Hello to all, Here is my dillema: rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select as you can see the tlv failure during peap handshake. I have seen the previous post and I have heeded their warning of making sure the mschap module is configured, but when I have configured these settings I have no luck. I am attaching my eap.conf and radius.conf files as well as the below output for radius -X. ************************************************** Wed Jul 26 06:38:27 2006 : Info: Starting - reading configuration files ... Wed Jul 26 06:38:27 2006 : Debug: reread_config: reading radiusd.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/proxy.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/clients.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/snmp.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/eap.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/sql.conf Wed Jul 26 06:38:27 2006 : Debug: main: prefix = "/usr/local" Wed Jul 26 06:38:27 2006 : Debug: main: localstatedir = "/usr/local/var" Wed Jul 26 06:38:27 2006 : Debug: main: logdir = "/usr/local/var/log/radius" Wed Jul 26 06:38:27 2006 : Debug: main: libdir = "/usr/local/lib" Wed Jul 26 06:38:27 2006 : Debug: main: radacctdir = "/usr/local/var/log/radius/radacct" Wed Jul 26 06:38:27 2006 : Debug: main: hostname_lookups = no Wed Jul 26 06:38:27 2006 : Debug: main: max_request_time = 30 Wed Jul 26 06:38:27 2006 : Debug: main: cleanup_delay = 5 Wed Jul 26 06:38:27 2006 : Debug: main: max_requests = 1024 Wed Jul 26 06:38:27 2006 : Debug: main: delete_blocked_requests = 0 Wed Jul 26 06:38:27 2006 : Debug: main: port = 0 Wed Jul 26 06:38:27 2006 : Debug: main: allow_core_dumps = no Wed Jul 26 06:38:27 2006 : Debug: main: log_stripped_names = no Wed Jul 26 06:38:27 2006 : Debug: main: log_file = "/usr/local/var/log/radius/radius.log" Wed Jul 26 06:38:27 2006 : Debug: main: log_auth = no Wed Jul 26 06:38:27 2006 : Debug: main: log_auth_badpass = no Wed Jul 26 06:38:27 2006 : Debug: main: log_auth_goodpass = no Wed Jul 26 06:38:27 2006 : Debug: main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" Wed Jul 26 06:38:27 2006 : Debug: main: user = "(null)" Wed Jul 26 06:38:27 2006 : Debug: main: group = "(null)" Wed Jul 26 06:38:27 2006 : Debug: main: usercollide = no Wed Jul 26 06:38:27 2006 : Debug: main: lower_user = "no" Wed Jul 26 06:38:27 2006 : Debug: main: lower_pass = "no" Wed Jul 26 06:38:27 2006 : Debug: main: nospace_user = "no" Wed Jul 26 06:38:27 2006 : Debug: main: nospace_pass = "no" Wed Jul 26 06:38:27 2006 : Debug: main: checkrad = "/usr/local/sbin/checkrad" Wed Jul 26 06:38:27 2006 : Debug: main: proxy_requests = yes Wed Jul 26 06:38:27 2006 : Debug: proxy: retry_delay = 5 Wed Jul 26 06:38:27 2006 : Debug: proxy: retry_count = 3 Wed Jul 26 06:38:27 2006 : Debug: proxy: synchronous = no Wed Jul 26 06:38:27 2006 : Debug: proxy: default_fallback = yes Wed Jul 26 06:38:27 2006 : Debug: proxy: dead_time = 120 Wed Jul 26 06:38:27 2006 : Debug: proxy: post_proxy_authorize = no Wed Jul 26 06:38:27 2006 : Debug: proxy: wake_all_if_all_dead = no Wed Jul 26 06:38:27 2006 : Debug: security: max_attributes = 200 Wed Jul 26 06:38:27 2006 : Debug: security: reject_delay = 1 Wed Jul 26 06:38:27 2006 : Debug: security: status_server = no Wed Jul 26 06:38:27 2006 : Debug: main: debug_level = 0 Wed Jul 26 06:38:27 2006 : Debug: read_config_files: reading dictionary Wed Jul 26 06:38:27 2006 : Debug: read_config_files: reading naslist Wed Jul 26 06:38:27 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Wed Jul 26 06:38:27 2006 : Debug: read_config_files: reading clients Wed Jul 26 06:38:27 2006 : Debug: read_config_files: reading realms Wed Jul 26 06:38:27 2006 : Debug: radiusd: entering modules setup Wed Jul 26 06:38:27 2006 : Debug: Module: Library search path is /usr/local/lib Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded exec Wed Jul 26 06:38:27 2006 : Debug: exec: wait = yes Wed Jul 26 06:38:27 2006 : Debug: exec: program = "(null)" Wed Jul 26 06:38:27 2006 : Debug: exec: input_pairs = "request" Wed Jul 26 06:38:27 2006 : Debug: exec: output_pairs = "(null)" Wed Jul 26 06:38:27 2006 : Debug: exec: packet_type = "(null)" Wed Jul 26 06:38:27 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated exec (exec) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded expr Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated expr (expr) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded PAP Wed Jul 26 06:38:27 2006 : Debug: pap: encryption_scheme = "crypt" Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated pap (pap) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded CHAP Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated chap (chap) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded MS-CHAP Wed Jul 26 06:38:27 2006 : Debug: mschap: use_mppe = yes Wed Jul 26 06:38:27 2006 : Debug: mschap: require_encryption = yes Wed Jul 26 06:38:27 2006 : Debug: mschap: require_strong = yes Wed Jul 26 06:38:27 2006 : Debug: mschap: with_ntdomain_hack = no Wed Jul 26 06:38:27 2006 : Debug: mschap: passwd = "(null)" Wed Jul 26 06:38:27 2006 : Debug: mschap: ntlm_auth = "(null)" Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated mschap (mschap) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded System Wed Jul 26 06:38:27 2006 : Debug: unix: cache = no Wed Jul 26 06:38:27 2006 : Debug: unix: passwd = "(null)" Wed Jul 26 06:38:27 2006 : Debug: unix: shadow = "(null)" Wed Jul 26 06:38:27 2006 : Debug: unix: group = "(null)" Wed Jul 26 06:38:27 2006 : Debug: unix: radwtmp = "/usr/local/var/log/radius/radwtmp" Wed Jul 26 06:38:27 2006 : Debug: unix: usegroup = no Wed Jul 26 06:38:27 2006 : Debug: unix: cache_reload = 600 Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated unix (unix) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded LDAP Wed Jul 26 06:38:27 2006 : Debug: ldap: server = "56.207.1.134" Wed Jul 26 06:38:27 2006 : Debug: ldap: port = 389 Wed Jul 26 06:38:27 2006 : Debug: ldap: net_timeout = 1 Wed Jul 26 06:38:27 2006 : Debug: ldap: timeout = 4 Wed Jul 26 06:38:27 2006 : Debug: ldap: timelimit = 3 Wed Jul 26 06:38:27 2006 : Debug: ldap: identity = "CN=SVTest45,OU=Users,OU=Surface Visibility POC,OU=Server Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_mode = no Wed Jul 26 06:38:27 2006 : Debug: ldap: start_tls = no Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_cacertfile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_cacertdir = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_certfile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_keyfile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_randfile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_require_cert = "allow" Wed Jul 26 06:38:27 2006 : Debug: ldap: password = "Ytilibis6" Wed Jul 26 06:38:27 2006 : Debug: ldap: basedn = "OU=Users,OU=Surface Visibility POC,OU=Server Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov" Wed Jul 26 06:38:27 2006 : Debug: ldap: filter = "(&(sAMAccountName=%{user-name}))" Wed Jul 26 06:38:27 2006 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Wed Jul 26 06:38:27 2006 : Debug: ldap: default_profile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: profile_attribute = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: password_header = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: password_attribute = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: access_attr = "dialupAccess" Wed Jul 26 06:38:27 2006 : Debug: ldap: groupname_attribute = "cn" Wed Jul 26 06:38:27 2006 : Debug: ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" Wed Jul 26 06:38:27 2006 : Debug: ldap: groupmembership_attribute = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap" Wed Jul 26 06:38:27 2006 : Debug: ldap: ldap_debug = 0 Wed Jul 26 06:38:27 2006 : Debug: ldap: ldap_connections_number = 5 Wed Jul 26 06:38:27 2006 : Debug: ldap: compare_check_items = yes Wed Jul 26 06:38:27 2006 : Debug: ldap: access_attr_used_for_allow = yes Wed Jul 26 06:38:27 2006 : Debug: ldap: do_xlat = yes Wed Jul 26 06:38:27 2006 : Debug: ldap: set_auth_type = yes Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Wed Jul 26 06:38:27 2006 : Debug: conns: 0x8139828 Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated ldap (ldap) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded eap Wed Jul 26 06:38:27 2006 : Debug: eap: default_eap_type = "peap" Wed Jul 26 06:38:27 2006 : Debug: eap: timer_expire = 60 Wed Jul 26 06:38:27 2006 : Debug: eap: ignore_unknown_eap_types = no Wed Jul 26 06:38:27 2006 : Debug: eap: cisco_accounting_username_bug = no Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and initialized type md5 Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and initialized type leap Wed Jul 26 06:38:27 2006 : Debug: gtc: challenge = "Password: " Wed Jul 26 06:38:27 2006 : Debug: gtc: auth_type = "PAP" Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and initialized type gtc Wed Jul 26 06:38:27 2006 : Debug: tls: rsa_key_exchange = no Wed Jul 26 06:38:27 2006 : Debug: tls: dh_key_exchange = yes Wed Jul 26 06:38:27 2006 : Debug: tls: rsa_key_length = 512 Wed Jul 26 06:38:27 2006 : Debug: tls: dh_key_length = 512 Wed Jul 26 06:38:27 2006 : Debug: tls: verify_depth = 0 Wed Jul 26 06:38:27 2006 : Debug: tls: CA_path = "(null)" Wed Jul 26 06:38:27 2006 : Debug: tls: pem_file_type = yes Wed Jul 26 06:38:27 2006 : Debug: tls: private_key_file = "/usr/local/etc/raddb/certs/server_keycert.pem" Wed Jul 26 06:38:27 2006 : Debug: tls: certificate_file = "/usr/local/etc/raddb/certs/server_keycert.pem" Wed Jul 26 06:38:27 2006 : Debug: tls: CA_file = "/usr/local/etc/raddb/certs/cacert.pem" Wed Jul 26 06:38:27 2006 : Debug: tls: private_key_password = "" Wed Jul 26 06:38:27 2006 : Debug: tls: dh_file = "/usr/local/etc/raddb/certs/dh" Wed Jul 26 06:38:27 2006 : Debug: tls: random_file = "/usr/local/etc/raddb/certs/random" Wed Jul 26 06:38:27 2006 : Debug: tls: fragment_size = 1024 Wed Jul 26 06:38:27 2006 : Debug: tls: include_length = yes Wed Jul 26 06:38:27 2006 : Debug: tls: check_crl = no Wed Jul 26 06:38:27 2006 : Debug: tls: check_cert_cn = "(null)" Wed Jul 26 06:38:27 2006 : Debug: tls: cipher_list = "(null)" Wed Jul 26 06:38:27 2006 : Debug: tls: check_cert_issuer = "(null)" Wed Jul 26 06:38:27 2006 : Info: rlm_eap_tls: Loading the certificate file as a chain Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and initialized type tls Wed Jul 26 06:38:28 2006 : Debug: peap: default_eap_type = "mschapv2" Wed Jul 26 06:38:28 2006 : Debug: peap: copy_request_to_tunnel = yes Wed Jul 26 06:38:28 2006 : Debug: peap: use_tunneled_reply = yes Wed Jul 26 06:38:28 2006 : Debug: peap: proxy_tunneled_request_as_eap = yes Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and initialized type peap Wed Jul 26 06:38:28 2006 : Debug: mschapv2: with_ntdomain_hack = no Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and initialized type mschapv2 Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated eap (eap) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded preprocess Wed Jul 26 06:38:28 2006 : Debug: preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" Wed Jul 26 06:38:28 2006 : Debug: preprocess: hints = "/usr/local/etc/raddb/hints" Wed Jul 26 06:38:28 2006 : Debug: preprocess: with_ascend_hack = no Wed Jul 26 06:38:28 2006 : Debug: preprocess: ascend_channels_per_line = 23 Wed Jul 26 06:38:28 2006 : Debug: preprocess: with_ntdomain_hack = no Wed Jul 26 06:38:28 2006 : Debug: preprocess: with_specialix_jetstream_hack = no Wed Jul 26 06:38:28 2006 : Debug: preprocess: with_cisco_vsa_hack = no Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated preprocess (preprocess) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded realm Wed Jul 26 06:38:28 2006 : Debug: realm: format = "suffix" Wed Jul 26 06:38:28 2006 : Debug: realm: delimiter = "@" Wed Jul 26 06:38:28 2006 : Debug: realm: ignore_default = no Wed Jul 26 06:38:28 2006 : Debug: realm: ignore_null = no Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated realm (suffix) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded files Wed Jul 26 06:38:28 2006 : Debug: files: usersfile = "/usr/local/etc/raddb/users" Wed Jul 26 06:38:28 2006 : Debug: files: acctusersfile = "/usr/local/etc/raddb/acct_users" Wed Jul 26 06:38:28 2006 : Debug: files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" Wed Jul 26 06:38:28 2006 : Debug: files: compat = "no" Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated files (files) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded Acct-Unique-Session-Id Wed Jul 26 06:38:28 2006 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated acct_unique (acct_unique) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded detail Wed Jul 26 06:38:28 2006 : Debug: detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Wed Jul 26 06:38:28 2006 : Debug: detail: detailperm = 384 Wed Jul 26 06:38:28 2006 : Debug: detail: dirperm = 493 Wed Jul 26 06:38:28 2006 : Debug: detail: locking = no Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated detail (detail) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded radutmp Wed Jul 26 06:38:28 2006 : Debug: radutmp: filename = "/usr/local/var/log/radius/radutmp" Wed Jul 26 06:38:28 2006 : Debug: radutmp: username = "%{User-Name}" Wed Jul 26 06:38:28 2006 : Debug: radutmp: case_sensitive = yes Wed Jul 26 06:38:28 2006 : Debug: radutmp: check_with_nas = yes Wed Jul 26 06:38:28 2006 : Debug: radutmp: perm = 384 Wed Jul 26 06:38:28 2006 : Debug: radutmp: callerid = yes Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated radutmp (radutmp) Wed Jul 26 06:38:28 2006 : Debug: Listening on authentication *:1812 Wed Jul 26 06:38:28 2006 : Debug: Listening on accounting *:1813 Wed Jul 26 06:38:28 2006 : Info: Ready to process requests. rad_recv: Access-Request packet from host 170.248.233.102:21645, id=96, length=142 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x9f1c51bffb5629597ad2b909fd38c9b4 EAP-Message = 0x0203000d017376746573743231 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 3 length 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 0 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP Identity Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type tls Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Initiate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Start returned 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 96 to 170.248.233.102 port 21645 EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x29ca0021777c690970b4a5471a00217b Wed Jul 26 06:38:57 2006 : Debug: Finished request 0 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: --- Walking the entire request list --- Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=97, length=253 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x88d642315545479df646345555800e93 EAP-Message = 0x0204006a198000000060160301005b0100005703011c65d617c07403a366a2f3b6de705e884da5fd14fbdb9cf0d0df33bfc72f8eca20a34c239b5b06e80ed486fd8dadac40a1485d19d957e58d20b52c8859b8180b71001000040005000a000900640062000300060100 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x29ca0021777c690970b4a5471a00217b NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 4 length 106 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 1 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Length Included Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 11 Wed Jul 26 06:38:57 2006 : Debug: (other): before/accept initialization Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: before/accept initialization Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 read client hello A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write server hello A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 04b3], Certificate Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write certificate A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write server done A Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 flush data Wed Jul 26 06:38:57 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Wed Jul 26 06:38:57 2006 : Debug: In SSL Handshake Phase Wed Jul 26 06:38:57 2006 : Debug: In SSL Accept mode Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_HANDLED Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 97 to 170.248.233.102 port 21645 EAP-Message = 0x0105040a19c000000510160301004a02000046030144c75451b02d92afcc20f4bfec1431803916822f1e67ae67bb168cd36ae3781420ff042ce2de3d04fef6469395e00f0b4645de855ae3345e0dca33873b5e1da24000040016030104b30b0004af0004ac000216308202123082017ba003020102020101300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313630335a170d3037303732353230313630335a304c310b3009060355040613025553310b30090603550408130244 EAP-Message = 0x43311d301b060355040a1314535631412061746c20656e7669726f6e6d656e743111300f06035504031308737631612e61746c30819f300d06092a864886f70d010101050003818d0030818902818100d026b1347e5fca59da1a427f07370f05445287b8f01a6d12f4577cb529b4dffe3dae2daeabfd2df7312eb97bc10cf73404c337e26bf70b9b13927c9862bcad706325f743685725808b823dc84967582da67ce2bec405ea60a35bdada7926c4a0b2fe3f9a0e1ffa0a56426199381aaf4e15a39b951aab58d368a579563018678b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500 EAP-Message = 0x03818100d6ce9ff21b40746b76f18af5a0e80bc090171bee7d777371035b02f7b2b8ef1fab3da34c0021e5f8b414c7b5e55ba7c8780d6c7dfdca776da44cd927bd6616fdeade53adcf5b7716f2ed067184489262c99b26b699d901c241db457aad494f780e33787f63f3d95757f5a15b8c16ccbd09ec653e24c82e8fec0ce602a0be019f0002903082028c308201f5a003020102020900c9abfb98ff97b24c300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313233395a170d30 EAP-Message = 0x37303732353230313233395a3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e7430819f300d06092a864886f70d010101050003818d0030818902818100d8cdddeec55c7306f917a047380659df940a0b96f3f2f576c91b6b6d7747eb0bc2d1bef222dfaa423a8c18f202e92ccef8f6d72b3526432cd4aee488d7d8c9b431f73429468b22cccf63aceb530f4e3b5262a35e5e22e51046594d6c91aca5f056982de1acc5a26480c4eac144cb4be74185df3ce999d574a30f28acfd1f9d750203010001a3819b308198301d0603551d0e04160414682319 EAP-Message = 0x51745c11e5fd6f7155d54baba5f067ea053069060355 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x498b302c3c413c59d2b3adf67bbc1530 Wed Jul 26 06:38:57 2006 : Debug: Finished request 1 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=98, length=153 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x8fdcb1d1de429fbc882c9013f501fdcd EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x498b302c3c413c59d2b3adf67bbc1530 NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 5 length 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 2 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: ack handshake fragment handler Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 1 Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_HANDLED Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 98 to 170.248.233.102 port 21645 EAP-Message = 0x0106011619001d2304623060801468231951745c11e5fd6f7155d54baba5f067ea05a13da43b3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74820900c9abfb98ff97b24c300c0603551d13040530030101ff300d06092a864886f70d0101040500038181008a788b3b91705246ab003c122a42a3fb149874df853c1f93a2795fdc5b1aa5cddecd2186ffe71fcb52fb5d743ead84a7e048e208c7ad094c9fa2399316be0f28eb493779a06158dc9ac392d222e1aed63a5dd8e777ff732889080dd2fe018edd6125d4c3305aa7684b64676530258eb4 EAP-Message = 0xb7281afd5b9d99013d400bf868323f7716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2d8cf9192d110361c694d24de7cdbdcb Wed Jul 26 06:38:57 2006 : Debug: Finished request 2 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=99, length=339 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x577ebfac24aca5a457822e75d9c31c9a EAP-Message = 0x020600c01980000000b616030100861000008200802bce54d10c0c817b71cdbd91c896ebad0cdc051937e0da1262ac04109f34cb9a96cccf31d124ebfaf28f76a8fc1439f6d99c32df59ea9978238a8b772bd8911804ee7ec9395d0113cf158f355433885581aa136a7f4f93ddf11cd77e91e45da81f9892c5f9c71b955604d3f9692d2747b674d08f488486c16835b67dd1a483cb14030100010116030100207feb620c9d4e1bd873ba0e6a5ee8e501066967ac10d6e7d0696263466cf12ab4 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x2d8cf9192d110361c694d24de7cdbdcb NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 6 length 192 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 3 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Length Included Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 11 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 read client key exchange A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 read finished A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write change cipher spec A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write finished A Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 flush data Wed Jul 26 06:38:57 2006 : Debug: (other): SSL negotiation finished successfully Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Wed Jul 26 06:38:57 2006 : Debug: SSL Connection Established Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_HANDLED Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 99 to 170.248.233.102 port 21645 EAP-Message = 0x0107003119001403010001011603010020d8095d07b6faed0612c8cc397d7585f0435501e4a1d7e201ff89e8f9cbf87a46 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33722640f43f50eda977125b0e4f529e Wed Jul 26 06:38:57 2006 : Debug: Finished request 3 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=100, length=153 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0xdedb196149d987712093702f74fd8fc4 EAP-Message = 0x020700061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x33722640f43f50eda977125b0e4f529e NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 7 length 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 4 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: ack handshake is finished Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 3 Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 3 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_SUCCESS Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 100 to 170.248.233.102 port 21645 EAP-Message = 0x010800201900170301001584f67b6b13ffeffe18862f7659b9a66c4a8e4b996a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdd383d12bf43f94234041e3c55ca3ad2 Wed Jul 26 06:38:57 2006 : Debug: Finished request 4 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=101, length=183 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x6f47dd19e1bd452975489d9ec5395fb9 EAP-Message = 0x02080024190017030100195e17a3dd5ae16018a9127bd42ab172908103052ca1cb861bd6 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0xdd383d12bf43f94234041e3c55ca3ad2 NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 8 length 36 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done initial handshake Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_OK Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Identity - svtest21 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Tunneled data is valid. Wed Jul 26 06:38:57 2006 : Debug: PEAP: Got tunneled identity of svtest21 Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting default EAP type for tunneled EAP session. Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting User-Name to svtest21 Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 8 length 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP Identity Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type mschapv2 Wed Jul 26 06:38:57 2006 : Info: rlm_eap_mschapv2: Issuing Challenge Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 5 Wed Jul 26 06:38:57 2006 : Debug: PEAP: Got tunneled Access-Challenge Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 101 to 170.248.233.102 port 21645 EAP-Message = 0x010900391900170301002e31ec119dd45b49159e2e527731844ab3c0e71c00ac7fe0b3dbd8013265ccbd9c45669b8a7f8f93b2abe77640bce3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x04f10b8ab1550375bf94e3b173867c1e Wed Jul 26 06:38:57 2006 : Debug: Finished request 5 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=102, length=237 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x6cddd56e038eeeeb62b8d2b97207575d EAP-Message = 0x0209005a1900170301004f7ebe8c95ba80a65659e251d4be48f417110e8259b3bd8da9941229cd56c49dc70cec66fe0744d7386212187e0fa66b5324340dbb71fcde3c038d9440eb2b9c732c9aea2ef4a4d94639d6d05eab8d9b NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x04f10b8ab1550375bf94e3b173867c1e NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 9 length 90 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done initial handshake Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_OK Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAP type mschapv2 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Tunneled data is valid. Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting User-Name to svtest21 Wed Jul 26 06:38:57 2006 : Debug: PEAP: Adding old state with 1a 55 Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 9 length 67 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/mschapv2 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type mschapv2 Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group MS-CHAP for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: No User-Password configured. Cannot create LM-Password. Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: No User-Password configured. Cannot create NT-Password. Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: Told to do MS-CHAPv2 for svtest21 with NT-Password Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "mschap" returns reject for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group MS-CHAP (returns reject) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Freeing handler Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns reject for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns reject) for request 6 Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to validate the user. Wed Jul 26 06:38:57 2006 : Debug: PEAP: Tunneled authentication was rejected. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: FAILURE Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 102 to 170.248.233.102 port 21645 EAP-Message = 0x010a00261900170301001b233d655aa5fa5426d55aef5a34e07a87d731e1bbe2f875598be5af Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5dc9719865b138594344825c77fe148e Wed Jul 26 06:38:57 2006 : Debug: Finished request 6 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=103, length=185 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x57ad285f9dcb4ce9f76d13fc72ae4152 EAP-Message = 0x020a00261900170301001b0c3225d3742832f0f869716ddf76a1852229df75c229af8417b16a NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x5dc9719865b138594344825c77fe148e NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 10 length 38 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 7 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 7 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done initial handshake Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_OK Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Received EAP-TLV response. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Tunneled data is valid. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Handler failed in EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Failed in EAP select Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns invalid for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns invalid) for request 7 Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to validate the user. Wed Jul 26 06:38:57 2006 : Debug: Delaying request 7 for 1 seconds Wed Jul 26 06:38:57 2006 : Debug: Finished request 7 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=103, length=185 Sending Access-Reject of id 103 to 170.248.233.102 port 21645 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Wed Jul 26 06:39:02 2006 : Debug: --- Walking the entire request list --- Wed Jul 26 06:39:02 2006 : Debug: Waking up in 1 seconds... Wed Jul 26 06:39:03 2006 : Debug: --- Walking the entire request list --- Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 0 ID 96 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 1 ID 97 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 2 ID 98 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 3 ID 99 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 4 ID 100 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 5 ID 101 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 6 ID 102 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 7 ID 103 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Nothing to do. Sleeping until we see a request. ****************************************************** eap.conf ****************************************************** # -*- text -*- # # Whatever you do, do NOT set 'Auth-Type := EAP'. The server # is smart enough to figure this out on its own. The most # common side effect of setting 'Auth-Type := EAP' is that the # users then cannot use ANY other authentication method. # # $Id: eap.conf,v 1.4.4.3 2006/04/28 18:25:03 aland Exp $ # eap { # Invoke the default supported EAP type when # EAP-Identity response is received. # # The incoming EAP messages DO NOT specify which EAP # type they will be using, so it MUST be set here. # # For now, only one default EAP type may be used at a time. # # If the EAP-Type attribute is set by another module, # then that EAP type takes precedence over the # default type configured here. # default_eap_type = peap # A list is maintained to correlate EAP-Response # packets with EAP-Request packets. After a # configurable length of time, entries in the list # expire, and are deleted. # timer_expire = 60 # There are many EAP types, but the server has support # for only a limited subset. If the server receives # a request for an EAP type it does not support, then # it normally rejects the request. By setting this # configuration to "yes", you can tell the server to # instead keep processing the request. Another module # MUST then be configured to proxy the request to # another RADIUS server which supports that EAP type. # # If another module is NOT configured to handle the # request, then the request will still end up being # rejected. ignore_unknown_eap_types = no # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given # a User-Name attribute in an Access-Accept, it copies one # more byte than it should. # # We can work around it by configurably adding an extra # zero byte. cisco_accounting_username_bug = no # Supported EAP-types # # We do NOT recommend using EAP-MD5 authentication # for wireless connections. It is insecure, and does # not provide for dynamic WEP keys. # md5 { } # Cisco LEAP # # We do not recommend using LEAP in new deployments. See: # http://www.securiteam.com/tools/5TP012ACKE.html # # Cisco LEAP uses the MS-CHAP algorithm (but not # the MS-CHAP attributes) to perform it's authentication. # # As a result, LEAP *requires* access to the plain-text # User-Password, or the NT-Password attributes. # 'System' authentication is impossible with LEAP. # leap { } # Generic Token Card. # # Currently, this is only permitted inside of EAP-TTLS, # or EAP-PEAP. The module "challenges" the user with # text, and the response from the user is taken to be # the User-Password. # # Proxying the tunneled EAP-GTC session is a bad idea, # the users password will go over the wire in plain-text, # for anyone to see. # gtc { # The default challenge, which many clients # ignore.. #challenge = "Password: " # The plain-text response which comes back # is put into a User-Password attribute, # and passed to another module for # authentication. This allows the EAP-GTC # response to be checked against plain-text, # or crypt'd passwords. # # If you say "Local" instead of "PAP", then # the module will look for a User-Password # configured for the request, and do the # authentication itself. # auth_type = PAP } ## EAP-TLS # # To generate ctest certificates, run the script # # ../scripts/certs.sh # # The documents on http://www.freeradius.org/doc # are old, but may be helpful. # # See also: # # http://www.dslreports.com/forum/remark,9286052~mode=flat # tls { private_key_password = private_key_file = ${raddbdir}/certs/server_keycert.pem # If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. certificate_file = ${raddbdir}/certs/server_keycert.pem # Trusted Root CA list CA_file = ${raddbdir}/certs/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random # # This can never exceed the size of a RADIUS # packet (4096 bytes), and is preferably half # that, to accomodate other attributes in # RADIUS packet. On most APs the MAX packet # length is configured between 1500 - 1600 # In these cases, fragment size should be # 1024 or less. # fragment_size = 1024 # include_length is a flag which is # by default set to yes If set to # yes, Total Length of the message is # included in EVERY packet we send. # If set to no, Total Length of the # message is included ONLY in the # First packet of a fragment series. # include_length = yes # Check the Certificate Revocation List # # 1) Copy CA certificates and CRLs to same directory. # 2) Execute 'c_rehash <CA certs&CRLs Directory>'. # 'c_rehash' is OpenSSL's command. # 3) Add 'CA_path=<CA certs&CRLs directory>' # to radiusd.conf's tls section. # 4) uncomment the line below. # 5) Restart radiusd # check_crl = yes # # If check_cert_issuer is set, the value will # be checked against the DN of the issuer in # the client certificate. If the values do not # match, the cerficate verification will fail, # rejecting the user. # # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" # # If check_cert_cn is set, the value will # be xlat'ed and checked against the CN # in the client certificate. If the values # do not match, the certificate verification # will fail rejecting the user. # # This check is done only if the previous # "check_cert_issuer" is not set, or if # the check succeeds. # # check_cert_cn = %{User-Name} # # Set this option to specify the allowed # TLS cipher suites. The format is listed # in "man 1 ciphers". # cipher_list = "DEFAULT" } # The TTLS module implements the EAP-TTLS protocol, # which can be described as EAP inside of Diameter, # inside of TLS, inside of EAP, inside of RADIUS... # # Surprisingly, it works quite well. # # The TTLS module needs the TLS module to be installed # and configured, in order to use the TLS tunnel # inside of the EAP packet. You will still need to # configure the TLS module, even if you do not want # to deploy EAP-TLS in your network. Users will not # be able to request EAP-TLS, as it requires them to # have a client certificate. EAP-TTLS does not # require a client certificate. # #ttls { # The tunneled EAP session needs a default # EAP type which is separate from the one for # the non-tunneled EAP module. Inside of the # TTLS tunnel, we recommend using EAP-MD5. # If the request does not contain an EAP # conversation, then this configuration entry # is ignored. # default_eap_type = md5 # The tunneled authentication request does # not usually contain useful attributes # like 'Calling-Station-Id', etc. These # attributes are outside of the tunnel, # and normally unavailable to the tunneled # authentication request. # # By setting this configuration entry to # 'yes', any attribute which NOT in the # tunneled authentication request, but # which IS available outside of the tunnel, # is copied to the tunneled request. # # allowed values: {no, yes} # copy_request_to_tunnel = no # The reply attributes sent to the NAS are # usually based on the name of the user # 'outside' of the tunnel (usually # 'anonymous'). If you want to send the # reply attributes based on the user name # inside of the tunnel, then set this # configuration entry to 'yes', and the reply # to the NAS will be taken from the reply to # the tunneled request. # # allowed values: {no, yes} # use_tunneled_reply = no #} # # The tunneled EAP session needs a default EAP type # which is separate from the one for the non-tunneled # EAP module. Inside of the TLS/PEAP tunnel, we # recommend using EAP-MS-CHAPv2. # # The PEAP module needs the TLS module to be installed # and configured, in order to use the TLS tunnel # inside of the EAP packet. You will still need to # configure the TLS module, even if you do not want # to deploy EAP-TLS in your network. Users will not # be able to request EAP-TLS, as it requires them to # have a client certificate. EAP-PEAP does not # require a client certificate. # peap { # The tunneled EAP session needs a default # EAP type which is separate from the one for # the non-tunneled EAP module. Inside of the # PEAP tunnel, we recommend using MS-CHAPv2, # as that is the default type supported by # Windows clients. default_eap_type = mschapv2 # the PEAP module also has these configuration # items, which are the same as for TTLS. copy_request_to_tunnel = yes use_tunneled_reply = yes # When the tunneled session is proxied, the # home server may not understand EAP-MSCHAP-V2. # Set this entry to "no" to proxy the tunneled # EAP-MSCHAP-V2 as normal MSCHAPv2. # proxy_tunneled_request_as_eap = yes } # # This takes no configuration. # # Note that it is the EAP MS-CHAPv2 sub-module, not # the main 'mschap' module. # # Note also that in order for this sub-module to work, # the main 'mschap' module MUST ALSO be configured. # # This module is the *Microsoft* implementation of MS-CHAPv2 # in EAP. There is another (incompatible) implementation # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # mschapv2 { } } ***************************************************** Thanks, Damon __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Damon McDougald <robspierre19@yahoo.com> wrote:
Here is my dillema: rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.
I suggest reading the *earlier* messages in the debug log. They tell you when the user was rejected, and why. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Yes, I have read the earlier debug message stating failure in mschapv2. I have tried not using mschapv2 and various other configs, but with no luck. I see this is a common issue that many people have encoutered but with vague answers and references. Has anyone put together an faq that is more descriptive or does anyone have a more descriptive answer beside look in the debug trace? --- Alan DeKok <aland@deployingradius.com> wrote:
Damon McDougald <robspierre19@yahoo.com> wrote:
Here is my dillema: rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.
I suggest reading the *earlier* messages in the debug log. They tell you when the user was rejected, and why.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Damon McDougald <robspierre19@yahoo.com> wrote:
Yes, I have read the earlier debug message stating failure in mschapv2.
That is the problem, not the message saying "the authentication was rejected earlier in the session".
I have tried not using mschapv2 and various other configs, but with no luck. I see this is a common issue that many people have encoutered but with vague answers and references.
Nonsense. The answers are consistent and clear: follow the documentation and it will work. In your case, you didn't tell the server what the *correct* password was for the user. So it's impossible to authenticate the user, because the server has no idea if the password they entered matches the correct one.
Has anyone put together an faq that is more descriptive or does anyone have a more descriptive answer beside look in the debug trace?
Configure a password for the user, and it WILL work. In your case, it matches a "DEFAULT" entry in the users file, which doesn't have the users password. And you haven't configured the server to get the password from a database, either. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
I have gotten this to work with ntradping and radtest...just not windows ce client. It is an issue with mschapv2 and ntlmv2. --- Alan DeKok <aland@deployingradius.com> wrote:
Damon McDougald <robspierre19@yahoo.com> wrote:
Yes, I have read the earlier debug message stating failure in mschapv2.
That is the problem, not the message saying "the authentication was rejected earlier in the session".
I have tried not using mschapv2 and various other configs, but with no luck. I see this is a common issue that many people have encoutered but with vague answers and references.
Nonsense. The answers are consistent and clear: follow the documentation and it will work.
In your case, you didn't tell the server what the *correct* password was for the user. So it's impossible to authenticate the user, because the server has no idea if the password they entered matches the correct one.
Has anyone put together an faq that is more descriptive or does anyone have a more descriptive answer beside look in the debug trace?
Configure a password for the user, and it WILL work.
In your case, it matches a "DEFAULT" entry in the users file, which doesn't have the users password. And you haven't configured the server to get the password from a database, either.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On 7/27/06, Damon McDougald <robspierre19@yahoo.com> wrote:
I have gotten this to work with ntradping and radtest...just not windows ce client. It is an issue with mschapv2 and ntlmv2.
As radtest doesn't know anything about peap (and a quick glance at Novell's left me with the impression that ntradping doesn't so neither) you checked for something different, when that worked. If you wish to enable EAP/PEAP you should follow the advice Alan gave you (and as is documented). Otherwise try duplicating the setup for your tests to your environment (_not_ using EAP/PEAP) for whatever purpose that fits. But please stop throwing allegations about issues whith mschapv2 and ntlmv2 (whatever that might be, at least it's not part of freeradius). regards K. Hoercher
participants (3)
-
Alan DeKok -
Damon McDougald -
K. Hoercher