PMK Mismatch when testing EAP TEAP TLS
Hi, I met a strange issue saying PMK mismatch when testing EAP TEAP TLS with eapol_test on FreeRADIUS 3.2.7 I was keeping most of the configuration file untouched. The only 3 configuration files modified are clients - I added another user /password based on my IP mschap - I enabled use_mppe_keys (which is required by TEAP MSCHAPv2) eap - Uncommented several key options in eap teap section Here is the eapol_test conf: network={ ssid="UConnect" key_mgmt=IEEE8021X eap=TEAP phase1="teap_compat=freeradius,tls_disable_tlsv1_0=1,tls_disable_tlsv1_1=1" pac_file="" anonymous_identity="anonymous" identity="mailto:user@example.org" phase2="autheap=TLS" ca_cert="/etc/freeradius/certs/ca.der" ca_cert2="/etc/freeradius/certs/ca.pem" client_cert2="/etc/freeradius/certs/client.pem" private_key2="/etc/freeradius/certs/client.key" private_key2_passwd="whatever" } Since there are several TEAP tests added this version are done by eapol_test, I believe it’s probably I didn't config FreeRADIUS correctly. Could someone look at it and point out the correct way to do TEAP TLS ? Thanks! Here is the debugging info (and configuration) root@debian-freeradius:/etc/freeradius# freeradius -X FreeRADIUS Version 3.2.7 Copyright (C) 1999-2023 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file named COPYRIGHT Starting - reading configuration files ... including dictionary file /usr/share/freeradius/dictionary including dictionary file /usr/share/freeradius/dictionary.dhcp including dictionary file /usr/share/freeradius/dictionary.vqp including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/unpack including configuration file /etc/freeradius/mods-enabled/date including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/totp including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/proxy_rate_limit including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/utf8 including configuration file /etc/freeradius/mods-enabled/eap including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/accounting including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/debug including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/rfc7542 including configuration file /etc/freeradius/policy.d/filter including configuration file /etc/freeradius/policy.d/moonshot-targeted-ids including configuration file /etc/freeradius/policy.d/abfab-tr including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/eap including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default main { security { user = "freerad" group = "freerad" allow_core_dumps = no } name = "freeradius" prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" } main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 proxy_dedup_window = 1 cleanup_delay = 5 max_requests = 16384 max_fds = 512 postauth_client_lost = no pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = yes require_message_authenticator = "auto" limit_proxy_state = "auto" } unlang { group_stop_return = no policy_stop_return = no } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { nonblock = no ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = <<< secret >>> response_window = 20.000000 response_timeouts = 1 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 check_timeout = 4 num_answers_to_alive = 3 revive_interval = 120 limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 secret = <<< secret >>> nas_type = "other" proto = "*" limit { max_connections = 16 lifetime = 0 idle_timeout = 900 } } Shared secret for client localhost is short, and likely can be broken by an attacker. client localhost_ipv6 { ipv6addr = ::1 secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client localhost_ipv6 is short, and likely can be broken by an attacker. client int { ipaddr = 192.168.4.151 secret = <<< secret >>> limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Shared secret for client int is short, and likely can be broken by an attacker. Debugger not attached Configuration version: bdc0-a492-b81c-432e systemd watchdog is disabled # Creating Auth-Type = mschap # Creating Auth-Type = eap # Creating Auth-Type = PAP # Creating Auth-Type = CHAP # Creating Auth-Type = MS-CHAP # Creating Auth-Type = digest # Creating Autz-Type = New-TLS-Connection radiusd: #### Instantiating modules #### modules { # Loaded module rlm_detail # Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log detail auth_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log detail reply_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail pre_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log detail post_proxy_log { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loaded module rlm_attr_filter # Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.post-proxy { filename = "/etc/freeradius/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.pre-proxy { filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } # Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { filename = "/etc/freeradius/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_challenge { filename = "/etc/freeradius/mods-config/attr_filter/access_challenge" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { filename = "/etc/freeradius/mods-config/attr_filter/accounting_response" key = "%{User-Name}" relaxed = no } # Loading module "attr_filter.coa" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.coa { filename = "/etc/freeradius/mods-config/attr_filter/coa" key = "%{User-Name}" relaxed = no } # Loaded module rlm_mschap # Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p 8125 -a 127.0.0.1 -t 5000 -- --mac=11:11:11:11:11:11 --request-nt-key --allow-mschapv2 --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } # Loaded module rlm_unpack # Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack # Loaded module rlm_date # Loading module "date" from file /etc/freeradius/mods-enabled/date date { format = "%b %e %Y %H:%M:%S %Z" utc = no } # Loading module "wispr2date" from file /etc/freeradius/mods-enabled/date date wispr2date { format = "%Y-%m-%dT%H:%M:%S" utc = no } # Loaded module rlm_pap # Loading module "pap" from file /etc/freeradius/mods-enabled/pap pap { normalise = yes } # Loading module "detail" from file /etc/freeradius/mods-enabled/detail detail { filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no dates_as_integer = no escape_filenames = no log_packet_header = no } # Loaded module rlm_totp # Loading module "totp" from file /etc/freeradius/mods-enabled/totp totp { time_step = 30 otp_length = 6 lookback_steps = 1 lookback_interval = 30 lookforward_steps = 0 } # Loaded module rlm_passwd # Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_expr # Loading module "expr" from file /etc/freeradius/mods-enabled/expr expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } # Loaded module rlm_preprocess # Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } # Loaded module rlm_realm # Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = no } # Loading module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } # Loading module "bangpath" from file /etc/freeradius/mods-enabled/realm realm bangpath { format = "prefix" delimiter = "!" ignore_default = no ignore_null = no } # Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = no } # Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = no } # Loaded module rlm_expiration # Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration # Loaded module rlm_linelog # Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog linelog { filename = "/var/log/freeradius/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } # Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog linelog log_accounting { filename = "/var/log/freeradius/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_exec # Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth exec ntlm_auth { wait = yes program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" shell_escape = yes } # Loaded module rlm_radutmp # Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } # Loaded module rlm_proxy_rate_limit # Loading module "proxy_rate_limit" from file /etc/freeradius/mods-enabled/proxy_rate_limit proxy_rate_limit { max_entries = 2048 idle_timeout = 10 num_subtables = 256 window = 1 } # Loaded module rlm_logintime # Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { minimum_timeout = 60 } # Loaded module rlm_always # Loading module "reject" from file /etc/freeradius/mods-enabled/always always reject { rcode = "reject" simulcount = 0 mpp = no } # Loading module "fail" from file /etc/freeradius/mods-enabled/always always fail { rcode = "fail" simulcount = 0 mpp = no } # Loading module "ok" from file /etc/freeradius/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /etc/freeradius/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /etc/freeradius/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /etc/freeradius/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /etc/freeradius/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /etc/freeradius/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /etc/freeradius/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } # Loaded module rlm_replicate # Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate # Loading module "echo" from file /etc/freeradius/mods-enabled/echo exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } # Loaded module rlm_soh # Loading module "soh" from file /etc/freeradius/mods-enabled/soh soh { dhcp = yes } # Loaded module rlm_chap # Loading module "chap" from file /etc/freeradius/mods-enabled/chap # Loaded module rlm_dynamic_clients # Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients # Loaded module rlm_files # Loading module "files" from file /etc/freeradius/mods-enabled/files files { filename = "/etc/freeradius/mods-config/files/authorize" acctusersfile = "/etc/freeradius/mods-config/files/accounting" preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy" } # Loading module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } # Loaded module rlm_unix # Loading module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Creating attribute Unix-Group # Loaded module rlm_digest # Loading module "digest" from file /etc/freeradius/mods-enabled/digest # Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } # Loaded module rlm_utf8 # Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8 # Loaded module rlm_eap # Loading module "eap" from file /etc/freeradius/mods-enabled/eap eap { default_eap_type = "md5" timer_expire = 60 max_eap_type = 52 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 16384 dedup_key = "" } instantiate { } # Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output # Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log # Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy # Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy # Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject # Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge # Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response # Instantiating module "attr_filter.coa" from file /etc/freeradius/mods-enabled/attr_filter reading pairlist file /etc/freeradius/mods-config/attr_filter/coa # Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap rlm_mschap (mschap): authenticating by calling 'ntlm_auth' # Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap # Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail # Instantiating module "totp" from file /etc/freeradius/mods-enabled/totp # Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm # Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm # Instantiating module "bangpath" from file /etc/freeradius/mods-enabled/realm # Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm # Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm # Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration # Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog # Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog # Instantiating module "proxy_rate_limit" from file /etc/freeradius/mods-enabled/proxy_rate_limit # Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime # Instantiating module "reject" from file /etc/freeradius/mods-enabled/always # Instantiating module "fail" from file /etc/freeradius/mods-enabled/always # Instantiating module "ok" from file /etc/freeradius/mods-enabled/always # Instantiating module "handled" from file /etc/freeradius/mods-enabled/always # Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always # Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always # Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always # Instantiating module "noop" from file /etc/freeradius/mods-enabled/always # Instantiating module "updated" from file /etc/freeradius/mods-enabled/always # Instantiating module "files" from file /etc/freeradius/mods-enabled/files reading pairlist file /etc/freeradius/mods-config/files/authorize reading pairlist file /etc/freeradius/mods-config/files/accounting reading pairlist file /etc/freeradius/mods-config/files/pre-proxy # Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap # Linked to sub-module rlm_eap_md5 # Linked to sub-module rlm_eap_gtc gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.pem" certificate_file = "/etc/freeradius/certs/server.pem" ca_file = "/etc/freeradius/certs/ca.pem" private_key_password = <<< secret >>> fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no ca_path_reload_interval = 0 cipher_list = "DEFAULT" cipher_server_preference = no reject_unknown_intermediate_ca = no ecdh_curve = "" tls_max_version = "1.2" tls_min_version = "1.2" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = http://127.0.0.1/ocsp/ use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Linked to sub-module rlm_eap_fast fast { tls = "tls-common" default_eap_type = "mschapv2" virtual_server = "inner-tunnel" cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2" require_client_cert = no pac_lifetime = 604800 authority_identity = "1234" pac_opaque_key = "0123456789abcdef0123456789ABCDEF" copy_request_to_tunnel = no use_tunneled_reply = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_teap teap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no require_client_cert = no authority_identity = "1234" virtual_server = "inner-tunnel" identity_types = "user" user_eap_type = "tls" machine_eap_type = "tls" } tls: Using cached TLS configuration from previous invocation } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel # Loading authenticate {...} Compiling Auth-Type PAP for attr Auth-Type Compiling Auth-Type CHAP for attr Auth-Type Compiling Auth-Type MS-CHAP for attr Auth-Type # Loading authorize {...} Ignoring "sql" (see raddb/mods-available/README.rst) Ignoring "ldap" (see raddb/mods-available/README.rst) # Loading post-proxy {...} # Loading post-auth {...} # Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/sites-enabled/inner-tunnel:366 Compiling Post-Auth-Type REJECT for attr Post-Auth-Type } # server inner-tunnel server default { # from file /etc/freeradius/sites-enabled/default # Loading authenticate {...} Compiling Auth-Type PAP for attr Auth-Type Compiling Auth-Type CHAP for attr Auth-Type Compiling Auth-Type MS-CHAP for attr Auth-Type # Loading authorize {...} Compiling Autz-Type New-TLS-Connection for attr Autz-Type # Loading preacct {...} # Loading accounting {...} # Loading post-auth {...} Compiling Post-Auth-Type REJECT for attr Post-Auth-Type Compiling Post-Auth-Type Challenge for attr Post-Auth-Type Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type } # server default radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } listen { type = "auth" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 900 } } listen { type = "acct" ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "auth" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { type = "acct" ipv6addr = :: port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel Listening on auth address * port 1812 bound to server default Listening on acct address * port 1813 bound to server default Listening on auth address :: port 1812 bound to server default Listening on acct address :: port 1813 bound to server default Listening on proxy address * port 49507 Listening on proxy address :: port 48593 Ready to process requests (0) Received Access-Request Id 0 from 192.168.4.151:48174 to 192.168.4.151:1812 length 160 (0) Message-Authenticator = 0xc938b5ec4719f3cb4f38776ab8243bac (0) User-Name = "anonymous" (0) Calling-Station-Id = "DE-AD-BE-EF-42-42" (0) Framed-MTU = 1400 (0) NAS-Port-Type = Wireless-802.11 (0) Service-Type = Framed-User (0) Connect-Info = "CONNECT 11Mbps 802.11b" (0) Called-Station-Id = "00:11:22:33:44:55:UConnect" (0) NAS-IP-Address = 192.168.4.20 (0) EAP-Message = 0x025d000e01616e6f6e796d6f7573 (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ mailto:/@\./) { (0) if (&User-Name =~ mailto:/@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 93 length 14 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Using default_eap_type = MD5 (0) eap: Calling submodule eap_md5 to process data (0) eap_md5: Issuing MD5 Challenge (0) eap: Sending EAP Request (code 1) ID 94 length 22 (0) eap: EAP session adding &reply:State = 0x6501da9e655fde03 (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Challenge { ... } # empty sub-section is ignored (0) Sent Access-Challenge Id 0 from 192.168.4.151:1812 to 192.168.4.151:48174 length 80 (0) EAP-Message = 0x015e001604103f9a6c780e20a2ce97b652c4f8ec438e (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x6501da9e655fde03dd76d824d918a37a (0) Finished request Waking up in 4.9 seconds. (1) Received Access-Request Id 1 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170 (1) Message-Authenticator = 0x29df9753dac0a17e614ec7d921f2799c (1) User-Name = "anonymous" (1) Calling-Station-Id = "DE-AD-BE-EF-42-42" (1) Framed-MTU = 1400 (1) NAS-Port-Type = Wireless-802.11 (1) Service-Type = Framed-User (1) Connect-Info = "CONNECT 11Mbps 802.11b" (1) Called-Station-Id = "00:11:22:33:44:55:UConnect" (1) NAS-IP-Address = 192.168.4.20 (1) EAP-Message = 0x025e00060337 (1) State = 0x6501da9e655fde03dd76d824d918a37a (1) session-state: No cached attributes (1) # Executing section authorize from file /etc/freeradius/sites-enabled/default (1) authorize { (1) policy filter_username { (1) if (&User-Name) { (1) if (&User-Name) -> TRUE (1) if (&User-Name) { (1) if (&User-Name =~ / /) { (1) if (&User-Name =~ / /) -> FALSE (1) if (&User-Name =~ /@[^@]*@/ ) { (1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (1) if (&User-Name =~ /\.\./ ) { (1) if (&User-Name =~ /\.\./ ) -> FALSE (1) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (1) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (1) if (&User-Name =~ /\.$/) { (1) if (&User-Name =~ /\.$/) -> FALSE (1) if (&User-Name =~ mailto:/@\./) { (1) if (&User-Name =~ mailto:/@\./) -> FALSE (1) } # if (&User-Name) = notfound (1) } # policy filter_username = notfound (1) [preprocess] = ok (1) [chap] = noop (1) [mschap] = noop (1) [digest] = noop (1) suffix: Checking for suffix after "@" (1) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (1) suffix: No such realm "NULL" (1) [suffix] = noop (1) eap: Peer sent EAP Response (code 2) ID 94 length 6 (1) eap: No EAP Start, assuming it's an on-going EAP conversation (1) [eap] = updated (1) [files] = noop (1) [expiration] = noop (1) [logintime] = noop Not doing PAP as Auth-Type is already set. (1) [pap] = noop (1) } # authorize = updated (1) Found Auth-Type = eap (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) authenticate { (1) eap: Removing EAP session with state 0x6501da9e655fde03 (1) eap: Previous EAP request found for state 0x6501da9e655fde03, released from the list (1) eap: Peer sent packet with method EAP NAK (3) (1) eap: Found mutually acceptable type TEAP (55) (1) eap: Found compatible type in NAK - EAP-Type = TEAP (1) eap: Calling submodule eap_teap to process data (1) eap_teap: (TLS) TEAP -Initiating new session (1) eap_teap: Setting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type = User (1) eap: Sending EAP Request (code 1) ID 95 length 18 (1) eap: EAP session adding &reply:State = 0x6501da9e645eed03 (1) [eap] = handled (1) } # authenticate = handled (1) Using Post-Auth-Type Challenge (1) # Executing group from file /etc/freeradius/sites-enabled/default (1) Challenge { ... } # empty sub-section is ignored (1) session-state: Saving cached attributes (1) Framed-MTU = 974 (1) FreeRADIUS-EAP-TEAP-Identity-Type := User (1) Sent Access-Challenge Id 1 from 192.168.4.151:1812 to 192.168.4.151:48174 length 76 (1) EAP-Message = 0x015f00123731000000080001000431323334 (1) Message-Authenticator = 0x00000000000000000000000000000000 (1) State = 0x6501da9e645eed03dd76d824d918a37a (1) Finished request Waking up in 4.9 seconds. (2) Received Access-Request Id 2 from 192.168.4.151:48174 to 192.168.4.151:1812 length 358 (2) Message-Authenticator = 0x2a6f6c950df89f514c76e62f7965e649 (2) User-Name = "anonymous" (2) Calling-Station-Id = "DE-AD-BE-EF-42-42" (2) Framed-MTU = 1400 (2) NAS-Port-Type = Wireless-802.11 (2) Service-Type = Framed-User (2) Connect-Info = "CONNECT 11Mbps 802.11b" (2) Called-Station-Id = "00:11:22:33:44:55:UConnect" (2) NAS-IP-Address = 192.168.4.20 (2) EAP-Message = 0x025f00c2370116030100b7010000b30303b3adab7fc0e5482660e9972dac89632138d4686b47b0a00a24fe95f30515ed93000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000052000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602 (2) State = 0x6501da9e645eed03dd76d824d918a37a (2) Restoring &session-state (2) &session-state:Framed-MTU = 974 (2) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User (2) # Executing section authorize from file /etc/freeradius/sites-enabled/default (2) authorize { (2) policy filter_username { (2) if (&User-Name) { (2) if (&User-Name) -> TRUE (2) if (&User-Name) { (2) if (&User-Name =~ / /) { (2) if (&User-Name =~ / /) -> FALSE (2) if (&User-Name =~ /@[^@]*@/ ) { (2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (2) if (&User-Name =~ /\.\./ ) { (2) if (&User-Name =~ /\.\./ ) -> FALSE (2) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (2) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (2) if (&User-Name =~ /\.$/) { (2) if (&User-Name =~ /\.$/) -> FALSE (2) if (&User-Name =~ mailto:/@\./) { (2) if (&User-Name =~ mailto:/@\./) -> FALSE (2) } # if (&User-Name) = notfound (2) } # policy filter_username = notfound (2) [preprocess] = ok (2) [chap] = noop (2) [mschap] = noop (2) [digest] = noop (2) suffix: Checking for suffix after "@" (2) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (2) suffix: No such realm "NULL" (2) [suffix] = noop (2) eap: Peer sent EAP Response (code 2) ID 95 length 194 (2) eap: Continuing tunnel setup (2) [eap] = ok (2) } # authorize = ok (2) Found Auth-Type = eap (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) authenticate { (2) eap: Removing EAP session with state 0x6501da9e645eed03 (2) eap: Previous EAP request found for state 0x6501da9e645eed03, released from the list (2) eap: Peer sent packet with method EAP TEAP (55) (2) eap: Calling submodule eap_teap to process data (2) eap_teap: Authenticate (2) eap_teap: (TLS) EAP Done initial handshake (2) eap_teap: (TLS) TEAP - Handshake state - before SSL initialization (2) eap_teap: (TLS) TEAP - Handshake state - Server before SSL initialization (2) eap_teap: (TLS) TEAP - Handshake state - Server before SSL initialization (2) eap_teap: (TLS) TEAP - recv TLS 1.3 Handshake, ClientHello (2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read client hello (2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerHello (2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server hello (2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, Certificate (2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write certificate (2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange (2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write key exchange (2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone (2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server done (2) eap_teap: (TLS) TEAP - Server : Need to read more data: SSLv3/TLS write server done (2) eap_teap: (TLS) TEAP - In Handshake Phase (2) eap: Sending EAP Request (code 1) ID 96 length 984 (2) eap: EAP session adding &reply:State = 0x6501da9e6761ed03 (2) [eap] = handled (2) } # authenticate = handled (2) Using Post-Auth-Type Challenge (2) # Executing group from file /etc/freeradius/sites-enabled/default (2) Challenge { ... } # empty sub-section is ignored (2) session-state: Saving cached attributes (2) Framed-MTU = 974 (2) FreeRADIUS-EAP-TEAP-Identity-Type := User (2) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (2) Sent Access-Challenge Id 2 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1048 (2) EAP-Message = 0x016003d837c100000ac6160303003d0200003903038f2da11ae8e4a9d2008d944ffa08071b7500ca3a0f7d150cf6877a5d06b8bd4800c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70 (2) Message-Authenticator = 0x00000000000000000000000000000000 (2) State = 0x6501da9e6761ed03dd76d824d918a37a (2) Finished request Waking up in 4.9 seconds. (3) Received Access-Request Id 3 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170 (3) Message-Authenticator = 0x903dc237de7c9b8695484a34ea240185 (3) User-Name = "anonymous" (3) Calling-Station-Id = "DE-AD-BE-EF-42-42" (3) Framed-MTU = 1400 (3) NAS-Port-Type = Wireless-802.11 (3) Service-Type = Framed-User (3) Connect-Info = "CONNECT 11Mbps 802.11b" (3) Called-Station-Id = "00:11:22:33:44:55:UConnect" (3) NAS-IP-Address = 192.168.4.20 (3) EAP-Message = 0x026000063701 (3) State = 0x6501da9e6761ed03dd76d824d918a37a (3) Restoring &session-state (3) &session-state:Framed-MTU = 974 (3) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User (3) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (3) # Executing section authorize from file /etc/freeradius/sites-enabled/default (3) authorize { (3) policy filter_username { (3) if (&User-Name) { (3) if (&User-Name) -> TRUE (3) if (&User-Name) { (3) if (&User-Name =~ / /) { (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@[^@]*@/ ) { (3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (3) if (&User-Name =~ /\.\./ ) { (3) if (&User-Name =~ /\.\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (3) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\.$/) { (3) if (&User-Name =~ /\.$/) -> FALSE (3) if (&User-Name =~ mailto:/@\./) { (3) if (&User-Name =~ mailto:/@\./) -> FALSE (3) } # if (&User-Name) = notfound (3) } # policy filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix: Checking for suffix after "@" (3) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (3) suffix: No such realm "NULL" (3) [suffix] = noop (3) eap: Peer sent EAP Response (code 2) ID 96 length 6 (3) eap: Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = eap (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) authenticate { (3) eap: Removing EAP session with state 0x6501da9e6761ed03 (3) eap: Previous EAP request found for state 0x6501da9e6761ed03, released from the list (3) eap: Peer sent packet with method EAP TEAP (55) (3) eap: Calling submodule eap_teap to process data (3) eap_teap: Authenticate (3) eap_teap: (TLS) Peer ACKed our handshake fragment (3) eap: Sending EAP Request (code 1) ID 97 length 980 (3) eap: EAP session adding &reply:State = 0x6501da9e6660ed03 (3) [eap] = handled (3) } # authenticate = handled (3) Using Post-Auth-Type Challenge (3) # Executing group from file /etc/freeradius/sites-enabled/default (3) Challenge { ... } # empty sub-section is ignored (3) session-state: Saving cached attributes (3) Framed-MTU = 974 (3) FreeRADIUS-EAP-TEAP-Identity-Type := User (3) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (3) Sent Access-Challenge Id 3 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1044 (3) EAP-Message = 0x016103d43741a332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c (3) Message-Authenticator = 0x00000000000000000000000000000000 (3) State = 0x6501da9e6660ed03dd76d824d918a37a (3) Finished request Waking up in 4.9 seconds. (4) Received Access-Request Id 4 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170 (4) Message-Authenticator = 0x4d13af065dc545684c8ff755999fea16 (4) User-Name = "anonymous" (4) Calling-Station-Id = "DE-AD-BE-EF-42-42" (4) Framed-MTU = 1400 (4) NAS-Port-Type = Wireless-802.11 (4) Service-Type = Framed-User (4) Connect-Info = "CONNECT 11Mbps 802.11b" (4) Called-Station-Id = "00:11:22:33:44:55:UConnect" (4) NAS-IP-Address = 192.168.4.20 (4) EAP-Message = 0x026100063701 (4) State = 0x6501da9e6660ed03dd76d824d918a37a (4) Restoring &session-state (4) &session-state:Framed-MTU = 974 (4) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User (4) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (4) # Executing section authorize from file /etc/freeradius/sites-enabled/default (4) authorize { (4) policy filter_username { (4) if (&User-Name) { (4) if (&User-Name) -> TRUE (4) if (&User-Name) { (4) if (&User-Name =~ / /) { (4) if (&User-Name =~ / /) -> FALSE (4) if (&User-Name =~ /@[^@]*@/ ) { (4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (4) if (&User-Name =~ /\.\./ ) { (4) if (&User-Name =~ /\.\./ ) -> FALSE (4) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (4) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (4) if (&User-Name =~ /\.$/) { (4) if (&User-Name =~ /\.$/) -> FALSE (4) if (&User-Name =~ mailto:/@\./) { (4) if (&User-Name =~ mailto:/@\./) -> FALSE (4) } # if (&User-Name) = notfound (4) } # policy filter_username = notfound (4) [preprocess] = ok (4) [chap] = noop (4) [mschap] = noop (4) [digest] = noop (4) suffix: Checking for suffix after "@" (4) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (4) suffix: No such realm "NULL" (4) [suffix] = noop (4) eap: Peer sent EAP Response (code 2) ID 97 length 6 (4) eap: Continuing tunnel setup (4) [eap] = ok (4) } # authorize = ok (4) Found Auth-Type = eap (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) authenticate { (4) eap: Removing EAP session with state 0x6501da9e6660ed03 (4) eap: Previous EAP request found for state 0x6501da9e6660ed03, released from the list (4) eap: Peer sent packet with method EAP TEAP (55) (4) eap: Calling submodule eap_teap to process data (4) eap_teap: Authenticate (4) eap_teap: (TLS) Peer ACKed our handshake fragment (4) eap: Sending EAP Request (code 1) ID 98 length 816 (4) eap: EAP session adding &reply:State = 0x6501da9e6163ed03 (4) [eap] = handled (4) } # authenticate = handled (4) Using Post-Auth-Type Challenge (4) # Executing group from file /etc/freeradius/sites-enabled/default (4) Challenge { ... } # empty sub-section is ignored (4) session-state: Saving cached attributes (4) Framed-MTU = 974 (4) FreeRADIUS-EAP-TEAP-Identity-Type := User (4) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (4) Sent Access-Challenge Id 4 from 192.168.4.151:1812 to 192.168.4.151:48174 length 880 (4) EAP-Message = 0x0162033037010c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100b1fbfdd99b0946e14a71a6cc445581bb32d6a317d4c99d466f16982e189d83025d9cad8425a759d7e745eded6eec71ab3ce454c4f767868117d8d328ac44f63bc8984dc7a2447d1f405b614363101942d640f17b4fbe4566fba6d0c31970a84b413e9d863f214640e61f93de5504f2ed558348c54bb93828b44a14d4404b63ec96 (4) Message-Authenticator = 0x00000000000000000000000000000000 (4) State = 0x6501da9e6163ed03dd76d824d918a37a (4) Finished request Waking up in 4.9 seconds. (5) Received Access-Request Id 5 from 192.168.4.151:48174 to 192.168.4.151:1812 length 263 (5) Message-Authenticator = 0xac942cbe3238ab49d9798f0793b2bf92 (5) User-Name = "anonymous" (5) Calling-Station-Id = "DE-AD-BE-EF-42-42" (5) Framed-MTU = 1400 (5) NAS-Port-Type = Wireless-802.11 (5) Service-Type = Framed-User (5) Connect-Info = "CONNECT 11Mbps 802.11b" (5) Called-Station-Id = "00:11:22:33:44:55:UConnect" (5) NAS-IP-Address = 192.168.4.20 (5) EAP-Message = 0x026200633701160303002510000021203fdb36c42c178b84fb58dbc273b166922e8e5f78966a110c0867144c60054f7d1403030001011603030028c3e8e09ec857321f4dacfdf4ade4ab6e51f32cd7df5e5343ab2476c138ced4518bbca591da913216 (5) State = 0x6501da9e6163ed03dd76d824d918a37a (5) Restoring &session-state (5) &session-state:Framed-MTU = 974 (5) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User (5) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (5) # Executing section authorize from file /etc/freeradius/sites-enabled/default (5) authorize { (5) policy filter_username { (5) if (&User-Name) { (5) if (&User-Name) -> TRUE (5) if (&User-Name) { (5) if (&User-Name =~ / /) { (5) if (&User-Name =~ / /) -> FALSE (5) if (&User-Name =~ /@[^@]*@/ ) { (5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (5) if (&User-Name =~ /\.\./ ) { (5) if (&User-Name =~ /\.\./ ) -> FALSE (5) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (5) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (5) if (&User-Name =~ /\.$/) { (5) if (&User-Name =~ /\.$/) -> FALSE (5) if (&User-Name =~ mailto:/@\./) { (5) if (&User-Name =~ mailto:/@\./) -> FALSE (5) } # if (&User-Name) = notfound (5) } # policy filter_username = notfound (5) [preprocess] = ok (5) [chap] = noop (5) [mschap] = noop (5) [digest] = noop (5) suffix: Checking for suffix after "@" (5) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (5) suffix: No such realm "NULL" (5) [suffix] = noop (5) eap: Peer sent EAP Response (code 2) ID 98 length 99 (5) eap: Continuing tunnel setup (5) [eap] = ok (5) } # authorize = ok (5) Found Auth-Type = eap (5) # Executing group from file /etc/freeradius/sites-enabled/default (5) authenticate { (5) eap: Removing EAP session with state 0x6501da9e6163ed03 (5) eap: Previous EAP request found for state 0x6501da9e6163ed03, released from the list (5) eap: Peer sent packet with method EAP TEAP (55) (5) eap: Calling submodule eap_teap to process data (5) eap_teap: Authenticate (5) eap_teap: (TLS) EAP Done initial handshake (5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server done (5) eap_teap: (TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange (5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read client key exchange (5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read change cipher spec (5) eap_teap: (TLS) TEAP - recv TLS 1.2 Handshake, Finished (5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read finished (5) eap_teap: (TLS) TEAP - send TLS 1.2 ChangeCipherSpec (5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write change cipher spec (5) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, Finished (5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write finished (5) eap_teap: (TLS) TEAP - Handshake state - SSL negotiation finished successfully (5) eap_teap: (TLS) TEAP - Connection Established (5) eap_teap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (5) eap_teap: TLS-Session-Version = "TLS 1.2" (5) eap: Sending EAP Request (code 1) ID 99 length 57 (5) eap: EAP session adding &reply:State = 0x6501da9e6062ed03 (5) [eap] = handled (5) } # authenticate = handled (5) Using Post-Auth-Type Challenge (5) # Executing group from file /etc/freeradius/sites-enabled/default (5) Challenge { ... } # empty sub-section is ignored (5) session-state: Saving cached attributes (5) Framed-MTU = 974 (5) FreeRADIUS-EAP-TEAP-Identity-Type := User (5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (5) TLS-Session-Version = "TLS 1.2" (5) Sent Access-Challenge Id 5 from 192.168.4.151:1812 to 192.168.4.151:48174 length 115 (5) EAP-Message = 0x0163003937011403030001011603030028288983a38fe43b638f42770f5543607f0558b5ec34693ea104c35ec383476e8483bd43497710874d (5) Message-Authenticator = 0x00000000000000000000000000000000 (5) State = 0x6501da9e6062ed03dd76d824d918a37a (5) Finished request Waking up in 4.9 seconds. (6) Received Access-Request Id 6 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170 (6) Message-Authenticator = 0x6043b27893fa00ef96c925d17ad0af71 (6) User-Name = "anonymous" (6) Calling-Station-Id = "DE-AD-BE-EF-42-42" (6) Framed-MTU = 1400 (6) NAS-Port-Type = Wireless-802.11 (6) Service-Type = Framed-User (6) Connect-Info = "CONNECT 11Mbps 802.11b" (6) Called-Station-Id = "00:11:22:33:44:55:UConnect" (6) NAS-IP-Address = 192.168.4.20 (6) EAP-Message = 0x026300063701 (6) State = 0x6501da9e6062ed03dd76d824d918a37a (6) Restoring &session-state (6) &session-state:Framed-MTU = 974 (6) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User (6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) &session-state:TLS-Session-Version = "TLS 1.2" (6) # Executing section authorize from file /etc/freeradius/sites-enabled/default (6) authorize { (6) policy filter_username { (6) if (&User-Name) { (6) if (&User-Name) -> TRUE (6) if (&User-Name) { (6) if (&User-Name =~ / /) { (6) if (&User-Name =~ / /) -> FALSE (6) if (&User-Name =~ /@[^@]*@/ ) { (6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (6) if (&User-Name =~ /\.\./ ) { (6) if (&User-Name =~ /\.\./ ) -> FALSE (6) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (6) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (6) if (&User-Name =~ /\.$/) { (6) if (&User-Name =~ /\.$/) -> FALSE (6) if (&User-Name =~ mailto:/@\./) { (6) if (&User-Name =~ mailto:/@\./) -> FALSE (6) } # if (&User-Name) = notfound (6) } # policy filter_username = notfound (6) [preprocess] = ok (6) [chap] = noop (6) [mschap] = noop (6) [digest] = noop (6) suffix: Checking for suffix after "@" (6) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (6) suffix: No such realm "NULL" (6) [suffix] = noop (6) eap: Peer sent EAP Response (code 2) ID 99 length 6 (6) eap: Continuing tunnel setup (6) [eap] = ok (6) } # authorize = ok (6) Found Auth-Type = eap (6) # Executing group from file /etc/freeradius/sites-enabled/default (6) authenticate { (6) eap: Removing EAP session with state 0x6501da9e6062ed03 (6) eap: Previous EAP request found for state 0x6501da9e6062ed03, released from the list (6) eap: Peer sent packet with method EAP TEAP (55) (6) eap: Calling submodule eap_teap to process data (6) eap_teap: Authenticate (6) eap_teap: (TLS) Peer ACKed our handshake fragment. handshake is finished (6) eap_teap: Session established. Proceeding to decode tunneled attributes (6) eap_teap: Phase 2: Using authenticated provisioning (6) eap_teap: Phase 2: Sending Identity-Type = User (6) eap_teap: Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += User (6) eap_teap: Phase 2: Sending EAP-Identity (6) eap: Sending EAP Request (code 1) ID 100 length 50 (6) eap: EAP session adding &reply:State = 0x6501da9e6365ed03 (6) [eap] = handled (6) } # authenticate = handled (6) Using Post-Auth-Type Challenge (6) # Executing group from file /etc/freeradius/sites-enabled/default (6) Challenge { ... } # empty sub-section is ignored (6) session-state: Saving cached attributes (6) Framed-MTU = 974 (6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (6) TLS-Session-Version = "TLS 1.2" (6) Sent Access-Challenge Id 6 from 192.168.4.151:1812 to 192.168.4.151:48174 length 108 (6) EAP-Message = 0x0164003237011703030027288983a38fe43b64a59087aba7cf508c7e0a35e94014fc7224e15fb13dbf6c1b14d1cf07d454d7 (6) Message-Authenticator = 0x00000000000000000000000000000000 (6) State = 0x6501da9e6365ed03dd76d824d918a37a (6) Finished request Waking up in 4.9 seconds. (7) Received Access-Request Id 7 from 192.168.4.151:48174 to 192.168.4.151:1812 length 230 (7) Message-Authenticator = 0xf411907430aea9ad5d123ca2c73ab728 (7) User-Name = "anonymous" (7) Calling-Station-Id = "DE-AD-BE-EF-42-42" (7) Framed-MTU = 1400 (7) NAS-Port-Type = Wireless-802.11 (7) Service-Type = Framed-User (7) Connect-Info = "CONNECT 11Mbps 802.11b" (7) Called-Station-Id = "00:11:22:33:44:55:UConnect" (7) NAS-IP-Address = 192.168.4.20 (7) EAP-Message = 0x0264004237011703030037c3e8e09ec85732202b5aef90ad91c43706696aa3b3d9f443f88d5152e88906a531d52f11c5088917083131b526354f25a333b38af14f4b (7) State = 0x6501da9e6365ed03dd76d824d918a37a (7) Restoring &session-state (7) &session-state:Framed-MTU = 974 (7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (7) &session-state:TLS-Session-Version = "TLS 1.2" (7) # Executing section authorize from file /etc/freeradius/sites-enabled/default (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ mailto:/@\./) { (7) if (&User-Name =~ mailto:/@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [preprocess] = ok (7) [chap] = noop (7) [mschap] = noop (7) [digest] = noop (7) suffix: Checking for suffix after "@" (7) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (7) suffix: No such realm "NULL" (7) [suffix] = noop (7) eap: Peer sent EAP Response (code 2) ID 100 length 66 (7) eap: Continuing tunnel setup (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/sites-enabled/default (7) authenticate { (7) eap: Removing EAP session with state 0x6501da9e6365ed03 (7) eap: Previous EAP request found for state 0x6501da9e6365ed03, released from the list (7) eap: Peer sent packet with method EAP TEAP (55) (7) eap: Calling submodule eap_teap to process data (7) eap_teap: Authenticate (7) eap_teap: (TLS) EAP Done initial handshake (7) eap_teap: Session established. Proceeding to decode tunneled attributes (7) eap_teap: Phase 2: Got Tunneled TEAP TLVs (7) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026400150175736572406578616d706c652e6f7267 (7) eap_teap: FreeRADIUS-EAP-TEAP-Identity-Type = User (7) eap_teap: Phase 2: Got tunneled request (7) eap_teap: EAP-Message = 0x026400150175736572406578616d706c652e6f7267 (7) eap_teap: FreeRADIUS-EAP-TEAP-Identity-Type = User (7) eap_teap: Phase 2: Got tunneled identity of mailto:user@example.org (7) eap_teap: Phase 2: Authentication (7) eap_teap: Phase 2: Setting User EAP-Type = TLS from TEAP configuration user_eap_type (7) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = TLS (7) Virtual server inner-tunnel received request (7) EAP-Message = 0x026400150175736572406578616d706c652e6f7267 (7) FreeRADIUS-EAP-TEAP-Identity-Type = User (7) FreeRADIUS-Proxied-To = 127.0.0.1 (7) User-Name = mailto:user@example.org (7) server inner-tunnel { (7) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (7) authorize { (7) policy filter_username { (7) if (&User-Name) { (7) if (&User-Name) -> TRUE (7) if (&User-Name) { (7) if (&User-Name =~ / /) { (7) if (&User-Name =~ / /) -> FALSE (7) if (&User-Name =~ /@[^@]*@/ ) { (7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (7) if (&User-Name =~ /\.\./ ) { (7) if (&User-Name =~ /\.\./ ) -> FALSE (7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (7) if (&User-Name =~ /\.$/) { (7) if (&User-Name =~ /\.$/) -> FALSE (7) if (&User-Name =~ mailto:/@\./) { (7) if (&User-Name =~ mailto:/@\./) -> FALSE (7) } # if (&User-Name) = notfound (7) } # policy filter_username = notfound (7) [chap] = noop (7) [mschap] = noop (7) suffix: Checking for suffix after "@" (7) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (7) suffix: No such realm "example.org" (7) [suffix] = noop (7) update control { (7) &Proxy-To-Realm := LOCAL (7) } # update control = noop (7) eap: Peer sent EAP Response (code 2) ID 100 length 21 (7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (7) [eap] = ok (7) } # authorize = ok (7) Found Auth-Type = eap (7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (7) authenticate { (7) eap: Peer sent packet with method EAP Identity (1) (7) eap: Found &control:EAP-Type = TLS (7) eap: Calling submodule eap_tls to process data (7) eap_tls: (TLS) TLS -Initiating new session (7) eap_tls: (TLS) TLS - Setting verify mode to require certificate from client (7) eap: Sending EAP Request (code 1) ID 101 length 6 (7) eap: EAP session adding &reply:State = 0x83bbfe7083def355 (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) Post-Auth-Type sub-section not found. Ignoring. (7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (7) session-state: Saving cached attributes (7) Framed-MTU = 911 (7) } # server inner-tunnel (7) Virtual server sending reply (7) EAP-Message = 0x016500060d20 (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x83bbfe7083def355f9cbfc53fdd80b9e (7) eap_teap: Phase 2: Stage Authentication (7) eap_teap: Phase 2: Got tunneled Access-Challenge (7) eap: Sending EAP Request (code 1) ID 101 length 45 (7) eap: EAP session adding &reply:State = 0x6501da9e6264ed03 (7) [eap] = handled (7) } # authenticate = handled (7) Using Post-Auth-Type Challenge (7) # Executing group from file /etc/freeradius/sites-enabled/default (7) Challenge { ... } # empty sub-section is ignored (7) session-state: Saving cached attributes (7) Framed-MTU = 974 (7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (7) TLS-Session-Version = "TLS 1.2" (7) Sent Access-Challenge Id 7 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103 (7) EAP-Message = 0x0165002d37011703030022288983a38fe43b655c66480b9f0b485d46c7fb024fa8c21d117c66f781d04cdb8fda (7) Message-Authenticator = 0x00000000000000000000000000000000 (7) State = 0x6501da9e6264ed03dd76d824d918a37a (7) Finished request Waking up in 4.9 seconds. (8) Received Access-Request Id 8 from 192.168.4.151:48174 to 192.168.4.151:1812 length 393 (8) Message-Authenticator = 0xe493082daabdc7c517d0a060a4f96aa0 (8) User-Name = "anonymous" (8) Calling-Station-Id = "DE-AD-BE-EF-42-42" (8) Framed-MTU = 1400 (8) NAS-Port-Type = Wireless-802.11 (8) Service-Type = Framed-User (8) Connect-Info = "CONNECT 11Mbps 802.11b" (8) Called-Station-Id = "00:11:22:33:44:55:UConnect" (8) NAS-IP-Address = 192.168.4.20 (8) EAP-Message = 0x026500e5370117030300dac3e8e09ec8573221ff5f3d2756322ea06fb91d2a1b72e648b54bf42d9d1580e06a257a30e172b54228a431231bbeea32e57684e705f879f873480e405c3a1265867b5f5b32db50e7d551716a63705c1fbc18c72251659d211059c8e4adeb75281f39eb763a99e4ba417b1eaa8f55bcda987203eb5b43e5029569b8b94b9e78523cdbf81316a2d06fcd5be7659becd909cbfad247090bfb8e46dfb9c9f8b3123813edbaae2dcd83508012235b1b46fb703623396bf1c7fd1a7948aa5a8bcbee89a4e0ce6589127264bc803f38fd1294bb7efca5de74dac5b65910 (8) State = 0x6501da9e6264ed03dd76d824d918a37a (8) Restoring &session-state (8) &session-state:Framed-MTU = 974 (8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) &session-state:TLS-Session-Version = "TLS 1.2" (8) # Executing section authorize from file /etc/freeradius/sites-enabled/default (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ mailto:/@\./) { (8) if (&User-Name =~ mailto:/@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [preprocess] = ok (8) [chap] = noop (8) [mschap] = noop (8) [digest] = noop (8) suffix: Checking for suffix after "@" (8) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (8) suffix: No such realm "NULL" (8) [suffix] = noop (8) eap: Peer sent EAP Response (code 2) ID 101 length 229 (8) eap: Continuing tunnel setup (8) [eap] = ok (8) } # authorize = ok (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/sites-enabled/default (8) authenticate { (8) eap: Removing EAP session with state 0x6501da9e6264ed03 (8) eap: Previous EAP request found for state 0x6501da9e6264ed03, released from the list (8) eap: Peer sent packet with method EAP TEAP (55) (8) eap: Calling submodule eap_teap to process data (8) eap_teap: Authenticate (8) eap_teap: (TLS) EAP Done initial handshake (8) eap_teap: Session established. Proceeding to decode tunneled attributes (8) eap_teap: Phase 2: Got Tunneled TEAP TLVs (8) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602 (8) eap_teap: Phase 2: Got tunneled request (8) eap_teap: EAP-Message = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602 (8) eap_teap: Phase 2: Authentication (8) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2 (8) Virtual server inner-tunnel received request (8) EAP-Message = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602 (8) FreeRADIUS-Proxied-To = 127.0.0.1 (8) User-Name = mailto:user@example.org (8) State = 0x83bbfe7083def355f9cbfc53fdd80b9e (8) server inner-tunnel { (8) Restoring &session-state (8) &session-state:Framed-MTU = 911 (8) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (8) authorize { (8) policy filter_username { (8) if (&User-Name) { (8) if (&User-Name) -> TRUE (8) if (&User-Name) { (8) if (&User-Name =~ / /) { (8) if (&User-Name =~ / /) -> FALSE (8) if (&User-Name =~ /@[^@]*@/ ) { (8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (8) if (&User-Name =~ /\.\./ ) { (8) if (&User-Name =~ /\.\./ ) -> FALSE (8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (8) if (&User-Name =~ /\.$/) { (8) if (&User-Name =~ /\.$/) -> FALSE (8) if (&User-Name =~ mailto:/@\./) { (8) if (&User-Name =~ mailto:/@\./) -> FALSE (8) } # if (&User-Name) = notfound (8) } # policy filter_username = notfound (8) [chap] = noop (8) [mschap] = noop (8) suffix: Checking for suffix after "@" (8) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (8) suffix: No such realm "example.org" (8) [suffix] = noop (8) update control { (8) &Proxy-To-Realm := LOCAL (8) } # update control = noop (8) eap: Peer sent EAP Response (code 2) ID 101 length 190 (8) eap: No EAP Start, assuming it's an on-going EAP conversation (8) [eap] = updated (8) [files] = noop (8) [expiration] = noop (8) [logintime] = noop (8) [pap] = noop (8) } # authorize = updated (8) Found Auth-Type = eap (8) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (8) authenticate { (8) eap: Removing EAP session with state 0x83bbfe7083def355 (8) eap: Previous EAP request found for state 0x83bbfe7083def355, released from the list (8) eap: Peer sent packet with method EAP TLS (13) (8) eap: Calling submodule eap_tls to process data (8) eap_tls: (TLS) EAP Got final fragment (184 bytes) total 184 (8) eap_tls: WARNING: (TLS) EAP Total received record fragments (184 bytes), does not equal expected expected data length (0 bytes) (8) eap_tls: (TLS) EAP Done initial handshake (8) eap_tls: (TLS) TLS - Handshake state - before SSL initialization (8) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization (8) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization (8) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client hello (8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerHello (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server hello (8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Certificate (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write certificate (8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write key exchange (8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, CertificateRequest (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write certificate request (8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone (8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done (8) eap_tls: (TLS) TLS - Server : Need to read more data: SSLv3/TLS write server done (8) eap_tls: (TLS) TLS - In Handshake Phase (8) eap: Sending EAP Request (code 1) ID 102 length 917 (8) eap: EAP session adding &reply:State = 0x83bbfe7082ddf355 (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) Post-Auth-Type sub-section not found. Ignoring. (8) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (8) session-state: Saving cached attributes (8) Framed-MTU = 911 (8) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (8) } # server inner-tunnel (8) Virtual server sending reply (8) EAP-Message = 0x016603950dc000000b97160303003d020000390303ba214b95cbecbeb54093ec803db277546647a37d1b61584271afd9461326b21300c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x83bbfe7082ddf355f9cbfc53fdd80b9e (8) eap_teap: Phase 2: Stage Authentication (8) eap_teap: Phase 2: Got tunneled Access-Challenge (8) eap: Sending EAP Request (code 1) ID 102 length 956 (8) eap: EAP session adding &reply:State = 0x6501da9e6d67ed03 (8) [eap] = handled (8) } # authenticate = handled (8) Using Post-Auth-Type Challenge (8) # Executing group from file /etc/freeradius/sites-enabled/default (8) Challenge { ... } # empty sub-section is ignored (8) session-state: Saving cached attributes (8) Framed-MTU = 974 (8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (8) TLS-Session-Version = "TLS 1.2" (8) Sent Access-Challenge Id 8 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020 (8) EAP-Message = 0x016603bc370117030303b1288983a38fe43b6691525344bcb7cf514e89621ce2b1b61b0f554412fde0bf91b4506e4585b5b4e84081284289e86d317e8c5d1033a6091e99aee31cfdd8b0c67e72f5a5e699016f419eb846770c281d5c4ec3795ef50d98d6cc455070c2715f68f6f256db9fac7b2638958a98a09998f66bc89e7e11eee57d1c848f941c7542c994abbce3ecaf5dbbc32b0c770f17043a887b9e1510a8254002334f321aa3f1a61a0aa0da5896f44cd206c03a7fca26e79b602259f94e52b45cb06fc1cef7b42a577c120f847f2f1f14bab6a3144d75a82f8a62e40d8b9936b8fa22826fd0ae751363100ab7235b6bed0d109d9f1e72add3ae167a94d8375a683beed2962ef11a3d6fa9fe0424a67e9d5a815274699a65ff686c73d22af88575da413514cd68bf49da39c61bc8a74b5022f92bf406ed62fe687413efbd7baf39600cb60ecdd2704b7e7bce64b2ef25c65eeb62ca089e8542b530da1879104d9949aa87afd30f7e56678ead260b498d6a62b8 (8) Message-Authenticator = 0x00000000000000000000000000000000 (8) State = 0x6501da9e6d67ed03dd76d824d918a37a (8) Finished request Waking up in 4.9 seconds. (9) Received Access-Request Id 9 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209 (9) Message-Authenticator = 0x341b277c653c83befd143024adf91a2e (9) User-Name = "anonymous" (9) Calling-Station-Id = "DE-AD-BE-EF-42-42" (9) Framed-MTU = 1400 (9) NAS-Port-Type = Wireless-802.11 (9) Service-Type = Framed-User (9) Connect-Info = "CONNECT 11Mbps 802.11b" (9) Called-Station-Id = "00:11:22:33:44:55:UConnect" (9) NAS-IP-Address = 192.168.4.20 (9) EAP-Message = 0x0266002d37011703030022c3e8e09ec85732223bb25a901590a06f1c4ea0d73474ff23e8e8b43a23bd4a5d2b58 (9) State = 0x6501da9e6d67ed03dd76d824d918a37a (9) Restoring &session-state (9) &session-state:Framed-MTU = 974 (9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (9) &session-state:TLS-Session-Version = "TLS 1.2" (9) # Executing section authorize from file /etc/freeradius/sites-enabled/default (9) authorize { (9) policy filter_username { (9) if (&User-Name) { (9) if (&User-Name) -> TRUE (9) if (&User-Name) { (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@[^@]*@/ ) { (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (9) if (&User-Name =~ /\.\./ ) { (9) if (&User-Name =~ /\.\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\.$/) { (9) if (&User-Name =~ /\.$/) -> FALSE (9) if (&User-Name =~ mailto:/@\./) { (9) if (&User-Name =~ mailto:/@\./) -> FALSE (9) } # if (&User-Name) = notfound (9) } # policy filter_username = notfound (9) [preprocess] = ok (9) [chap] = noop (9) [mschap] = noop (9) [digest] = noop (9) suffix: Checking for suffix after "@" (9) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (9) suffix: No such realm "NULL" (9) [suffix] = noop (9) eap: Peer sent EAP Response (code 2) ID 102 length 45 (9) eap: Continuing tunnel setup (9) [eap] = ok (9) } # authorize = ok (9) Found Auth-Type = eap (9) # Executing group from file /etc/freeradius/sites-enabled/default (9) authenticate { (9) eap: Removing EAP session with state 0x6501da9e6d67ed03 (9) eap: Previous EAP request found for state 0x6501da9e6d67ed03, released from the list (9) eap: Peer sent packet with method EAP TEAP (55) (9) eap: Calling submodule eap_teap to process data (9) eap_teap: Authenticate (9) eap_teap: (TLS) EAP Done initial handshake (9) eap_teap: Session established. Proceeding to decode tunneled attributes (9) eap_teap: Phase 2: Got Tunneled TEAP TLVs (9) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026600060d00 (9) eap_teap: Phase 2: Got tunneled request (9) eap_teap: EAP-Message = 0x026600060d00 (9) eap_teap: Phase 2: Authentication (9) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2 (9) Virtual server inner-tunnel received request (9) EAP-Message = 0x026600060d00 (9) FreeRADIUS-Proxied-To = 127.0.0.1 (9) User-Name = mailto:user@example.org (9) State = 0x83bbfe7082ddf355f9cbfc53fdd80b9e (9) server inner-tunnel { (9) Restoring &session-state (9) &session-state:Framed-MTU = 911 (9) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (9) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (9) authorize { (9) policy filter_username { (9) if (&User-Name) { (9) if (&User-Name) -> TRUE (9) if (&User-Name) { (9) if (&User-Name =~ / /) { (9) if (&User-Name =~ / /) -> FALSE (9) if (&User-Name =~ /@[^@]*@/ ) { (9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (9) if (&User-Name =~ /\.\./ ) { (9) if (&User-Name =~ /\.\./ ) -> FALSE (9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (9) if (&User-Name =~ /\.$/) { (9) if (&User-Name =~ /\.$/) -> FALSE (9) if (&User-Name =~ mailto:/@\./) { (9) if (&User-Name =~ mailto:/@\./) -> FALSE (9) } # if (&User-Name) = notfound (9) } # policy filter_username = notfound (9) [chap] = noop (9) [mschap] = noop (9) suffix: Checking for suffix after "@" (9) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (9) suffix: No such realm "example.org" (9) [suffix] = noop (9) update control { (9) &Proxy-To-Realm := LOCAL (9) } # update control = noop (9) eap: Peer sent EAP Response (code 2) ID 102 length 6 (9) eap: No EAP Start, assuming it's an on-going EAP conversation (9) [eap] = updated (9) [files] = noop (9) [expiration] = noop (9) [logintime] = noop (9) [pap] = noop (9) } # authorize = updated (9) Found Auth-Type = eap (9) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (9) authenticate { (9) eap: Removing EAP session with state 0x83bbfe7082ddf355 (9) eap: Previous EAP request found for state 0x83bbfe7082ddf355, released from the list (9) eap: Peer sent packet with method EAP TLS (13) (9) eap: Calling submodule eap_tls to process data (9) eap_tls: (TLS) Peer ACKed our handshake fragment (9) eap: Sending EAP Request (code 1) ID 103 length 917 (9) eap: EAP session adding &reply:State = 0x83bbfe7081dcf355 (9) [eap] = handled (9) } # authenticate = handled (9) Using Post-Auth-Type Challenge (9) Post-Auth-Type sub-section not found. Ignoring. (9) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (9) session-state: Saving cached attributes (9) Framed-MTU = 911 (9) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (9) } # server inner-tunnel (9) Virtual server sending reply (9) EAP-Message = 0x016703950dc000000b972ae3260d8b01f1452de49cc0fb89eeab041571329b014eeb1461987ee823c2df88bb071075e42483679c72df85707c0837b10ed529cc9815ba6114b63fbe6605b8602ba332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d657768657265311530 (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0x83bbfe7081dcf355f9cbfc53fdd80b9e (9) eap_teap: Phase 2: Stage Authentication (9) eap_teap: Phase 2: Got tunneled Access-Challenge (9) eap: Sending EAP Request (code 1) ID 103 length 956 (9) eap: EAP session adding &reply:State = 0x6501da9e6c66ed03 (9) [eap] = handled (9) } # authenticate = handled (9) Using Post-Auth-Type Challenge (9) # Executing group from file /etc/freeradius/sites-enabled/default (9) Challenge { ... } # empty sub-section is ignored (9) session-state: Saving cached attributes (9) Framed-MTU = 974 (9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (9) TLS-Session-Version = "TLS 1.2" (9) Sent Access-Challenge Id 9 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020 (9) EAP-Message = 0x016703bc370117030303b1288983a38fe43b676f3510dd2f99d961a692c8b8ca1e61c671fd90ad8f09a71923d4d81d04fcf0cbce7ed698e4ee18d01deaf98aa08340130e516fee5db19942bcafae8e75c49f8579ad7b6ef0553990b2e09148b8b23f3eb85974afb400efa78c26c779f5e0bad11e31117cd9858bff84893b0bfbd2982eb4267b4602ce4bb46b8610dca107dacaed309b153ef8dc4925da3c81a09e1755cbac3e67be7eee4cbc2ed6142665bb204fceb4ef581e096e9f48370ca734dd13efe2d4ff098c3ca8c712f5053e103f96bda1ccc56bd0bfd859a2be9300049c0298b188805570ea13fabed97f9e6bddf401b6a484f936ddb70ce48f9531d1444c52c4893bb262155f028261c7ab0e34602dbc93f13220134b4d6ecce22415f7d33204ee1dcfd2f1d098cc264436a0224963302f802ffdc4850a1a74e4b6aae277ddd4fe6b1eeb15355c99cb6c98dc07ed87e5d1874de5b9ab0fe2f716e26565a4bafd0b1fab8775213b45115448d2b3f11af1f5cb (9) Message-Authenticator = 0x00000000000000000000000000000000 (9) State = 0x6501da9e6c66ed03dd76d824d918a37a (9) Finished request Waking up in 4.9 seconds. (10) Received Access-Request Id 10 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209 (10) Message-Authenticator = 0x9705583f9f8b83b90430dc98ef7e0c92 (10) User-Name = "anonymous" (10) Calling-Station-Id = "DE-AD-BE-EF-42-42" (10) Framed-MTU = 1400 (10) NAS-Port-Type = Wireless-802.11 (10) Service-Type = Framed-User (10) Connect-Info = "CONNECT 11Mbps 802.11b" (10) Called-Station-Id = "00:11:22:33:44:55:UConnect" (10) NAS-IP-Address = 192.168.4.20 (10) EAP-Message = 0x0267002d37011703030022c3e8e09ec857322347843392ec555ed58705a8c389e3c5d592fbc9b0b4d6fadb35a7 (10) State = 0x6501da9e6c66ed03dd76d824d918a37a (10) Restoring &session-state (10) &session-state:Framed-MTU = 974 (10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (10) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (10) &session-state:TLS-Session-Version = "TLS 1.2" (10) # Executing section authorize from file /etc/freeradius/sites-enabled/default (10) authorize { (10) policy filter_username { (10) if (&User-Name) { (10) if (&User-Name) -> TRUE (10) if (&User-Name) { (10) if (&User-Name =~ / /) { (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@[^@]*@/ ) { (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (10) if (&User-Name =~ /\.\./ ) { (10) if (&User-Name =~ /\.\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\.$/) { (10) if (&User-Name =~ /\.$/) -> FALSE (10) if (&User-Name =~ mailto:/@\./) { (10) if (&User-Name =~ mailto:/@\./) -> FALSE (10) } # if (&User-Name) = notfound (10) } # policy filter_username = notfound (10) [preprocess] = ok (10) [chap] = noop (10) [mschap] = noop (10) [digest] = noop (10) suffix: Checking for suffix after "@" (10) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (10) suffix: No such realm "NULL" (10) [suffix] = noop (10) eap: Peer sent EAP Response (code 2) ID 103 length 45 (10) eap: Continuing tunnel setup (10) [eap] = ok (10) } # authorize = ok (10) Found Auth-Type = eap (10) # Executing group from file /etc/freeradius/sites-enabled/default (10) authenticate { (10) eap: Removing EAP session with state 0x6501da9e6c66ed03 (10) eap: Previous EAP request found for state 0x6501da9e6c66ed03, released from the list (10) eap: Peer sent packet with method EAP TEAP (55) (10) eap: Calling submodule eap_teap to process data (10) eap_teap: Authenticate (10) eap_teap: (TLS) EAP Done initial handshake (10) eap_teap: Session established. Proceeding to decode tunneled attributes (10) eap_teap: Phase 2: Got Tunneled TEAP TLVs (10) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026700060d00 (10) eap_teap: Phase 2: Got tunneled request (10) eap_teap: EAP-Message = 0x026700060d00 (10) eap_teap: Phase 2: Authentication (10) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2 (10) Virtual server inner-tunnel received request (10) EAP-Message = 0x026700060d00 (10) FreeRADIUS-Proxied-To = 127.0.0.1 (10) User-Name = mailto:user@example.org (10) State = 0x83bbfe7081dcf355f9cbfc53fdd80b9e (10) server inner-tunnel { (10) Restoring &session-state (10) &session-state:Framed-MTU = 911 (10) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (10) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (10) authorize { (10) policy filter_username { (10) if (&User-Name) { (10) if (&User-Name) -> TRUE (10) if (&User-Name) { (10) if (&User-Name =~ / /) { (10) if (&User-Name =~ / /) -> FALSE (10) if (&User-Name =~ /@[^@]*@/ ) { (10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (10) if (&User-Name =~ /\.\./ ) { (10) if (&User-Name =~ /\.\./ ) -> FALSE (10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (10) if (&User-Name =~ /\.$/) { (10) if (&User-Name =~ /\.$/) -> FALSE (10) if (&User-Name =~ mailto:/@\./) { (10) if (&User-Name =~ mailto:/@\./) -> FALSE (10) } # if (&User-Name) = notfound (10) } # policy filter_username = notfound (10) [chap] = noop (10) [mschap] = noop (10) suffix: Checking for suffix after "@" (10) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (10) suffix: No such realm "example.org" (10) [suffix] = noop (10) update control { (10) &Proxy-To-Realm := LOCAL (10) } # update control = noop (10) eap: Peer sent EAP Response (code 2) ID 103 length 6 (10) eap: No EAP Start, assuming it's an on-going EAP conversation (10) [eap] = updated (10) [files] = noop (10) [expiration] = noop (10) [logintime] = noop (10) [pap] = noop (10) } # authorize = updated (10) Found Auth-Type = eap (10) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (10) authenticate { (10) eap: Removing EAP session with state 0x83bbfe7081dcf355 (10) eap: Previous EAP request found for state 0x83bbfe7081dcf355, released from the list (10) eap: Peer sent packet with method EAP TLS (13) (10) eap: Calling submodule eap_tls to process data (10) eap_tls: (TLS) Peer ACKed our handshake fragment (10) eap: Sending EAP Request (code 1) ID 104 length 917 (10) eap: EAP session adding &reply:State = 0x83bbfe7080d3f355 (10) [eap] = handled (10) } # authenticate = handled (10) Using Post-Auth-Type Challenge (10) Post-Auth-Type sub-section not found. Ignoring. (10) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (10) session-state: Saving cached attributes (10) Framed-MTU = 911 (10) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (10) } # server inner-tunnel (10) Virtual server sending reply (10) EAP-Message = 0x016803950dc000000b970001e84c31b4245d2331c09109f5028cc5415a74fcfca10203010001a38201423082013e301d0603551d0e04160414a68b8782fdf060ffecd2f37fe80fa76de241a3523081d30603551d230481cb3081c88014a68b8782fdf060ffecd2f37fe80fa76de241a352a18199a48196308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) State = 0x83bbfe7080d3f355f9cbfc53fdd80b9e (10) eap_teap: Phase 2: Stage Authentication (10) eap_teap: Phase 2: Got tunneled Access-Challenge (10) eap: Sending EAP Request (code 1) ID 104 length 956 (10) eap: EAP session adding &reply:State = 0x6501da9e6f69ed03 (10) [eap] = handled (10) } # authenticate = handled (10) Using Post-Auth-Type Challenge (10) # Executing group from file /etc/freeradius/sites-enabled/default (10) Challenge { ... } # empty sub-section is ignored (10) session-state: Saving cached attributes (10) Framed-MTU = 974 (10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (10) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (10) TLS-Session-Version = "TLS 1.2" (10) Sent Access-Challenge Id 10 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020 (10) EAP-Message = 0x016803bc370117030303b1288983a38fe43b686cc3923e3b9fb14213934cdc23208df3166cfa3d840b7ee94440fe99eb8eceab7625a871abacba6a28fd8e7e87799d14a716bec497840dbb43b4bcab9e359083276d71eeb99e8bcef1312e2871a1ad8ec140406a944ef5e8e4709acab032451f35f81f8b71439a4bbf827a5c49abb23c1a50a2014c2e31e0e66817b57f9603eabaa8129e98623e6686047bd66bc06ca9c80dd3755afff566091b82131c793c30806df05578c97e97caf280333e5591705bb64ba14e61fc72ddf6b5bbcaf5172e4eaec22829dee1a95574cbdda828222828ffbfc223056ace415664c69afc576752ff611b2972470840560d85fc0439d6a7ca2c989d679134bababeb8e393731b7fbb38d8962d625fe6c00c66c600b8cc575f918e16b190d3683abab85d713055dfa833983cf81224b063a41ad248fe5d9f5f63ad89325ac6511e9b2443f929f4e1ffa773a8820d8fa7cfe99fe4d487a64504760d058fb2b1a3afe574ade7806aab2997e8 (10) Message-Authenticator = 0x00000000000000000000000000000000 (10) State = 0x6501da9e6f69ed03dd76d824d918a37a (10) Finished request Waking up in 4.9 seconds. (11) Received Access-Request Id 11 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209 (11) Message-Authenticator = 0x9ac9345816cb81e705eb3a1e47b13e36 (11) User-Name = "anonymous" (11) Calling-Station-Id = "DE-AD-BE-EF-42-42" (11) Framed-MTU = 1400 (11) NAS-Port-Type = Wireless-802.11 (11) Service-Type = Framed-User (11) Connect-Info = "CONNECT 11Mbps 802.11b" (11) Called-Station-Id = "00:11:22:33:44:55:UConnect" (11) NAS-IP-Address = 192.168.4.20 (11) EAP-Message = 0x0268002d37011703030022c3e8e09ec857322498d8442dc5ad05a2f4ddf4647b90abad9f337078372d3905d8ff (11) State = 0x6501da9e6f69ed03dd76d824d918a37a (11) Restoring &session-state (11) &session-state:Framed-MTU = 974 (11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (11) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (11) &session-state:TLS-Session-Version = "TLS 1.2" (11) # Executing section authorize from file /etc/freeradius/sites-enabled/default (11) authorize { (11) policy filter_username { (11) if (&User-Name) { (11) if (&User-Name) -> TRUE (11) if (&User-Name) { (11) if (&User-Name =~ / /) { (11) if (&User-Name =~ / /) -> FALSE (11) if (&User-Name =~ /@[^@]*@/ ) { (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (11) if (&User-Name =~ /\.\./ ) { (11) if (&User-Name =~ /\.\./ ) -> FALSE (11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (11) if (&User-Name =~ /\.$/) { (11) if (&User-Name =~ /\.$/) -> FALSE (11) if (&User-Name =~ mailto:/@\./) { (11) if (&User-Name =~ mailto:/@\./) -> FALSE (11) } # if (&User-Name) = notfound (11) } # policy filter_username = notfound (11) [preprocess] = ok (11) [chap] = noop (11) [mschap] = noop (11) [digest] = noop (11) suffix: Checking for suffix after "@" (11) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (11) suffix: No such realm "NULL" (11) [suffix] = noop (11) eap: Peer sent EAP Response (code 2) ID 104 length 45 (11) eap: Continuing tunnel setup (11) [eap] = ok (11) } # authorize = ok (11) Found Auth-Type = eap (11) # Executing group from file /etc/freeradius/sites-enabled/default (11) authenticate { (11) eap: Removing EAP session with state 0x6501da9e6f69ed03 (11) eap: Previous EAP request found for state 0x6501da9e6f69ed03, released from the list (11) eap: Peer sent packet with method EAP TEAP (55) (11) eap: Calling submodule eap_teap to process data (11) eap_teap: Authenticate (11) eap_teap: (TLS) EAP Done initial handshake (11) eap_teap: Session established. Proceeding to decode tunneled attributes (11) eap_teap: Phase 2: Got Tunneled TEAP TLVs (11) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026800060d00 (11) eap_teap: Phase 2: Got tunneled request (11) eap_teap: EAP-Message = 0x026800060d00 (11) eap_teap: Phase 2: Authentication (11) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2 (11) Virtual server inner-tunnel received request (11) EAP-Message = 0x026800060d00 (11) FreeRADIUS-Proxied-To = 127.0.0.1 (11) User-Name = mailto:user@example.org (11) State = 0x83bbfe7080d3f355f9cbfc53fdd80b9e (11) server inner-tunnel { (11) Restoring &session-state (11) &session-state:Framed-MTU = 911 (11) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (11) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (11) authorize { (11) policy filter_username { (11) if (&User-Name) { (11) if (&User-Name) -> TRUE (11) if (&User-Name) { (11) if (&User-Name =~ / /) { (11) if (&User-Name =~ / /) -> FALSE (11) if (&User-Name =~ /@[^@]*@/ ) { (11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (11) if (&User-Name =~ /\.\./ ) { (11) if (&User-Name =~ /\.\./ ) -> FALSE (11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (11) if (&User-Name =~ /\.$/) { (11) if (&User-Name =~ /\.$/) -> FALSE (11) if (&User-Name =~ mailto:/@\./) { (11) if (&User-Name =~ mailto:/@\./) -> FALSE (11) } # if (&User-Name) = notfound (11) } # policy filter_username = notfound (11) [chap] = noop (11) [mschap] = noop (11) suffix: Checking for suffix after "@" (11) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (11) suffix: No such realm "example.org" (11) [suffix] = noop (11) update control { (11) &Proxy-To-Realm := LOCAL (11) } # update control = noop (11) eap: Peer sent EAP Response (code 2) ID 104 length 6 (11) eap: No EAP Start, assuming it's an on-going EAP conversation (11) [eap] = updated (11) [files] = noop (11) [expiration] = noop (11) [logintime] = noop (11) [pap] = noop (11) } # authorize = updated (11) Found Auth-Type = eap (11) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (11) authenticate { (11) eap: Removing EAP session with state 0x83bbfe7080d3f355 (11) eap: Previous EAP request found for state 0x83bbfe7080d3f355, released from the list (11) eap: Peer sent packet with method EAP TLS (13) (11) eap: Calling submodule eap_tls to process data (11) eap_tls: (TLS) Peer ACKed our handshake fragment (11) eap: Sending EAP Request (code 1) ID 105 length 256 (11) eap: EAP session adding &reply:State = 0x83bbfe7087d2f355 (11) [eap] = handled (11) } # authenticate = handled (11) Using Post-Auth-Type Challenge (11) Post-Auth-Type sub-section not found. Ignoring. (11) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (11) session-state: Saving cached attributes (11) Framed-MTU = 911 (11) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (11) } # server inner-tunnel (11) Virtual server sending reply (11) EAP-Message = 0x016901000d8000000b97e0cc1e80c018f46b6e2235f72bf34331e15d16840d806580bd98437816030300cc0d0000c8030102400028040305030603080708080809080a080b08040805080604010501060103030301030204020502060200980096308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747916030300040e000000 (11) Message-Authenticator = 0x00000000000000000000000000000000 (11) State = 0x83bbfe7087d2f355f9cbfc53fdd80b9e (11) eap_teap: Phase 2: Stage Authentication (11) eap_teap: Phase 2: Got tunneled Access-Challenge (11) eap: Sending EAP Request (code 1) ID 105 length 295 (11) eap: EAP session adding &reply:State = 0x6501da9e6e68ed03 (11) [eap] = handled (11) } # authenticate = handled (11) Using Post-Auth-Type Challenge (11) # Executing group from file /etc/freeradius/sites-enabled/default (11) Challenge { ... } # empty sub-section is ignored (11) session-state: Saving cached attributes (11) Framed-MTU = 974 (11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (11) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (11) TLS-Session-Version = "TLS 1.2" (11) Sent Access-Challenge Id 11 from 192.168.4.151:1812 to 192.168.4.151:48174 length 355 (11) EAP-Message = 0x016901273701170303011c288983a38fe43b697cf24cb85b76b334af65851f85500de18ca6eff47f27cdf3cfc5301bea8ec3317bfacfb7c2edbd3548fe81461493984f84cbe7859b0717fc3f6aa585dbfa3101bb3d26e58fb8bbb12ea6b564229aef50c1ad0dbca675e09a9a23ec436d6b7604197008d0f8ef5ec3de9da81956e4b67cf966f05da7833b26bb8fb3981f5a49761d451dc65bb9dd56aaeb5c5ff1d20794c0574e79ef47d496051a0d4515fc19dc87d331687e3cbdce934cde5c80bc2d1e9813270404cd6b95278c093c6ccec51514cfcaa8027737a2563787b92eccd4b3f62119ffb1de791606e2406b18c121d76ea8c87a129b3f2043c9835cfe66c7e9547a4a4131c1b57c606d4891b505330cdd04093cc3ec8a6532dc7131d66337847097632f (11) Message-Authenticator = 0x00000000000000000000000000000000 (11) State = 0x6501da9e6e68ed03dd76d824d918a37a (11) Finished request Waking up in 4.9 seconds. (12) Received Access-Request Id 12 from 192.168.4.151:48174 to 192.168.4.151:1812 length 1521 (12) Message-Authenticator = 0x64422557b5ce8dc6386d2b81b05bb36a (12) User-Name = "anonymous" (12) Calling-Station-Id = "DE-AD-BE-EF-42-42" (12) Framed-MTU = 1400 (12) NAS-Port-Type = Wireless-802.11 (12) Service-Type = Framed-User (12) Connect-Info = "CONNECT 11Mbps 802.11b" (12) Called-Station-Id = "00:11:22:33:44:55:UConnect" (12) NAS-IP-Address = 192.168.4.20 (12) EAP-Message = 0x0269054337011703030538c3e8e09ec857322581d9fe2625bad205da0536046608acee0e124d9547a88e13806875cfb5ac0b8c0044353c3c9e16d7ac66c1e5a4ad0c60cd19003b4372aceb23a71e440abbabb4bca3c689ee785f8e4c67b43ff27bf7e9865dce58a8d2b0f92a4f5034ae1307365609c47a936fdeebf37350a558c4ea4ca6437b92dca372792f324c57a4791243592a6a08d7e2e07e7c7446201a5e986714040aedc4d65e1945a3595abaa7398861537b247dee04a7c28023c17a9a521bb608595a6581426fd15154b7cd66db0d9d3798d21d99051e150d15bd7c4c47c8fdd4001ff81f672600f5237bbd6d2b457d33ca09e5b77928cc17da7b95044a356d101ebd2a0efae598999804f249e88c77e659b7619594eac2d2a803cf659221d4525447d83e409da2e43a828c772a5fb6251bc8802e271385033cbac49cf021ba56f2f524105575d50d83d391c161654aea43e000924b1fc4c6478e4f1aedf879ef12ceeee9b9678e16fc3a2c12b440725c195c (12) State = 0x6501da9e6e68ed03dd76d824d918a37a (12) Restoring &session-state (12) &session-state:Framed-MTU = 974 (12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (12) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (12) &session-state:TLS-Session-Version = "TLS 1.2" (12) # Executing section authorize from file /etc/freeradius/sites-enabled/default (12) authorize { (12) policy filter_username { (12) if (&User-Name) { (12) if (&User-Name) -> TRUE (12) if (&User-Name) { (12) if (&User-Name =~ / /) { (12) if (&User-Name =~ / /) -> FALSE (12) if (&User-Name =~ /@[^@]*@/ ) { (12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (12) if (&User-Name =~ /\.\./ ) { (12) if (&User-Name =~ /\.\./ ) -> FALSE (12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (12) if (&User-Name =~ /\.$/) { (12) if (&User-Name =~ /\.$/) -> FALSE (12) if (&User-Name =~ mailto:/@\./) { (12) if (&User-Name =~ mailto:/@\./) -> FALSE (12) } # if (&User-Name) = notfound (12) } # policy filter_username = notfound (12) [preprocess] = ok (12) [chap] = noop (12) [mschap] = noop (12) [digest] = noop (12) suffix: Checking for suffix after "@" (12) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (12) suffix: No such realm "NULL" (12) [suffix] = noop (12) eap: Peer sent EAP Response (code 2) ID 105 length 1347 (12) eap: Continuing tunnel setup (12) [eap] = ok (12) } # authorize = ok (12) Found Auth-Type = eap (12) # Executing group from file /etc/freeradius/sites-enabled/default (12) authenticate { (12) eap: Removing EAP session with state 0x6501da9e6e68ed03 (12) eap: Previous EAP request found for state 0x6501da9e6e68ed03, released from the list (12) eap: Peer sent packet with method EAP TEAP (55) (12) eap: Calling submodule eap_teap to process data (12) eap_teap: Authenticate (12) eap_teap: (TLS) EAP Done initial handshake (12) eap_teap: Session established. Proceeding to decode tunneled attributes (12) eap_teap: Phase 2: Got Tunneled TEAP TLVs (12) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886 (12) eap_teap: Phase 2: Got tunneled request (12) eap_teap: EAP-Message = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886f70d0101010500038201 (12) eap_teap: Phase 2: Authentication (12) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2 (12) Virtual server inner-tunnel received request (12) EAP-Message = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886f70d0101010500038201 (12) FreeRADIUS-Proxied-To = 127.0.0.1 (12) User-Name = mailto:user@example.org (12) State = 0x83bbfe7087d2f355f9cbfc53fdd80b9e (12) server inner-tunnel { (12) Restoring &session-state (12) &session-state:Framed-MTU = 911 (12) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (12) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (12) authorize { (12) policy filter_username { (12) if (&User-Name) { (12) if (&User-Name) -> TRUE (12) if (&User-Name) { (12) if (&User-Name =~ / /) { (12) if (&User-Name =~ / /) -> FALSE (12) if (&User-Name =~ /@[^@]*@/ ) { (12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (12) if (&User-Name =~ /\.\./ ) { (12) if (&User-Name =~ /\.\./ ) -> FALSE (12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (12) if (&User-Name =~ /\.$/) { (12) if (&User-Name =~ /\.$/) -> FALSE (12) if (&User-Name =~ mailto:/@\./) { (12) if (&User-Name =~ mailto:/@\./) -> FALSE (12) } # if (&User-Name) = notfound (12) } # policy filter_username = notfound (12) [chap] = noop (12) [mschap] = noop (12) suffix: Checking for suffix after "@" (12) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (12) suffix: No such realm "example.org" (12) [suffix] = noop (12) update control { (12) &Proxy-To-Realm := LOCAL (12) } # update control = noop (12) eap: Peer sent EAP Response (code 2) ID 105 length 1308 (12) eap: No EAP Start, assuming it's an on-going EAP conversation (12) [eap] = updated (12) [files] = noop (12) [expiration] = noop (12) [logintime] = noop (12) [pap] = noop (12) } # authorize = updated (12) Found Auth-Type = eap (12) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (12) authenticate { (12) eap: Removing EAP session with state 0x83bbfe7087d2f355 (12) eap: Previous EAP request found for state 0x83bbfe7087d2f355, released from the list (12) eap: Peer sent packet with method EAP TLS (13) (12) eap: Calling submodule eap_tls to process data (12) eap_tls: (TLS) EAP Peer says that the final record size will be 2703 bytes (12) eap_tls: (TLS) EAP Expecting 3 fragments (12) eap_tls: (TLS) EAP Got first TLS fragment (1298 bytes). Peer says more fragments will follow (12) eap_tls: (TLS) EAP ACKing fragment, the peer should send more data. (12) eap: Sending EAP Request (code 1) ID 106 length 6 (12) eap: EAP session adding &reply:State = 0x83bbfe7086d1f355 (12) [eap] = handled (12) } # authenticate = handled (12) Using Post-Auth-Type Challenge (12) Post-Auth-Type sub-section not found. Ignoring. (12) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (12) session-state: Saving cached attributes (12) Framed-MTU = 911 (12) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (12) } # server inner-tunnel (12) Virtual server sending reply (12) EAP-Message = 0x016a00060d00 (12) Message-Authenticator = 0x00000000000000000000000000000000 (12) State = 0x83bbfe7086d1f355f9cbfc53fdd80b9e (12) eap_teap: Phase 2: Stage Authentication (12) eap_teap: Phase 2: Got tunneled Access-Challenge (12) eap: Sending EAP Request (code 1) ID 106 length 45 (12) eap: EAP session adding &reply:State = 0x6501da9e696bed03 (12) [eap] = handled (12) } # authenticate = handled (12) Using Post-Auth-Type Challenge (12) # Executing group from file /etc/freeradius/sites-enabled/default (12) Challenge { ... } # empty sub-section is ignored (12) session-state: Saving cached attributes (12) Framed-MTU = 974 (12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (12) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (12) TLS-Session-Version = "TLS 1.2" (12) Sent Access-Challenge Id 12 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103 (12) EAP-Message = 0x016a002d37011703030022288983a38fe43b6a79a9a1be241b2c5021aeee1b135efc1cc4a65f4a314b530ec830 (12) Message-Authenticator = 0x00000000000000000000000000000000 (12) State = 0x6501da9e696bed03dd76d824d918a37a (12) Finished request Waking up in 4.9 seconds. (13) Received Access-Request Id 13 from 192.168.4.151:48174 to 192.168.4.151:1812 length 1517 (13) Message-Authenticator = 0x014d0f204d5a230240c2986adda2b8ec (13) User-Name = "anonymous" (13) Calling-Station-Id = "DE-AD-BE-EF-42-42" (13) Framed-MTU = 1400 (13) NAS-Port-Type = Wireless-802.11 (13) Service-Type = Framed-User (13) Connect-Info = "CONNECT 11Mbps 802.11b" (13) Called-Station-Id = "00:11:22:33:44:55:UConnect" (13) NAS-IP-Address = 192.168.4.20 (13) EAP-Message = 0x026a053f37011703030534c3e8e09ec857322636dd17021da30376098fc2f063fa72f2ee104df85d62e59bce062047bd575f2a9c39ab48cce77019e355b0b0193a1cca9971a3340a8a6130d2a91acf2035cc9ee71ec81aff29bd1e291dcbea8cf0f31ece4412f780c474737ca1170c2201c4ba99deca187900c71b833c7d29d0b321ee75310b2c7c65d85505f9ea65c7aefd8ec3ab6bce5692d577939c7b5f7df2bdc56507b4327a0c357eddf1fc657215bc3cec811088324f787f36e7ad611ab458ba56c913dc38c3871c7541c96d33764a44953d34486b6e98b6383e593d7f8a5492ec6fd8653c6825f805d07e26bc3850ddba54fb5eafdc8cca9f5623ad0dbe9c3c558d580fb9cd841e3e6f3c8fc02f1ae8ab2cb1e4d6114e7d11343e76dbfe0f5f4b027ab72bcbeda0e4103d77a7a21d8825f4d9954c739c29016a0d2ce45a9ec6ef3d5ba9c0e63d2c13dbe028a6b51515b087b59f8410a53c38fc02b485f1ba60c0a658ccbaf092a7295f4036f4c69a51778b444f (13) State = 0x6501da9e696bed03dd76d824d918a37a (13) Restoring &session-state (13) &session-state:Framed-MTU = 974 (13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (13) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (13) &session-state:TLS-Session-Version = "TLS 1.2" (13) # Executing section authorize from file /etc/freeradius/sites-enabled/default (13) authorize { (13) policy filter_username { (13) if (&User-Name) { (13) if (&User-Name) -> TRUE (13) if (&User-Name) { (13) if (&User-Name =~ / /) { (13) if (&User-Name =~ / /) -> FALSE (13) if (&User-Name =~ /@[^@]*@/ ) { (13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (13) if (&User-Name =~ /\.\./ ) { (13) if (&User-Name =~ /\.\./ ) -> FALSE (13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (13) if (&User-Name =~ /\.$/) { (13) if (&User-Name =~ /\.$/) -> FALSE (13) if (&User-Name =~ mailto:/@\./) { (13) if (&User-Name =~ mailto:/@\./) -> FALSE (13) } # if (&User-Name) = notfound (13) } # policy filter_username = notfound (13) [preprocess] = ok (13) [chap] = noop (13) [mschap] = noop (13) [digest] = noop (13) suffix: Checking for suffix after "@" (13) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (13) suffix: No such realm "NULL" (13) [suffix] = noop (13) eap: Peer sent EAP Response (code 2) ID 106 length 1343 (13) eap: Continuing tunnel setup (13) [eap] = ok (13) } # authorize = ok (13) Found Auth-Type = eap (13) # Executing group from file /etc/freeradius/sites-enabled/default (13) authenticate { (13) eap: Removing EAP session with state 0x6501da9e696bed03 (13) eap: Previous EAP request found for state 0x6501da9e696bed03, released from the list (13) eap: Peer sent packet with method EAP TEAP (55) (13) eap: Calling submodule eap_teap to process data (13) eap_teap: Authenticate (13) eap_teap: (TLS) EAP Done initial handshake (13) eap_teap: Session established. Proceeding to decode tunneled attributes (13) eap_teap: Phase 2: Got Tunneled TEAP TLVs (13) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c206 (13) eap_teap: Phase 2: Got tunneled request (13) eap_teap: EAP-Message = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f53 (13) eap_teap: Phase 2: Authentication (13) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2 (13) Virtual server inner-tunnel received request (13) EAP-Message = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f53 (13) FreeRADIUS-Proxied-To = 127.0.0.1 (13) User-Name = mailto:user@example.org (13) State = 0x83bbfe7086d1f355f9cbfc53fdd80b9e (13) server inner-tunnel { (13) Restoring &session-state (13) &session-state:Framed-MTU = 911 (13) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (13) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (13) authorize { (13) policy filter_username { (13) if (&User-Name) { (13) if (&User-Name) -> TRUE (13) if (&User-Name) { (13) if (&User-Name =~ / /) { (13) if (&User-Name =~ / /) -> FALSE (13) if (&User-Name =~ /@[^@]*@/ ) { (13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (13) if (&User-Name =~ /\.\./ ) { (13) if (&User-Name =~ /\.\./ ) -> FALSE (13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (13) if (&User-Name =~ /\.$/) { (13) if (&User-Name =~ /\.$/) -> FALSE (13) if (&User-Name =~ mailto:/@\./) { (13) if (&User-Name =~ mailto:/@\./) -> FALSE (13) } # if (&User-Name) = notfound (13) } # policy filter_username = notfound (13) [chap] = noop (13) [mschap] = noop (13) suffix: Checking for suffix after "@" (13) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (13) suffix: No such realm "example.org" (13) [suffix] = noop (13) update control { (13) &Proxy-To-Realm := LOCAL (13) } # update control = noop (13) eap: Peer sent EAP Response (code 2) ID 106 length 1304 (13) eap: No EAP Start, assuming it's an on-going EAP conversation (13) [eap] = updated (13) [files] = noop (13) [expiration] = noop (13) [logintime] = noop (13) [pap] = noop (13) } # authorize = updated (13) Found Auth-Type = eap (13) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (13) authenticate { (13) eap: Removing EAP session with state 0x83bbfe7086d1f355 (13) eap: Previous EAP request found for state 0x83bbfe7086d1f355, released from the list (13) eap: Peer sent packet with method EAP TLS (13) (13) eap: Calling submodule eap_tls to process data (13) eap_tls: (TLS) EAP Got additional fragment (1298 bytes). Peer says more fragments will follow (13) eap_tls: (TLS) EAP ACKing fragment, the peer should send more data. (13) eap: Sending EAP Request (code 1) ID 107 length 6 (13) eap: EAP session adding &reply:State = 0x83bbfe7085d0f355 (13) [eap] = handled (13) } # authenticate = handled (13) Using Post-Auth-Type Challenge (13) Post-Auth-Type sub-section not found. Ignoring. (13) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (13) session-state: Saving cached attributes (13) Framed-MTU = 911 (13) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (13) } # server inner-tunnel (13) Virtual server sending reply (13) EAP-Message = 0x016b00060d00 (13) Message-Authenticator = 0x00000000000000000000000000000000 (13) State = 0x83bbfe7085d0f355f9cbfc53fdd80b9e (13) eap_teap: Phase 2: Stage Authentication (13) eap_teap: Phase 2: Got tunneled Access-Challenge (13) eap: Sending EAP Request (code 1) ID 107 length 45 (13) eap: EAP session adding &reply:State = 0x6501da9e686aed03 (13) [eap] = handled (13) } # authenticate = handled (13) Using Post-Auth-Type Challenge (13) # Executing group from file /etc/freeradius/sites-enabled/default (13) Challenge { ... } # empty sub-section is ignored (13) session-state: Saving cached attributes (13) Framed-MTU = 974 (13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (13) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (13) TLS-Session-Version = "TLS 1.2" (13) Sent Access-Challenge Id 13 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103 (13) EAP-Message = 0x016b002d37011703030022288983a38fe43b6b7205fb27447f6a361e2f8e1cd2f189d85ab5f239e621e22d2f9b (13) Message-Authenticator = 0x00000000000000000000000000000000 (13) State = 0x6501da9e686aed03dd76d824d918a37a (13) Finished request Waking up in 4.9 seconds. (14) Received Access-Request Id 14 from 192.168.4.151:48174 to 192.168.4.151:1812 length 316 (14) Message-Authenticator = 0x9df89c02b33d950e479313932c0f1bdc (14) User-Name = "anonymous" (14) Calling-Station-Id = "DE-AD-BE-EF-42-42" (14) Framed-MTU = 1400 (14) NAS-Port-Type = Wireless-802.11 (14) Service-Type = Framed-User (14) Connect-Info = "CONNECT 11Mbps 802.11b" (14) Called-Station-Id = "00:11:22:33:44:55:UConnect" (14) NAS-IP-Address = 192.168.4.20 (14) EAP-Message = 0x026b00983701170303008dc3e8e09ec8573227f8993884d8f1261f6a6cb279e25242f64242a24b3bccc055d10b91fa67e2f271a1f7cd2c22a94f7889a5c44bc42aca8702a48b81037b1ff5fbb1da07852c358e91f8e6c5531383b07a2a16e68dcec00f03d59ad74ce779887259789bd9389eb3c2c97c963655ad797879d1c8153c7460d3db3ce9169d7c7bbc235ce038cf71e41441c10859 (14) State = 0x6501da9e686aed03dd76d824d918a37a (14) Restoring &session-state (14) &session-state:Framed-MTU = 974 (14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (14) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (14) &session-state:TLS-Session-Version = "TLS 1.2" (14) # Executing section authorize from file /etc/freeradius/sites-enabled/default (14) authorize { (14) policy filter_username { (14) if (&User-Name) { (14) if (&User-Name) -> TRUE (14) if (&User-Name) { (14) if (&User-Name =~ / /) { (14) if (&User-Name =~ / /) -> FALSE (14) if (&User-Name =~ /@[^@]*@/ ) { (14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (14) if (&User-Name =~ /\.\./ ) { (14) if (&User-Name =~ /\.\./ ) -> FALSE (14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (14) if (&User-Name =~ /\.$/) { (14) if (&User-Name =~ /\.$/) -> FALSE (14) if (&User-Name =~ mailto:/@\./) { (14) if (&User-Name =~ mailto:/@\./) -> FALSE (14) } # if (&User-Name) = notfound (14) } # policy filter_username = notfound (14) [preprocess] = ok (14) [chap] = noop (14) [mschap] = noop (14) [digest] = noop (14) suffix: Checking for suffix after "@" (14) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (14) suffix: No such realm "NULL" (14) [suffix] = noop (14) eap: Peer sent EAP Response (code 2) ID 107 length 152 (14) eap: Continuing tunnel setup (14) [eap] = ok (14) } # authorize = ok (14) Found Auth-Type = eap (14) # Executing group from file /etc/freeradius/sites-enabled/default (14) authenticate { (14) eap: Removing EAP session with state 0x6501da9e686aed03 (14) eap: Previous EAP request found for state 0x6501da9e686aed03, released from the list (14) eap: Peer sent packet with method EAP TEAP (55) (14) eap: Calling submodule eap_teap to process data (14) eap_teap: Authenticate (14) eap_teap: (TLS) EAP Done initial handshake (14) eap_teap: Session established. Proceeding to decode tunneled attributes (14) eap_teap: Phase 2: Got Tunneled TEAP TLVs (14) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f (14) eap_teap: Phase 2: Got tunneled request (14) eap_teap: EAP-Message = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f (14) eap_teap: Phase 2: Authentication (14) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2 (14) Virtual server inner-tunnel received request (14) EAP-Message = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f (14) FreeRADIUS-Proxied-To = 127.0.0.1 (14) User-Name = mailto:user@example.org (14) State = 0x83bbfe7085d0f355f9cbfc53fdd80b9e (14) server inner-tunnel { (14) Restoring &session-state (14) &session-state:Framed-MTU = 911 (14) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (14) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (14) authorize { (14) policy filter_username { (14) if (&User-Name) { (14) if (&User-Name) -> TRUE (14) if (&User-Name) { (14) if (&User-Name =~ / /) { (14) if (&User-Name =~ / /) -> FALSE (14) if (&User-Name =~ /@[^@]*@/ ) { (14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (14) if (&User-Name =~ /\.\./ ) { (14) if (&User-Name =~ /\.\./ ) -> FALSE (14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (14) if (&User-Name =~ /\.$/) { (14) if (&User-Name =~ /\.$/) -> FALSE (14) if (&User-Name =~ mailto:/@\./) { (14) if (&User-Name =~ mailto:/@\./) -> FALSE (14) } # if (&User-Name) = notfound (14) } # policy filter_username = notfound (14) [chap] = noop (14) [mschap] = noop (14) suffix: Checking for suffix after "@" (14) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (14) suffix: No such realm "example.org" (14) [suffix] = noop (14) update control { (14) &Proxy-To-Realm := LOCAL (14) } # update control = noop (14) eap: Peer sent EAP Response (code 2) ID 107 length 113 (14) eap: No EAP Start, assuming it's an on-going EAP conversation (14) [eap] = updated (14) [files] = noop (14) [expiration] = noop (14) [logintime] = noop (14) [pap] = noop (14) } # authorize = updated (14) Found Auth-Type = eap (14) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (14) authenticate { (14) eap: Removing EAP session with state 0x83bbfe7085d0f355 (14) eap: Previous EAP request found for state 0x83bbfe7085d0f355, released from the list (14) eap: Peer sent packet with method EAP TLS (13) (14) eap: Calling submodule eap_tls to process data (14) eap_tls: (TLS) EAP Got final fragment (107 bytes) total 2703 (14) eap_tls: (TLS) EAP Done initial handshake (14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done (14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Certificate (14) eap_tls: (TLS) TLS - Creating attributes from 2 certificate in chain (14) eap_tls: TLS-Cert-Serial := "07c1092ab93c84caf4a4cebe5ffd49c091f025b2" (14) eap_tls: TLS-Cert-Expiration := "250413112228Z" (14) eap_tls: TLS-Cert-Valid-Since := "250212112228Z" (14) eap_tls: TLS-Cert-Subject := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority" (14) eap_tls: TLS-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority" (14) eap_tls: TLS-Cert-Common-Name := "Example Certificate Authority" (14) eap_tls: TLS-Cert-CRL-Distribution-Points += http://www.example.org/example_ca.crl (14) eap_tls: (TLS) TLS - Creating attributes from 1 certificate in chain (14) eap_tls: TLS-Client-Cert-Serial := "02" (14) eap_tls: TLS-Client-Cert-Expiration := "250413112229Z" (14) eap_tls: TLS-Client-Cert-Valid-Since := "250212112229Z" (14) eap_tls: TLS-Client-Cert-Subject := "/C=FR/ST=Radius/O=Example mailto:Inc./CN=user@example.org/emailAddress=user@example.org" (14) eap_tls: TLS-Client-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority" (14) eap_tls: TLS-Client-Cert-Common-Name := mailto:user@example.org (14) eap_tls: TLS-Client-Cert-CRL-Distribution-Points += http://www.example.com/example_ca.crl (14) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage += "TLS Web Client Authentication" (14) eap_tls: TLS-Client-Cert-X509v3-Subject-Key-Identifier += "C0:D4:19:99:E9:00:1D:48:E9:00:1A:54:49:BC:DE:99:F6:3B:D7:15" (14) eap_tls: TLS-Client-Cert-X509v3-Authority-Key-Identifier += "A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52" (14) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage-OID += "1.3.6.1.5.5.7.3.2" (14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client certificate (14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange (14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client key exchange (14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify (14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read certificate verify (14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read change cipher spec (14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Finished (14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read finished (14) eap_tls: (TLS) TLS - send TLS 1.2 ChangeCipherSpec (14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write change cipher spec (14) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Finished (14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write finished (14) eap_tls: (TLS) TLS - Handshake state - SSL negotiation finished successfully (14) eap_tls: (TLS) TLS - Connection Established (14) eap_tls: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (14) eap_tls: TLS-Session-Version = "TLS 1.2" (14) eap: Sending EAP Request (code 1) ID 108 length 61 (14) eap: EAP session adding &reply:State = 0x83bbfe7084d7f355 (14) [eap] = handled (14) } # authenticate = handled (14) Using Post-Auth-Type Challenge (14) Post-Auth-Type sub-section not found. Ignoring. (14) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (14) session-state: Saving cached attributes (14) Framed-MTU = 911 (14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Certificate" (14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange" (14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify" (14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Finished" (14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 ChangeCipherSpec" (14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Finished" (14) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (14) TLS-Session-Version = "TLS 1.2" (14) } # server inner-tunnel (14) Virtual server sending reply (14) EAP-Message = 0x016c003d0d8000000033140303000101160303002847c8eebd55963cb54e9efba792027375f7e3584ab6d14ddb9fa827af0df9e0dd4d0378470c2ae2a9 (14) Message-Authenticator = 0x00000000000000000000000000000000 (14) State = 0x83bbfe7084d7f355f9cbfc53fdd80b9e (14) eap_teap: Phase 2: Stage Authentication (14) eap_teap: Phase 2: Got tunneled Access-Challenge (14) eap: Sending EAP Request (code 1) ID 108 length 100 (14) eap: EAP session adding &reply:State = 0x6501da9e6b6ded03 (14) [eap] = handled (14) } # authenticate = handled (14) Using Post-Auth-Type Challenge (14) # Executing group from file /etc/freeradius/sites-enabled/default (14) Challenge { ... } # empty sub-section is ignored (14) session-state: Saving cached attributes (14) Framed-MTU = 974 (14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (14) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (14) TLS-Session-Version = "TLS 1.2" (14) Sent Access-Challenge Id 14 from 192.168.4.151:1812 to 192.168.4.151:48174 length 158 (14) EAP-Message = 0x016c006437011703030059288983a38fe43b6c0b28c9559df65d77f0ad9a4099487ea9a750debdcad8fb27c3f5611a45c94405adba48567e89d0ff604c2192eaafe13c1292b50b5d0e53c250a687ff04862d670715871479770df466480f319183b0cdf5 (14) Message-Authenticator = 0x00000000000000000000000000000000 (14) State = 0x6501da9e6b6ded03dd76d824d918a37a (14) Finished request Waking up in 4.9 seconds. (15) Received Access-Request Id 15 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209 (15) Message-Authenticator = 0xa40374886e256fec561e9328c05e4109 (15) User-Name = "anonymous" (15) Calling-Station-Id = "DE-AD-BE-EF-42-42" (15) Framed-MTU = 1400 (15) NAS-Port-Type = Wireless-802.11 (15) Service-Type = Framed-User (15) Connect-Info = "CONNECT 11Mbps 802.11b" (15) Called-Station-Id = "00:11:22:33:44:55:UConnect" (15) NAS-IP-Address = 192.168.4.20 (15) EAP-Message = 0x026c002d37011703030022c3e8e09ec8573228e3ba6b0bdebfd4f5e62ad0259b38077c11c3cbf850c31c9818b3 (15) State = 0x6501da9e6b6ded03dd76d824d918a37a (15) Restoring &session-state (15) &session-state:Framed-MTU = 974 (15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (15) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (15) &session-state:TLS-Session-Version = "TLS 1.2" (15) # Executing section authorize from file /etc/freeradius/sites-enabled/default (15) authorize { (15) policy filter_username { (15) if (&User-Name) { (15) if (&User-Name) -> TRUE (15) if (&User-Name) { (15) if (&User-Name =~ / /) { (15) if (&User-Name =~ / /) -> FALSE (15) if (&User-Name =~ /@[^@]*@/ ) { (15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (15) if (&User-Name =~ /\.\./ ) { (15) if (&User-Name =~ /\.\./ ) -> FALSE (15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (15) if (&User-Name =~ /\.$/) { (15) if (&User-Name =~ /\.$/) -> FALSE (15) if (&User-Name =~ mailto:/@\./) { (15) if (&User-Name =~ mailto:/@\./) -> FALSE (15) } # if (&User-Name) = notfound (15) } # policy filter_username = notfound (15) [preprocess] = ok (15) [chap] = noop (15) [mschap] = noop (15) [digest] = noop (15) suffix: Checking for suffix after "@" (15) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (15) suffix: No such realm "NULL" (15) [suffix] = noop (15) eap: Peer sent EAP Response (code 2) ID 108 length 45 (15) eap: Continuing tunnel setup (15) [eap] = ok (15) } # authorize = ok (15) Found Auth-Type = eap (15) # Executing group from file /etc/freeradius/sites-enabled/default (15) authenticate { (15) eap: Removing EAP session with state 0x6501da9e6b6ded03 (15) eap: Previous EAP request found for state 0x6501da9e6b6ded03, released from the list (15) eap: Peer sent packet with method EAP TEAP (55) (15) eap: Calling submodule eap_teap to process data (15) eap_teap: Authenticate (15) eap_teap: (TLS) EAP Done initial handshake (15) eap_teap: Session established. Proceeding to decode tunneled attributes (15) eap_teap: Phase 2: Got Tunneled TEAP TLVs (15) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026c00060d00 (15) eap_teap: Phase 2: Got tunneled request (15) eap_teap: EAP-Message = 0x026c00060d00 (15) eap_teap: Phase 2: Authentication (15) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2 (15) Virtual server inner-tunnel received request (15) EAP-Message = 0x026c00060d00 (15) FreeRADIUS-Proxied-To = 127.0.0.1 (15) User-Name = mailto:user@example.org (15) State = 0x83bbfe7084d7f355f9cbfc53fdd80b9e (15) server inner-tunnel { (15) Restoring &session-state (15) &session-state:Framed-MTU = 911 (15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello" (15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello" (15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate" (15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange" (15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest" (15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone" (15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Certificate" (15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange" (15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify" (15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Finished" (15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 ChangeCipherSpec" (15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Finished" (15) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (15) &session-state:TLS-Session-Version = "TLS 1.2" (15) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel (15) authorize { (15) policy filter_username { (15) if (&User-Name) { (15) if (&User-Name) -> TRUE (15) if (&User-Name) { (15) if (&User-Name =~ / /) { (15) if (&User-Name =~ / /) -> FALSE (15) if (&User-Name =~ /@[^@]*@/ ) { (15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (15) if (&User-Name =~ /\.\./ ) { (15) if (&User-Name =~ /\.\./ ) -> FALSE (15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (15) if (&User-Name =~ /\.$/) { (15) if (&User-Name =~ /\.$/) -> FALSE (15) if (&User-Name =~ mailto:/@\./) { (15) if (&User-Name =~ mailto:/@\./) -> FALSE (15) } # if (&User-Name) = notfound (15) } # policy filter_username = notfound (15) [chap] = noop (15) [mschap] = noop (15) suffix: Checking for suffix after "@" (15) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org (15) suffix: No such realm "example.org" (15) [suffix] = noop (15) update control { (15) &Proxy-To-Realm := LOCAL (15) } # update control = noop (15) eap: Peer sent EAP Response (code 2) ID 108 length 6 (15) eap: No EAP Start, assuming it's an on-going EAP conversation (15) [eap] = updated (15) [files] = noop (15) [expiration] = noop (15) [logintime] = noop (15) [pap] = noop (15) } # authorize = updated (15) Found Auth-Type = eap (15) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel (15) authenticate { (15) eap: Removing EAP session with state 0x83bbfe7084d7f355 (15) eap: Previous EAP request found for state 0x83bbfe7084d7f355, released from the list (15) eap: Peer sent packet with method EAP TLS (13) (15) eap: Calling submodule eap_tls to process data (15) eap_tls: (TLS) Peer ACKed our handshake fragment. handshake is finished (15) eap: Sending EAP Success (code 3) ID 108 length 4 (15) eap: Freeing handler (15) [eap] = ok (15) } # authenticate = ok (15) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel (15) post-auth { (15) if (0) { (15) if (0) -> FALSE (15) } # post-auth = noop (15) } # server inner-tunnel (15) Virtual server sending reply (15) MS-MPPE-Recv-Key = 0xab1734be08884816a508c6f44b0c058c010d7dda183e4229f47c2e309e815db7 (15) MS-MPPE-Send-Key = 0x3159245319546b368ede956416028f60f9d76da1ae58b8326650d9bae3485d0e (15) EAP-MSK = 0xab1734be08884816a508c6f44b0c058c010d7dda183e4229f47c2e309e815db73159245319546b368ede956416028f60f9d76da1ae58b8326650d9bae3485d0e (15) EAP-EMSK = 0x457028b49ae6c786baac050a6809b14781896214d356eaba00d8c0394b81b484f128973365a45fa304ae62b5432b8b67b3a09e74bec7f9c360ae80d4b73fce8d (15) EAP-Session-Id = 0x0da18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28ba214b95cbecbeb54093ec803db277546647a37d1b61584271afd9461326b213 (15) EAP-Message = 0x036c0004 (15) Message-Authenticator = 0x00000000000000000000000000000000 (15) User-Name = mailto:user@example.org (15) eap_teap: Phase 2: Stage Authentication (15) eap_teap: Phase 2: Got tunneled Access-Accept (15) eap_teap: Phase 2: Intermediate-Result = Success (15) eap_teap: Phase 2: Sending Cryptobinding (15) eap_teap: Phase 2: Calculating ICMK for round (j = 1) (15) eap_teap: Phase 2: All inner authentications have succeeded (15) eap_teap: Phase 2: Result = Success (15) eap: Sending EAP Request (code 1) ID 109 length 127 (15) eap: EAP session adding &reply:State = 0x6501da9e6a6ced03 (15) [eap] = handled (15) } # authenticate = handled (15) Using Post-Auth-Type Challenge (15) # Executing group from file /etc/freeradius/sites-enabled/default (15) Challenge { ... } # empty sub-section is ignored (15) session-state: Saving cached attributes (15) Framed-MTU = 974 (15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (15) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (15) TLS-Session-Version = "TLS 1.2" (15) Sent Access-Challenge Id 15 from 192.168.4.151:1812 to 192.168.4.151:48174 length 185 (15) EAP-Message = 0x016d007f37011703030074288983a38fe43b6db4f6b522f0efe64022ddb91fda06f70c560b3ae9c0cc272dc4248c2a1a071cb7ec6cde1b5b0a509cd05c2e7aaa7026d0b6634ed9574ee1d144e163c0f9a01474d48c94c86591752dcb0d4c8213997f31ea238f4c069ef531579e70f435d4b89e99c28626b4dcbcc31992492b (15) Message-Authenticator = 0x00000000000000000000000000000000 (15) State = 0x6501da9e6a6ced03dd76d824d918a37a (15) Finished request Waking up in 4.9 seconds. (16) Received Access-Request Id 16 from 192.168.4.151:48174 to 192.168.4.151:1812 length 291 (16) Message-Authenticator = 0xd7189876b0b6015b5824181f72f99123 (16) User-Name = "anonymous" (16) Calling-Station-Id = "DE-AD-BE-EF-42-42" (16) Framed-MTU = 1400 (16) NAS-Port-Type = Wireless-802.11 (16) Service-Type = Framed-User (16) Connect-Info = "CONNECT 11Mbps 802.11b" (16) Called-Station-Id = "00:11:22:33:44:55:UConnect" (16) NAS-IP-Address = 192.168.4.20 (16) EAP-Message = 0x026d007f37011703030074c3e8e09ec857322934547269863913f691df2d96857220aed084f6f6009911df2e6f55df705d83e3f1938831bd3fe40eef1054ea9be393d4032379fb937ed297379ee7d2e4493d41d9ec9829c1bc82ee4c41f810c836f96fa9edeea2b046c639fda3d3f328a93294cd3195fb9dd3865b21b8bd1e (16) State = 0x6501da9e6a6ced03dd76d824d918a37a (16) Restoring &session-state (16) &session-state:Framed-MTU = 974 (16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" (16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello" (16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate" (16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange" (16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone" (16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange" (16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished" (16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec" (16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished" (16) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384" (16) &session-state:TLS-Session-Version = "TLS 1.2" (16) # Executing section authorize from file /etc/freeradius/sites-enabled/default (16) authorize { (16) policy filter_username { (16) if (&User-Name) { (16) if (&User-Name) -> TRUE (16) if (&User-Name) { (16) if (&User-Name =~ / /) { (16) if (&User-Name =~ / /) -> FALSE (16) if (&User-Name =~ /@[^@]*@/ ) { (16) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (16) if (&User-Name =~ /\.\./ ) { (16) if (&User-Name =~ /\.\./ ) -> FALSE (16) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) { (16) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE (16) if (&User-Name =~ /\.$/) { (16) if (&User-Name =~ /\.$/) -> FALSE (16) if (&User-Name =~ mailto:/@\./) { (16) if (&User-Name =~ mailto:/@\./) -> FALSE (16) } # if (&User-Name) = notfound (16) } # policy filter_username = notfound (16) [preprocess] = ok (16) [chap] = noop (16) [mschap] = noop (16) [digest] = noop (16) suffix: Checking for suffix after "@" (16) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (16) suffix: No such realm "NULL" (16) [suffix] = noop (16) eap: Peer sent EAP Response (code 2) ID 109 length 127 (16) eap: Continuing tunnel setup (16) [eap] = ok (16) } # authorize = ok (16) Found Auth-Type = eap (16) # Executing group from file /etc/freeradius/sites-enabled/default (16) authenticate { (16) eap: Removing EAP session with state 0x6501da9e6a6ced03 (16) eap: Previous EAP request found for state 0x6501da9e6a6ced03, released from the list (16) eap: Peer sent packet with method EAP TEAP (55) (16) eap: Calling submodule eap_teap to process data (16) eap_teap: Authenticate (16) eap_teap: (TLS) EAP Done initial handshake (16) eap_teap: Session established. Proceeding to decode tunneled attributes (16) eap_teap: Phase 2: Got Tunneled TEAP TLVs (16) eap_teap: FreeRADIUS-EAP-TEAP-Intermediate-Result = Success (16) eap_teap: FreeRADIUS-EAP-TEAP-Result = Success (16) eap_teap: FreeRADIUS-EAP-TEAP-Crypto-Binding = 0x0001013102d60ab4c0b469590ebcb606ba04c14498e8384e848fd102f93e03c5da855d2ddd71031af74465d8ba7c029d747f50f30daed36d3c70056f802f8a7f78742b4164a8e857d44f35cf (16) eap: Sending EAP Success (code 3) ID 109 length 4 (16) eap: Freeing handler (16) [eap] = ok (16) } # authenticate = ok (16) # Executing section post-auth from file /etc/freeradius/sites-enabled/default (16) post-auth { (16) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) { (16) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE (16) update { (16) &reply::Framed-MTU += &session-state:Framed-MTU[*] -> 974 (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello' (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerHello' (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, Certificate' (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange' (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone' (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange' (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.2 Handshake, Finished' (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 ChangeCipherSpec' (16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, Finished' (16) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES256-GCM-SHA384' (16) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2' (16) } # update = noop (16) [exec] = noop (16) policy remove_reply_message_if_eap { (16) if (&reply:EAP-Message && &reply:Reply-Message) { (16) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (16) else { (16) [noop] = noop (16) } # else = noop (16) } # policy remove_reply_message_if_eap = noop (16) if (EAP-Key-Name && &reply:EAP-Session-Id) { (16) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE (16) } # post-auth = noop (16) Sent Access-Accept Id 16 from 192.168.4.151:1812 to 192.168.4.151:48174 length 177 (16) MS-MPPE-Recv-Key = 0xee59aa95cffe96ce43dec130a01484acdd7222baa3cd822bf0eb9da56be2e489 (16) MS-MPPE-Send-Key = 0x8e09c39543cbd159100a92a24f70edfe6d089fb9ce28d459539fe48fc1c9f427 (16) EAP-Message = 0x036d0004 (16) Message-Authenticator = 0x00000000000000000000000000000000 (16) User-Name = "anonymous" (16) Framed-MTU += 974 (16) Finished request Waking up in 4.9 seconds. ------------------------------------------------------------------------------------------------------------------ Here is the log of TEAP TLS from eapol_test: root@debian-freeradius:~/wpa_supplicant-2.11# /usr/local/bin/eapol_test -c teap_user.conf -s secret -a 192.168.4.151 -M de:ad:be:ef:42:42 -N 30:s:00:11:22:33:44:55:UConnect -N4:x:c0a80414 Reading configuration file 'teap_user.conf' Line: 1 - start of a new network block ssid - hexdump_ascii(len=8): 55 43 6f 6e 6e 65 63 74 UConnect key_mgmt: 0x8 eap methods - hexdump(len=16): 00 00 00 00 37 00 00 00 00 00 00 00 00 00 00 00 phase1 - hexdump_ascii(len=66): 74 65 61 70 5f 63 6f 6d 70 61 74 3d 66 72 65 65 teap_compat=free 72 61 64 69 75 73 2c 74 6c 73 5f 64 69 73 61 62 radius,tls_disab 6c 65 5f 74 6c 73 76 31 5f 30 3d 31 2c 74 6c 73 le_tlsv1_0=1,tls 5f 64 69 73 61 62 6c 65 5f 74 6c 73 76 31 5f 31 _disable_tlsv1_1 3d 31 =1 pac_file - hexdump_ascii(len=0): anonymous_identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous identity - hexdump_ascii(len=16): 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 mailto:user@example.org phase2 - hexdump_ascii(len=11): 61 75 74 68 65 61 70 3d 54 4c 53 autheap=TLS ca_cert - hexdump_ascii(len=28): 2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/ 63 65 72 74 73 2f 63 61 2e 64 65 72 certs/ca.der ca_cert2 - hexdump_ascii(len=28): 2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/ 63 65 72 74 73 2f 63 61 2e 70 65 6d certs/ca.pem client_cert2 - hexdump_ascii(len=32): 2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/ 63 65 72 74 73 2f 63 6c 69 65 6e 74 2e 70 65 6d certs/client.pem private_key2 - hexdump_ascii(len=32): 2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/ 63 65 72 74 73 2f 63 6c 69 65 6e 74 2e 6b 65 79 certs/client.key private_key2_passwd - hexdump_ascii(len=8): 77 68 61 74 65 76 65 72 whatever Priority group 0 id=0 ssid='UConnect' Authentication server 192.168.4.151:1812 RADIUS local address: 192.168.4.151:48174 ENGINE: Loading builtin engines ENGINE: Loading builtin engines EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=93 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: Status notification: started (param=) EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using anonymous identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=14) TX EAP -> RADIUS - hexdump(len=14): 02 5d 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=9): 61 6e 6f 6e 79 6d 6f 75 73 Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=160 Attribute 80 (Message-Authenticator) length=18 Value: c938b5ec4719f3cb4f38776ab8243bac Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=16 Value: 025d000e01616e6f6e796d6f7573 RADIUS: Send 160 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 80 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=80 Attribute 80 (Message-Authenticator) length=18 Value: 151cc4c4d2e9b64c942bf5233651ea0c Attribute 79 (EAP-Message) length=24 Value: 015e001604103f9a6c780e20a2ce97b652c4f8ec438e Attribute 24 (State) length=18 Value: 6501da9e655fde03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=94 len=22) from RADIUS server: EAP-Request-MD5 (4) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=94 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: configuration does not allow: vendor 0 method 4 EAP: vendor 0 method 4 not allowed CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK EAP: Status notification: refuse proposed method (param=MD5) EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed) EAP: allowed methods - hexdump(len=1): 37 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 5e 00 06 03 37 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=170 Attribute 80 (Message-Authenticator) length=18 Value: 29df9753dac0a17e614ec7d921f2799c Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=8 Value: 025e00060337 Attribute 24 (State) length=18 Value: 6501da9e655fde03dd76d824d918a37a RADIUS: Send 170 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 76 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=1 length=76 Attribute 80 (Message-Authenticator) length=18 Value: 6a4862edf13113214f7faa287c25a6fb Attribute 79 (EAP-Message) length=20 Value: 015f00123731000000080001000431323334 Attribute 24 (State) length=18 Value: 6501da9e645eed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=95 len=18) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=95 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=55 EAP: Status notification: accept proposed method (param=TEAP) EAP: Initialize selected EAP method: vendor 0 method 55 (TEAP) TLS: Phase2 EAP types - hexdump(len=96): 00 00 00 00 04 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 34 00 00 00 TLS: using phase1 config options OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:05800088:x509 certificate routines::no certificate or crl found OpenSSL: tls_connection_ca_cert - loaded DER format CA certificate EAP-TEAP: No PAC file '' - assume no PAC entries have been provisioned CTRL-EVENT-EAP-METHOD EAP vendor 0 method 55 (TEAP) selected EAP: EAP entering state METHOD SSL: Received packet(len=18) - Flags 0x31 EAP-TEAP: Start (server ver=1, own ver=1) EAP-TEAP: Using TEAP version 1 EAP-TEAP: Start message payload - hexdump(len=12): 00 00 00 08 00 01 00 04 31 32 33 34 EAP-TEAP: Start message Outer TLVs - hexdump(len=8): 00 01 00 04 31 32 33 34 EAP-TEAP: Outer TLV: Type=1 Length=4 EAP-TEAP: Authority-ID - hexdump(len=4): 31 32 33 34 SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before SSL initialization OpenSSL: TX ver=0x301 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 01 00 b7 OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello) OpenSSL: Message - hexdump(len=183): 01 00 00 b3 03 03 b3 ad ab 7f c0 e5 48 26 60 e9 97 2d ac 89 63 21 38 d4 68 6b 47 b0 a0 0a 24 fe 95 f3 05 15 ed 93 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 52 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write client hello SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3/TLS write client hello SSL: SSL_connect - want more data SSL: 188 bytes pending from ssl_out SSL: Using TLS version TLSv1.2 SSL: 188 bytes left to be sent out (of total 188 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f64c20 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=194) TX EAP -> RADIUS - hexdump(len=194): 02 5f 00 c2 37 01 16 03 01 00 b7 01 00 00 b3 03 03 b3 ad ab 7f c0 e5 48 26 60 e9 97 2d ac 89 63 21 38 d4 68 6b 47 b0 a0 0a 24 fe 95 f3 05 15 ed 93 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 52 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=2 length=358 Attribute 80 (Message-Authenticator) length=18 Value: 2a6f6c950df89f514c76e62f7965e649 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=196 Value: 025f00c2370116030100b7010000b30303b3adab7fc0e5482660e9972dac89632138d4686b47b0a00a24fe95f30515ed93000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000052000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602 Attribute 24 (State) length=18 Value: 6501da9e645eed03dd76d824d918a37a RADIUS: Send 358 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 1048 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=2 length=1048 Attribute 80 (Message-Authenticator) length=18 Value: 7ab1c01749d761b76dc804248d8f7774 Attribute 79 (EAP-Message) length=255 Value: 016003d837c100000ac6160303003d0200003903038f2da11ae8e4a9d2008d944ffa08071b7500ca3a0f7d150cf6877a5d06b8bd4800c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c65204365 Attribute 79 (EAP-Message) length=255 Value: 72746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b3edbbc6f0df4851e5e65706c955eff059f9889c6ce15d1252c933f5b7d84ef3fb2de818eb6060710e8bdb Attribute 79 (EAP-Message) length=255 Value: 39634e238087e88ad274b4b497a9d5924dc5ce01fd1cce8096231211e0359e8ccecb78cd362ea5e64d59c0188ce8e55ff97ebdc5846323e6acf86c45006a98b69c5749df3574e3395119dfd31d42693a253acfcfb8fa95f00c4ef6e35e04a3380c5cf0fdf10bc4124ca2cb763c913e9d3bbe295cdb4f04bf9cf458b644b13cf23301b14f7f1e7c613a2d13b98b44d45f188c568594ad5951c80372f010fdac6eca6f78c94df8d9012d51dafa1e87e6584046bdfb3ad923e4e98edede4e401ad2d9580ac73859d3193bada2b33f9f09e18cc761d38d0203010001a381aa3081a730130603551d25040c300a06082b0601050507030130360603551d1f04 Attribute 79 (EAP-Message) length=227 Value: 2f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c30180603551d200411300f300d060b2b0601040182be68010302301d0603551d0e04160414c0f613a262ad5ee53e77fada04299eb081b1802d301f0603551d23041830168014a68b8782fdf060ffecd2f37fe80fa76de241a352300d06092a864886f70d01010b050003820101002ae3260d8b01f1452de49cc0fb89eeab041571329b014eeb1461987ee823c2df88bb071075e42483679c72df85707c0837b10ed529cc9815ba6114b63fbe6605b8602b Attribute 24 (State) length=18 Value: 6501da9e6761ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=96 len=984) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=96 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=984) - Flags 0xc1 SSL: TLS Message Length: 2758 SSL: Need 1784 bytes more input data SSL: Building ACK (type=55 id=96 ver=1) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f5d460 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 60 00 06 37 01 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=3 length=170 Attribute 80 (Message-Authenticator) length=18 Value: 903dc237de7c9b8695484a34ea240185 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=8 Value: 026000063701 Attribute 24 (State) length=18 Value: 6501da9e6761ed03dd76d824d918a37a RADIUS: Send 170 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 1044 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=3 length=1044 Attribute 80 (Message-Authenticator) length=18 Value: c52d4c7279d4f4c2db0eff6d68ad7287 Attribute 79 (EAP-Message) length=255 Value: 016103d43741a332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b Attribute 79 (EAP-Message) length=255 Value: 3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232385a170d3235303431333131323232385a308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e Attribute 79 (EAP-Message) length=255 Value: 3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351 Attribute 79 (EAP-Message) length=223 Value: c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f534b6f411ac1e20e0a3a30b49bcc3fa51058903aab26d2380399a1fdfc9753961f8eff7fd23ac3b69a975599b30001e84c31b4245d2331c09109f5028cc5415a74fcfca10203010001a38201423082013e301d0603551d0e04160414a68b8782fdf060ffecd2f37fe80fa76de241a3523081d30603551d230481cb3081c88014a68b8782fdf060ffecd2f37fe80fa76de241a352a18199a48196308193310b3009060355040613024652310f300d0603550408 Attribute 24 (State) length=18 Value: 6501da9e6660ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=97 len=980) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=97 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=980) - Flags 0x41 SSL: Need 810 bytes more input data SSL: Building ACK (type=55 id=97 ver=1) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f5d460 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 61 00 06 37 01 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=4 length=170 Attribute 80 (Message-Authenticator) length=18 Value: 4d13af065dc545684c8ff755999fea16 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=8 Value: 026100063701 Attribute 24 (State) length=18 Value: 6501da9e6660ed03dd76d824d918a37a RADIUS: Send 170 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 880 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=4 length=880 Attribute 80 (Message-Authenticator) length=18 Value: 85072cc92d6cad07db05b0626508de28 Attribute 79 (EAP-Message) length=255 Value: 0162033037010c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100b1fbfdd99b0946 Attribute 79 (EAP-Message) length=255 Value: e14a71a6cc445581bb32d6a317d4c99d466f16982e189d83025d9cad8425a759d7e745eded6eec71ab3ce454c4f767868117d8d328ac44f63bc8984dc7a2447d1f405b614363101942d640f17b4fbe4566fba6d0c31970a84b413e9d863f214640e61f93de5504f2ed558348c54bb93828b44a14d4404b63ec9602566afd3cb791365eb9572cf69b14da2d40eda3d7d9c697942b70e886be0d967b1a8f88826535f2c6e56c3624ff7c3db9cfd65b3bcc628a0013a29d8af217af8b9966fa2dd828ebd4177ecdb6f2cd3dbb21e6c9337cdcb02885c58e46b4a16599640ca4504673701127b09e5d89aa1cecf087be1a5043d2498049a99aee1d16030301 Attribute 79 (EAP-Message) length=255 Value: 2c0c00012803001d202f3af9a5771ab2bab98cc5db3f6d9efdf4479fd3e35e9f42c9157459dfc9631d08040100060459f7b8432201b9d32f9a924a2192588715e3d4a716ffa75415c7a518025bf0143bbb03d7445421fafd08c2ad9b49c9c835f1dc7b04ef1d79814af7c6ff10f4e328b4ba9989c8ab738a6195d4ad898c078db5d10759b51749e8d7ea5b3d4ba8f394320c74bdfb713fd502cba50f356b2b5b6944ec630b0702332802bd74194a8025f2d459622393c8efe01e7c467b723ebfea4ed3a5c054361845eb51bf745eac97b8c8a689a969569ec92a6987b89e6a25c94ba8c9c711041fef2ce8e41e3b85bbece56a92f846c6672afb7e91ca Attribute 79 (EAP-Message) length=59 Value: c21c0858279dc926b171dfd9346344a34ba081a860542b4ee433e676643ed2a94b82478d68d92929c31d4fe34e148edb16030300040e000000 Attribute 24 (State) length=18 Value: 6501da9e6163ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=98 len=816) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=98 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=816) - Flags 0x01 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 3d SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write client hello OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello) OpenSSL: Message - hexdump(len=61): 02 00 00 39 03 03 8f 2d a1 1a e8 e4 a9 d2 00 8d 94 4f fa 08 07 1b 75 00 ca 3a 0f 7d 15 0c f6 87 7a 5d 06 b8 bd 48 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 09 45 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server hello OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate) OpenSSL: Message - hexdump(len=2373): 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d OpenSSL: Peer certificate - depth 1 Certificate: Data: Version: 3 (0x2) Serial Number: 07:c1:09:2a:b9:3c:84:ca:f4:a4:ce:be:5f:fd:49:c0:91:f0:25:b2 Signature Algorithm: sha256WithRSAEncryption Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority Validity Not Before: Feb 12 11:22:28 2025 GMT Not After : Apr 13 11:22:28 2025 GMT Subject: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bd:12:9d:8a:d9:2c:9f:b1:d3:2e:68:1a:41:e4: 2e:27:39:37:16:95:69:93:8c:27:a6:84:3a:e9:d4: 86:28:69:a4:70:c1:5e:b0:91:b8:9c:bb:c6:1b:01: 3a:0f:a3:98:06:a6:c8:b7:d3:3e:89:68:c2:01:63: 29:be:59:cc:b4:fb:74:20:4f:4e:6d:02:45:c7:3d: 36:9e:7c:59:69:20:fe:10:98:52:42:a2:71:a5:ca: e5:0e:f7:76:94:be:f9:c1:f5:ef:00:37:a3:70:81: 6e:13:f9:ce:6e:a2:98:ab:f3:de:cb:66:69:15:8f: 19:72:5b:ff:4f:52:30:7d:91:4b:ed:fc:40:86:56: 28:f6:60:ad:80:55:65:0a:b0:9c:93:51:c4:c7:25: 96:43:0d:ed:0a:88:83:87:64:26:b4:f7:f5:61:5b: f2:d4:a4:f4:3d:d0:1f:a4:3d:3f:4e:53:21:c2:06: 24:88:ef:05:b2:f6:1e:2a:4f:53:4b:6f:41:1a:c1: e2:0e:0a:3a:30:b4:9b:cc:3f:a5:10:58:90:3a:ab: 26:d2:38:03:99:a1:fd:fc:97:53:96:1f:8e:ff:7f: d2:3a:c3:b6:9a:97:55:99:b3:00:01:e8:4c:31:b4: 24:5d:23:31:c0:91:09:f5:02:8c:c5:41:5a:74:fc: fc:a1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52 X509v3 Authority Key Identifier: keyid:A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52 DirName:/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority serial:07:C1:09:2A:B9:3C:84:CA:F4:A4:CE:BE:5F:FD:49:C0:91:F0:25:B2 X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: Full Name: URI:http://www.example.org/example_ca.crl Signature Algorithm: sha256WithRSAEncryption Signature Value: b1:fb:fd:d9:9b:09:46:e1:4a:71:a6:cc:44:55:81:bb:32:d6: a3:17:d4:c9:9d:46:6f:16:98:2e:18:9d:83:02:5d:9c:ad:84: 25:a7:59:d7:e7:45:ed:ed:6e:ec:71:ab:3c:e4:54:c4:f7:67: 86:81:17:d8:d3:28:ac:44:f6:3b:c8:98:4d:c7:a2:44:7d:1f: 40:5b:61:43:63:10:19:42:d6:40:f1:7b:4f:be:45:66:fb:a6: d0:c3:19:70:a8:4b:41:3e:9d:86:3f:21:46:40:e6:1f:93:de: 55:04:f2:ed:55:83:48:c5:4b:b9:38:28:b4:4a:14:d4:40:4b: 63:ec:96:02:56:6a:fd:3c:b7:91:36:5e:b9:57:2c:f6:9b:14: da:2d:40:ed:a3:d7:d9:c6:97:94:2b:70:e8:86:be:0d:96:7b: 1a:8f:88:82:65:35:f2:c6:e5:6c:36:24:ff:7c:3d:b9:cf:d6: 5b:3b:cc:62:8a:00:13:a2:9d:8a:f2:17:af:8b:99:66:fa:2d: d8:28:eb:d4:17:7e:cd:b6:f2:cd:3d:bb:21:e6:c9:33:7c:dc: b0:28:85:c5:8e:46:b4:a1:65:99:64:0c:a4:50:46:73:70:11: 27:b0:9e:5d:89:aa:1c:ec:f0:87:be:1a:50:43:d2:49:80:49: a9:9a:ee:1d CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority' hash=7808349207dba06be1fc23faa6a240c97900fd8a2c3d84118f10270e470f56b7 TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority' OpenSSL: Peer certificate - depth 0 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority Validity Not Before: Feb 12 11:22:29 2025 GMT Not After : Apr 13 11:22:29 2025 GMT Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server mailto:Certificate/emailAddress=admin@example.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b3:ed:bb:c6:f0:df:48:51:e5:e6:57:06:c9:55: ef:f0:59:f9:88:9c:6c:e1:5d:12:52:c9:33:f5:b7: d8:4e:f3:fb:2d:e8:18:eb:60:60:71:0e:8b:db:39: 63:4e:23:80:87:e8:8a:d2:74:b4:b4:97:a9:d5:92: 4d:c5:ce:01:fd:1c:ce:80:96:23:12:11:e0:35:9e: 8c:ce:cb:78:cd:36:2e:a5:e6:4d:59:c0:18:8c:e8: e5:5f:f9:7e:bd:c5:84:63:23:e6:ac:f8:6c:45:00: 6a:98:b6:9c:57:49:df:35:74:e3:39:51:19:df:d3: 1d:42:69:3a:25:3a:cf:cf:b8:fa:95:f0:0c:4e:f6: e3:5e:04:a3:38:0c:5c:f0:fd:f1:0b:c4:12:4c:a2: cb:76:3c:91:3e:9d:3b:be:29:5c:db:4f:04:bf:9c: f4:58:b6:44:b1:3c:f2:33:01:b1:4f:7f:1e:7c:61: 3a:2d:13:b9:8b:44:d4:5f:18:8c:56:85:94:ad:59: 51:c8:03:72:f0:10:fd:ac:6e:ca:6f:78:c9:4d:f8: d9:01:2d:51:da:fa:1e:87:e6:58:40:46:bd:fb:3a: d9:23:e4:e9:8e:de:de:4e:40:1a:d2:d9:58:0a:c7: 38:59:d3:19:3b:ad:a2:b3:3f:9f:09:e1:8c:c7:61: d3:8d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://www.example.com/example_ca.crl X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.40808.1.3.2 X509v3 Subject Key Identifier: C0:F6:13:A2:62:AD:5E:E5:3E:77:FA:DA:04:29:9E:B0:81:B1:80:2D X509v3 Authority Key Identifier: A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52 Signature Algorithm: sha256WithRSAEncryption Signature Value: 2a:e3:26:0d:8b:01:f1:45:2d:e4:9c:c0:fb:89:ee:ab:04:15: 71:32:9b:01:4e:eb:14:61:98:7e:e8:23:c2:df:88:bb:07:10: 75:e4:24:83:67:9c:72:df:85:70:7c:08:37:b1:0e:d5:29:cc: 98:15:ba:61:14:b6:3f:be:66:05:b8:60:2b:a3:32:fe:46:5d: 6c:a3:da:54:ce:41:06:65:61:70:71:3c:77:fb:30:13:d0:1c: 33:74:cb:86:ed:0c:b6:86:ab:87:81:36:ac:fe:cf:9f:6f:b2: e0:76:cf:99:13:0f:df:b3:9e:ae:d1:e8:53:67:56:d0:95:72: 88:b8:29:ae:7b:44:66:18:fb:de:d5:40:de:38:5d:7a:53:00: 18:b7:53:7d:8d:4a:80:cb:c5:e7:67:48:75:2b:d1:e7:9e:8c: fb:7c:7f:18:57:cf:32:78:dc:f3:f8:a5:3e:a4:9f:08:81:23: c3:ec:71:1a:28:2e:e0:ab:37:b8:da:0d:b4:a8:3e:ec:4d:fc: 27:8f:ad:71:aa:ed:06:1a:0e:b0:e2:27:51:d1:be:58:72:07: e3:22:a6:10:e5:d8:8a:7b:a0:b2:1c:b3:72:06:ad:d1:3e:48: e4:87:a9:56:dd:65:dd:b4:e2:bd:9d:8a:d6:a8:0b:11:7a:14: 3e:12:46:3e OpenSSL: Certificate Policy 1.3.6.1.4.1.40808.1.3.2 CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin@example.org' hash=d90d58ad04e655b4e1aff7e32069fe5c3d0c3edd4f35e2092274b5055097136a TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin@example.org' EAP: Status notification: remote certificate verification (param=success) OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 01 2c SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server certificate OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange) OpenSSL: Message - hexdump(len=300): 0c 00 01 28 03 00 1d 20 2f 3a f9 a5 77 1a b2 ba b9 8c c5 db 3f 6d 9e fd f4 47 9f d3 e3 5e 9f 42 c9 15 74 59 df c9 63 1d 08 04 01 00 06 04 59 f7 b8 43 22 01 b9 d3 2f 9a 92 4a 21 92 58 87 15 e3 d4 a7 16 ff a7 54 15 c7 a5 18 02 5b f0 14 3b bb 03 d7 44 54 21 fa fd 08 c2 ad 9b 49 c9 c8 35 f1 dc 7b 04 ef 1d 79 81 4a f7 c6 ff 10 f4 e3 28 b4 ba 99 89 c8 ab 73 8a 61 95 d4 ad 89 8c 07 8d b5 d1 07 59 b5 17 49 e8 d7 ea 5b 3d 4b a8 f3 94 32 0c 74 bd fb 71 3f d5 02 cb a5 0f 35 6b 2b 5b 69 44 ec 63 0b 07 02 33 28 02 bd 74 19 4a 80 25 f2 d4 59 62 23 93 c8 ef e0 1e 7c 46 7b 72 3e bf ea 4e d3 a5 c0 54 36 18 45 eb 51 bf 74 5e ac 97 b8 c8 a6 89 a9 69 56 9e c9 2a 69 87 b8 9e 6a 25 c9 4b a8 c9 c7 11 04 1f ef 2c e8 e4 1e 3b 85 bb ec e5 6a 92 f8 46 c6 67 2a fb 7e 91 ca c2 1c 08 58 27 9d c9 26 b1 71 df d9 34 63 44 a3 4b a0 81 a8 60 54 2b 4e e4 33 e6 76 64 3e d2 a9 4b 82 47 8d 68 d9 29 29 c3 1d 4f e3 4e 14 8e db OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 04 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server key exchange OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done) OpenSSL: Message - hexdump(len=4): 0e 00 00 00 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server done OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 25 OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange) OpenSSL: Message - hexdump(len=37): 10 00 00 21 20 3f db 36 c4 2c 17 8b 84 fb 58 db c2 73 b1 66 92 2e 8e 5f 78 96 6a 11 0c 08 67 14 4c 60 05 4f 7d SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write client key exchange OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 14 03 03 00 01 OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/) OpenSSL: Message - hexdump(len=1): 01 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write change cipher spec OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 28 OpenSSL: TX ver=0x303 content_type=22 (handshake/finished) OpenSSL: Message - hexdump(len=16): 14 00 00 0c 6f bf 86 34 6f 24 32 54 81 16 df a7 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write finished SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3/TLS write finished SSL: SSL_connect - want more data SSL: 93 bytes pending from ssl_out SSL: Using TLS version TLSv1.2 SSL: 93 bytes left to be sent out (of total 93 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f999e0 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=99) TX EAP -> RADIUS - hexdump(len=99): 02 62 00 63 37 01 16 03 03 00 25 10 00 00 21 20 3f db 36 c4 2c 17 8b 84 fb 58 db c2 73 b1 66 92 2e 8e 5f 78 96 6a 11 0c 08 67 14 4c 60 05 4f 7d 14 03 03 00 01 01 16 03 03 00 28 c3 e8 e0 9e c8 57 32 1f 4d ac fd f4 ad e4 ab 6e 51 f3 2c d7 df 5e 53 43 ab 24 76 c1 38 ce d4 51 8b bc a5 91 da 91 32 16 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=5 length=263 Attribute 80 (Message-Authenticator) length=18 Value: ac942cbe3238ab49d9798f0793b2bf92 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=101 Value: 026200633701160303002510000021203fdb36c42c178b84fb58dbc273b166922e8e5f78966a110c0867144c60054f7d1403030001011603030028c3e8e09ec857321f4dacfdf4ade4ab6e51f32cd7df5e5343ab2476c138ced4518bbca591da913216 Attribute 24 (State) length=18 Value: 6501da9e6163ed03dd76d824d918a37a RADIUS: Send 263 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 115 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=5 length=115 Attribute 80 (Message-Authenticator) length=18 Value: 9ca1e640bda17e98b6ec87662235aa43 Attribute 79 (EAP-Message) length=59 Value: 0163003937011403030001011603030028288983a38fe43b638f42770f5543607f0558b5ec34693ea104c35ec383476e8483bd43497710874d Attribute 24 (State) length=18 Value: 6501da9e6062ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=99 len=57) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=99 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=57) - Flags 0x01 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 14 03 03 00 01 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write finished OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 28 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read change cipher spec OpenSSL: RX ver=0x303 content_type=22 (handshake/finished) OpenSSL: Message - hexdump(len=16): 14 00 00 0c c0 41 9f fe 54 fe 17 d3 7e 6b ab e4 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read finished SSL: (where=0x20 ret=0x1) SSL: (where=0x1002 ret=0x1) SSL: 0 bytes pending from ssl_out OpenSSL: Handshake finished - resumed=0 SSL: No Application Data included SSL: Using TLS version TLSv1.2 SSL: No data to be sent out EAP-TEAP: TLS done, proceed to Phase 2 EAP-TEAP: TLS cipher suite 0xc030 EAP-TEAP: session_key_seed (S-IMCK[0]) - hexdump(len=40): be 01 98 da 56 38 7c 95 5f 03 2f a4 4a 06 47 15 80 64 8e d7 38 ef 8f fc f3 0c fa c8 73 4a 37 2a 9d ec 4b d8 89 d3 1f ff SSL: Building ACK (type=55 id=99 ver=1) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f952b0 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 63 00 06 37 01 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=6 length=170 Attribute 80 (Message-Authenticator) length=18 Value: 6043b27893fa00ef96c925d17ad0af71 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=8 Value: 026300063701 Attribute 24 (State) length=18 Value: 6501da9e6062ed03dd76d824d918a37a RADIUS: Send 170 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 108 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=6 length=108 Attribute 80 (Message-Authenticator) length=18 Value: f5c228a213b5a4bfdbf1384a68b6c04e Attribute 79 (EAP-Message) length=52 Value: 0164003237011703030027288983a38fe43b64a59087aba7cf508c7e0a35e94014fc7224e15fb13dbf6c1b14d1cf07d454d7 Attribute 24 (State) length=18 Value: 6501da9e6365ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=100 len=50) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=100 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=50) - Flags 0x01 EAP-TEAP: Received 44 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 27 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=15): 00 02 00 02 00 01 80 09 00 05 01 64 00 05 01 EAP-TEAP: Received Phase 2: TLV type 2 (Identity-Type) length 2 EAP-TEAP: Identity-Type: 1 EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 5 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=5): 01 64 00 05 01 TLS: Phase2 EAP types - hexdump(len=96): 00 00 00 00 04 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 34 00 00 00 EAP-TEAP: Phase 2 Request: type=0:1 EAP: using real identity - hexdump_ascii(len=16): 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 mailto:user@example.org EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Add Identity-Type TLV(Identity-Type=1) EAP-TEAP: Encrypting Phase 2 data - hexdump(len=31): 80 09 00 15 02 64 00 15 01 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 00 02 00 02 00 01 OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 37 SSL: 60 bytes left to be sent out (of total 60 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f81b50 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=66) TX EAP -> RADIUS - hexdump(len=66): 02 64 00 42 37 01 17 03 03 00 37 c3 e8 e0 9e c8 57 32 20 2b 5a ef 90 ad 91 c4 37 06 69 6a a3 b3 d9 f4 43 f8 8d 51 52 e8 89 06 a5 31 d5 2f 11 c5 08 89 17 08 31 31 b5 26 35 4f 25 a3 33 b3 8a f1 4f 4b Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=7 length=230 Attribute 80 (Message-Authenticator) length=18 Value: f411907430aea9ad5d123ca2c73ab728 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=68 Value: 0264004237011703030037c3e8e09ec85732202b5aef90ad91c43706696aa3b3d9f443f88d5152e88906a531d52f11c5088917083131b526354f25a333b38af14f4b Attribute 24 (State) length=18 Value: 6501da9e6365ed03dd76d824d918a37a RADIUS: Send 230 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 103 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=7 length=103 Attribute 80 (Message-Authenticator) length=18 Value: dacf01aecca7fb8a1420fe71994dde06 Attribute 79 (EAP-Message) length=47 Value: 0165002d37011703030022288983a38fe43b655c66480b9f0b485d46c7fb024fa8c21d117c66f781d04cdb8fda Attribute 24 (State) length=18 Value: 6501da9e6264ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=101 len=45) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=101 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=45) - Flags 0x01 EAP-TEAP: Received 39 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 22 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 65 00 06 0d 20 EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 65 00 06 0d 20 EAP-TEAP: Phase 2 Request: type=0:13 EAP-TEAP: Selected Phase 2 EAP vendor 0 method 13 TLS: using phase2 config options TLS: Trusted root certificate(s) loaded OpenSSL: SSL_use_certificate_chain_file --> OK OpenSSL: tls_use_private_key_file (PEM) --> loaded SSL: Private key loaded successfully SSL: Received packet(len=6) - Flags 0x20 EAP-TLS: Start SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before SSL initialization OpenSSL: TX ver=0x301 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3 OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello) OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write client hello SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3/TLS write client hello SSL: SSL_connect - want more data SSL: 184 bytes pending from ssl_out SSL: Using TLS version TLSv1.2 SSL: 184 bytes left to be sent out (of total 184 bytes) EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Encrypting Phase 2 data - hexdump(len=194): 80 09 00 be 02 65 00 be 0d 00 16 03 01 00 b3 01 00 00 af 03 03 a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 da SSL: 223 bytes left to be sent out (of total 223 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f9c890 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=229) TX EAP -> RADIUS - hexdump(len=229): 02 65 00 e5 37 01 17 03 03 00 da c3 e8 e0 9e c8 57 32 21 ff 5f 3d 27 56 32 2e a0 6f b9 1d 2a 1b 72 e6 48 b5 4b f4 2d 9d 15 80 e0 6a 25 7a 30 e1 72 b5 42 28 a4 31 23 1b be ea 32 e5 76 84 e7 05 f8 79 f8 73 48 0e 40 5c 3a 12 65 86 7b 5f 5b 32 db 50 e7 d5 51 71 6a 63 70 5c 1f bc 18 c7 22 51 65 9d 21 10 59 c8 e4 ad eb 75 28 1f 39 eb 76 3a 99 e4 ba 41 7b 1e aa 8f 55 bc da 98 72 03 eb 5b 43 e5 02 95 69 b8 b9 4b 9e 78 52 3c db f8 13 16 a2 d0 6f cd 5b e7 65 9b ec d9 09 cb fa d2 47 09 0b fb 8e 46 df b9 c9 f8 b3 12 38 13 ed ba ae 2d cd 83 50 80 12 23 5b 1b 46 fb 70 36 23 39 6b f1 c7 fd 1a 79 48 aa 5a 8b cb ee 89 a4 e0 ce 65 89 12 72 64 bc 80 3f 38 fd 12 94 bb 7e fc a5 de 74 da c5 b6 59 10 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=8 length=393 Attribute 80 (Message-Authenticator) length=18 Value: e493082daabdc7c517d0a060a4f96aa0 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=231 Value: 026500e5370117030300dac3e8e09ec8573221ff5f3d2756322ea06fb91d2a1b72e648b54bf42d9d1580e06a257a30e172b54228a431231bbeea32e57684e705f879f873480e405c3a1265867b5f5b32db50e7d551716a63705c1fbc18c72251659d211059c8e4adeb75281f39eb763a99e4ba417b1eaa8f55bcda987203eb5b43e5029569b8b94b9e78523cdbf81316a2d06fcd5be7659becd909cbfad247090bfb8e46dfb9c9f8b3123813edbaae2dcd83508012235b1b46fb703623396bf1c7fd1a7948aa5a8bcbee89a4e0ce6589127264bc803f38fd1294bb7efca5de74dac5b65910 Attribute 24 (State) length=18 Value: 6501da9e6264ed03dd76d824d918a37a RADIUS: Send 393 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 1020 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=8 length=1020 Attribute 80 (Message-Authenticator) length=18 Value: b2165d524c3c26ce1315cdcc36ed639a Attribute 79 (EAP-Message) length=255 Value: 016603bc370117030303b1288983a38fe43b6691525344bcb7cf514e89621ce2b1b61b0f554412fde0bf91b4506e4585b5b4e84081284289e86d317e8c5d1033a6091e99aee31cfdd8b0c67e72f5a5e699016f419eb846770c281d5c4ec3795ef50d98d6cc455070c2715f68f6f256db9fac7b2638958a98a09998f66bc89e7e11eee57d1c848f941c7542c994abbce3ecaf5dbbc32b0c770f17043a887b9e1510a8254002334f321aa3f1a61a0aa0da5896f44cd206c03a7fca26e79b602259f94e52b45cb06fc1cef7b42a577c120f847f2f1f14bab6a3144d75a82f8a62e40d8b9936b8fa22826fd0ae751363100ab7235b6bed0d109d9f1e72add3 Attribute 79 (EAP-Message) length=255 Value: ae167a94d8375a683beed2962ef11a3d6fa9fe0424a67e9d5a815274699a65ff686c73d22af88575da413514cd68bf49da39c61bc8a74b5022f92bf406ed62fe687413efbd7baf39600cb60ecdd2704b7e7bce64b2ef25c65eeb62ca089e8542b530da1879104d9949aa87afd30f7e56678ead260b498d6a62b8100ec74e43e5de0b3caafe6a8eb22251089d2727bf70ae442ff47067ba08d99191c566cf1067ec9e5ed0bd82931794b58a98e953d2ee36795e9bbe4f030fc1534669054510d060a5f5ec7ca7adfcaa94b68f82fa82e7447f7d384acb93b0b03ca8d178b1741937dd125e9273222f98a21e75bb05df6f018f92d6387624197a9257b0ea Attribute 79 (EAP-Message) length=255 Value: ff7e5b8a665dcb13dc1717b00ba7fc9dd6a948f9b2400896c622efbc798547e52537df38601441ece59cfd7d186591c7d0fc89fd0a2e288b905692d72731bd7933ad933fd7ba5ade01eb4b528246135832bb8a1146d3d511016b1d61e387534197d92c4ed536d649800263602edeb6e79e48e5bd0c19ab11fb9fbb78846de1e50407f5f310fd3ef4dfc7550fd9aa070b1d601ff197eee4a2c0ce80ce0895a00347a6d4ff5a03677029e3a8f931501f91c517d3a061611d9c6c4f3b9da57f04680acb3653bd132cbc047a609bf8322203e372b4be55aec4851aa1977cb01f0c442f5051bba67f7989340b124243e08b44216b8eba5e3f47bc349c01411e Attribute 79 (EAP-Message) length=199 Value: 426259f595318b8b2bccd44458f39dc95f659d3b969793186305b44b4b7c332bc659c253b93b177c62db085a34db28a5b4ebdda793a5d077d5ff3e011fdc97681566e9aa6077d57d284943255bda653c55e6c5c488d14962beddcf42af2d317e922fa473fb73f67897bf4c7b2bc63ea48d6b553c68b786d2bfaa17d60f1a7942efaaa4f462d3305c3fb51289f3ab28be735ddfc560944df8b73d13d5a4cbd6845f0f9a534fa7f79aa4a926e722a68d12ed6330f3571f078cd3225ed3e0528df4cbdd5614ba Attribute 24 (State) length=18 Value: 6501da9e6d67ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=102 len=956) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=102 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=956) - Flags 0x01 EAP-TEAP: Received 950 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 66 03 95 0d c0 00 00 0b 97 16 03 03 00 3d 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 09 45 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 66 03 95 0d c0 00 00 0b 97 16 03 03 00 3d 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 09 45 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 EAP-TEAP: Phase 2 Request: type=0:13 SSL: Received packet(len=917) - Flags 0xc0 SSL: TLS Message Length: 2967 SSL: Need 2060 bytes more input data SSL: Building ACK (type=13 id=102 ver=0) EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 66 00 06 0d 00 OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 22 SSL: 39 bytes left to be sent out (of total 39 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f707c0 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=45) TX EAP -> RADIUS - hexdump(len=45): 02 66 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 22 3b b2 5a 90 15 90 a0 6f 1c 4e a0 d7 34 74 ff 23 e8 e8 b4 3a 23 bd 4a 5d 2b 58 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=9 length=209 Attribute 80 (Message-Authenticator) length=18 Value: 341b277c653c83befd143024adf91a2e Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=47 Value: 0266002d37011703030022c3e8e09ec85732223bb25a901590a06f1c4ea0d73474ff23e8e8b43a23bd4a5d2b58 Attribute 24 (State) length=18 Value: 6501da9e6d67ed03dd76d824d918a37a RADIUS: Send 209 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 1020 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=9 length=1020 Attribute 80 (Message-Authenticator) length=18 Value: e733fb8a0afa0d6a714ffa250c31c0ab Attribute 79 (EAP-Message) length=255 Value: 016703bc370117030303b1288983a38fe43b676f3510dd2f99d961a692c8b8ca1e61c671fd90ad8f09a71923d4d81d04fcf0cbce7ed698e4ee18d01deaf98aa08340130e516fee5db19942bcafae8e75c49f8579ad7b6ef0553990b2e09148b8b23f3eb85974afb400efa78c26c779f5e0bad11e31117cd9858bff84893b0bfbd2982eb4267b4602ce4bb46b8610dca107dacaed309b153ef8dc4925da3c81a09e1755cbac3e67be7eee4cbc2ed6142665bb204fceb4ef581e096e9f48370ca734dd13efe2d4ff098c3ca8c712f5053e103f96bda1ccc56bd0bfd859a2be9300049c0298b188805570ea13fabed97f9e6bddf401b6a484f936ddb70ce4 Attribute 79 (EAP-Message) length=255 Value: 8f9531d1444c52c4893bb262155f028261c7ab0e34602dbc93f13220134b4d6ecce22415f7d33204ee1dcfd2f1d098cc264436a0224963302f802ffdc4850a1a74e4b6aae277ddd4fe6b1eeb15355c99cb6c98dc07ed87e5d1874de5b9ab0fe2f716e26565a4bafd0b1fab8775213b45115448d2b3f11af1f5cb9e866301483eca43ae2cf3b0051ad5c778f9511e825f512842e976ff664e2f7f5b423c847670add812f91df6e6c2ae0646c86725bf2716bba3a34e4c9ed724c8686edae2be15b4b100fe2f0291dc9364522bc902ef3af80c43e6b69a75cd4f45a76a6fc64f66fa5e3f0ef85d17e08e3afc3e93159e72813e29892b00c1c5cd57cdd331 Attribute 79 (EAP-Message) length=255 Value: 4f90684bd9c12de8e039537351e1b6cb662ea886f79f1b09ec0106c9adb39b20358375d337c5e5161bf5a8aa56267bac207b329fa12e8e037917a1a739bdd2b54dcc971a7b2d12be647e33ecd400378199eed5bd8279c9a736b9fb14001f18a7e2296b6e04c78298b5254180f1efa0465302042ce2a3367819325228abd025a598137260863cfef6eec878180a586d87c7f1cd9869bcbe11f121fb9800d04923375f93c5609c70d08aecdb21e5849dbc16066b6da360d9c638c7e3591500e49dafe3bc6620f5d4d03f89c659969b6e9875c2e7d089d1894fa3a5b5093e845c8537f53df0d5e2bfb6bcdceb416442660756c142149a33886f80dea40332 Attribute 79 (EAP-Message) length=199 Value: b9a08392a2de0d8bec88530681b4ca41f66703002b3a14a9f83ae218f7dff8f5887ab109f744e213cf1b65d107f081003d429ac99dc318560ebd4ad82e4c117fdb09ca406672ebbb805d2772a9851cec1dec74c1702f378f85d0fc3aea568803811e44b8f1051a900876f922f3efe8630dfb9d5940ce0437dcd30402dd38515300c7285f8b2513d2086db9e0db03ec9a2303dfee90245092b3ee17d6a5a404951340e35793b2b347fc361236d9e21200b8806f34f2886e5a4b2e7a8a21374007405f2b5a1f Attribute 24 (State) length=18 Value: 6501da9e6c66ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=103 len=956) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=103 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=956) - Flags 0x01 EAP-TEAP: Received 950 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 67 03 95 0d c0 00 00 0b 97 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 67 03 95 0d c0 00 00 0b 97 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 EAP-TEAP: Phase 2 Request: type=0:13 SSL: Received packet(len=917) - Flags 0xc0 SSL: TLS Message Length: 2967 SSL: Need 1153 bytes more input data SSL: Building ACK (type=13 id=103 ver=0) EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 67 00 06 0d 00 OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 22 SSL: 39 bytes left to be sent out (of total 39 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f70740 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=45) TX EAP -> RADIUS - hexdump(len=45): 02 67 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 23 47 84 33 92 ec 55 5e d5 87 05 a8 c3 89 e3 c5 d5 92 fb c9 b0 b4 d6 fa db 35 a7 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=10 length=209 Attribute 80 (Message-Authenticator) length=18 Value: 9705583f9f8b83b90430dc98ef7e0c92 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=47 Value: 0267002d37011703030022c3e8e09ec857322347843392ec555ed58705a8c389e3c5d592fbc9b0b4d6fadb35a7 Attribute 24 (State) length=18 Value: 6501da9e6c66ed03dd76d824d918a37a RADIUS: Send 209 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 1020 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=10 length=1020 Attribute 80 (Message-Authenticator) length=18 Value: 9399598b3a5d8de6bcb4a3ba354acc90 Attribute 79 (EAP-Message) length=255 Value: 016803bc370117030303b1288983a38fe43b686cc3923e3b9fb14213934cdc23208df3166cfa3d840b7ee94440fe99eb8eceab7625a871abacba6a28fd8e7e87799d14a716bec497840dbb43b4bcab9e359083276d71eeb99e8bcef1312e2871a1ad8ec140406a944ef5e8e4709acab032451f35f81f8b71439a4bbf827a5c49abb23c1a50a2014c2e31e0e66817b57f9603eabaa8129e98623e6686047bd66bc06ca9c80dd3755afff566091b82131c793c30806df05578c97e97caf280333e5591705bb64ba14e61fc72ddf6b5bbcaf5172e4eaec22829dee1a95574cbdda828222828ffbfc223056ace415664c69afc576752ff611b297247084056 Attribute 79 (EAP-Message) length=255 Value: 0d85fc0439d6a7ca2c989d679134bababeb8e393731b7fbb38d8962d625fe6c00c66c600b8cc575f918e16b190d3683abab85d713055dfa833983cf81224b063a41ad248fe5d9f5f63ad89325ac6511e9b2443f929f4e1ffa773a8820d8fa7cfe99fe4d487a64504760d058fb2b1a3afe574ade7806aab2997e8f81a134b61a1ffad2565db10b366d0d4c44b50e4c6a61f9858c81d4714d3c9efc90ad5c5ef63bbb12e154742d19452bff0df88466a8b687632cfaab9bee5305b0caf3f8653e98a5c32fb10dfdc9f8899071380e310a943db607d4585d4d0e6e93e823eb468e380ca4e16e00cb49838440e38e94dcf380501bf24401a3ee1102297b3ac Attribute 79 (EAP-Message) length=255 Value: d33fc98bc65fa73d39c2db7953f138488892d8d04fc9715221604dd0d771d5d68c1b9022e5b077a059454219a455b1e60cfd09db55f5702a63d2a59c9d1bc5b63705181454f834ef5d960a428de1947fb450c80f9b86838d3fe2d79efbc8ef48d6d50b954bce0786c4c3b5226791eb8c0a35d46930579610422b40554587224acff8a4f4acf20d0b5ec5708a836b4708d4e471ded18a2ce60826890c81a0fb6e34956feb1769ed91748614be2ef89d012acf9286e1093e94d807eca2ae33ff3bbe6c7bf155bc9dc735cfbfdabb5d8a57a8973e7d73612d86837634d76b2561fb0ed6a513dbfc8e6a8af12499b998e2acba1142b6cd3412c6403ada24df Attribute 79 (EAP-Message) length=199 Value: 9b492cc0b760665b75b4a76840c3f274981a985096f053ce9b4ad0a2adf36b8e7eb4361c98f2ebedb74f605017456c906263b30992417850dac8f3d7eb7ed892a95c74e0d684b37e06bf57fa790f829099ef0857534f70f62cf8b69af0349a7e05c6bfd923a1d529a349703281e30e44c20da6a4395b7e9999338fd18668704a3465b0a30986853fc5f99e57b240eb5972cf7bab0406382e00fe38fd190076ad222aaa34567917f94383785e950186c975cb5f4d86891747a93cebbb8263e49f8406c16589 Attribute 24 (State) length=18 Value: 6501da9e6f69ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=104 len=956) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=104 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=956) - Flags 0x01 EAP-TEAP: Received 950 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 68 03 95 0d c0 00 00 0b 97 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 68 03 95 0d c0 00 00 0b 97 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e EAP-TEAP: Phase 2 Request: type=0:13 SSL: Received packet(len=917) - Flags 0xc0 SSL: TLS Message Length: 2967 SSL: Need 246 bytes more input data SSL: Building ACK (type=13 id=104 ver=0) EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 68 00 06 0d 00 OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 22 SSL: 39 bytes left to be sent out (of total 39 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f9b3e0 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=45) TX EAP -> RADIUS - hexdump(len=45): 02 68 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 24 98 d8 44 2d c5 ad 05 a2 f4 dd f4 64 7b 90 ab ad 9f 33 70 78 37 2d 39 05 d8 ff Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=11 length=209 Attribute 80 (Message-Authenticator) length=18 Value: 9ac9345816cb81e705eb3a1e47b13e36 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=47 Value: 0268002d37011703030022c3e8e09ec857322498d8442dc5ad05a2f4ddf4647b90abad9f337078372d3905d8ff Attribute 24 (State) length=18 Value: 6501da9e6f69ed03dd76d824d918a37a RADIUS: Send 209 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 355 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=11 length=355 Attribute 80 (Message-Authenticator) length=18 Value: da63f3a5e73778b5d2f3cddf37b319f5 Attribute 79 (EAP-Message) length=255 Value: 016901273701170303011c288983a38fe43b697cf24cb85b76b334af65851f85500de18ca6eff47f27cdf3cfc5301bea8ec3317bfacfb7c2edbd3548fe81461493984f84cbe7859b0717fc3f6aa585dbfa3101bb3d26e58fb8bbb12ea6b564229aef50c1ad0dbca675e09a9a23ec436d6b7604197008d0f8ef5ec3de9da81956e4b67cf966f05da7833b26bb8fb3981f5a49761d451dc65bb9dd56aaeb5c5ff1d20794c0574e79ef47d496051a0d4515fc19dc87d331687e3cbdce934cde5c80bc2d1e9813270404cd6b95278c093c6ccec51514cfcaa8027737a2563787b92eccd4b3f62119ffb1de791606e2406b18c121d76ea8c87a129b3f2043c9 Attribute 79 (EAP-Message) length=44 Value: 835cfe66c7e9547a4a4131c1b57c606d4891b505330cdd04093cc3ec8a6532dc7131d66337847097632f Attribute 24 (State) length=18 Value: 6501da9e6e68ed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=105 len=295) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=105 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=295) - Flags 0x01 EAP-TEAP: Received 289 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 01 1c EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=260): 80 09 01 00 01 69 01 00 0d 80 00 00 0b 97 e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78 16 03 03 00 cc 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 16 03 03 00 04 0e 00 00 00 EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 256 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=256): 01 69 01 00 0d 80 00 00 0b 97 e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78 16 03 03 00 cc 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 16 03 03 00 04 0e 00 00 00 EAP-TEAP: Phase 2 Request: type=0:13 SSL: Received packet(len=256) - Flags 0x80 SSL: TLS Message Length: 2967 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 3d SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write client hello OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello) OpenSSL: Message - hexdump(len=61): 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 09 45 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server hello OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate) OpenSSL: Message - hexdump(len=2373): 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d OpenSSL: Peer certificate - depth 1 Certificate: Data: Version: 3 (0x2) Serial Number: 07:c1:09:2a:b9:3c:84:ca:f4:a4:ce:be:5f:fd:49:c0:91:f0:25:b2 Signature Algorithm: sha256WithRSAEncryption Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority Validity Not Before: Feb 12 11:22:28 2025 GMT Not After : Apr 13 11:22:28 2025 GMT Subject: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bd:12:9d:8a:d9:2c:9f:b1:d3:2e:68:1a:41:e4: 2e:27:39:37:16:95:69:93:8c:27:a6:84:3a:e9:d4: 86:28:69:a4:70:c1:5e:b0:91:b8:9c:bb:c6:1b:01: 3a:0f:a3:98:06:a6:c8:b7:d3:3e:89:68:c2:01:63: 29:be:59:cc:b4:fb:74:20:4f:4e:6d:02:45:c7:3d: 36:9e:7c:59:69:20:fe:10:98:52:42:a2:71:a5:ca: e5:0e:f7:76:94:be:f9:c1:f5:ef:00:37:a3:70:81: 6e:13:f9:ce:6e:a2:98:ab:f3:de:cb:66:69:15:8f: 19:72:5b:ff:4f:52:30:7d:91:4b:ed:fc:40:86:56: 28:f6:60:ad:80:55:65:0a:b0:9c:93:51:c4:c7:25: 96:43:0d:ed:0a:88:83:87:64:26:b4:f7:f5:61:5b: f2:d4:a4:f4:3d:d0:1f:a4:3d:3f:4e:53:21:c2:06: 24:88:ef:05:b2:f6:1e:2a:4f:53:4b:6f:41:1a:c1: e2:0e:0a:3a:30:b4:9b:cc:3f:a5:10:58:90:3a:ab: 26:d2:38:03:99:a1:fd:fc:97:53:96:1f:8e:ff:7f: d2:3a:c3:b6:9a:97:55:99:b3:00:01:e8:4c:31:b4: 24:5d:23:31:c0:91:09:f5:02:8c:c5:41:5a:74:fc: fc:a1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52 X509v3 Authority Key Identifier: keyid:A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52 DirName:/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority serial:07:C1:09:2A:B9:3C:84:CA:F4:A4:CE:BE:5F:FD:49:C0:91:F0:25:B2 X509v3 Basic Constraints: critical CA:TRUE X509v3 CRL Distribution Points: Full Name: URI:http://www.example.org/example_ca.crl Signature Algorithm: sha256WithRSAEncryption Signature Value: b1:fb:fd:d9:9b:09:46:e1:4a:71:a6:cc:44:55:81:bb:32:d6: a3:17:d4:c9:9d:46:6f:16:98:2e:18:9d:83:02:5d:9c:ad:84: 25:a7:59:d7:e7:45:ed:ed:6e:ec:71:ab:3c:e4:54:c4:f7:67: 86:81:17:d8:d3:28:ac:44:f6:3b:c8:98:4d:c7:a2:44:7d:1f: 40:5b:61:43:63:10:19:42:d6:40:f1:7b:4f:be:45:66:fb:a6: d0:c3:19:70:a8:4b:41:3e:9d:86:3f:21:46:40:e6:1f:93:de: 55:04:f2:ed:55:83:48:c5:4b:b9:38:28:b4:4a:14:d4:40:4b: 63:ec:96:02:56:6a:fd:3c:b7:91:36:5e:b9:57:2c:f6:9b:14: da:2d:40:ed:a3:d7:d9:c6:97:94:2b:70:e8:86:be:0d:96:7b: 1a:8f:88:82:65:35:f2:c6:e5:6c:36:24:ff:7c:3d:b9:cf:d6: 5b:3b:cc:62:8a:00:13:a2:9d:8a:f2:17:af:8b:99:66:fa:2d: d8:28:eb:d4:17:7e:cd:b6:f2:cd:3d:bb:21:e6:c9:33:7c:dc: b0:28:85:c5:8e:46:b4:a1:65:99:64:0c:a4:50:46:73:70:11: 27:b0:9e:5d:89:aa:1c:ec:f0:87:be:1a:50:43:d2:49:80:49: a9:9a:ee:1d CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority' hash=7808349207dba06be1fc23faa6a240c97900fd8a2c3d84118f10270e470f56b7 TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority' OpenSSL: Peer certificate - depth 0 Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority Validity Not Before: Feb 12 11:22:29 2025 GMT Not After : Apr 13 11:22:29 2025 GMT Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server mailto:Certificate/emailAddress=admin@example.org Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b3:ed:bb:c6:f0:df:48:51:e5:e6:57:06:c9:55: ef:f0:59:f9:88:9c:6c:e1:5d:12:52:c9:33:f5:b7: d8:4e:f3:fb:2d:e8:18:eb:60:60:71:0e:8b:db:39: 63:4e:23:80:87:e8:8a:d2:74:b4:b4:97:a9:d5:92: 4d:c5:ce:01:fd:1c:ce:80:96:23:12:11:e0:35:9e: 8c:ce:cb:78:cd:36:2e:a5:e6:4d:59:c0:18:8c:e8: e5:5f:f9:7e:bd:c5:84:63:23:e6:ac:f8:6c:45:00: 6a:98:b6:9c:57:49:df:35:74:e3:39:51:19:df:d3: 1d:42:69:3a:25:3a:cf:cf:b8:fa:95:f0:0c:4e:f6: e3:5e:04:a3:38:0c:5c:f0:fd:f1:0b:c4:12:4c:a2: cb:76:3c:91:3e:9d:3b:be:29:5c:db:4f:04:bf:9c: f4:58:b6:44:b1:3c:f2:33:01:b1:4f:7f:1e:7c:61: 3a:2d:13:b9:8b:44:d4:5f:18:8c:56:85:94:ad:59: 51:c8:03:72:f0:10:fd:ac:6e:ca:6f:78:c9:4d:f8: d9:01:2d:51:da:fa:1e:87:e6:58:40:46:bd:fb:3a: d9:23:e4:e9:8e:de:de:4e:40:1a:d2:d9:58:0a:c7: 38:59:d3:19:3b:ad:a2:b3:3f:9f:09:e1:8c:c7:61: d3:8d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://www.example.com/example_ca.crl X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.40808.1.3.2 X509v3 Subject Key Identifier: C0:F6:13:A2:62:AD:5E:E5:3E:77:FA:DA:04:29:9E:B0:81:B1:80:2D X509v3 Authority Key Identifier: A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52 Signature Algorithm: sha256WithRSAEncryption Signature Value: 2a:e3:26:0d:8b:01:f1:45:2d:e4:9c:c0:fb:89:ee:ab:04:15: 71:32:9b:01:4e:eb:14:61:98:7e:e8:23:c2:df:88:bb:07:10: 75:e4:24:83:67:9c:72:df:85:70:7c:08:37:b1:0e:d5:29:cc: 98:15:ba:61:14:b6:3f:be:66:05:b8:60:2b:a3:32:fe:46:5d: 6c:a3:da:54:ce:41:06:65:61:70:71:3c:77:fb:30:13:d0:1c: 33:74:cb:86:ed:0c:b6:86:ab:87:81:36:ac:fe:cf:9f:6f:b2: e0:76:cf:99:13:0f:df:b3:9e:ae:d1:e8:53:67:56:d0:95:72: 88:b8:29:ae:7b:44:66:18:fb:de:d5:40:de:38:5d:7a:53:00: 18:b7:53:7d:8d:4a:80:cb:c5:e7:67:48:75:2b:d1:e7:9e:8c: fb:7c:7f:18:57:cf:32:78:dc:f3:f8:a5:3e:a4:9f:08:81:23: c3:ec:71:1a:28:2e:e0:ab:37:b8:da:0d:b4:a8:3e:ec:4d:fc: 27:8f:ad:71:aa:ed:06:1a:0e:b0:e2:27:51:d1:be:58:72:07: e3:22:a6:10:e5:d8:8a:7b:a0:b2:1c:b3:72:06:ad:d1:3e:48: e4:87:a9:56:dd:65:dd:b4:e2:bd:9d:8a:d6:a8:0b:11:7a:14: 3e:12:46:3e OpenSSL: Certificate Policy 1.3.6.1.4.1.40808.1.3.2 CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin@example.org' hash=d90d58ad04e655b4e1aff7e32069fe5c3d0c3edd4f35e2092274b5055097136a TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin@example.org' EAP: Status notification: remote certificate verification (param=success) OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 01 2c SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server certificate OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange) OpenSSL: Message - hexdump(len=300): 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 cc SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server key exchange OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate request) OpenSSL: Message - hexdump(len=204): 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 04 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server certificate request OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done) OpenSSL: Message - hexdump(len=4): 0e 00 00 00 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read server done OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 09 20 OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate) OpenSSL: Message - hexdump(len=2336): 0b 00 09 1c 00 09 19 00 04 15 30 82 04 11 30 82 02 f9 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 71 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 19 30 17 06 03 55 04 03 0c 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d6 7f 45 d2 d2 df ce 1f 6f ca 42 09 0d a7 9f a6 b1 fc 6e c7 f0 b0 fa 1b 74 1f 7f d9 07 d5 63 6a f2 01 78 17 2b 8c 97 53 b9 e7 35 f9 18 35 62 6e 91 13 8b 62 23 a5 87 22 d6 0f 03 65 5d 38 1b d4 b5 26 0b 12 ed 8b 53 15 62 52 ed 1b 66 27 91 74 7d 4b f8 06 d0 30 80 48 27 8f 89 78 65 ca 9c dd 38 cf 63 0d 79 be 59 ab c7 74 7f 28 df ce d6 37 48 98 3d 66 8d 61 80 7a b1 26 f6 98 f2 57 26 6a f3 37 7c 10 ce 2e ea 98 37 3f 2f 6e 99 c7 42 22 73 4c f1 12 90 9d 45 2a ad f8 fd 0d 91 7a f9 3f 8b 08 69 88 e2 f8 51 1b 7b 19 db 1b 42 ad 94 51 ba c5 8d e8 c5 e7 3f 50 ce e6 e9 cc b8 59 89 91 a7 f5 7a a0 24 b8 57 f6 a7 cd 36 95 bc 56 24 61 1e ff 31 44 2f 2d 62 bd 12 2e 41 3b ce 02 73 61 63 15 9e 44 fe 3b f6 bd 50 7a 82 bb 02 8d 38 cf 22 17 5c d5 ca 62 52 71 5b 39 9a 60 f7 5a 0d bd 02 03 01 00 01 a3 81 90 30 81 8d 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 c0 d4 19 99 e9 00 1d 48 e9 00 1a 54 49 bc de 99 f6 3b d7 15 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 52 65 81 90 45 d7 35 0b 01 fe cb db 63 d0 d7 05 4d 80 5d df 91 89 04 37 8f cf a2 1d 95 e4 99 e3 02 a5 a1 64 8e 63 a1 17 39 f3 e9 21 d5 34 42 d2 52 db ce 08 6f 00 92 b5 c8 61 aa b7 69 21 79 0f 6d 4d 93 fe 95 1a da e2 a7 57 fb d1 a0 57 8d 88 f0 3f 0b 7a dc dc 8e 18 b7 9b 55 6d e7 ab 72 38 7b bd f2 7a 91 e0 70 41 66 63 ef 98 37 14 5f ec 3a 66 d6 07 4a 2b 18 ef ad 3f 7d a1 c6 11 43 d6 2c dd df 28 b3 72 2f de 50 1c 2c b3 31 e8 e6 53 22 9d df f3 ae 49 39 d1 2b 39 7e 7a a2 87 e0 c6 56 aa fd 91 60 1c eb 61 5a cb 18 b1 ee 97 55 7a 0f d9 e9 c7 af 7f 87 cb d0 a4 b2 5d 97 da df 61 07 89 25 68 36 5b 22 c8 3b f2 c0 b0 54 d5 20 e6 4f aa 3c d3 53 61 16 fb 7f 84 10 91 ed 5a 93 ea eb b5 fb 65 a3 96 0d fc 3c f9 78 98 72 e9 97 81 e2 7d 52 fb ba e8 1f d0 81 a3 7e ea d7 d8 47 b3 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write client certificate OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 25 OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange) OpenSSL: Message - hexdump(len=37): 10 00 00 21 20 4c 05 94 96 1a 41 19 73 9d 26 73 0f 89 28 31 ae 7c 83 36 83 48 62 cf 67 93 01 b6 d5 b6 a3 0a 3b SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write client key exchange OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 01 08 OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate verify) OpenSSL: Message - hexdump(len=264): 0f 00 01 04 08 04 01 00 63 dc 96 0b c7 d6 e3 28 6d 0c c3 b2 6a 6e 6b 46 f3 84 9d 89 66 08 9f d9 ac 51 f5 2c ff f8 f8 16 e1 b3 5e f2 1b 2c 26 d5 be 33 4d e7 7e 60 f7 2e 38 7e c7 2d eb 27 99 ae 43 35 64 8c 3c 23 ee cc 7e a8 2c 74 64 3d 2e b5 75 b6 d4 bb c3 08 75 4f 45 0a df 06 5d c3 a9 d3 5f 34 37 3f a5 7f a0 02 5f 29 54 73 dd 45 2c 9b 71 ba e8 85 48 86 74 57 b2 78 2f 1f 7b 1b e4 bb 0c 7e 1a 3d 0a f6 d8 86 32 f1 48 22 80 e9 47 52 ae aa 86 66 89 ed 65 22 bc e3 10 78 7d ce bf 1e 85 b9 dc 8e 22 c8 f9 4c 2e 45 fb fa 7c 68 d6 84 0b fd 5b 48 0c c4 32 c0 2c c2 4c d9 32 38 79 f0 f2 8e bb 5d 0b a9 1a 9c a6 fa ea 32 e9 59 e3 0a 4f a3 72 2b 26 21 5e 80 4f 53 45 5a 5d 5b 8c 21 6d 23 a3 ca 29 2f af 03 be c4 4a 46 2e 3e 12 d2 7f 00 1f a5 e6 5d 69 d1 d9 d4 0c ff 10 9b 75 89 ab d5 58 1f 48 fd 09 76 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write certificate verify OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 14 03 03 00 01 OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/) OpenSSL: Message - hexdump(len=1): 01 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write change cipher spec OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 28 OpenSSL: TX ver=0x303 content_type=22 (handshake/finished) OpenSSL: Message - hexdump(len=16): 14 00 00 0c 69 5c e4 a4 ff 00 0b d8 45 25 ff 3e SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write finished SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3/TLS write finished SSL: SSL_connect - want more data SSL: 2703 bytes pending from ssl_out SSL: Using TLS version TLSv1.2 SSL: 2703 bytes left to be sent out (of total 2703 bytes) SSL: sending 1298 bytes, more fragments will follow EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Encrypting Phase 2 data - hexdump(len=1312): 80 09 05 1c 02 69 05 1c 0d c0 00 00 0a 8f 16 03 03 09 20 0b 00 09 1c 00 09 19 00 04 15 30 82 04 11 30 82 02 f9 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 71 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 19 30 17 06 03 55 04 03 0c 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d6 7f 45 d2 d2 df ce 1f 6f ca 42 09 0d a7 9f a6 b1 fc 6e c7 f0 b0 fa 1b 74 1f 7f d9 07 d5 63 6a f2 01 78 17 2b 8c 97 53 b9 e7 35 f9 18 35 62 6e 91 13 8b 62 23 a5 87 22 d6 0f 03 65 5d 38 1b d4 b5 26 0b 12 ed 8b 53 15 62 52 ed 1b 66 27 91 74 7d 4b f8 06 d0 30 80 48 27 8f 89 78 65 ca 9c dd 38 cf 63 0d 79 be 59 ab c7 74 7f 28 df ce d6 37 48 98 3d 66 8d 61 80 7a b1 26 f6 98 f2 57 26 6a f3 37 7c 10 ce 2e ea 98 37 3f 2f 6e 99 c7 42 22 73 4c f1 12 90 9d 45 2a ad f8 fd 0d 91 7a f9 3f 8b 08 69 88 e2 f8 51 1b 7b 19 db 1b 42 ad 94 51 ba c5 8d e8 c5 e7 3f 50 ce e6 e9 cc b8 59 89 91 a7 f5 7a a0 24 b8 57 f6 a7 cd 36 95 bc 56 24 61 1e ff 31 44 2f 2d 62 bd 12 2e 41 3b ce 02 73 61 63 15 9e 44 fe 3b f6 bd 50 7a 82 bb 02 8d 38 cf 22 17 5c d5 ca 62 52 71 5b 39 9a 60 f7 5a 0d bd 02 03 01 00 01 a3 81 90 30 81 8d 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 c0 d4 19 99 e9 00 1d 48 e9 00 1a 54 49 bc de 99 f6 3b d7 15 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 52 65 81 90 45 d7 35 0b 01 fe cb db 63 d0 d7 05 4d 80 5d df 91 89 04 37 8f cf a2 1d 95 e4 99 e3 02 a5 a1 64 8e 63 a1 17 39 f3 e9 21 d5 34 42 d2 52 db ce 08 6f 00 92 b5 c8 61 aa b7 69 21 79 0f 6d 4d 93 fe 95 1a da e2 a7 57 fb d1 a0 57 8d 88 f0 3f 0b 7a dc dc 8e 18 b7 9b 55 6d e7 ab 72 38 7b bd f2 7a 91 e0 70 41 66 63 ef 98 37 14 5f ec 3a 66 d6 07 4a 2b 18 ef ad 3f 7d a1 c6 11 43 d6 2c dd df 28 b3 72 2f de 50 1c 2c b3 31 e8 e6 53 22 9d df f3 ae 49 39 d1 2b 39 7e 7a a2 87 e0 c6 56 aa fd 91 60 1c eb 61 5a cb 18 b1 ee 97 55 7a 0f d9 e9 c7 af 7f 87 cb d0 a4 b2 5d 97 da df 61 07 89 25 68 36 5b 22 c8 3b f2 c0 b0 54 d5 20 e6 4f aa 3c d3 53 61 16 fb 7f 84 10 91 ed 5a 93 ea eb b5 fb 65 a3 96 0d fc 3c f9 78 98 72 e9 97 81 e2 7d 52 fb ba e8 1f d0 81 a3 7e ea d7 d8 47 b3 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 05 38 SSL: 1341 bytes left to be sent out (of total 1341 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb0170 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=1347) TX EAP -> RADIUS - hexdump(len=1347): 02 69 05 43 37 01 17 03 03 05 38 c3 e8 e0 9e c8 57 32 25 81 d9 fe 26 25 ba d2 05 da 05 36 04 66 08 ac ee 0e 12 4d 95 47 a8 8e 13 80 68 75 cf b5 ac 0b 8c 00 44 35 3c 3c 9e 16 d7 ac 66 c1 e5 a4 ad 0c 60 cd 19 00 3b 43 72 ac eb 23 a7 1e 44 0a bb ab b4 bc a3 c6 89 ee 78 5f 8e 4c 67 b4 3f f2 7b f7 e9 86 5d ce 58 a8 d2 b0 f9 2a 4f 50 34 ae 13 07 36 56 09 c4 7a 93 6f de eb f3 73 50 a5 58 c4 ea 4c a6 43 7b 92 dc a3 72 79 2f 32 4c 57 a4 79 12 43 59 2a 6a 08 d7 e2 e0 7e 7c 74 46 20 1a 5e 98 67 14 04 0a ed c4 d6 5e 19 45 a3 59 5a ba a7 39 88 61 53 7b 24 7d ee 04 a7 c2 80 23 c1 7a 9a 52 1b b6 08 59 5a 65 81 42 6f d1 51 54 b7 cd 66 db 0d 9d 37 98 d2 1d 99 05 1e 15 0d 15 bd 7c 4c 47 c8 fd d4 00 1f f8 1f 67 26 00 f5 23 7b bd 6d 2b 45 7d 33 ca 09 e5 b7 79 28 cc 17 da 7b 95 04 4a 35 6d 10 1e bd 2a 0e fa e5 98 99 98 04 f2 49 e8 8c 77 e6 59 b7 61 95 94 ea c2 d2 a8 03 cf 65 92 21 d4 52 54 47 d8 3e 40 9d a2 e4 3a 82 8c 77 2a 5f b6 25 1b c8 80 2e 27 13 85 03 3c ba c4 9c f0 21 ba 56 f2 f5 24 10 55 75 d5 0d 83 d3 91 c1 61 65 4a ea 43 e0 00 92 4b 1f c4 c6 47 8e 4f 1a ed f8 79 ef 12 ce ee e9 b9 67 8e 16 fc 3a 2c 12 b4 40 72 5c 19 5c ae 5e 89 59 71 ac 28 4e d5 ab c9 d4 29 fc ca 70 f0 8f a0 a3 e2 e1 fe 7e 71 77 6b 93 63 ca 25 65 22 bf bd 7b 86 f3 8f 3b 96 87 00 5d e0 59 70 7d e8 46 de 4e b4 26 16 59 9f ef c2 9e ea 8c ee da 73 22 10 09 de 50 f8 ae 42 4d 93 76 89 9b f8 45 46 a2 19 a0 24 8b 3d 67 c6 4b 19 42 b4 2a b1 f7 bb 4f 31 f7 0d 50 ca b8 d4 26 6e 94 4c 82 3a c8 f3 c2 e0 fd a7 26 39 94 ce 09 3f 5e d7 77 1e f8 77 42 e3 97 1c fb 7e 8d 2e 4b 19 7a 02 b5 31 9f e7 78 ef 41 45 9b f3 6a 3d 4b 22 dc 65 d8 67 68 29 e7 d6 82 8e 92 b9 2c 05 d4 d1 31 0f b8 87 a0 1c 40 37 f0 34 d4 22 5e 21 c3 d8 dd 81 eb 00 aa 97 4d 4a 75 c5 a3 99 f8 85 44 fd 46 aa f0 07 32 48 01 1c 32 cc ff 98 39 31 28 22 e3 f6 61 4a 2a 1e 08 f2 c1 f9 19 ce 82 09 c1 d2 80 92 e6 33 23 22 c1 95 1b a1 cc d9 99 02 49 36 a2 b7 c5 aa d4 cd fb f6 2c 9e 9a cf dc f3 70 b4 98 78 f1 44 00 8a f9 8c 3d a7 68 e2 63 28 a3 b7 21 c5 f7 a1 c1 4e b7 1e 5b 6d 58 b5 e3 1f 71 ad b5 62 dc 31 52 8c 57 7a 73 08 f6 82 79 e3 e2 8c 87 35 91 f6 21 52 7c 6b e1 59 11 c4 7d 86 9f d7 40 38 1d d8 a2 a4 b5 53 02 7e 79 67 86 01 f4 52 a8 72 ba b5 22 e6 4a ce 96 73 1a 92 05 3c c5 1e 7b 45 ab a2 1c a0 e3 8a ec 06 d0 a4 a1 b1 87 7d c3 f2 f0 5c 1f 0a 19 69 d8 11 b7 07 84 43 37 aa 33 10 fd 4a ee a5 81 a0 f6 95 3f ec 69 01 28 71 ea 58 23 c7 54 ff a7 f8 e5 d3 d6 5d 13 3c 1a 04 e0 a1 a4 eb 28 d9 2a 55 82 0d 88 8b 02 f2 e4 dc c5 d2 a7 69 db 9f 5e 86 ca c6 45 0a b2 74 9b 58 c0 7f 1d 76 67 e3 06 52 2b 7b d7 16 1c cb b0 c5 60 0a 04 25 d6 16 21 cc b4 10 43 ea 0e 8f aa 7f 17 15 59 49 60 f2 da 2b 41 b2 46 b4 54 52 52 00 38 f6 39 22 19 e8 95 cf d3 e8 b3 ad 00 ba b8 3e 69 5d 08 a5 22 75 87 5c 5a e3 5b 78 50 e2 ff 29 d0 e6 1e d7 fe 30 82 10 5e e8 d5 4d e4 f3 03 d9 31 f9 59 c9 b2 22 2e 98 57 c7 70 27 cb 9b 21 a4 0d e2 38 3f 70 11 a6 83 9a 7c 1d 98 5d bc fe 7c 08 15 d2 2c aa b4 81 05 b0 de 9f 38 fc 37 33 f1 19 10 ae 5b 89 b9 5d 0d 1d 4c 87 52 55 93 22 2b 8c 5d a3 2a 47 e5 f2 d6 9f 7e 39 e6 79 03 95 4f 68 01 4c 3c 89 e8 e8 51 e9 97 af bc 26 86 b0 b8 8b 11 44 25 8a ae ec f5 ca 41 fa f9 3c 2d 74 54 d0 f3 0d b1 92 e7 11 7e ca 8d 55 62 46 81 48 c2 38 f6 ef f8 8b 03 33 30 45 31 d5 59 ca 5b 61 58 27 94 b9 80 b0 bf 6c 6a 56 7e 6e b2 01 02 49 5a 0a 06 e1 ee 7a c3 12 d9 7e dd 66 57 30 3d ba 5c 39 9a 43 f8 55 a4 ea b1 25 65 9a 21 5c 97 bc 92 bd e8 6a 46 77 22 ac 1e 10 59 22 ec f3 08 a4 b3 65 04 d6 3d ea 6f 16 d2 7c b9 f6 42 e4 4a 88 b5 39 c8 5f 35 09 37 43 66 32 e9 9f 92 e7 62 3e 01 54 a6 e1 7c 88 aa c1 8e 9d e6 8d 34 3b ce b5 40 3f ae ae c0 08 0c 4a 69 a9 7a e9 9e c5 dc b1 3c ac 84 96 e7 5a 6f 57 96 f5 5e 75 f6 9a f4 39 75 c7 19 36 06 a2 69 52 c5 ae 88 c5 41 ca 60 6f 12 68 c4 fc d1 dd 5e 8a 39 eb bd 7f b1 a4 3f 2e 33 6f da 71 3e 0c 14 e9 36 ca 52 1e c5 dd c5 e0 7d f8 4e ae 47 ae 51 95 79 2b c7 f0 ec 7a be b1 68 c1 19 cd 2c 8e b2 df 0b df 29 d1 fe ef ff ac 8a eb 53 7a 95 d7 d5 d4 71 77 d9 ef 78 7b c8 1b 52 34 e2 22 52 af 3a 16 0a 23 ae ec b6 e0 f0 fa 39 89 71 50 65 56 8a 99 84 e6 80 13 50 7e 2c b1 cf c3 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=12 length=1521 Attribute 80 (Message-Authenticator) length=18 Value: 64422557b5ce8dc6386d2b81b05bb36a Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=255 Value: 0269054337011703030538c3e8e09ec857322581d9fe2625bad205da0536046608acee0e124d9547a88e13806875cfb5ac0b8c0044353c3c9e16d7ac66c1e5a4ad0c60cd19003b4372aceb23a71e440abbabb4bca3c689ee785f8e4c67b43ff27bf7e9865dce58a8d2b0f92a4f5034ae1307365609c47a936fdeebf37350a558c4ea4ca6437b92dca372792f324c57a4791243592a6a08d7e2e07e7c7446201a5e986714040aedc4d65e1945a3595abaa7398861537b247dee04a7c28023c17a9a521bb608595a6581426fd15154b7cd66db0d9d3798d21d99051e150d15bd7c4c47c8fdd4001ff81f672600f5237bbd6d2b457d33ca09e5b77928cc17 Attribute 79 (EAP-Message) length=255 Value: da7b95044a356d101ebd2a0efae598999804f249e88c77e659b7619594eac2d2a803cf659221d4525447d83e409da2e43a828c772a5fb6251bc8802e271385033cbac49cf021ba56f2f524105575d50d83d391c161654aea43e000924b1fc4c6478e4f1aedf879ef12ceeee9b9678e16fc3a2c12b440725c195cae5e895971ac284ed5abc9d429fcca70f08fa0a3e2e1fe7e71776b9363ca256522bfbd7b86f38f3b9687005de059707de846de4eb42616599fefc29eea8ceeda73221009de50f8ae424d9376899bf84546a219a0248b3d67c64b1942b42ab1f7bb4f31f70d50cab8d4266e944c823ac8f3c2e0fda7263994ce093f5ed7771ef87742e3 Attribute 79 (EAP-Message) length=255 Value: 971cfb7e8d2e4b197a02b5319fe778ef41459bf36a3d4b22dc65d8676829e7d6828e92b92c05d4d1310fb887a01c4037f034d4225e21c3d8dd81eb00aa974d4a75c5a399f88544fd46aaf0073248011c32ccff9839312822e3f6614a2a1e08f2c1f919ce8209c1d28092e6332322c1951ba1ccd999024936a2b7c5aad4cdfbf62c9e9acfdcf370b49878f144008af98c3da768e26328a3b721c5f7a1c14eb71e5b6d58b5e31f71adb562dc31528c577a7308f68279e3e28c873591f621527c6be15911c47d869fd740381dd8a2a4b553027e79678601f452a872bab522e64ace96731a92053cc51e7b45aba21ca0e38aec06d0a4a1b1877dc3f2f05c1f Attribute 79 (EAP-Message) length=255 Value: 0a1969d811b707844337aa3310fd4aeea581a0f6953fec69012871ea5823c754ffa7f8e5d3d65d133c1a04e0a1a4eb28d92a55820d888b02f2e4dcc5d2a769db9f5e86cac6450ab2749b58c07f1d7667e306522b7bd7161ccbb0c5600a0425d61621ccb41043ea0e8faa7f1715594960f2da2b41b246b45452520038f6392219e895cfd3e8b3ad00bab83e695d08a52275875c5ae35b7850e2ff29d0e61ed7fe3082105ee8d54de4f303d931f959c9b2222e9857c77027cb9b21a40de2383f7011a6839a7c1d985dbcfe7c0815d22caab48105b0de9f38fc3733f11910ae5b89b95d0d1d4c87525593222b8c5da32a47e5f2d69f7e39e67903954f6801 Attribute 79 (EAP-Message) length=255 Value: 4c3c89e8e851e997afbc2686b0b88b1144258aaeecf5ca41faf93c2d7454d0f30db192e7117eca8d5562468148c238f6eff88b0333304531d559ca5b61582794b980b0bf6c6a567e6eb20102495a0a06e1ee7ac312d97edd6657303dba5c399a43f855a4eab125659a215c97bc92bde86a467722ac1e105922ecf308a4b36504d63dea6f16d27cb9f642e44a88b539c85f350937436632e99f92e7623e0154a6e17c88aac18e9de68d343bceb5403faeaec0080c4a69a97ae99ec5dcb13cac8496e75a6f5796f55e75f69af43975c7193606a26952c5ae88c541ca606f1268c4fcd1dd5e8a39ebbd7fb1a43f2e336fda713e0c14e936ca521ec5ddc5e0 Attribute 79 (EAP-Message) length=84 Value: 7df84eae47ae5195792bc7f0ec7abeb168c119cd2c8eb2df0bdf29d1feefffac8aeb537a95d7d5d47177d9ef787bc81b5234e22252af3a160a23aeecb6e0f0fa3989715065568a9984e68013507e2cb1cfc3 Attribute 24 (State) length=18 Value: 6501da9e6e68ed03dd76d824d918a37a RADIUS: Send 1521 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 103 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=12 length=103 Attribute 80 (Message-Authenticator) length=18 Value: f54382ba149e5cb83a0afe04041ea48f Attribute 79 (EAP-Message) length=47 Value: 016a002d37011703030022288983a38fe43b6a79a9a1be241b2c5021aeee1b135efc1cc4a65f4a314b530ec830 Attribute 24 (State) length=18 Value: 6501da9e696bed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=106 len=45) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=106 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=45) - Flags 0x01 EAP-TEAP: Received 39 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 22 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 6a 00 06 0d 00 EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 6a 00 06 0d 00 EAP-TEAP: Phase 2 Request: type=0:13 SSL: Received packet(len=6) - Flags 0x00 SSL: 1405 bytes left to be sent out (of total 2703 bytes) SSL: sending 1298 bytes, more fragments will follow EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Encrypting Phase 2 data - hexdump(len=1308): 80 09 05 18 02 6a 05 18 0d 40 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 00 25 10 00 00 21 20 4c 05 94 96 1a 41 19 73 9d 26 73 0f 89 28 31 ae 7c 83 36 83 48 62 cf 67 93 01 b6 d5 b6 a3 0a 3b 16 03 03 01 08 0f 00 01 04 08 04 01 00 63 dc 96 0b c7 d6 e3 28 6d 0c c3 b2 6a 6e 6b 46 f3 84 9d 89 66 08 9f d9 ac 51 f5 2c ff f8 f8 16 e1 b3 5e f2 1b 2c 26 d5 be 33 4d e7 7e 60 f7 2e 38 7e c7 2d eb 27 99 ae 43 35 64 8c 3c 23 ee cc 7e a8 2c 74 64 3d 2e b5 75 b6 d4 bb c3 08 75 4f 45 0a df 06 5d c3 a9 d3 5f 34 37 3f a5 7f a0 02 5f 29 54 73 dd 45 2c 9b 71 ba e8 85 48 86 74 57 b2 78 2f 1f 7b 1b e4 bb 0c 7e 1a 3d 0a f6 d8 86 32 f1 48 22 80 e9 47 52 ae aa 86 66 89 ed 65 22 bc e3 10 78 7d ce bf 1e 85 b9 dc 8e 22 c8 f9 4c 2e 45 fb fa 7c 68 d6 84 0b fd 5b 48 0c c4 32 c0 2c c2 4c d9 32 38 79 f0 f2 8e bb 5d 0b a9 1a 9c a6 fa ea 32 e9 59 e3 0a OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 05 34 SSL: 1337 bytes left to be sent out (of total 1337 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb8d90 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=1343) TX EAP -> RADIUS - hexdump(len=1343): 02 6a 05 3f 37 01 17 03 03 05 34 c3 e8 e0 9e c8 57 32 26 36 dd 17 02 1d a3 03 76 09 8f c2 f0 63 fa 72 f2 ee 10 4d f8 5d 62 e5 9b ce 06 20 47 bd 57 5f 2a 9c 39 ab 48 cc e7 70 19 e3 55 b0 b0 19 3a 1c ca 99 71 a3 34 0a 8a 61 30 d2 a9 1a cf 20 35 cc 9e e7 1e c8 1a ff 29 bd 1e 29 1d cb ea 8c f0 f3 1e ce 44 12 f7 80 c4 74 73 7c a1 17 0c 22 01 c4 ba 99 de ca 18 79 00 c7 1b 83 3c 7d 29 d0 b3 21 ee 75 31 0b 2c 7c 65 d8 55 05 f9 ea 65 c7 ae fd 8e c3 ab 6b ce 56 92 d5 77 93 9c 7b 5f 7d f2 bd c5 65 07 b4 32 7a 0c 35 7e dd f1 fc 65 72 15 bc 3c ec 81 10 88 32 4f 78 7f 36 e7 ad 61 1a b4 58 ba 56 c9 13 dc 38 c3 87 1c 75 41 c9 6d 33 76 4a 44 95 3d 34 48 6b 6e 98 b6 38 3e 59 3d 7f 8a 54 92 ec 6f d8 65 3c 68 25 f8 05 d0 7e 26 bc 38 50 dd ba 54 fb 5e af dc 8c ca 9f 56 23 ad 0d be 9c 3c 55 8d 58 0f b9 cd 84 1e 3e 6f 3c 8f c0 2f 1a e8 ab 2c b1 e4 d6 11 4e 7d 11 34 3e 76 db fe 0f 5f 4b 02 7a b7 2b cb ed a0 e4 10 3d 77 a7 a2 1d 88 25 f4 d9 95 4c 73 9c 29 01 6a 0d 2c e4 5a 9e c6 ef 3d 5b a9 c0 e6 3d 2c 13 db e0 28 a6 b5 15 15 b0 87 b5 9f 84 10 a5 3c 38 fc 02 b4 85 f1 ba 60 c0 a6 58 cc ba f0 92 a7 29 5f 40 36 f4 c6 9a 51 77 8b 44 4f 99 4a 29 5f 5f 11 6f 4f 10 d1 cc 5c f9 99 39 28 df c1 e1 59 27 75 b5 e1 e2 81 71 5b fd 67 a5 80 c5 d7 60 15 62 fd 80 ae 7e 9e a7 93 b3 10 58 5b 84 f2 8f 21 98 3d fc a1 11 50 0b 72 17 94 5e c6 7e 54 dd 87 c3 f7 8a d2 a3 99 b0 c4 22 c3 0d 45 d9 51 eb f3 60 b3 cf 7b 52 7c cc c9 b3 62 f9 83 33 ff 15 07 86 a2 e5 33 58 86 58 ff 78 03 00 31 1d 42 d2 3d 19 c6 a3 75 0f 23 79 89 c1 9b d6 91 e3 97 dd 68 63 d5 27 44 b1 b2 da 6c c2 0f b4 51 d6 f1 2a 47 3e 98 d2 7b 4a f3 b1 c9 8b 98 d3 25 9c 8e 98 5f 7b 3b 1b 9a 31 92 3e a2 9d ad ab af ee 8e 50 44 7b 81 be fa 07 0f 11 37 d5 85 67 8a b9 a3 64 bf da c9 66 03 82 3a 2f aa 76 85 33 e7 4c d6 06 34 9e d7 bf 1f 6c 41 2d 95 96 d3 c9 04 a6 1d 0a 2d 8c 17 7d b1 54 cc 4a 2a 90 86 1e 55 ac 20 85 15 33 b4 23 1e 39 db 6c 77 fd ad 9d e8 a2 78 1a 20 d1 43 8b 04 fe 94 96 02 82 f7 1d f4 64 9a 9c 4a ef d4 5e 43 3f 01 a2 96 22 55 95 f3 60 f8 82 bb 15 9f 44 8e 2f 54 9d 75 6d dd 78 d8 7d de fc ff 72 5a aa 9e 5b a2 43 1b 99 49 86 79 f1 c6 d6 ee 69 93 e9 4b 8c 53 84 60 c2 f0 e9 24 de c9 50 5f 62 74 25 ec 30 ed af 42 8e 69 01 19 ba fe bb 73 ae 11 81 10 6a 13 8c 4c cc 98 b1 5b 2e d9 20 e1 5d 23 9d 8b aa 38 de c4 21 53 bb b9 26 a6 2f 52 db 59 df 96 42 a4 75 3c 44 75 50 f6 5e b4 c8 e7 1a 7d 5b 17 84 42 d7 92 05 59 1a 23 5d b4 6e 53 d4 88 40 48 8e 96 9a ee 72 4e 3e b7 ed 84 4b d2 b1 85 16 22 ad ab 8c 37 eb 17 50 c3 6f a6 17 10 fb 71 2d f6 2c ce 8b b5 83 d3 67 2b ba 01 3b 6a 17 1d 69 84 56 b4 dd 88 c6 71 8c 23 83 ab a0 a1 30 62 5b 8e ed 37 f5 a4 91 61 86 13 4f 80 44 7c 81 7a 94 16 c5 e8 c8 23 04 95 84 5f f5 4b 93 47 28 8c b8 5b 32 3f c5 94 bf 35 d5 33 30 d8 16 b8 7c e1 6b 39 ec 72 cf 3a 6d e7 d5 40 84 9b c2 00 eb cd 66 a4 4d a5 c6 10 de 91 de fb 5a a6 d9 68 fb a8 4a 48 96 64 f8 c5 a2 f3 0f 8d 26 d1 0d 20 5e 1b 18 73 cc bb 30 d0 8f e5 3d e3 8d 5b 40 14 7a 30 b6 b6 9b 5e 1e 87 1c 9e 61 63 a3 1c 00 f6 a9 a4 1e c4 1a 69 43 46 d4 97 6d d9 8d cd 12 ed 0d 5e e2 c9 f3 67 18 89 11 4c cd 06 b3 c2 74 a7 15 e5 23 ed 3d 64 32 19 56 50 8f 66 b9 75 31 c3 c4 b3 08 eb 46 d0 c8 fe 6a 16 70 ea dd a7 1a 15 a2 e3 98 c9 29 1f 61 6c d5 26 b9 6b 6d 52 25 9a cc 57 8f 7e e3 7a 11 c1 31 d3 5f ef 6c 63 8e e2 16 8e 1d 18 a7 ec c6 e7 64 20 d7 94 16 18 05 4b ae 69 4b 04 60 b5 44 58 17 0c c7 14 ca 30 09 51 6b e8 c8 10 24 c8 f4 07 a3 f3 6c 90 9c 05 6f eb ae e0 ce cc c2 bb 33 95 be 8e 8a 24 c2 a5 05 3e 81 d5 69 a4 dd 49 11 4e d5 f0 91 d9 83 8a a4 f1 d8 e7 8d b9 18 3f 2a 5b f5 57 e0 c2 a2 db a7 86 87 6b d2 d3 61 44 25 5a d0 f3 3e 3a cf 34 4d da 80 fe cd 4d 79 98 32 5c 7e 21 38 14 f2 da 9e 11 aa be 40 83 87 fb e7 5d 58 d1 df 60 a9 e5 6d 9f 67 73 1c c9 14 7d ed 25 6e 6f 05 e8 03 7d 65 b0 fb 52 40 28 ed 59 6f e6 71 6e e5 e7 75 98 a4 1f 1f ae 35 b3 ac 4b 4b 8a 99 44 38 38 99 49 fd fa fb 49 75 60 1a f9 bf 9a 15 5d 72 45 2f e1 0f 9c a8 72 4a c2 5b 81 d2 69 df 8b d9 26 0f 3d 39 20 fd 50 7c 26 86 06 d7 73 b5 1a 52 8f ee 2c 5a ba 82 2a 6f 7e b8 4e 43 d6 57 e1 77 88 fc 4f 19 02 c1 b7 d9 ab Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=13 length=1517 Attribute 80 (Message-Authenticator) length=18 Value: 014d0f204d5a230240c2986adda2b8ec Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=255 Value: 026a053f37011703030534c3e8e09ec857322636dd17021da30376098fc2f063fa72f2ee104df85d62e59bce062047bd575f2a9c39ab48cce77019e355b0b0193a1cca9971a3340a8a6130d2a91acf2035cc9ee71ec81aff29bd1e291dcbea8cf0f31ece4412f780c474737ca1170c2201c4ba99deca187900c71b833c7d29d0b321ee75310b2c7c65d85505f9ea65c7aefd8ec3ab6bce5692d577939c7b5f7df2bdc56507b4327a0c357eddf1fc657215bc3cec811088324f787f36e7ad611ab458ba56c913dc38c3871c7541c96d33764a44953d34486b6e98b6383e593d7f8a5492ec6fd8653c6825f805d07e26bc3850ddba54fb5eafdc8cca9f56 Attribute 79 (EAP-Message) length=255 Value: 23ad0dbe9c3c558d580fb9cd841e3e6f3c8fc02f1ae8ab2cb1e4d6114e7d11343e76dbfe0f5f4b027ab72bcbeda0e4103d77a7a21d8825f4d9954c739c29016a0d2ce45a9ec6ef3d5ba9c0e63d2c13dbe028a6b51515b087b59f8410a53c38fc02b485f1ba60c0a658ccbaf092a7295f4036f4c69a51778b444f994a295f5f116f4f10d1cc5cf9993928dfc1e1592775b5e1e281715bfd67a580c5d7601562fd80ae7e9ea793b310585b84f28f21983dfca111500b7217945ec67e54dd87c3f78ad2a399b0c422c30d45d951ebf360b3cf7b527cccc9b362f98333ff150786a2e533588658ff780300311d42d23d19c6a3750f237989c19bd691e397dd Attribute 79 (EAP-Message) length=255 Value: 6863d52744b1b2da6cc20fb451d6f12a473e98d27b4af3b1c98b98d3259c8e985f7b3b1b9a31923ea29dadabafee8e50447b81befa070f1137d585678ab9a364bfdac96603823a2faa768533e74cd606349ed7bf1f6c412d9596d3c904a61d0a2d8c177db154cc4a2a90861e55ac20851533b4231e39db6c77fdad9de8a2781a20d1438b04fe94960282f71df4649a9c4aefd45e433f01a296225595f360f882bb159f448e2f549d756ddd78d87ddefcff725aaa9e5ba2431b99498679f1c6d6ee6993e94b8c538460c2f0e924dec9505f627425ec30edaf428e690119bafebb73ae1181106a138c4ccc98b15b2ed920e15d239d8baa38dec42153bbb9 Attribute 79 (EAP-Message) length=255 Value: 26a62f52db59df9642a4753c447550f65eb4c8e71a7d5b178442d79205591a235db46e53d48840488e969aee724e3eb7ed844bd2b1851622adab8c37eb1750c36fa61710fb712df62cce8bb583d3672bba013b6a171d698456b4dd88c6718c2383aba0a130625b8eed37f5a4916186134f80447c817a9416c5e8c8230495845ff54b9347288cb85b323fc594bf35d53330d816b87ce16b39ec72cf3a6de7d540849bc200ebcd66a44da5c610de91defb5aa6d968fba84a489664f8c5a2f30f8d26d10d205e1b1873ccbb30d08fe53de38d5b40147a30b6b69b5e1e871c9e6163a31c00f6a9a41ec41a694346d4976dd98dcd12ed0d5ee2c9f367188911 Attribute 79 (EAP-Message) length=255 Value: 4ccd06b3c274a715e523ed3d64321956508f66b97531c3c4b308eb46d0c8fe6a1670eadda71a15a2e398c9291f616cd526b96b6d52259acc578f7ee37a11c131d35fef6c638ee2168e1d18a7ecc6e76420d7941618054bae694b0460b54458170cc714ca3009516be8c81024c8f407a3f36c909c056febaee0ceccc2bb3395be8e8a24c2a5053e81d569a4dd49114ed5f091d9838aa4f1d8e78db9183f2a5bf557e0c2a2dba786876bd2d36144255ad0f33e3acf344dda80fecd4d7998325c7e213814f2da9e11aabe408387fbe75d58d1df60a9e56d9f67731cc9147ded256e6f05e8037d65b0fb524028ed596fe6716ee5e77598a41f1fae35b3ac4b Attribute 79 (EAP-Message) length=80 Value: 4b8a994438389949fdfafb4975601af9bf9a155d72452fe10f9ca8724ac25b81d269df8bd9260f3d3920fd507c268606d773b51a528fee2c5aba822a6f7eb84e43d657e17788fc4f1902c1b7d9ab Attribute 24 (State) length=18 Value: 6501da9e696bed03dd76d824d918a37a RADIUS: Send 1517 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 103 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=13 length=103 Attribute 80 (Message-Authenticator) length=18 Value: 2590e8ed3356c3cb0ef1c38d479010d8 Attribute 79 (EAP-Message) length=47 Value: 016b002d37011703030022288983a38fe43b6b7205fb27447f6a361e2f8e1cd2f189d85ab5f239e621e22d2f9b Attribute 24 (State) length=18 Value: 6501da9e686aed03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=107 len=45) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=107 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=45) - Flags 0x01 EAP-TEAP: Received 39 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 22 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 6b 00 06 0d 00 EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 6b 00 06 0d 00 EAP-TEAP: Phase 2 Request: type=0:13 SSL: Received packet(len=6) - Flags 0x00 SSL: 107 bytes left to be sent out (of total 2703 bytes) EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Encrypting Phase 2 data - hexdump(len=117): 80 09 00 71 02 6b 00 71 0d 00 4f a3 72 2b 26 21 5e 80 4f 53 45 5a 5d 5b 8c 21 6d 23 a3 ca 29 2f af 03 be c4 4a 46 2e 3e 12 d2 7f 00 1f a5 e6 5d 69 d1 d9 d4 0c ff 10 9b 75 89 ab d5 58 1f 48 fd 09 76 14 03 03 00 01 01 16 03 03 00 28 2f 20 31 08 12 14 2f 83 91 23 d0 04 93 3d b8 7f 81 0a dc b1 44 3c 2e fb 9f 3f 3c d1 ff 02 b1 4c 37 a2 41 e0 0a 94 26 7f OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 8d SSL: 146 bytes left to be sent out (of total 146 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0faff30 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=152) TX EAP -> RADIUS - hexdump(len=152): 02 6b 00 98 37 01 17 03 03 00 8d c3 e8 e0 9e c8 57 32 27 f8 99 38 84 d8 f1 26 1f 6a 6c b2 79 e2 52 42 f6 42 42 a2 4b 3b cc c0 55 d1 0b 91 fa 67 e2 f2 71 a1 f7 cd 2c 22 a9 4f 78 89 a5 c4 4b c4 2a ca 87 02 a4 8b 81 03 7b 1f f5 fb b1 da 07 85 2c 35 8e 91 f8 e6 c5 53 13 83 b0 7a 2a 16 e6 8d ce c0 0f 03 d5 9a d7 4c e7 79 88 72 59 78 9b d9 38 9e b3 c2 c9 7c 96 36 55 ad 79 78 79 d1 c8 15 3c 74 60 d3 db 3c e9 16 9d 7c 7b bc 23 5c e0 38 cf 71 e4 14 41 c1 08 59 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=14 length=316 Attribute 80 (Message-Authenticator) length=18 Value: 9df89c02b33d950e479313932c0f1bdc Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=154 Value: 026b00983701170303008dc3e8e09ec8573227f8993884d8f1261f6a6cb279e25242f64242a24b3bccc055d10b91fa67e2f271a1f7cd2c22a94f7889a5c44bc42aca8702a48b81037b1ff5fbb1da07852c358e91f8e6c5531383b07a2a16e68dcec00f03d59ad74ce779887259789bd9389eb3c2c97c963655ad797879d1c8153c7460d3db3ce9169d7c7bbc235ce038cf71e41441c10859 Attribute 24 (State) length=18 Value: 6501da9e686aed03dd76d824d918a37a RADIUS: Send 316 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 158 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=14 length=158 Attribute 80 (Message-Authenticator) length=18 Value: 7ebe83849b0c8002be85ccf9db8ca807 Attribute 79 (EAP-Message) length=102 Value: 016c006437011703030059288983a38fe43b6c0b28c9559df65d77f0ad9a4099487ea9a750debdcad8fb27c3f5611a45c94405adba48567e89d0ff604c2192eaafe13c1292b50b5d0e53c250a687ff04862d670715871479770df466480f319183b0cdf5 Attribute 24 (State) length=18 Value: 6501da9e6b6ded03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=108 len=100) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=108 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=100) - Flags 0x01 EAP-TEAP: Received 94 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 59 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=65): 80 09 00 3d 01 6c 00 3d 0d 80 00 00 00 33 14 03 03 00 01 01 16 03 03 00 28 47 c8 ee bd 55 96 3c b5 4e 9e fb a7 92 02 73 75 f7 e3 58 4a b6 d1 4d db 9f a8 27 af 0d f9 e0 dd 4d 03 78 47 0c 2a e2 a9 EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 61 (mandatory) EAP-TEAP: EAP-Payload TLV - hexdump(len=61): 01 6c 00 3d 0d 80 00 00 00 33 14 03 03 00 01 01 16 03 03 00 28 47 c8 ee bd 55 96 3c b5 4e 9e fb a7 92 02 73 75 f7 e3 58 4a b6 d1 4d db 9f a8 27 af 0d f9 e0 dd 4d 03 78 47 0c 2a e2 a9 EAP-TEAP: Phase 2 Request: type=0:13 SSL: Received packet(len=61) - Flags 0x80 SSL: TLS Message Length: 51 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 14 03 03 00 01 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS write finished OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 03 00 28 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read change cipher spec OpenSSL: RX ver=0x303 content_type=22 (handshake/finished) OpenSSL: Message - hexdump(len=16): 14 00 00 0c 98 7d 4f a9 7f c9 90 b2 06 7e 66 bc SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3/TLS read finished SSL: (where=0x20 ret=0x1) SSL: (where=0x1002 ret=0x1) SSL: 0 bytes pending from ssl_out OpenSSL: Handshake finished - resumed=0 SSL: No Application Data included SSL: Using TLS version TLSv1.2 SSL: No data to be sent out EAP-TLS: Done EAP-TLS: Derived key - hexdump(len=64): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7 31 59 24 53 19 54 6b 36 8e de 95 64 16 02 8f 60 f9 d7 6d a1 ae 58 b8 32 66 50 d9 ba e3 48 5d 0e EAP-TLS: Derived EMSK - hexdump(len=64): 45 70 28 b4 9a e6 c7 86 ba ac 05 0a 68 09 b1 47 81 89 62 14 d3 56 ea ba 00 d8 c0 39 4b 81 b4 84 f1 28 97 33 65 a4 5f a3 04 ae 62 b5 43 2b 8b 67 b3 a0 9e 74 be c7 f9 c3 60 ae 80 d4 b7 3f ce 8d EAP-TLS: Derived Session-Id - hexdump(len=65): 0d a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 SSL: Building ACK (type=13 id=108 ver=0) EAP-TEAP: Add EAP-Payload TLV EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 6c 00 06 0d 00 OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 22 SSL: 39 bytes left to be sent out (of total 39 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb3850 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=45) TX EAP -> RADIUS - hexdump(len=45): 02 6c 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 28 e3 ba 6b 0b de bf d4 f5 e6 2a d0 25 9b 38 07 7c 11 c3 cb f8 50 c3 1c 98 18 b3 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=15 length=209 Attribute 80 (Message-Authenticator) length=18 Value: a40374886e256fec561e9328c05e4109 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=47 Value: 026c002d37011703030022c3e8e09ec8573228e3ba6b0bdebfd4f5e62ad0259b38077c11c3cbf850c31c9818b3 Attribute 24 (State) length=18 Value: 6501da9e6b6ded03dd76d824d918a37a RADIUS: Send 209 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 185 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=15 length=185 Attribute 80 (Message-Authenticator) length=18 Value: 4516f6067de73352b078510d41e2492e Attribute 79 (EAP-Message) length=129 Value: 016d007f37011703030074288983a38fe43b6db4f6b522f0efe64022ddb91fda06f70c560b3ae9c0cc272dc4248c2a1a071cb7ec6cde1b5b0a509cd05c2e7aaa7026d0b6634ed9574ee1d144e163c0f9a01474d48c94c86591752dcb0d4c8213997f31ea238f4c069ef531579e70f435d4b89e99c28626b4dcbcc31992492b Attribute 24 (State) length=18 Value: 6501da9e6a6ced03dd76d824d918a37a STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=109 len=127) from RADIUS server: EAP-Request-TEAP (55) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=109 method=55 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=127) - Flags 0x01 EAP-TEAP: Received 121 bytes encrypted data for Phase 2 OpenSSL: RX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 74 EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=92): 80 0a 00 02 00 01 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47 80 03 00 02 00 01 EAP-TEAP: Received Phase 2: TLV type 10 (Intermediate-Result) length 2 (mandatory) EAP-TEAP: Intermediate-Result TLV - hexdump(len=2): 00 01 EAP-TEAP: Intermediate Result: Success EAP-TEAP: Received Phase 2: TLV type 12 (Crypto-Binding) length 76 (mandatory) EAP-TEAP: Crypto-Binding TLV - hexdump(len=76): 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47 EAP-TEAP: Received Phase 2: TLV type 3 (Result) length 2 (mandatory) EAP-TEAP: Result TLV - hexdump(len=2): 00 01 EAP-TEAP: Result: Success EAP-TEAP: Crypto-Binding TLV: Version 1 Received Version 1 Flags 3 Sub-Type 0 EAP-TEAP: Nonce - hexdump(len=32): 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c EAP-TEAP: EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 EAP-TEAP: MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47 EAP-TEAP: Determining CMK[1] for Compound MAC calculation EAP-TEAP: MSK[j] - hexdump(len=64): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7 31 59 24 53 19 54 6b 36 8e de 95 64 16 02 8f 60 f9 d7 6d a1 ae 58 b8 32 66 50 d9 ba e3 48 5d 0e EAP-TEAP: EMSK[j] - hexdump(len=64): 45 70 28 b4 9a e6 c7 86 ba ac 05 0a 68 09 b1 47 81 89 62 14 d3 56 ea ba 00 d8 c0 39 4b 81 b4 84 f1 28 97 33 65 a4 5f a3 04 ae 62 b5 43 2b 8b 67 b3 a0 9e 74 be c7 f9 c3 60 ae 80 d4 b7 3f ce 8d EAP-TEAP: IMSK from EMSK - hexdump(len=32): 32 6d 28 0e b8 c0 d0 d2 cb 5d 01 3e bc da 73 db fa 06 32 73 ec c2 5e 28 ae 79 6f e7 95 6d 29 69 EAP-TEAP: EMSK S-IMCK[j] - hexdump(len=40): e7 f0 81 5a 82 28 cc 53 d4 15 a1 e0 e5 4c 49 66 11 0e 40 e7 24 ab 6f 9f 81 47 f0 49 39 b0 e8 f3 7c 07 7f 1d d2 73 63 1e EAP-TEAP: EMSK CMK[j] - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61 EAP-TEAP: IMSK from MSK - hexdump(len=32): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7 EAP-TEAP: MSK S-IMCK[j] - hexdump(len=40): 32 7f 21 f9 c1 4f c5 5f 3a 7f 39 99 4b 00 ea ce 27 f3 d0 6c d9 9d 36 07 ac 66 4e a3 55 6b d2 ba 54 aa 17 7f 95 fc 8c 85 EAP-TEAP: MSK CMK[j] - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10 EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10 EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34 EAP-TEAP: MAC algorithm: HMAC-SHA384 EAP-TEAP: Received MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47 EAP-TEAP: Calculated MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47 EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61 EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34 EAP-TEAP: MAC algorithm: HMAC-SHA384 EAP-TEAP: Received EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 EAP-TEAP: Calculated EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 EAP-TEAP: Derived key (MSK) - hexdump(len=64): db d6 41 75 31 4c 06 4b a0 01 e1 84 39 49 35 84 19 93 3d ad c5 7a 2a 1c 56 69 5a d4 08 19 9f 08 33 df c1 ab a0 8e 83 b6 3a 36 92 69 99 78 18 2f a1 b8 9b 84 22 2a 23 8c fa 8f 3f 3f f0 f2 f0 f9 EAP-TEAP: Derived key (EMSK) - hexdump(len=64): 34 cb 3d 09 88 64 b0 7b 1c 27 6c d6 8a 54 db 95 53 13 45 68 08 42 37 5f 08 f1 e1 59 e4 8c f4 e1 b9 98 8a d8 d0 68 33 ce 14 1b 5b ca 75 38 0c fc 4d 4d a6 7f 68 03 b1 f2 e7 4a fe 4f e5 67 12 92 EAP-TEAP: Derived Session-Id - hexdump(len=13): 37 6f bf 86 34 6f 24 32 54 81 16 df a7 EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10 EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34 EAP-TEAP: MAC algorithm: HMAC-SHA384 EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61 EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34 EAP-TEAP: MAC algorithm: HMAC-SHA384 EAP-TEAP: Reply Crypto-Binding TLV: Version 1 Received Version 1 Flags 3 SubType 1 EAP-TEAP: Nonce - hexdump(len=32): 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d EAP-TEAP: EMSK Compound MAC - hexdump(len=20): dd 71 03 1a f7 44 65 d8 ba 7c 02 9d 74 7f 50 f3 0d ae d3 6d EAP-TEAP: MSK Compound MAC - hexdump(len=20): 3c 70 05 6f 80 2f 8a 7f 78 74 2b 41 64 a8 e8 57 d4 4f 35 cf EAP-TEAP: Add Result TLV(status=Success) EAP-TEAP: Add Intermediate-Result TLV(status=Success) EAP-TEAP: Authentication completed successfully EAP-TEAP: Encrypting Phase 2 data - hexdump(len=92): 80 0a 00 02 00 01 80 03 00 02 00 01 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d dd 71 03 1a f7 44 65 d8 ba 7c 02 9d 74 7f 50 f3 0d ae d3 6d 3c 70 05 6f 80 2f 8a 7f 78 74 2b 41 64 a8 e8 57 d4 4f 35 cf OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 17 03 03 00 74 SSL: 121 bytes left to be sent out (of total 121 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=UNCOND_SUCC eapRespData=0x5614c0fb0480 EAP: Session-Id - hexdump(len=13): 37 6f bf 86 34 6f 24 32 54 81 16 df a7 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=127) TX EAP -> RADIUS - hexdump(len=127): 02 6d 00 7f 37 01 17 03 03 00 74 c3 e8 e0 9e c8 57 32 29 34 54 72 69 86 39 13 f6 91 df 2d 96 85 72 20 ae d0 84 f6 f6 00 99 11 df 2e 6f 55 df 70 5d 83 e3 f1 93 88 31 bd 3f e4 0e ef 10 54 ea 9b e3 93 d4 03 23 79 fb 93 7e d2 97 37 9e e7 d2 e4 49 3d 41 d9 ec 98 29 c1 bc 82 ee 4c 41 f8 10 c8 36 f9 6f a9 ed ee a2 b0 46 c6 39 fd a3 d3 f3 28 a9 32 94 cd 31 95 fb 9d d3 86 5b 21 b8 bd 1e Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=16 length=291 Attribute 80 (Message-Authenticator) length=18 Value: d7189876b0b6015b5824181f72f99123 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 31 (Calling-Station-Id) length=19 Value: 'DE-AD-BE-EF-42-42' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 30 (Called-Station-Id) length=28 Value: '00:11:22:33:44:55:UConnect' Attribute 4 (NAS-IP-Address) length=6 Value: 192.168.4.20 Attribute 79 (EAP-Message) length=129 Value: 026d007f37011703030074c3e8e09ec857322934547269863913f691df2d96857220aed084f6f6009911df2e6f55df705d83e3f1938831bd3fe40eef1054ea9be393d4032379fb937ed297379ee7d2e4493d41d9ec9829c1bc82ee4c41f810c836f96fa9edeea2b046c639fda3d3f328a93294cd3195fb9dd3865b21b8bd1e Attribute 24 (State) length=18 Value: 6501da9e6a6ced03dd76d824d918a37a RADIUS: Send 291 bytes to the server Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 177 bytes from RADIUS server Received RADIUS message RADIUS message: code=2 (Access-Accept) identifier=16 length=177 Attribute 80 (Message-Authenticator) length=18 Value: 79408ea0aa6e7e121a7fe60f36847969 Attribute 26 (Vendor-Specific) length=58 Value: 000001371134831ef5a48eda8cd424a09602d9f6e6707c0bf0bf7ddf3e2a794e28ca4965deade919a69d244e247cf20a6bca42d8da16a25d Attribute 26 (Vendor-Specific) length=58 Value: 0000013710348cd477c07de14a4f1450a187746d1533e168e852534eec23835ac98b01ae81ade9af03e2f8ef8b532d8b70efb80e28c36b94 Attribute 79 (EAP-Message) length=6 Value: 036d0004 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 12 (Framed-MTU) length=6 Value: 974 STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station MS-MPPE-Send-Key (sign) - hexdump(len=32): 8e 09 c3 95 43 cb d1 59 10 0a 92 a2 4f 70 ed fe 6d 08 9f b9 ce 28 d4 59 53 9f e4 8f c1 c9 f4 27 MS-MPPE-Recv-Key (crypt) - hexdump(len=32): ee 59 aa 95 cf fe 96 ce 43 de c1 30 a0 14 84 ac dd 72 22 ba a3 cd 82 2b f0 eb 9d a5 6b e2 e4 89 decapsulated EAP packet (code=3 id=109 len=4) from RADIUS server: EAP Success EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Success EAP: Status notification: completion (param=success) EAP: EAP entering state SUCCESS CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required WPA: EAPOL processing complete Cancelling authentication timeout State: DISCONNECTED -> COMPLETED EAPOL: SUPP_PAE entering state AUTHENTICATED EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state SUCCESS EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: result=1 EAPOL: Successfully fetched key (len=32) PMK from EAPOL - hexdump(len=32): db d6 41 75 31 4c 06 4b a0 01 e1 84 39 49 35 84 19 93 3d ad c5 7a 2a 1c 56 69 5a d4 08 19 9f 08 WARNING: PMK mismatch PMK from AS - hexdump(len=32): ee 59 aa 95 cf fe 96 ce 43 de c1 30 a0 14 84 ac dd 72 22 ba a3 cd 82 2b f0 eb 9d a5 6b e2 e4 89 No EAP-Key-Name received from server WPA: Clear old PMK and PTK EAP: deinitialize previously used EAP method (55, TEAP) at EAP deinit ENGINE: engine deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE mailto:root@debian-freeradius:~/wpa_supplicant-2.11#
On Feb 12, 2025, at 10:12 PM, Ma, Zhihao via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I met a strange issue saying PMK mismatch when testing EAP TEAP TLS with eapol_test on FreeRADIUS 3.2.7
It's not a strange issue. It's TEAP. We've been working for a few years on updates to RFC7170, which correct a number of fatal flaws in the original RFC. In short, TEAP may or may not work. It's known to work with Windows. It's known to *not* work with some versions of eapol_test. See below. Documenting TEAP is ongoing work. I've been working with Cisco, Microsoft, Aruba, and Jouni Malinen behind the scenes to get all of the issues addressed. It's taken an enormous amount of time and effort. TEAP is just too complicated for its own good.
I was keeping most of the configuration file untouched. The only 3 configuration files modified are clients - I added another user /password based on my IP mschap - I enabled use_mppe_keys (which is required by TEAP MSCHAPv2) eap - Uncommented several key options in eap teap section
Here is the eapol_test conf:
That's not needed. See src/tests/, there are a number of examples of configuration files for eapol_test and TEAP.
Since there are several TEAP tests added this version are done by eapol_test, I believe it’s probably I didn't config FreeRADIUS correctly. Could someone look at it and point out the correct way to do TEAP TLS ?
The file mods-enabled/eap contains sufficient documentation to get TEAP configured. The sample eapol_test files in src/tests show how the client can be configured for various types of authentication. =
Here is the log of TEAP TLS from eapol_test:
root@debian-freeradius:~/wpa_supplicant-2.11# /usr/local/bin/eapol_test -c teap_user.conf -s secret -a 192.168.4.151 -M de:ad:be:ef:42:42 -N 30:s:00:11:22:33:44:55:UConnect -N4:x:c0a80414
Yeah, that won't work. You need the latest from git. I'm using $ eapol_test -v eapol_test v2.12-devel-hostap_2_11-521-ga302d16b1 Alan DeKok.
Many thanks for your immediate response, Alan! I recompiled eapol_test from the latest devel version, now it works like a charm. eapol_test v2.12-devel-hostap_2_11-655-g90856b195 I have submitted a small pull request aimed at assisting those who use eapol_test for TEAP testing. https://github.com/FreeRADIUS/freeradius-server/pull/5518 Please feel free to review and merge it if it proves helpful. On 2/13/25, 06:54, "Alan DeKok" <aland@deployingradius.com <mailto:aland@deployingradius.com>> wrote: !-------------------------------------------------------------------| This Message Is From an External Sender This message came from outside your organization. |-------------------------------------------------------------------! On Feb 12, 2025, at 10:12 PM, Ma, Zhihao via Freeradius-Users <freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org>> wrote:
I met a strange issue saying PMK mismatch when testing EAP TEAP TLS with eapol_test on FreeRADIUS 3.2.7
It's not a strange issue. It's TEAP. We've been working for a few years on updates to RFC7170, which correct a number of fatal flaws in the original RFC. In short, TEAP may or may not work. It's known to work with Windows. It's known to *not* work with some versions of eapol_test. See below. Documenting TEAP is ongoing work. I've been working with Cisco, Microsoft, Aruba, and Jouni Malinen behind the scenes to get all of the issues addressed. It's taken an enormous amount of time and effort. TEAP is just too complicated for its own good.
I was keeping most of the configuration file untouched. The only 3 configuration files modified are clients - I added another user /password based on my IP mschap - I enabled use_mppe_keys (which is required by TEAP MSCHAPv2) eap - Uncommented several key options in eap teap section
Here is the eapol_test conf:
That's not needed. See src/tests/, there are a number of examples of configuration files for eapol_test and TEAP.
Since there are several TEAP tests added this version are done by eapol_test, I believe it’s probably I didn't config FreeRADIUS correctly. Could someone look at it and point out the correct way to do TEAP TLS ?
The file mods-enabled/eap contains sufficient documentation to get TEAP configured. The sample eapol_test files in src/tests show how the client can be configured for various types of authentication. =
Here is the log of TEAP TLS from eapol_test:
root@debian-freeradius:~/wpa_supplicant-2.11# /usr/local/bin/eapol_test -c teap_user.conf -s secret -a 192.168.4.151 -M de:ad:be:ef:42:42 -N 30:s:00:11:22:33:44:55:UConnect -N4:x:c0a80414
Yeah, that won't work. You need the latest from git. I'm using $ eapol_test -v eapol_test v2.12-devel-hostap_2_11-521-ga302d16b1 Alan DeKok.
participants (2)
-
Alan DeKok -
Ma, Zhihao