Hello, I have installed FreeRADIUS on Ubuntu Server 16.04. I can connect to it with EAP MSCHAPv2 and many other ways but it fails on TTLS MSCHAPv2 which is the one I need to use. If wanted I can send the debug information from a working EAP MSCHAPv2. I try to connect with an android phone through a ASUS router. Anyone got any idea why it is not working? root@ubuntuRADIUS:/etc/freeradius# freeradius -X freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on Jul 26 2017 at 15:28:44 Copyright (C) 1999-2015 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/redis including configuration file /etc/freeradius/modules/soh including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/radrelay including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/replicate including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/cache including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/rediswho including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/dhcp_sqlippool including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = yes auth = yes auth_badpass = yes auth_goodpass = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes allow_vulnerable_openssl = no } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 10.0.2.2 { ipaddr = 10.0.2.2 require_message_authenticator = no secret = "testing123" } client asus { ipaddr = 10.0.0.1 require_message_authenticator = no secret = "testing123" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "ttls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 1024 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/huntgroups reading pairlist file /etc/freeradius/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } reading pairlist file /etc/freeradius/users reading pairlist file /etc/freeradius/acct_users reading pairlist file /etc/freeradius/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no escape_filenames = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 58209 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=131 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0xbeb4b21ce8f441d188a5cfd604ea60f4 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25661548b775c8b93cb3b8ac0 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=306 Cleaning up request 0 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25661548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100ab150016030100a00100009c0303526804514ac801dadb13db30bc913fac38c7cb01a7563c4e87eae08760e0f0e500003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019 Message-Authenticator = 0xfa662c8841ae23189146cdb69dcb7064 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 171 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0102040015c00000046a1603030039020000350303882e3d0906b3ac53b42c9a46285a2d0ae21d934798a065c56e02ad4103ed1b5800c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7 EAP-Message = 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b EAP-Message = 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3 EAP-Message = 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c00014903001741041c8714338c965bc7b84cfcb017ba8f7b4ac0b9677bab6c17f25b3d7ae14e08b09a2bedeb5c45f7979bff9eecd8c07b25fd937226555016d601cc60fa422ef751060101006dd90aabf97ea915a14e0e6ef6c57bfe4829db82b1602975b98712ec5db42b3c8b5c79572d5573bcd0a5c7560a03067e2f771494ecafa8a038672befabaf28d49b5f0d9b0a55b8d7d225eb2a11727955c030546f3709e912bc3f1b4d904c979c1fd43b0a325c403a3adc3aeeededdb811a1d55a2f8de44262e62557d74e60789234cd69ce46be1c86a EAP-Message = 0x6c200c441581cef8c8df6fa0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25762548b775c8b93cb3b8ac0 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 1 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25762548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0x9edaf5e9ac1eadb44961e09e6104bcbe # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0103007e15800000046aac4b2092f7d8e1ea994220a3e8fd64f6d29dd5d76d635dd7ac0895ea388f366812df6a1924dc25d7bb65058b2688fb10a125244fbfb429eddaab8d0bbdd38c76c39129ccddd422eaec8d1f5b478a431a81eeda645fc6502dfb21b1aa3c3a2abe102dd9b84bd475b427489216030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25463548b775c8b93cb3b8ac0 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 2 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25463548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02030084150016030300461000004241046c37eb48dbbe8b3f2e0d3f4da3132daa81876d95c47c3c705cbf6917fa06d3ded4742817f732475c9c8b95f86670e5e80736e8f8e722d7e5a840d53943d1487d14030300010116030300280000000000000000db7f068e8fcce0d83d6a09d6b3abb56aefe288bc0d88a8c936338de79690e402 Message-Authenticator = 0x73f1ad17bb3790824f1409941692e2c8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0104003d158000000033140303000101160303002848357c1cd4efab5cceee0653c966dd0bf3a945b2ad77d149c6a69feff8cda8dcc4ab0b04d23d59d8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25564548b775c8b93cb3b8ac0 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 3 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25564548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204008f150017030300840000000000000001adeee8b56ad79d8da4b1679db4746911f0033f5b5d83956312523861b8b2791310d63b269ec0b5eff151f90027dccef0ad6d604f6362e4bec2d7e8329969d05507acde23d18bf5c09ef07eface4cd2cba6c386f193dd76063b912057d569d1a549db5a68e108be0542d58e654e1b61e4716d701605d32b81ac0e5e9c Message-Authenticator = 0x05dc9439feca7c1d8a89f6cf01ca1fe5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 4 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 4 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 4 ID 0 with timestamp +34 Ready to process requests. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=131 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x1c6c04fb8378f1910b9fb507c133e93c # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660c446f12a95d9c7efeb2c3c0 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=306 Cleaning up request 5 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660c446f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100ab150016030100a00100009c03037bd1bcd41a4e58bb2447cae4df3b01e79efc412376c6c44ecd111b633f6da95900003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019 Message-Authenticator = 0x26bfb48fc179201a854a456aae91e65c # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 171 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0102040015c00000046a16030300390200003503039c0f1bfc9ead4d4ac014ec5aa1165fa6567c65c0de03bd01fde7d800817a142500c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7 EAP-Message = 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b EAP-Message = 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3 EAP-Message = 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c0001490300174104c9045f5eb696e3bae69ae45f211aa435df203c126a105d4a36ff13d66e0d4a63be257f9607c09181a5937f23017e649418a160a82bd6665ec0c91baf97c6426d06010100929ea9e28c3494ad9133da7258e1b236497833a40dab4df86ddeb1c9d15551ea00a6527607177a2245b04be917f5290ea002cfb420ae25310982a2d28b6db50e72f77b59c971b9952f55452e845b89a799a6de4b20a436d32f8d8b096784af93e77e1173ac2f8f7f93fac69934ee96dae1758470d9da75f2e48bcd9c71552e1da13bb79bbc9757153e EAP-Message = 0x0a6dd003a8cc5909b776178e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660d476f12a95d9c7efeb2c3c0 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 6 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660d476f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0xa934c5d9ef37110127b4f5bde5976891 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0103007e15800000046acb854a80c6735479539ee466b6a78aea03b8217eca2044c6ae68d2abbe534fde390dee64a8f7fd6b3dae8a0df9ac8d0af161c7625e3c3760846bfecd09dd16ee51aa7dcc9fba22300f028808728e22ead32640c245d1a74109ccab548af6f1de2121336a0c96e46418d10716030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660e466f12a95d9c7efeb2c3c0 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 7 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660e466f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02030084150016030300461000004241040908ad55e927f17918673c168d8477906aabd3bc14038f994d1c1a2f327e121ddf4f448468ff574b1de06a5e5c00123236777eace6353a385d9d6205b8e023d51403030001011603030028000000000000000038383460e069ca3fb477847a834dece115cf0c5f26f01130a5b49d8a3e7e3efc Message-Authenticator = 0xcf44d9a2c92b07296faf5930c64adb01 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0104003d1580000000331403030001011603030028df04f4b005fc62dedaf73c81ca86bc8d61392e442fd3a85c287b0d0e06972d6e6410ba3fbf7330d1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660f416f12a95d9c7efeb2c3c0 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 8 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660f416f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204008f1500170303008400000000000000010b253d2220ac2acfe53e1fd5fbf2f2598a92443873a876f42e99da95a7bb051826a9c1c5dffc5c67c16c586df567d560ca07a7241921db2556e8d2a66f422b1932cfb3e1eb112d1fc6d3ba616889e05555c878940ee3f351d7a15a49586714bdd55276e3cdeab9ed113e4e460db718e3924ebd328bdf9a3e3236b6fc Message-Authenticator = 0x1af17b63a64f47fcbc3a0ec16717a910 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 9 ID 0 with timestamp +41 Ready to process requests. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=131 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x676ec42b20976a91a8bd7ab0d8cb999f # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a983b1a9e70d1786f6677e705 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=306 Cleaning up request 10 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a983b1a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100ab150016030100a00100009c0303a27710c867999b0722e29b8d455b6f41806830d2b5785a86ef947bc76d4ef04a00003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019 Message-Authenticator = 0x4494d20d1a8cb27ec272148c29dfc456 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 171 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0102040015c00000046a160303003902000035030338d451eebc70f7a6865019f0f9fe971d97d29dbbf259f8c9fd51f0aa6f931c6000c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7 EAP-Message = 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b EAP-Message = 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3 EAP-Message = 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c0001490300174104d4bc9b3384651e6ecdfedf74bd004c614a51dfeeae36a9fc6b3f3e9d756da259a0d153ef55332cb9350c545c4cad7b3b96f4c0a5e04abc0475aca9a2494dd0bf06010100bb47844ba03bc1969c891a1e37a8a99e1310d97835b5be102a13ddf1b84b3a7a4840fad85e9c6e272ab4a5e2d1afc31d0f2f6edb69d42dc73bd33bc93566a2f5b3a6c3f7468b951c623115a75f9e74d98369e4aa8f2be02b4ccbde2bd4c438a7cc780a035d0dbc5a5ff14f9761fc1068db76a5fceff260f5a1cd60d261c535af2676a2ca2e0cb2d15d EAP-Message = 0xc9ea0b7bf4dc7b16b042bed8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a99381a9e70d1786f6677e705 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 11 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a99381a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0x29ca321bf5207e566bdfbde431c392df # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0103007e15800000046a4e10b776a37915fcf4f2dde3685940dbfea0542c5769819c4b948a1eaea41a55547f1fba0cd678ad5fd9868549d4ad9ba86131ccde39ca1a54e8d4ff6135f1da87c7649d577be682838374dc3922358785cbb92f67427b573e3447c30ec5f00758b9bda56bbde8b5b5f7af16030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a9a391a9e70d1786f6677e705 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 12 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a9a391a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203008415001603030046100000424104939c1ca8205736e62176faa470a2ddd4cc4732bdfb0a91a3c69756ff20227f99c8be39ae3ee90aef2cfd6ee33ee90a00d5a6009982426148bf7cf50eaaf9649c14030300010116030300280000000000000000cb752cedfefbb76538cb2a753067821926acc5a82e1587251a9ae55e49270d99 Message-Authenticator = 0x48305bf93df8cdc7213e51a97981a74b # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0104003d15800000003314030300010116030300280b1a10be1e4e65a7c37a795524033677856ba37e47405ca76d6d047a8119d2116f56dc72c6053901 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a9b3e1a9e70d1786f6677e705 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 13 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a9b3e1a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204008f15001703030084000000000000000181f59453f45ff9351d0eb09f8559ad492ab457ecade0e6c6c30f1a8e547e2dd5f00316175c390c1f26d1aaa61eaa1a25735804b47041bede97df420c9eef1e806739cc77f680dbca690661abb5c7e3d19a7dc4f892452d4a704a7f7bd4d89fd81f982735b50be5c35f6f0b45d340a01c9384319974ad53e68a8fcf73 Message-Authenticator = 0x6f40d71d85b6f299fd688e265aa1ce7a # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 14 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 14 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 14 ID 0 with timestamp +49 Ready to process requests.
On Fri, Mar 2, 2018 at 3:08 PM, <elias.naslund@skf.com> wrote:
Hello,
I have installed FreeRADIUS on Ubuntu Server 16.04. I can connect to it with EAP MSCHAPv2 and many other ways but it fails on TTLS MSCHAPv2 which is the one I need to use. If wanted I can send the debug information from a working EAP MSCHAPv2.
I try to connect with an android phone through a ASUS router.
Anyone got any idea why it is not working?
root@ubuntuRADIUS:/etc/freeradius# freeradius -X freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on
Since you're using 2.2.8 ...
[ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005]
... and get this, I'd suggest reading this thread http://lists.freeradius.org/pipermail/freeradius-users/2015-May/077613.html http://lists.freeradius.org/pipermail/freeradius-users/2015-May/077614.html -- Fajar
[ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0102040015c00000046a1603030039020000350303882e3d0906b3ac53b42c9a46285a2d0ae21d934798a065c56e02ad4103ed1b5800c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7 EAP-Message = 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b EAP-Message = 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3 EAP-Message = 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c00014903001741041c8714338c965bc7b84cfcb017ba8f7b4ac0b9677bab6c17f25b3d7ae14e08b09a2bedeb5c45f7979bff9eecd8c07b25fd937226555016d601cc60fa422ef751060101006dd90aabf97ea915a14e0e6ef6c57bfe4829db82b1602975b98712ec5db42b3c8b5c79572d5573bcd0a5c7560a03067e2f771494ecafa8a038672befabaf28d49b5f0d9b0a55b8d7d225eb2a11727955c030546f3709e912bc3f1b4d904c979c1fd43b0a325c403a3adc3aeeededdb811a1d55a2f8de44262e62557d74e60789234cd69ce46be1c86a EAP-Message = 0x6c200c441581cef8c8df6fa0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25762548b775c8b93cb3b8ac0 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 1 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25762548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0x9edaf5e9ac1eadb44961e09e6104bcbe # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0103007e15800000046aac4b2092f7d8e1ea994220a3e8fd64f6d29dd5d76d635dd7ac0895ea388f366812df6a1924dc25d7bb65058b2688fb10a125244fbfb429eddaab8d0bbdd38c76c39129ccddd422eaec8d1f5b478a431a81eeda645fc6502dfb21b1aa3c3a2abe102dd9b84bd475b427489216030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25463548b775c8b93cb3b8ac0 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 2 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25463548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02030084150016030300461000004241046c37eb48dbbe8b3f2e0d3f4da3132daa81876d95c47c3c705cbf6917fa06d3ded4742817f732475c9c8b95f86670e5e80736e8f8e722d7e5a840d53943d1487d14030300010116030300280000000000000000db7f068e8fcce0d83d6a09d6b3abb56aefe288bc0d88a8c936338de79690e402 Message-Authenticator = 0x73f1ad17bb3790824f1409941692e2c8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0104003d158000000033140303000101160303002848357c1cd4efab5cceee0653c966dd0bf3a945b2ad77d149c6a69feff8cda8dcc4ab0b04d23d59d8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25564548b775c8b93cb3b8ac0 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 3 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25564548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204008f150017030300840000000000000001adeee8b56ad79d8da4b1679db4746911f0033f5b5d83956312523861b8b2791310d63b269ec0b5eff151f90027dccef0ad6d604f6362e4bec2d7e8329969d05507acde23d18bf5c09ef07eface4cd2cba6c386f193dd76063b912057d569d1a549db5a68e108be0542d58e654e1b61e4716d701605d32b81ac0e5e9c Message-Authenticator = 0x05dc9439feca7c1d8a89f6cf01ca1fe5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 4 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 4 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 4 ID 0 with timestamp +34 Ready to process requests. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=131 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x1c6c04fb8378f1910b9fb507c133e93c # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660c446f12a95d9c7efeb2c3c0 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=306 Cleaning up request 5 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660c446f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100ab150016030100a00100009c03037bd1bcd41a4e58bb2447cae4df3b01e79efc412376c6c44ecd111b633f6da95900003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019 Message-Authenticator = 0x26bfb48fc179201a854a456aae91e65c # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 171 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0102040015c00000046a16030300390200003503039c0f1bfc9ead4d4ac014ec5aa1165fa6567c65c0de03bd01fde7d800817a142500c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7 EAP-Message = 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b EAP-Message = 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3 EAP-Message = 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c0001490300174104c9045f5eb696e3bae69ae45f211aa435df203c126a105d4a36ff13d66e0d4a63be257f9607c09181a5937f23017e649418a160a82bd6665ec0c91baf97c6426d06010100929ea9e28c3494ad9133da7258e1b236497833a40dab4df86ddeb1c9d15551ea00a6527607177a2245b04be917f5290ea002cfb420ae25310982a2d28b6db50e72f77b59c971b9952f55452e845b89a799a6de4b20a436d32f8d8b096784af93e77e1173ac2f8f7f93fac69934ee96dae1758470d9da75f2e48bcd9c71552e1da13bb79bbc9757153e EAP-Message = 0x0a6dd003a8cc5909b776178e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660d476f12a95d9c7efeb2c3c0 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 6 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660d476f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0xa934c5d9ef37110127b4f5bde5976891 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0103007e15800000046acb854a80c6735479539ee466b6a78aea03b8217eca2044c6ae68d2abbe534fde390dee64a8f7fd6b3dae8a0df9ac8d0af161c7625e3c3760846bfecd09dd16ee51aa7dcc9fba22300f028808728e22ead32640c245d1a74109ccab548af6f1de2121336a0c96e46418d10716030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660e466f12a95d9c7efeb2c3c0 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 7 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660e466f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02030084150016030300461000004241040908ad55e927f17918673c168d8477906aabd3bc14038f994d1c1a2f327e121ddf4f448468ff574b1de06a5e5c00123236777eace6353a385d9d6205b8e023d51403030001011603030028000000000000000038383460e069ca3fb477847a834dece115cf0c5f26f01130a5b49d8a3e7e3efc Message-Authenticator = 0xcf44d9a2c92b07296faf5930c64adb01 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0104003d1580000000331403030001011603030028df04f4b005fc62dedaf73c81ca86bc8d61392e442fd3a85c287b0d0e06972d6e6410ba3fbf7330d1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660f416f12a95d9c7efeb2c3c0 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 8 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660f416f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204008f1500170303008400000000000000010b253d2220ac2acfe53e1fd5fbf2f2598a92443873a876f42e99da95a7bb051826a9c1c5dffc5c67c16c586df567d560ca07a7241921db2556e8d2a66f422b1932cfb3e1eb112d1fc6d3ba616889e05555c878940ee3f351d7a15a49586714bdd55276e3cdeab9ed113e4e460db718e3924ebd328bdf9a3e3236b6fc Message-Authenticator = 0x1af17b63a64f47fcbc3a0ec16717a910 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 9 ID 0 with timestamp +41 Ready to process requests. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=131 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x676ec42b20976a91a8bd7ab0d8cb999f # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a983b1a9e70d1786f6677e705 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=306 Cleaning up request 10 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a983b1a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100ab150016030100a00100009c0303a27710c867999b0722e29b8d455b6f41806830d2b5785a86ef947bc76d4ef04a00003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019 Message-Authenticator = 0x4494d20d1a8cb27ec272148c29dfc456 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 171 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0102040015c00000046a160303003902000035030338d451eebc70f7a6865019f0f9fe971d97d29dbbf259f8c9fd51f0aa6f931c6000c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7 EAP-Message = 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b EAP-Message = 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3 EAP-Message = 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c0001490300174104d4bc9b3384651e6ecdfedf74bd004c614a51dfeeae36a9fc6b3f3e9d756da259a0d153ef55332cb9350c545c4cad7b3b96f4c0a5e04abc0475aca9a2494dd0bf06010100bb47844ba03bc1969c891a1e37a8a99e1310d97835b5be102a13ddf1b84b3a7a4840fad85e9c6e272ab4a5e2d1afc31d0f2f6edb69d42dc73bd33bc93566a2f5b3a6c3f7468b951c623115a75f9e74d98369e4aa8f2be02b4ccbde2bd4c438a7cc780a035d0dbc5a5ff14f9761fc1068db76a5fceff260f5a1cd60d261c535af2676a2ca2e0cb2d15d EAP-Message = 0xc9ea0b7bf4dc7b16b042bed8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a99381a9e70d1786f6677e705 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 11 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a99381a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0x29ca321bf5207e566bdfbde431c392df # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0103007e15800000046a4e10b776a37915fcf4f2dde3685940dbfea0542c5769819c4b948a1eaea41a55547f1fba0cd678ad5fd9868549d4ad9ba86131ccde39ca1a54e8d4ff6135f1da87c7649d577be682838374dc3922358785cbb92f67427b573e3447c30ec5f00758b9bda56bbde8b5b5f7af16030300040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a9a391a9e70d1786f6677e705 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 12 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a9a391a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203008415001603030046100000424104939c1ca8205736e62176faa470a2ddd4cc4732bdfb0a91a3c69756ff20227f99c8be39ae3ee90aef2cfd6ee33ee90a00d5a6009982426148bf7cf50eaaf9649c14030300010116030300280000000000000000cb752cedfefbb76538cb2a753067821926acc5a82e1587251a9ae55e49270d99 Message-Authenticator = 0x48305bf93df8cdc7213e51a97981a74b # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x0104003d15800000003314030300010116030300280b1a10be1e4e65a7c37a795524033677856ba37e47405ca76d6d047a8119d2116f56dc72c6053901 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a9b3e1a9e70d1786f6677e705 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 13 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a9b3e1a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204008f15001703030084000000000000000181f59453f45ff9351d0eb09f8559ad492ab457ecade0e6c6c30f1a8e547e2dd5f00316175c390c1f26d1aaa61eaa1a25735804b47041bede97df420c9eef1e806739cc77f680dbca690661abb5c7e3d19a7dc4f892452d4a704a7f7bd4d89fd81f982735b50be5c35f6f0b45d340a01c9384319974ad53e68a8fcf73 Message-Authenticator = 0x6f40d71d85b6f299fd688e265aa1ce7a # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 14 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 14 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 14 ID 0 with timestamp +49 Ready to process requests.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you! I updated to version 3 and everything just works out of the box. Elias From: list@fajar.net To: freeradius-users@lists.freeradius.org, Date: 2018-03-02 10:02 Subject: Re: TTLS with MSCHAPv2 Sent by: freeradius-users-bounces+elias.naslund=skf.com@lists.freeradius.org On Fri, Mar 2, 2018 at 3:08 PM, <elias.naslund@skf.com> wrote:
Hello,
I have installed FreeRADIUS on Ubuntu Server 16.04. I can connect to it with EAP MSCHAPv2 and many other ways but it fails on TTLS MSCHAPv2 which is the one I need to use. If wanted I can send the debug information from a working EAP MSCHAPv2.
I try to connect with an android phone through a ASUS router.
Anyone got any idea why it is not working?
root@ubuntuRADIUS:/etc/freeradius# freeradius -X freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on
Since you're using 2.2.8 ...
[ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005]
... and get this, I'd suggest reading this thread http://lists.freeradius.org/pipermail/freeradius-users/2015-May/077613.html http://lists.freeradius.org/pipermail/freeradius-users/2015-May/077614.html -- Fajar
[ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0102040015c00000046a1603030039020000350303882e3d0906b3ac53b42c9a46285a2d0ae21d934798a065c56e02ad4103ed1b5800c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7
EAP-Message =
0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b
EAP-Message =
0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3
EAP-Message =
0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c00014903001741041c8714338c965bc7b84cfcb017ba8f7b4ac0b9677bab6c17f25b3d7ae14e08b09a2bedeb5c45f7979bff9eecd8c07b25fd937226555016d601cc60fa422ef751060101006dd90aabf97ea915a14e0e6ef6c57bfe4829db82b1602975b98712ec5db42b3c8b5c79572d5573bcd0a5c7560a03067e2f771494ecafa8a038672befabaf28d49b5f0d9b0a55b8d7d225eb2a11727955c030546f3709e912bc3f1b4d904c979c1fd43b0a325c403a3adc3aeeededdb811a1d55a2f8de44262e62557d74e60789234cd69ce46be1c86a
EAP-Message = 0x6c200c441581cef8c8df6fa0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25762548b775c8b93cb3b8ac0 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 1 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25762548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0x9edaf5e9ac1eadb44961e09e6104bcbe # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0103007e15800000046aac4b2092f7d8e1ea994220a3e8fd64f6d29dd5d76d635dd7ac0895ea388f366812df6a1924dc25d7bb65058b2688fb10a125244fbfb429eddaab8d0bbdd38c76c39129ccddd422eaec8d1f5b478a431a81eeda645fc6502dfb21b1aa3c3a2abe102dd9b84bd475b427489216030300040e000000
Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25463548b775c8b93cb3b8ac0 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 2 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25463548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message =
0x02030084150016030300461000004241046c37eb48dbbe8b3f2e0d3f4da3132daa81876d95c47c3c705cbf6917fa06d3ded4742817f732475c9c8b95f86670e5e80736e8f8e722d7e5a840d53943d1487d14030300010116030300280000000000000000db7f068e8fcce0d83d6a09d6b3abb56aefe288bc0d88a8c936338de79690e402
Message-Authenticator = 0x73f1ad17bb3790824f1409941692e2c8 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0104003d158000000033140303000101160303002848357c1cd4efab5cceee0653c966dd0bf3a945b2ad77d149c6a69feff8cda8dcc4ab0b04d23d59d8
Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566041d25564548b775c8b93cb3b8ac0 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 3 ID 0 with timestamp +34 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x566041d25564548b775c8b93cb3b8ac0 NAS-Port-Type = Wireless-802.11 EAP-Message =
0x0204008f150017030300840000000000000001adeee8b56ad79d8da4b1679db4746911f0033f5b5d83956312523861b8b2791310d63b269ec0b5eff151f90027dccef0ad6d604f6362e4bec2d7e8329969d05507acde23d18bf5c09ef07eface4cd2cba6c386f193dd76063b912057d569d1a549db5a68e108be0542d58e654e1b61e4716d701605d32b81ac0e5e9c
Message-Authenticator = 0x05dc9439feca7c1d8a89f6cf01ca1fe5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 4 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 4 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 4 ID 0 with timestamp +34 Ready to process requests. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=131 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x1c6c04fb8378f1910b9fb507c133e93c # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user.
Authentication
may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660c446f12a95d9c7efeb2c3c0 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=306 Cleaning up request 5 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660c446f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message =
0x020100ab150016030100a00100009c03037bd1bcd41a4e58bb2447cae4df3b01e79efc412376c6c44ecd111b633f6da95900003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019
Message-Authenticator = 0x26bfb48fc179201a854a456aae91e65c # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 171 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0102040015c00000046a16030300390200003503039c0f1bfc9ead4d4ac014ec5aa1165fa6567c65c0de03bd01fde7d800817a142500c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7
EAP-Message =
0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b
EAP-Message =
0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3
EAP-Message =
0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c0001490300174104c9045f5eb696e3bae69ae45f211aa435df203c126a105d4a36ff13d66e0d4a63be257f9607c09181a5937f23017e649418a160a82bd6665ec0c91baf97c6426d06010100929ea9e28c3494ad9133da7258e1b236497833a40dab4df86ddeb1c9d15551ea00a6527607177a2245b04be917f5290ea002cfb420ae25310982a2d28b6db50e72f77b59c971b9952f55452e845b89a799a6de4b20a436d32f8d8b096784af93e77e1173ac2f8f7f93fac69934ee96dae1758470d9da75f2e48bcd9c71552e1da13bb79bbc9757153e
EAP-Message = 0x0a6dd003a8cc5909b776178e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660d476f12a95d9c7efeb2c3c0 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 6 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660d476f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0xa934c5d9ef37110127b4f5bde5976891 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0103007e15800000046acb854a80c6735479539ee466b6a78aea03b8217eca2044c6ae68d2abbe534fde390dee64a8f7fd6b3dae8a0df9ac8d0af161c7625e3c3760846bfecd09dd16ee51aa7dcc9fba22300f028808728e22ead32640c245d1a74109ccab548af6f1de2121336a0c96e46418d10716030300040e000000
Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660e466f12a95d9c7efeb2c3c0 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 7 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660e466f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message =
0x02030084150016030300461000004241040908ad55e927f17918673c168d8477906aabd3bc14038f994d1c1a2f327e121ddf4f448468ff574b1de06a5e5c00123236777eace6353a385d9d6205b8e023d51403030001011603030028000000000000000038383460e069ca3fb477847a834dece115cf0c5f26f01130a5b49d8a3e7e3efc
Message-Authenticator = 0xcf44d9a2c92b07296faf5930c64adb01 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0104003d1580000000331403030001011603030028df04f4b005fc62dedaf73c81ca86bc8d61392e442fd3a85c287b0d0e06972d6e6410ba3fbf7330d1
Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0c457a660f416f12a95d9c7efeb2c3c0 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 8 ID 0 with timestamp +41 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x0c457a660f416f12a95d9c7efeb2c3c0 NAS-Port-Type = Wireless-802.11 EAP-Message =
0x0204008f1500170303008400000000000000010b253d2220ac2acfe53e1fd5fbf2f2598a92443873a876f42e99da95a7bb051826a9c1c5dffc5c67c16c586df567d560ca07a7241921db2556e8d2a66f422b1932cfb3e1eb112d1fc6d3ba616889e05555c878940ee3f351d7a15a49586714bdd55276e3cdeab9ed113e4e460db718e3924ebd328bdf9a3e3236b6fc
Message-Authenticator = 0x1af17b63a64f47fcbc3a0ec16717a910 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 9 ID 0 with timestamp +41 Ready to process requests. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=131 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x676ec42b20976a91a8bd7ab0d8cb999f # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user.
Authentication
may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a983b1a9e70d1786f6677e705 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=306 Cleaning up request 10 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a983b1a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message =
0x020100ab150016030100a00100009c0303a27710c867999b0722e29b8d455b6f41806830d2b5785a86ef947bc76d4ef04a00003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019
Message-Authenticator = 0x4494d20d1a8cb27ec272148c29dfc456 # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 171 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 00a0] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0039] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 02cc] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 014d] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0004] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] TLS_accept: Need to read more data: unknown state [ttls] TLS_accept: Need to read more data: unknown state In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0102040015c00000046a160303003902000035030338d451eebc70f7a6865019f0f9fe971d97d29dbbf259f8c9fd51f0aa6f931c6000c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7
EAP-Message =
0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b
EAP-Message =
0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3
EAP-Message =
0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c0001490300174104d4bc9b3384651e6ecdfedf74bd004c614a51dfeeae36a9fc6b3f3e9d756da259a0d153ef55332cb9350c545c4cad7b3b96f4c0a5e04abc0475aca9a2494dd0bf06010100bb47844ba03bc1969c891a1e37a8a99e1310d97835b5be102a13ddf1b84b3a7a4840fad85e9c6e272ab4a5e2d1afc31d0f2f6edb69d42dc73bd33bc93566a2f5b3a6c3f7468b951c623115a75f9e74d98369e4aa8f2be02b4ccbde2bd4c438a7cc780a035d0dbc5a5ff14f9761fc1068db76a5fceff260f5a1cd60d261c535af2676a2ca2e0cb2d15d
EAP-Message = 0xc9ea0b7bf4dc7b16b042bed8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a99381a9e70d1786f6677e705 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=141 Cleaning up request 11 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a99381a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061500 Message-Authenticator = 0x29ca321bf5207e566bdfbde431c392df # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0103007e15800000046a4e10b776a37915fcf4f2dde3685940dbfea0542c5769819c4b948a1eaea41a55547f1fba0cd678ad5fd9868549d4ad9ba86131ccde39ca1a54e8d4ff6135f1da87c7649d577be682838374dc3922358785cbb92f67427b573e3447c30ec5f00758b9bda56bbde8b5b5f7af16030300040e000000
Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a9a391a9e70d1786f6677e705 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=267 Cleaning up request 12 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a9a391a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message =
0x0203008415001603030046100000424104939c1ca8205736e62176faa470a2ddd4cc4732bdfb0a91a3c69756ff20227f99c8be39ae3ee90aef2cfd6ee33ee90a00d5a6009982426148bf7cf50eaaf9649c14030300010116030300280000000000000000cb752cedfefbb76538cb2a753067821926acc5a82e1587251a9ae55e49270d99
Message-Authenticator = 0x48305bf93df8cdc7213e51a97981a74b # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 132 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0046] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0001] [ttls] <<< Unknown TLS version [length 0005] [ttls] <<< Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0001] [ttls] TLS_accept: unknown state [ttls] >>> Unknown TLS version [length 0005] [ttls] >>> Unknown TLS version [length 0010] [ttls] TLS_accept: unknown state [ttls] TLS_accept: unknown state [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 10.0.2.2 port 37101 EAP-Message =
0x0104003d15800000003314030300010116030300280b1a10be1e4e65a7c37a795524033677856ba37e47405ca76d6d047a8119d2116f56dc72c6053901
Message-Authenticator = 0x00000000000000000000000000000000 State = 0x983a0f7a9b3e1a9e70d1786f6677e705 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0, length=278 Cleaning up request 13 ID 0 with timestamp +49 User-Name = "anonymous" NAS-IP-Address = 10.0.0.1 Called-Station-Id = "ac9e17bd7668" Calling-Station-Id = "2c0e3d040b41" NAS-Identifier = "ac9e17bd7668" NAS-Port = 14 Framed-MTU = 1400 State = 0x983a0f7a9b3e1a9e70d1786f6677e705 NAS-Port-Type = Wireless-802.11 EAP-Message =
0x0204008f15001703030084000000000000000181f59453f45ff9351d0eb09f8559ad492ab457ecade0e6c6c30f1a8e547e2dd5f00316175c390c1f26d1aaa61eaa1a25735804b47041bede97df420c9eef1e806739cc77f680dbca690661abb5c7e3d19a7dc4f892452d4a704a7f7bd4d89fd81f982735b50be5c35f6f0b45d340a01c9384319974ad53e68a8fcf73
Message-Authenticator = 0x6f40d71d85b6f299fd688e265aa1ce7a # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "anonymous", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 143 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< Unknown TLS version [length 0005] [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Tunneled challenge is incorrect [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2 port 14 cli 2c0e3d040b41) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +group REJECT { [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 14 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 14 Sending Access-Reject of id 0 to 10.0.2.2 port 37101 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 14 ID 0 with timestamp +49 Ready to process requests.
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
elias.naslund@skf.com -
Fajar A. Nugraha