Re: cisco WAP/FreeRadius/OpenLDAP
so it took me a while, but i finally tracked down a MAC to continue troubleshooting...at this point windows machines can login with RAIDUS auth... below is the output from an attempt with a MAC: [root@ops2 raddb]# radiusd -X FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 3 2011 at 10:29:04 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/ldap.new including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/control-socket main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "i6Lw7uNsG7pZDUGgxirg" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm local.currensee.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "i6Lw7uNsG7pZDUGgxirg" nastype = "other" } client ops2 { ipaddr = 192.168.10.247 require_message_authenticator = no secret = "i6Lw7uNsG7pZDUGgxirg" nastype = "other" } client ap1 { ipaddr = 192.168.10.31 require_message_authenticator = no secret = "i6Lw7uNsG7pZDUGgxirg" shortname = "ap1" nastype = "cisco" } client ap2 { ipaddr = 192.168.10.30 require_message_authenticator = no secret = "i6Lw7uNsG7pZDUGgxirg" shortname = "ap2" nastype = "cisco" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/raddb/radiusd.conf modules { Module: Creating Auth-Type = LDAP Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = yes } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_ldap Module: Instantiating module "ldap" from file /etc/raddb/modules/ldap ldap { server = "ldap.local.currensee.com" port = 389 password = "VcnxJbFqeAuAFyiu3zvi" identity = "cn=manager,dc=currensee,dc=com" net_timeout = 1 timeout = 4 timelimit = 3 tls_mode = no start_tls = yes tls_cacertfile = "/etc/ldap/csca.crt" tls_require_cert = "demand" tls { start_tls = no require_cert = "allow" } basedn = "ou=people,dc=currensee,dc=com" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" auto_header = no access_attr = "uid" access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap_debug = 40 ldap_connections_number = 5 compare_check_items = no do_xlat = yes set_auth_type = yes } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x1fa9ddb0 Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 2048 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/raddb/certs/radius.key.pem" certificate_file = "/etc/raddb/certs/radius.crt.pem" CA_file = "/etc/raddb/certs/cacert.pem" private_key_password = "i6Lw7uNsG7pZDUGgxirg" dh_file = "/etc/raddb/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/raddb/certs/bootstrap" cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/raddb/modules/detail detail { detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } ... adding new socket proxy address * port 55962 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.10.31 port 1645, id=215, length=129 User-Name = "marguin" Framed-MTU = 1400 Called-Station-Id = "64a0.e72f.69c0" Calling-Station-Id = "001e.5273.4858" Service-Type = Login-User Message-Authenticator = 0x23138394454f3a974d4bda910d58bb2f EAP-Message = 0x0202000c016d61726775696e NAS-Port-Type = Wireless-802.11 NAS-Port = 2658 NAS-Port-Id = "2658" NAS-IP-Address = 192.168.10.31 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for marguin [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> marguin [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=marguin) [ldap] expand: ou=people,dc=currensee,dc=com -> ou=people,dc=currensee,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to ldap.local.currensee.com:389, authentication 0 [ldap] setting TLS CACert File to /etc/ldap/csca.crt [ldap] bind as cn=manager,dc=currensee,dc=com/VcnxJbFqeAuAFyiu3zvi to ldap.local.currensee.com:389 [ldap] waiting for bind result ... request done: ld 0x1facdf30 msgid 1 [ldap] Bind was successful [ldap] performing search in ou=people,dc=currensee,dc=com, with filter (uid=marguin) request done: ld 0x1facdf30 msgid 2 [ldap] checking if remote access for marguin is allowed by uid [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{CRYPT}WgRn.wiPxI6Tk" [ldap] looking for reply items in directory... [ldap] user marguin authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 215 to 192.168.10.31 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x89f1065d89f21f4f1edcaaacea389153 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.31 port 1645, id=216, length=299 User-Name = "marguin" Framed-MTU = 1400 Called-Station-Id = "64a0.e72f.69c0" Calling-Station-Id = "001e.5273.4858" Service-Type = Login-User Message-Authenticator = 0xf6ac040a0d51299187928c5519c1f828 EAP-Message = 0x020300a419800000009a16030100950100009103014eca8a0e0d18c4e50d054bb7ba7bd35d70cca59c3c85503893c89f2c738a923e000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100 NAS-Port-Type = Wireless-802.11 NAS-Port = 2658 NAS-Port-Id = "2658" State = 0x89f1065d89f21f4f1edcaaacea389153 NAS-IP-Address = 192.168.10.31 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 164 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 154 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0095], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 06cd], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 216 to 192.168.10.31 port 1645 EAP-Message = 0x0104040019c00000070a160301002a0200002603014eca8a0e878b0a7c5cdf1693377ba27c35f0b8e63e093c939626ce43b3a8791d00002f0016030106cd0b0006c90006c60002a6308202a23082020b0203100028300d06092a864886f70d01010405003081b931183016060355040a130f43757272656e7365652c20496e632e31143012060355040b130b456e67696e656572696e673121301f06092a864886f70d0109011612726f6f744063757272656e7365652e636f6d310f300d06035504071306426f73746f6e311630140603550408130d4d617373616368757365747473310b3009060355040613025553312e302c060355040313254c6f EAP-Message = 0x63616c2043757272656e73656520436572746966696361746520417574686f72697479301e170d3131313032313135313134335a170d3231313032303135313134335a3077310b3009060355040613025553311630140603550408130d4d61737361636875736574747331183016060355040a130f43757272656e7365652c20496e632e31133011060355040b130a4f7065726174696f6e733121301f060355040313186f7073322e6c6f63616c2e63757272656e7365652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100dbd67230f6e9b1f8d37cd689371e4965f6760ef34369b95ea48e1ef153be887b5dd5ef31 EAP-Message = 0x7a47e5d66048731d7458d9ae1ebe0508aa349d4fa74dd0c077cdca1fb2af2868d309e938cd6222f3c6737116ff656e10bbb175b76e2aa83c35efc2b0655f3bf669cabbad375d98d89c84f9d30b5887ac5225685c5bee55176ce2fe890203010001300d06092a864886f70d01010405000381810023558f75bca5500a1b7ca225f46cd98622ef05c01cc43e000dcae1cd19b8d8fcf7c53d2dff7c6403781839d0dd4a0bffb4eec337967c32665ee5f11720e09760c222e2fc6a029b0d4eb33c45614d21a6fb55cb6f01df47958d97578160057f0d23aa685539931ad0229522218b7d7c31f9fb1b8e94a9b88d6e8bc4f410a9701400041a308204163082 EAP-Message = 0x037fa003020102020900d869d83ec24831ce300d06092a864886f70d01010405003081b931183016060355040a130f43757272656e7365652c20496e632e31143012060355040b130b456e67696e656572696e673121301f06092a864886f70d0109011612726f6f744063757272656e7365652e636f6d310f300d06035504071306426f73746f6e311630140603550408130d4d617373616368757365747473310b3009060355040613025553312e302c060355040313254c6f63616c2043757272656e73656520436572746966696361746520417574686f72697479301e170d3130303432363138323634325a170d3230303432353138323634325a EAP-Message = 0x3081b931183016060355040a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x89f1065d88f51f4f1edcaaacea389153 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.31 port 1645, id=217, length=141 User-Name = "marguin" Framed-MTU = 1400 Called-Station-Id = "64a0.e72f.69c0" Calling-Station-Id = "001e.5273.4858" Service-Type = Login-User Message-Authenticator = 0x2fef04ad0daf8fc25c5658adb07eb75b EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 2658 NAS-Port-Id = "2658" State = 0x89f1065d88f51f4f1edcaaacea389153 NAS-IP-Address = 192.168.10.31 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 217 to 192.168.10.31 port 1645 EAP-Message = 0x0105031a1900130f43757272656e7365652c20496e632e31143012060355040b130b456e67696e656572696e673121301f06092a864886f70d0109011612726f6f744063757272656e7365652e636f6d310f300d06035504071306426f73746f6e311630140603550408130d4d617373616368757365747473310b3009060355040613025553312e302c060355040313254c6f63616c2043757272656e73656520436572746966696361746520417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100d6e8fe8f9e3905fcd63f0c9f3b9eded323e8b7a1e47ef23d8d53a29572e41656e189ccd616664ad52ea7 EAP-Message = 0x36ee86a2e1fe0696e1fe24e0345cd5b3167530ef0d6b7a58f9f55774d7a403b9a03e5d9374118a1dbb30fcab8c8bc499ef62b3aac1aec00134b635416c73e2f555b24e08933cefe2fb2a47024ee61ab51490f1cae3070203010001a38201223082011e300c0603551d13040530030101ff301d0603551d0e04160414706ed0933d93523470a6e9bc979d124333df14b03081ee0603551d230481e63081e38014706ed0933d93523470a6e9bc979d124333df14b0a181bfa481bc3081b931183016060355040a130f43757272656e7365652c20496e632e31143012060355040b130b456e67696e656572696e673121301f06092a864886f70d01090116 EAP-Message = 0x12726f6f744063757272656e7365652e636f6d310f300d06035504071306426f73746f6e311630140603550408130d4d617373616368757365747473310b3009060355040613025553312e302c060355040313254c6f63616c2043757272656e73656520436572746966696361746520417574686f72697479820900d869d83ec24831ce300d06092a864886f70d010104050003818100d435d275a02b5e04e17e75b6046bbd1ab3ca33299cee907f2bd9c7603b3da4a23ee97e677e97e442bd855e8c2dffc351e134e03fbec16ad71eb7608c62c29bd2a2aaa2660013bc8d76520a5a9f3b516dcbddf6a773564e57c29e20d0a614a6116a36aef3cdfb EAP-Message = 0xdc510f1058d291e6310d9b53c8b17e521038a866f3510355ef2916030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x89f1065d8bf41f4f1edcaaacea389153 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.31 port 1645, id=218, length=343 User-Name = "marguin" Framed-MTU = 1400 Called-Station-Id = "64a0.e72f.69c0" Calling-Station-Id = "001e.5273.4858" Service-Type = Login-User Message-Authenticator = 0x6486cedcf368658f1ac009c0840251ca EAP-Message = 0x020500d01980000000c616030100861000008200803dc6943c4914148a900e1702d8ee8987d0bc583cb75e1780b2b5c7765eba71cf74b70d417d0eb2cb3e8d58ebea0d9a1ed7b728c9cd2af2552b257dee8a82e43769183f905ece2a31908875dcd1f28206e95a42eaf7d15bfbd18cf3552921bf9d9e20ccf74668b61e218a80e80aee283d572a3e6eb1d90f6f02747523ff11c48214030100010116030100306760329b805ead4f68860983c061d59dab23f5dc4f3dd285e483cb7ee1813a4f5c68605ba2584cec0221c8617dd20ea6 NAS-Port-Type = Wireless-802.11 NAS-Port = 2658 NAS-Port-Id = "2658" State = 0x89f1065d8bf41f4f1edcaaacea389153 NAS-IP-Address = 192.168.10.31 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 218 to 192.168.10.31 port 1645 EAP-Message = 0x01060041190014030100010116030100304303f9ea6bcd1acd5df76daa0c1644a13fa5bb07a55591fafe48c0450833bd54273446ec5ac97134a35b099238ffd2bd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x89f1065d8af71f4f1edcaaacea389153 Finished request 3. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 215 with timestamp +28 Cleaning up request 1 ID 216 with timestamp +28 Cleaning up request 2 ID 217 with timestamp +28 Cleaning up request 3 ID 218 with timestamp +28 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x89f1065d8af71f4f did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. rad_recv: Access-Request packet from host 192.168.10.31 port 1645, id=219, length=141 User-Name = "marguin" Framed-MTU = 1400 Called-Station-Id = "64a0.e72f.69c0" Calling-Station-Id = "001e.5273.4858" Service-Type = Login-User Message-Authenticator = 0x739b73dd50f560d8225a81b34573a4a7 EAP-Message = 0x020600061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 2658 NAS-Port-Id = "2658" State = 0x89f1065d8af71f4f1edcaaacea389153 NAS-IP-Address = 192.168.10.31 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 219 to 192.168.10.31 port 1645 EAP-Message = 0x0107002b19001703010020e070168325d6bf65dbf125757cd93e2f39b2be90636f354dad19e3bffc763f18 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x89f1065d8df61f4f1edcaaacea389153 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.31 port 1645, id=220, length=178 User-Name = "marguin" Framed-MTU = 1400 Called-Station-Id = "64a0.e72f.69c0" Calling-Station-Id = "001e.5273.4858" Service-Type = Login-User Message-Authenticator = 0x51be84fc57ad005327459d7bf2508b03 EAP-Message = 0x0207002b19001703010020b69cc3f579947cc74451eebc8d55253fcb59470683540101774f0160ac4e20e6 NAS-Port-Type = Wireless-802.11 NAS-Port = 2658 NAS-Port-Id = "2658" State = 0x89f1065d8df61f4f1edcaaacea389153 NAS-IP-Address = 192.168.10.31 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - marguin [peap] Got inner identity 'marguin' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0207000c016d61726775696e server { [peap] Setting User-Name to marguin Sending tunneled request EAP-Message = 0x0207000c016d61726775696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "marguin" server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for marguin [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> marguin [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=marguin) [ldap] expand: ou=people,dc=currensee,dc=com -> ou=people,dc=currensee,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=people,dc=currensee,dc=com, with filter (uid=marguin) request done: ld 0x1facdf30 msgid 3 [ldap] checking if remote access for marguin is allowed by uid [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{CRYPT}WgRn.wiPxI6Tk" [ldap] looking for reply items in directory... [ldap] user marguin authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010800211a0108001c10162a56370ce0ab80767414d8abfb25486d61726775696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2b2960c02b217a4e71d440973551574b [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800211a0108001c10162a56370ce0ab80767414d8abfb25486d61726775696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2b2960c02b217a4e71d440973551574b [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 220 to 192.168.10.31 port 1645 EAP-Message = 0x0108004b19001703010040ce3d61076b12b99a3e4585a7c13cfa32c9b1fab601dca0271dbf8a13bd4b7ac08db1b5a9fbb630783357a9e7ffefdd5d729c9ce5298341277279a2f890dd2797 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x89f1065d8cf91f4f1edcaaacea389153 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.10.31 port 1645, id=221, length=242 User-Name = "marguin" Framed-MTU = 1400 Called-Station-Id = "64a0.e72f.69c0" Calling-Station-Id = "001e.5273.4858" Service-Type = Login-User Message-Authenticator = 0xa42f6af151fab3cbc3c37097202cc15b EAP-Message = 0x0208006b1900170301006025cee42a47eed87aa4cbd0d2d1c78f3eecf22b6637712f1201fc1a14b1764025adb9ad700d880c6b51f116500593cd0e72c8e0e7221281cf93e116ea7f7792568d9e717607af5b364e4409959a9db88755383cd6679262c5a5bd10210424a9a0 NAS-Port-Type = Wireless-802.11 NAS-Port = 2658 NAS-Port-Id = "2658" State = 0x89f1065d8cf91f4f1edcaaacea389153 NAS-IP-Address = 192.168.10.31 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800421a0208003d31909dc14eec97e73e0a72148e501ca5130000000000000000fab91e4aa6e4c9a87b9259d1532db0e295ebe2213eda1462006d61726775696e server { [peap] Setting User-Name to marguin Sending tunneled request EAP-Message = 0x020800421a0208003d31909dc14eec97e73e0a72148e501ca5130000000000000000fab91e4aa6e4c9a87b9259d1532db0e295ebe2213eda1462006d61726775696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "marguin" State = 0x2b2960c02b217a4e71d440973551574b server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 66 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for marguin [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> marguin [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=marguin) [ldap] expand: ou=people,dc=currensee,dc=com -> ou=people,dc=currensee,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=people,dc=currensee,dc=com, with filter (uid=marguin) request done: ld 0x1facdf30 msgid 4 [ldap] checking if remote access for marguin is allowed by uid [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{CRYPT}WgRn.wiPxI6Tk" [ldap] looking for reply items in directory... [ldap] user marguin authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: marguin [mschap] Told to do MS-CHAPv2 for marguin with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 221 to 192.168.10.31 port 1645 EAP-Message = 0x0109002b19001703010020461bb03d763ae49d928d168b37006c190b066e2e5f291152d26e975eb8676af0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x89f1065d8ff81f4f1edcaaacea389153 Finished request 6. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.10.31 port 1645, id=222, length=178 User-Name = "marguin" Framed-MTU = 1400 Called-Station-Id = "64a0.e72f.69c0" Calling-Station-Id = "001e.5273.4858" Service-Type = Login-User Message-Authenticator = 0xbe91fe2cf8cdbe0b2ab144028a6c71dd EAP-Message = 0x0209002b190017030100203c08a31c5ec50023018f8534d0d652cde9744b100ba72bcf3eb8391a726d3dc3 NAS-Port-Type = Wireless-802.11 NAS-Port = 2658 NAS-Port-Id = "2658" State = 0x89f1065d8ff81f4f1edcaaacea389153 NAS-IP-Address = 192.168.10.31 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "marguin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> marguin attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 222 to 192.168.10.31 port 1645 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.6 seconds. Cleaning up request 4 ID 219 with timestamp +40 Cleaning up request 5 ID 220 with timestamp +40 Cleaning up request 6 ID 221 with timestamp +40 Waking up in 2.2 seconds. Cleaning up request 7 ID 222 with timestamp +41 Ready to process requests. On 11/3/2011 2:40 PM, freeradius-users-request@lists.freeradius.org wrote:
cisco WAP/FreeRadius/OpenLDAP
-- Matthew Arguin Currensee, Inc. 54 Canal St, 4th Floor Boston, MA 02114 (617) 986-4758 (Office) _________________________________________________________________________ This email and any files transmitted with it are confidential and intended solely for the addressee. If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system. © 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions. Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824
Matthew Arguin wrote:
so it took me a while, but i finally tracked down a MAC to continue troubleshooting...at this point windows machines can login with RAIDUS auth... below is the output from an attempt with a MAC:
Can you READ the output? Or paste the output into the "debug tool" web page on networkradius.com, and then READ it? Honestly, it's not hard. Alan DeKok.
participants (2)
-
Alan DeKok -
Matthew Arguin