WPA authentication works but take very log time
Hi all, I'm using freeradius 1.1.3 with PEAP and EAP-TTLS,the authentication using MacOS works but the time spent from when the client insert username and password until the moment when the user is authenticated (and obtains the IP address) is very long, about 2 minutes. Is normal that authentication using WPA takes all this time? The access point is configured for using WPA-Auto-Enterprise, *Auto* means that WPA1 and WPA2 are simultaneously supported. What could be the problem? I attach the log of the first 6 request reveiced by radius server: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.181.1:1025, id=0, length=118 User-Name = "prof1" EAP-Message = 0x0209000a0170726f6631 Message-Authenticator = 0x47215532a35576a17075df36ea3fc3ff Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 0.0.0.0 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 9 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/PASSWORD to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 0 to 192.168.181.1 port 1025 Filter-Id = "98" EAP-Message = 0x010a00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf2ead6bbb34d175655fd95e278883608 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.181.1:1025, id=1, length=244 User-Name = "prof1" State = 0xf2ead6bbb34d175655fd95e278883608 EAP-Message = 0x020a007619800000006c1603010067010000630301452f7605313cb910fc0c748bee9e7303122d4eefc3f3f3d066ffa7c86aad849400003c002f000500040035000aff830009ff82000300080006ff8000320033003400380039003a0016001500140013001200110018001b001a0017001900010100 Message-Authenticator = 0x89fa580ba955c11374b1a25b81e0cfc0 Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 0.0.0.0 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 10 length 118 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0067], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06ae], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 1 to 192.168.181.1 port 1025 Filter-Id = "98" EAP-Message = 0x010b040a19c00000070b160301004a020000460301452f73845ecfbd990214a4bc2aac91caf9f2d7d7f8afc67fb85ebf7d8b966cae203b42eff3d0b3427553ddeccc6c33559c5a4d85824ce584ea261d7d5b031fd772002f0016030106ae0b0006aa0006a70002d5308202d13082023aa003020102020900c15c0043e46eeae0300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b30190603550403131243 EAP-Message = 0x6c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3036313031323134323031375a170d3037313031323134323031375a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f3119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886 EAP-Message = 0xf70d010101050003818d0030818902818100c60af01facdb1bbf0dfcf9693f1db7b7abb6905261ddac50b3594df62ceabe39a5f931dd97f2521f754cd66c39f8f37b1149a26d74af49b4eeb7bc930839ab9dc93595f181170600c1aefc24e028b41431259e61e679ade357f82ae8e7f554ec5c572151fa0c4c583d794769cb98867bcde07335ac95c94be9561fb2de82563d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009d6536d8cb33f8365fd61bc062a6d6f706cddc11063d84ef4b6ae543dd18d15eef5c1c273403f4c466d890bb55e1bbbf29f38f511554831cb460 EAP-Message = 0xdb90ea3c4fa657556e3bf1bbb86b1f5bceadb472663b26dd17fd83ac2db439b0f185605d909a3fcd3d31f85096bd14e415dcce5fcc298776bbe82baa28b408abcbc5225f102e0003cc308203c830820331a003020102020900c15c0043e46eeade300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109 EAP-Message = 0x011612636c69656e74406578616d706c652e636f6d30 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe6b27ea77d5f7f7e2e7eed00e391d699 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.181.1:1025, id=2, length=132 User-Name = "prof1" State = 0xe6b27ea77d5f7f7e2e7eed00e391d699 EAP-Message = 0x020b00061900 Message-Authenticator = 0xd4919c23bdfa2c0da7c7c5eae824fee3 Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 0.0.0.0 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 2 to 192.168.181.1 port 1025 Filter-Id = "98" EAP-Message = 0x010c031119001e170d3036313031323134323031335a170d3038313031313134323031335a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d1834676843139241f85b29b130df7eade2392a6f86ce3b912 EAP-Message = 0x0ca3a35399e73d2b3148b8decb8914a41ae016625a6d93b4266ad18023b924aa4b5ae13bd7d9cfff0fc885d7523163d3904e434c7fae94b82b1474cd318c0c88af5db0cab240c4c7be02f527bf766420266bff30a2a572de64507f01ee9e35283a7022370429a30203010001a382010830820104301d0603551d0e041604142f4a965f7d02a211a01c6062f921e94c7c3978e53081d40603551d230481cc3081c980142f4a965f7d02a211a01c6062f921e94c7c3978e5a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a EAP-Message = 0x130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820900c15c0043e46eeade300c0603551d13040530030101ff300d06092a864886f70d01010405000381810018230a55e71091a68331acbbdc7c440fedc00bdca273904f8abb0f89eece7b7788691cd225b6f79ed7938b9b6c3bc065a9673db78fad613669252f435b9d41b9003fb953d87d6152df09ce6fce19c7960d9e718c81455543cee043c5f00206f7afd633ad017ee4c5c7d6162f434476 EAP-Message = 0x5d21f4f6fd18a48d99efd1cb23d17c76ef16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf14b23ccd4c45124c6e5320c622235f2 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.181.1:1025, id=3, length=334 User-Name = "prof1" State = 0xf14b23ccd4c45124c6e5320c622235f2 EAP-Message = 0x020c00d01980000000c61603010086100000820080437ee99641df7b85d38c6a95ba9e7d911c8dbfcc1b035620620a9481f82cb986ccd75d0452b63fd5905f0d49630b8bff4afb6b76e35daf8de34a070cda7213a134b4eca6757b317f8ebb0d7add5bb72a4901fecf7f88a891fe7b85d98b6ff328a47d331e286cafe41ae105b5aba85111fda0dce7a1b7feb502de87533331af1414030100010116030100306221375b87fb3d5948c3e166618d70c4f1821bcd863c47c881709d9176c62acc0c3fac42360e903720aa7c1669b32dd7 Message-Authenticator = 0xed94ea2addc0877663fde48fd5e56483 Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 0.0.0.0 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 12 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 3 to 192.168.181.1 port 1025 Filter-Id = "98" EAP-Message = 0x010d00411900140301000101160301003087c4ab9d0f24aad9488721859e6a1f607c46904434a9b621144ca3eb89abf849fa2d236b4ff61049cc2f1c8c6fd1cbd1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x98856ee470e0bab5d1015e5d60c960cb Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.181.1:1025, id=4, length=132 User-Name = "prof1" State = 0x98856ee470e0bab5d1015e5d60c960cb EAP-Message = 0x020d00061900 Message-Authenticator = 0xb08f4115756307c359bc2d3549e1f731 Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 0.0.0.0 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 13 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 4 to 192.168.181.1 port 1025 Filter-Id = "98" EAP-Message = 0x010e005019001703010020df6c57b1bcf1782bd9862d6a0507f81ef61382b636f7a6ddb2d0c28f59aea56f17030100208443325c28a58f1c78683974be9ccf95ae3c251f83325a13d7ddc462856533a1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x25e9776bc898a883cc3e2156d2e0ab81 Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.181.1:1025, id=5, length=169 User-Name = "prof1" State = 0x25e9776bc898a883cc3e2156d2e0ab81 EAP-Message = 0x020e002b190017030100200d0606914cf82fafdfcb8a2c3b5ab15e1d782e12a618c1ea941b7470e88e70d7 Message-Authenticator = 0xec6ee1738fa9e30a0e206c0b3fcfad5f Calling-Station-Id = "00-17-F2-44-11-C2" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 0.0.0.0 NAS-Identifier = "14" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 14 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - prof1 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of prof1 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to prof1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "prof1" rlm_realm: Proxying request from user prof1 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 14 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::groupcmp: Group student not found ????or user not a member rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "files" returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-05-5D-25-12-5B & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-0B-6B-4A-22-E8 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-17-F2-44-11-C2 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11 rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2 modcall[authorize]: module "checkval" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 5 to 192.168.181.1 port 1025 Filter-Id = "98" EAP-Message = 0x010f006019001703010020abb5c2709adb9749c495c5e251cebc0cb4de8b227f0ee940a8e1981e2fc4c73d170301003011bec337b557e06ad6b2ce7e47c5917b4e3d9c3137dfc692e712617208c7010a0da488579d0235ce6d50519bf7393b7c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5612e1c4a3445c7c3e12f391f8345b6d Finished request 6 Thanks in advance Best Regards, Giusy
Hi, On 10/13/06, Giuseppina Venezia <giusy.venezia@gmail.com> wrote:
Hi all, I'm using freeradius 1.1.3 with PEAP and EAP-TTLS,the authentication using MacOS works but the time spent from when the client insert username and password until the moment when the user is authenticated
Sorry, I don't understand "...when the client insert..." fully. Do you mean the time the user actually enters those to some dialog? Maybe it would be helpful if you added another -x to the invocation of freeradius to obtain time stamps in the debug log.
I attach the log of the first 6 request reveiced by radius server:
As I told you in another thread, those first 6 requests are part of the ongoing EAP negotiation. To sort out any timing problems it would be helpful to show the log at least up to the point when the server sends either Access-Accept or Access-Reject. regards K. Hoercher
participants (2)
-
Giuseppina Venezia -
K. Hoercher