33.4-5.el5 Jun 24 13:47:06 Updated: audit-libs-python.i386 1.6.5-9.el5 Jun 24 13:47:07 Updated: wpa_supplicant.i386 1:0.4.8-10.2.el5 Jun 24 13:47:09 Updated: samba-common.i386 3.0.28-0.el5.8 Jun 24 13:47:10 Updated: audit.i386 1.6.5-9.el5 Jun 24 13:47:11 Updated: nscd.i386 2.5-24 Jun 24 13:47:13 Updated: nss-tools.i386 3.11.99.5-2.el5.centos Jun 24 13:47:14 Updated: e2fsprogs-devel.i386 1.39-15.el5 Jun 24 13:47:15 Updated: net-tools.i386 1.60-78.el5 Jun 24 13:47:16 Updated: libselinux-devel.i386 1.33.4-5.el5 Jun 24 13:47:17 Updated: krb5-devel.i386 1.6.1-25.el5 Jun 24 13:47:19 Updated: openssl-devel.i386 0.9.8b-10.el5 Jun 24 13:47:20 Updated: gzip.i386 1.3.5-10.el5.centos Jun 24 13:47:20 Updated: pkgconfig.i386 1:0.21-2.el5 Jun 24 13:47:22 Updated: kernel-headers.i386 2.6.18-92.1.1.el5 Jun 24 13:47:23 Updated: glibc-headers.i386 2.5-24 Jun 24 13:47:25 Updated: glibc-devel.i386 2.5-24 Jun 24 13:47:25 Updated: centos-release-notes.i386 5.2-2 Jun 24 13:47:26 Updated: centos-release.i386 10:5-2.el5.centos Jun 24 13:47:28 Updated: initscripts.i386 8.45.19.EL-1.el5.centos.1 Jun 24 13:47:30 Updated: pcsc-lite.i386 1.4.4-0.1.el5 Jun 24 13:47:32 Updated: kbd.i386 1.12-20.el5 Jun 24 13:47:32 Updated: openssh.i386 4.3p2-26.el5 Jun 24 13:47:33 Updated: dhclient.i386 12:3.0.5-13.el5 Jun 24 13:47:34 Updated: coolkey.i386 1.1.0-6.el5 Jun 24 13:47:35 Updated: nss_ldap.i386 253-12.el5 Jun 24 13:47:36 Updated: nss_db.i386 2.2-35.3 Jun 24 13:47:37 Updated: crash.i386 4.0-5.0.3.el5.centos Jun 24 13:47:39 Updated: at-spi.i386 1.7.11-3.el5 Jun 24 13:47:39 Installed: python-iniparse.noarch 0.2.3-4.el5 Jun 24 13:47:40 Installed: gamin-python.i386 0.1.7-8.el5 Jun 24 13:47:40 Updated: libpcap.i386 14:0.9.4-12.el5 Jun 24 13:47:41 Updated: sudo.i386 1.6.8p12-12.el5 Jun 24 13:47:44 Updated: libstdc++-devel.i386 4.1.2-42.el5 Jun 24 13:47:45 Updated: parted.i386 1.8.1-17.el5 Jun 24 13:47:45 Updated: apr-util.i386 1.2.7-7.el5 Jun 24 13:47:46 Installed: device-mapper-event.i386 1.02.24-1.el5 Jun 24 13:47:48 Updated: lvm2.i386 2.02.32-4.el5 Jun 24 13:47:49 Updated: cpp.i386 4.1.2-42.el5 Jun 24 13:47:51 Updated: gcc.i386 4.1.2-42.el5 Jun 24 13:47:51 Updated: nash.i386 5.1.19.6-28 Jun 24 13:47:52 Updated: mkinitrd.i386 5.1.19.6-28 Jun 24 13:48:02 Installed: kernel.i686 2.6.18-92.1.1.el5 Jun 24 13:48:04 Updated: systemtap-runtime.i386 0.6.2-1.el5 Jun 24 13:48:06 Updated: systemtap.i386 0.6.2-1.el5 Jun 24 13:48:07 Updated: gcc-c++.i386 4.1.2-42.el5 Jun 24 13:48:08 Updated: gcc-gfortran.i386 4.1.2-42.el5 Jun 24 13:48:09 Updated: openssh-clients.i386 4.3p2-26.el5 Jun 24 13:48:10 Updated: openssh-server.i386 4.3p2-26.el5 Jun 24 13:48:11 Updated: irqbalance.i386 2:0.55-10.el5 Jun 24 13:48:13 Updated: sysklogd.i386 1.4.1-44.el5 Jun 24 13:48:14 Installed: dhcpv6-client.i386 1.0.10-4.el5_2.2 Jun 24 13:48:17 Updated: cups.i386 1:1.2.4-11.18.el5_2.1 Jun 24 13:48:21 Updated: samba.i386 3.0.28-0.el5.8 Jun 24 13:48:21 Updated: microcode_ctl.i386 1:1.17-1.47.el5 Jun 24 13:48:22 Updated: freetype-devel.i386 2.2.1-20.el5_2 Jun 24 13:48:23 Updated: mysql-devel.i386 5.0.45-7.el5 Jun 24 13:48:24 Updated: amtu.i386 1.0.6-1.el5 Jun 24 13:48:25 Updated: system-config-securitylevel-tui.i386 1.6.29.1-2.1.el5 Jun 24 13:48:26 Updated: authconfig.i386 5.3.21-3.el5 Jun 24 13:48:35 Updated: frysk.i686 0.0.1.2008.03.19.rh1-1.el5 Jun 24 13:48:36 Updated: grub.i386 0.97-13.2 Jun 24 13:48:37 Updated: autofs.i386 1:5.0.1-0.rc2.88 Jun 24 13:48:39 Updated: mysql-server.i386 5.0.45-7.el5 Jun 24 13:48:40 Updated: bind-utils.i386 30:9.3.4-6.P1.el5 Jun 24 13:48:42 Updated: oprofile.i386 0.9.3-16.el5 Jun 24 13:48:43 Updated: nfs-utils.i386 1:1.0.9-33.el5 Jun 24 13:48:44 Updated: krb5-workstation.i386 1.6.1-25.el5 Jun 24 13:48:46 Updated: pygtk2.i386 2.10.1-12.el5 Jun 24 13:48:48 Updated: notification-daemon.i386 0.3.5-9.el5 Jun 24 13:48:48 Updated: ntsysv.i386 1.3.30.1-2 Jun 24 13:48:50 Updated: m2crypto.i386 0.16-6.el5.2 Jun 24 13:48:52 Updated: ntp.i386 4.2.2p1-8.el5.centos.1 Jun 24 13:48:53 Updated: tcpdump.i386 14:3.9.4-12.el5 Jun 24 13:48:55 Updated: Deployment_Guide-en-US.noarch 5.2-9.el5.centos Jun 24 13:48:56 Updated: logwatch.noarch 7.3-6.el5 Jun 24 13:48:57 Updated: ksh.i386 20060214-1.7 Jun 24 13:48:58 Updated: xorg-x11-xinit.i386 1.0.2-15.el5 Jun 24 13:48:59 Updated: acl.i386 2.2.39-3.el5 Jun 24 13:49:01 Updated: libX11-devel.i386 1.0.3-9.el5 Jun 24 13:49:01 Updated: redhat-rpm-config.noarch 8.0.45-24.el5 Jun 24 13:49:02 Updated: cpuspeed.i386 1:1.2.1-3.el5 Jun 24 13:49:04 Updated: xorg-x11-server-Xvfb.i386 1.1.1-48.41.el5_2.1 Jun 24 13:49:05 Updated: shared-mime-info.i386 0.19-5.el5 Jun 24 13:49:07 Updated: gdb.i386 6.5-37.el5_2.2 Jun 24 13:49:08 Updated: mdadm.i386 2.6.4-1.el5 Jun 24 13:49:08 Updated: htmlview.noarch 4.0.0-2.el5 Jun 24 13:49:09 Updated: traceroute.i386 3:2.0.1-3.el5 Jun 24 13:49:10 Updated: ltrace.i386 0.5-7.45svn.el5 Jun 24 13:49:10 Updated: diffstat.i386 1.41-1.2.3.el5 Jun 24 13:49:11 Updated: checkpolicy.i386 1.33.1-4.el5 Jun 24 13:49:12 Installed: libhugetlbfs.i386 1.2-5.el5 Jun 24 13:49:13 Updated: hal.i386 0.5.8.1-35.el5 Jun 24 13:49:16 Updated: rpm.i386 4.4.2-48.el5 Jun 24 13:49:17 Updated: rpm-libs.i386 4.4.2-48.el5 Jun 24 13:49:18 Updated: policycoreutils.i386 1.33.12-14.el5 Jun 24 13:49:19 Updated: rpm-python.i386 4.4.2-48.el5 Jun 24 13:49:20 Updated: oddjob-libs.i386 0.27-9.el5 Jun 24 13:49:21 Updated: kudzu.i386 1.2.57.1.17-1 Jun 24 13:49:22 Updated: pm-utils.i386 0.99.3-6.el5.centos.19 Jun 24 13:49:24 Updated: selinux-policy.noarch 2.4.6-137.el5 Jun 24 13:49:25 Updated: bind.i386 30:9.3.4-6.P1.el5 Jun 24 13:49:26 Updated: NetworkManager.i386 1:0.6.4-8.el5 Jun 24 13:49:27 Updated: oddjob.i386 0.27-9.el5 Jun 24 13:49:28 Updated: bind-chroot.i386 30:9.3.4-6.P1.el5 Jun 24 13:50:11 Updated: selinux-policy-targeted.noarch 2.4.6-137.el5 Jun 24 13:50:13 Updated: system-config-network-tui.noarch 1.3.99.10-2.el5 Jun 24 13:50:14 Updated: rpm-build.i386 4.4.2-48.el5 Jun 24 13:50:15 Updated: smartmontools.i386 1:5.36-4.el5 Jun 24 13:50:16 Updated: yum.noarch 3.2.8-9.el5.centos.2.1 Jun 24 13:50:17 Installed: yum-fastestmirror.noarch 1.1.10-9.el5.centos Jun 24 13:50:17 Updated: yum-updatesd.noarch 1:0.9-2.el5 Jun 24 13:51:23 Erased: dhcpv6_client Jun 24 13:52:04 Erased: libhugetlbfs-lib Jun 24 13:52:30 Updated: Deployment_Guide-en-US.noarch 5.2-9.el5.centos Jun 24 13:52:31 Updated: bind-chroot.i386 30:9.3.4-6.P1.el5 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
Ready to process requests. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=0, length=132 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200001101697365722d6c696e61757468 Message-Authenticator = 0xc939ccb6a9852cc575c6f9dd02f2ad85 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:42 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 0 to 137.222.253.119 port 32857 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77aa302bec272c9fe94ea7af7c Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=1, length=139 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0xaa313e77aa302bec272c9fe94ea7af7c Message-Authenticator = 0x6b93bcec90e577c41e592cb17ced80cc server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:42 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 1 to 137.222.253.119 port 32857 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77ab3327ec272c9fe94ea7af7c Finished request 1. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=2, length=239 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0202006a1900160301005f0100005b0301486372de2dcc31ba0374a1783145036d8ff75f7970e40c42196dbe616eb4263b00003400390038003500160013000a00330032002f006600050004006300620061001500120009006500640060001400110008000600030100 State = 0xaa313e77ab3327ec272c9fe94ea7af7c Message-Authenticator = 0x9f04ed007fc8d26e297deb45c6e82be1 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:42 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 106 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 08c3], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 2 to 137.222.253.119 port 32857 EAP-Message = 0x0103040019c000000ab2160301004a020000460301486372dfad1863bec79e077e090c164051ada377d0640cdc48f0edb47bff651920f1bdb301cbe8a26b1fdabc27259350ee567bf37edc15a4ccfb19e30b6c47bf0100390016030108c30b0008bf0008bc0004703082046c30820354a003020102020b01000000000116ceefe7b5300d06092a864886f70d0101050500305f310b300906035504061302424531133011060355040a130a4379626572747275737431173015060355040b130e456475636174696f6e616c20434131223020060355040313194379626572747275737420456475636174696f6e616c204341301e170d30373132313231 EAP-Message = 0x35313835375a170d3038313231323135313835375a308191310b3009060355040613024742310d300b0603550408130441766f6e3110300e0603550407130742726973746f6c311e301c060355040a1315556e6976657273697479206f662042726973746f6c311d301b060355040b1314496e666f726d6174696f6e20536572766963657331223020060355040313196d6f6368612e776972656c6573732e627269732e61632e756b30819f300d06092a864886f70d010101050003818d0030818902818100e914727ed8c9b31fc5bf672132b5e924f7b09ad0ef3dfd10991c26bf1f4cf023c5508a399d3128b119847524d3ee190af855e4f3043019 EAP-Message = 0x9cf867800798287e91f88bce6609bb6f262ba2759bfcb160187076b3eb39f55941c6778ec596a583508cc3e747a01c85d29b37b321e782fb6431a84dca6aaf36baf1f8acf3455bfc810203010001a38201783082017430500603551d2004493047304506072a8648b13e0100303a303806082b06010505070201162c687474703a2f2f7777772e676c6f62616c7369676e2e6e65742f7265706f7369746f72792f6370732e63666d300e0603551d0f0101ff0404030205a0301f0603551d230418301680146565a33dd73b11a30a072537c9424a5b767750e1301d0603551d0e0416041480a8a90697105d00450f52fa07845747f3306b76303a060355 EAP-Message = 0x1d1f04333031302fa02da02b8629687474703a2f2f63726c2e676c6f62616c7369676e2e6e65742f656475636174696f6e616c2e63726c304f06082b0601050507010104433041303f06082b060105050730028633687474703a2f2f7365637572652e676c6f62616c7369676e2e6e65742f6361636572742f656475636174696f6e616c2e637274301d0603551d250416301406082b0601050507030106082b0601050507030230240603551d11041d301b82196d6f6368612e776972656c6573732e627269732e61632e756b300d06092a864886f70d01010505000382010100405351a3516c691fc5e5916ac8392e521fbf4b0a0cd4003e48bd837c EAP-Message = 0x7c7323471fc1a7cc6cd83e2b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77a83227ec272c9fe94ea7af7c Finished request 2. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=3, length=139 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300061900 State = 0xaa313e77a83227ec272c9fe94ea7af7c Message-Authenticator = 0x2328a63b043c9727200930b9fdfe23b6 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 3 to 137.222.253.119 port 32857 EAP-Message = 0x010403fc194006c2db4fcf117031c40f6830da3e2e4351eb3ae44312aa7c6edc686630653c49dbc0b2b3906ad098303bd3d55a950afebd30fd5e71b62574816a22b21c8ea0de0647a943345f899d02146a4064313bace8d4b47448d63ef3a0a6bef1555b3966780a0f7e8ed895e7811a252f539ab10dcb45a261dfb7f66f0c7b11a8ecbd117c35aca983396dee1e3d7a71203e2026d43d4cf7da69b74e359499a102adccbf7639b1526502d7471f9d4fe8fb881b58858cf3b151ddd4f14306bf3473cdc3e0bd441416b0fe3a9ada43a1639aab573be9736251164765f55900044630820442308203aba0030201020204040003fb300d06092a864886f7 EAP-Message = 0x0d01010505003075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f74301e170d3036303331343230333030305a170d3133303331343233353930305a305f310b300906035504061302424531133011060355040a130a4379626572747275737431173015060355040b130e456475636174696f6e616c20434131223020060355040313194379626572747275737420456475636174696f6e616c2043 EAP-Message = 0x4130820122300d06092a864886f70d01010105000382010f003082010a02820101009522a1101d4a46606e05919bdf83c2ed12b25a7cf8abe1f8505c282c7e7e003893b08b4af1c24c3c102c3cefb0eca1692fb9fccc08146b8d4f18f383d2faa9370820aa5caa8060a2d5a52200cf5ae5b497dfba1ebe5c8e171966fdaf9f7c7b89b20e24d8c7ab63c495328d48e663597d04b833a8bdd75d64bc63b5f74d28fdf90672315cba459465a3d2b458ec3b615844a32f62b39b80b482fdd5c7cc5125e5953f472f307bacc8786ee2e16d27eb3dcc0182e835778dab58bb55d1d5a481568d1cd014b1b006dea09122f3f0a8341747c6e03ef60c5aac7e504b EAP-Message = 0xcde1696e06fc067e6a4db49599a0595c3566ecd949d417e060b05da5d71ae22a6e66f2af1d0203010001a382016f3082016b30450603551d1f043e303c303aa038a0368634687474703a2f2f7777772e7075626c69632d74727573742e636f6d2f6367692d62696e2f43524c2f323031382f6364702e63726c301d0603551d0e041604146565a33dd73b11a30a072537c9424a5b767750e130530603551d20044c304a304806092b06010401b13e0100303b303906082b06010505070201162d687474703a2f2f7777772e7075626c69632d74727573742e636f6d2f4350532f4f6d6e69526f6f742e68746d6c3081890603551d23048181307fa179a4 EAP-Message = 0x773075310b300906 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77a93527ec272c9fe94ea7af7c Finished request 3. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=4, length=139 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061900 State = 0xaa313e77a93527ec272c9fe94ea7af7c Message-Authenticator = 0xf9827901b470a31ded3fd5c25de7c721 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 4 to 137.222.253.119 port 32857 EAP-Message = 0x010502cc1900035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f74820201a5300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100300d06092a864886f70d01010505000381810043b345835471c41fdcb23c6b4ebf26f24ef2ad9a5bfa863788e8146c4118425fef653eeb0377a0b79e757a517cbb155bb8af91a0349253ed7f2a4984acb9804bb5c7b22322fbebd8fb6ec93c EAP-Message = 0xf3d2d1bbbec91cff6d01db69800e99a5ea9e7b97988fb7cf229cb3b85de5a9331774c697370fb4e926825f610b3f1e3d64e92b9b160301018d0c00018900809115795209b26f52b0d229ac083b55262c8f5eaed97d69a711e9a02419cfe778b492ff5eaf285dda5066ec10837864e8784386171fe26862865661597b99f569363efd47b100c8fac1cb58af75cac756ee30c2f3a1fcb080f12f3294a224a91f4525e6fee049efb559c4a1b2d946cfdaaac3060f85e9da753d4d89da4d65370300010200801cdaf3460abcdab761823d8f79d925532ea292127862a64b8712ec89af5c011c2544801a417d337ee17843ef12c032215feeceda403234558b EAP-Message = 0x2900edd19f4791bcd6650fb06f2f345d1a319e09250cfd2b43ac0794ab10f1b109d07c67d07b30ab3563fcad036cc32ac060cc53c651467f9f4104cfb483551c478b9910d5c88b008026f1c12563fa4c906310a2d0cee267cf1e70294137815d611f4b00c419e57201311458383f3df251deb91e572fe42991a6a8aa97d2b52bafcfbb93eedf76517160e9eb7ea1e6fa6e8a417d8cc234477afc21c38fef64f2ef879610ae13dfa0dc0befab0d1e7de84b05b093d3cc09cee8ea5f33df333acf46c0cd7d687c7f5e1616030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77ae3427ec272c9fe94ea7af7c Finished request 4. Going to the next request Waking up in 4.2 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=5, length=337 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020500cc190016030100861000008200803e9962a87f3615df98642a6c14eebe2a019e262ef6a77595e6c40afa82455e7abee13e214df7bae06cf5e130b6d51ddbabe4d08d078609d7cf694b9ea5243f6c6e57322dc441aba65c317452a5b5d0627e7e5c5e1f23bcc9b721657d3cabf2947b4ee1a86a704e562a800776af6deba1071dad8abb94fc634b3d8a80e0a02b0e140301000101160301003054bcba97f79853e497b53e1d09ee2194704e8fa90dde73013696a0031a0cd833d4db14486ec5ca5e713bba13fe552f3e State = 0xaa313e77ae3427ec272c9fe94ea7af7c Message-Authenticator = 0xd99eda46204b9089f9314b78c8c53751 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 204 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 5 to 137.222.253.119 port 32857 EAP-Message = 0x010600411900140301000101160301003080fcef8a328fe99da4d43eec16d6bfb9f9d22d0c0d9c6d720dea6218f5ca2962bf1ba4e098a6442a3df218c8bdfa7640 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77af3727ec272c9fe94ea7af7c Finished request 5. Going to the next request Waking up in 3.9 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=6, length=139 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020600061900 State = 0xaa313e77af3727ec272c9fe94ea7af7c Message-Authenticator = 0x576f60ea79bbfddf88d4c6b6a66ab57b server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 6 to 137.222.253.119 port 32857 EAP-Message = 0x0107002b190017030100200be314698ff1b187a273a35e3237088f1dcea8b6ffcc05057b1b5cf6751c4a0e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77ac3627ec272c9fe94ea7af7c Finished request 6. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=7, length=229 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0207006019001703010020897f34752e8925f78d9ace96836248c02ee4966fa1df28a1bca4db009add8dde17030100305ce01fef74f6b0d60e2cb0f96cf6c3b3887eb1943f663c985df4899c6e9a93957d46822600012b613439c4b4ba3dc78d State = 0xaa313e77ac3627ec272c9fe94ea7af7c Message-Authenticator = 0x0da410f9dd3c585d6fa4677d52c880c6 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 96 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - iser-linauth PEAP: Got tunneled identity of iser-linauth PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to iser-linauth +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 7 to 137.222.253.119 port 32857 EAP-Message = 0x0108004b1900170301004045076e43f153ad26143503d8fcfd09ea69f24246923565bc6ccad54131c75ece9f3e8350549f74a61d8670b32313b10400d4f7121c5b4fa27776b5a391840dc4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77ad3927ec272c9fe94ea7af7c Finished request 7. Going to the next request Waking up in 3.3 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=8, length=277 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0208009019001703010020ac8b239e9d813d4029c41e2d9f54bbeb502a1684a5e691695cdc91624989d208170301006030934d1f00b0b15cecfe1365607325b7f42c35525e757f33ba1d3fdb2fc87158c6ebe75ee270e0edcc18acf6219580f06997b21687a50ae099f1488e5be2aad427d7cf1268b08836fb5207e62f4d97011e93b2b9f528f1210225f0582fdef871 State = 0xaa313e77ad3927ec272c9fe94ea7af7c Message-Authenticator = 0x663825aff0c493af655f6024f5b005d5 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:44 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 144 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to iser-linauth +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:44 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for iser-linauth with NT-Password WARNING: Deprecated conditional expansion ":-". See "man unlang" for details WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=iser-linauth mschap2: 7e expand: --challenge=%{mschap:Challenge:-00} -> --challenge=1d6cfc3022197726 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=66bdf412eba82ab2f075b110703fa61e3304fe996476726c Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [iser-linauth] (from client Testing port 0 via TLS tunnel) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 8 to 137.222.253.119 port 32857 EAP-Message = 0x0109002b190017030100205093166ec848365fa6e561c9b427cb7fd9a56270a6b78bfbb93fa0e1d2fae2fb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77a23827ec272c9fe94ea7af7c Finished request 8. Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=9, length=213 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020900501900170301002025aba6569535d62b668c078b211e21410fd5c3c779aa918fc3f3c13e67af645917030100201bef5721717851d177423dea2a4491ee4b9887925f5b4059fc4db3bf7741a988 State = 0xaa313e77a23827ec272c9fe94ea7af7c Message-Authenticator = 0xab8a68438dc7cc82b4687642a3075598 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:44 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 9 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [iser-linauth] (from client Testing port 0 cli 02-00-00-00-00-01) } # server uobresnet Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> iser-linauth attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 9 to 137.222.253.119 port 32857 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 9. Going to the next request Waking up in 2.7 seconds. Cleaning up request 0 ID 0 with timestamp +5 Waking up in 0.2 seconds. Cleaning up request 1 ID 1 with timestamp +5 Waking up in 0.2 seconds. Cleaning up request 2 ID 2 with timestamp +5 Waking up in 0.1 seconds. Cleaning up request 3 ID 3 with timestamp +6 Waking up in 0.1 seconds. Cleaning up request 4 ID 4 with timestamp +6 Waking up in 0.2 seconds. Cleaning up request 5 ID 5 with timestamp +6 Waking up in 0.1 seconds. Cleaning up request 6 ID 6 with timestamp +6 Waking up in 0.3 seconds. Cleaning up request 7 ID 7 with timestamp +6 Waking up in 0.4 seconds. Cleaning up request 8 ID 8 with timestamp +7 Waking up in 0.1 seconds. Cleaning up request 9 ID 9 with timestamp +7 Ready to process requests.
Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) Fix that and it will work. Ivan Kalik Kalik Informatika ISP
Hi Ivan, This worked perfectly - thanks very much. I guess you have sharper eyes than me because I mised those lines in the debug output. Cheers, Jonathan ---------------------------- Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol ---------------------------- Ivan Kalik wrote:
Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022)
Fix that and it will work.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jonathan Gazeley wrote:
Yes of course, the output of radiusd -X is attached to this email.
This is the reason we ask for debug output: ... Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) ... READ the debug output. We really can't emphasize that enough. It's not a FreeRADIUS problem. Part of the upgrade modified the permissions on your system, and FreeRADIUS has been trying to tell you that. Since you weren't reading the debug output, you were looking everywhere *else* for the cause of the problem. Alan DeKok.
hi, yum updated your samba package. this means that /var/cache/samba/winbindd_privileged would have had its group permissions changed. you probably changed the permissions eg group radiusd when setting your radiusd up. this change will need to be done again.... or add radiusd to the group that owns that file. radiusd -X will show somthing about winbind_privileged crap (literally!) alan
participants (6)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Fernando -
Ivan Kalik -
Jonathan Gazeley -
Nicolas Goutte