Mac PEAP authentication with FreeRADIUS Pre2.0
Resending First two were too big I've been testing with FreeRADIUS 2.0 Pre (CVS nightly snapshots, this one dated the either the 12th or the 16th of January, can't remember.) When I use a windows machine, it works fine. When I try a Mac (PowerMac 10.4.8, but have tried also on 10.3.x), it seems to not work. The Mac throws an error "802.1x Authentication has failed." Here's the debug. Server is using ntlm_auth to talk to active directory. PEAP and TTLS are enabled, using a trusted root certificate issued via Equifax. Mac is configured only to perform PEAP I'm running a server on 1.0.4, with virtually the identical config. (only difference is I changed certificates, and commented out the Port and Address directives, and configured the Listen section), and the MAC works fine. Any idea's? rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=165, length=171 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0201000a016d6b696e67 Message-Authenticator = 0xc7a736e44368def56d66ca97def52e66 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall[authorize]: module "unix" returns notfound for request 0 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall[authorize]: module "files" returns noop for request 0 modcall[authorize]: module "expiration" returns noop for request 0 modcall[authorize]: module "logintime" returns noop for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 165 to 10.0.1.22 port 32769 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd5b7f711e4e5f357067fd5227bb9469b Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=166, length=297 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0202007619800000006c160301006701000063030145c0cf0d28e2df34bc54f46575ef c682373748ed7736d3b232bacf977c1139d200003c002f000500040035000aff830009ff 82000300080006ff8000320033003400380039003a001600150014001300120011001800 1b001a0017001900010100 State = 0xd5b7f711e4e5f357067fd5227bb9469b Message-Authenticator = 0xffa4f10599a73d7d9b2ea7c7a026877d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall[authorize]: module "unix" returns notfound for request 1 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 118 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall[authorize]: module "files" returns noop for request 1 modcall[authorize]: module "expiration" returns noop for request 1 modcall[authorize]: module "logintime" returns noop for request 1 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0067], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0f42], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 166 to 10.0.1.22 port 32769 EAP-Message = 0x0103040a19c000000f9f160301004a02000046030145c0cdfb13b32b7a4673263263b3 c5c468cb8bf6ea744368e05f9c6dcfc1accc20b6a3638e33dfea10a399d3ffed143abad5 128f2976e995e0678b05b4e328b876002f001603010f420b000f3e000f3b00068d308206 89308205f2a0030201020203009187300d06092a864886f70d010105050030820112310b 3009060355040613024553311230100603550408130942617263656c6f6e613112301006 03550407130942617263656c6f6e6131293027060355040a132049505320436572746966 69636174696f6e20417574686f7269747920732e6c2e312e302c060355040a142567656e 6572 EAP-Message = 0x616c4069707363612e636f6d20432e492e462e2020422d423632323130363935312e30 2c060355040b1325697073434120434c41534541312043657274696669636174696f6e20 417574686f72697479312e302c06035504031325697073434120434c4153454131204365 7274696669636174696f6e20417574686f726974793120301e06092a864886f70d010901 161167656e6572616c4069707363612e636f6d301e170d3036303530343232313331345a 170d3038303530333232313331345a3081c3310b30090603550406130255533116301406 03550408130d4d617373616368757365747473311430120603550407130b427269646765 7761 EAP-Message = 0x74657231223020060355040a1319427269646765776174657220537461746520436f6c 6c656765311b3019060355040b131254656c65636f6d6d756e69636174696f6e73312030 1e06035504031317726164322e63616d7075732e627269646765772e6564753123302106 092a864886f70d010901161474656c65636f6d6d40627269646765772e65647530819f30 0d06092a864886f70d010101050003818d0030818902818100bafacc8f16e6686769b809 7698e2aeef926367d3d91ab2eb0110ca80f484c9c0ca3ce4eb11e92ffc968e9b585444c9 557738f9ae5839a7b1d10ece940548abb5def53f18be41dc5a5c83a0011481450cfeafcd 7a7e EAP-Message = 0xd7ff87eb7e1ca346ee2a361e8093b98ba19c272f43d213c7d3f58847e6709ef86714eb f0736a01d0f4c44d0203010001a38203373082033330090603551d130402300030110609 6086480186f8420101040403020640300b0603551d0f0404030203f830130603551d2504 0c300a06082b06010505070301301d0603551d0e04160414788bb22abb6e8a41d4a35b01 66a8047f0746d9b7301f0603551d230418301680140e0760d439c91b5b5d907b23c8d234 9d4a9a4639301f0603551d1104183016811474656c65636f6d6d40627269646765772e65 6475301c0603551d1204153013811167656e6572616c4069707363612e636f6d30720609 6086 EAP-Message = 0x480186f842010d046516634f7267616e697a6174696f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd81ec1bb27d01b67ec3eaf8c75a12379 Finished request 1 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=167, length=185 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020300061900 State = 0xd81ec1bb27d01b67ec3eaf8c75a12379 Message-Authenticator = 0x114ab155d61d2e0fa003a1d0db140f25 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall[authorize]: module "unix" returns notfound for request 2 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 modcall[authorize]: module "files" returns noop for request 2 modcall[authorize]: module "expiration" returns noop for request 2 modcall[authorize]: module "logintime" returns noop for request 2 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 167 to 10.0.1.22 port 32769 EAP-Message = 0x0104040619406e20496e666f726d6174696f6e204e4f542056414c4944415445442e20 434c41534541312053657276657220436572746966696361746520697373756564206279 2068747470733a2f2f7777772e69707363612e636f6d2f302f06096086480186f8420102 0422162068747470733a2f2f7777772e69707363612e636f6d2f6970736361323030322f 304306096086480186f84201040436163468747470733a2f2f7777772e69707363612e63 6f6d2f6970736361323030322f697073636132303032434c41534541312e63726c304606 096086480186f84201030439163768747470733a2f2f7777772e69707363612e636f6d2f 6970 EAP-Message = 0x736361323030322f7265766f636174696f6e434c41534541312e68746d6c3f30430609 6086480186f84201070436163468747470733a2f2f7777772e69707363612e636f6d2f69 70736361323030322f72656e6577616c434c41534541312e68746d6c3f30410609608648 0186f84201080434163268747470733a2f2f7777772e69707363612e636f6d2f69707363 61323030322f706f6c696379434c41534541312e68746d6c3081830603551d1f047c307a 3039a037a0358633687474703a2f2f7777772e69707363612e636f6d2f69707363613230 30322f697073636132303032434c41534541312e63726c303da03ba0398637687474703a 2f2f EAP-Message = 0x7777776261636b2e69707363612e636f6d2f6970736361323030322f69707363613230 3032434c41534541312e63726c303206082b0601050507010104263024302206082b0601 05050730018616687474703a2f2f6f6373702e69707363612e636f6d2f300d06092a8648 86f70d0101050500038181002f3dd42c1e10181bdd0c69894e19e045c958fd430fc2fd52 9a6c0c19db08b7df43ee5b948d26f7dbcfe04d0ae488f7ecee9dbedc296722a33c0d0291 c1244aa67c913c4e2fe2cae9087971f71e42f5da2fb52f5288ed6d4ed3e5b47165d4ba89 fd3a37d2fd6de04ad2ac3bb0873f97626c50338a20d91ea129be3539037cf4e80005ea30 8205 EAP-Message = 0xe63082054fa0030201020203009018300d06092a864886f70d01010505003081a3310b 3009060355040613024553311230100603550408130942415243454c4f4e413112301006 03550407130942415243454c4f4e4131193017060355040a131049505320536567757269 64616420434131183016060355040b130f43657274696669636163696f6e657331173015 0603550403130e495053205345525649444f524553311e301c06092a864886f70d010901 160f697073406d61696c2e6970732e6573301e170d3031313233303133333631315a170d 3235313232393133333631315a30820112310b3009060355040613024553311230100603 5504 EAP-Message = 0x08130942617263656c6f6e61311230100603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf1011404227a553879fda99e0ed324dd Finished request 2 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=168, length=185 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020400061900 State = 0xf1011404227a553879fda99e0ed324dd Message-Authenticator = 0x6c51c58fbb55463f18efc0de6c491d1c Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 modcall[authorize]: module "unix" returns notfound for request 3 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 modcall[authorize]: module "files" returns noop for request 3 modcall[authorize]: module "expiration" returns noop for request 3 modcall[authorize]: module "logintime" returns noop for request 3 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 168 to 10.0.1.22 port 32769 EAP-Message = 0x010504061940550407130942617263656c6f6e6131293027060355040a132049505320 43657274696669636174696f6e20417574686f7269747920732e6c2e312e302c06035504 0a142567656e6572616c4069707363612e636f6d20432e492e462e2020422d4236323231 30363935312e302c060355040b1325697073434120434c41534541312043657274696669 636174696f6e20417574686f72697479312e302c06035504031325697073434120434c41 534541312043657274696669636174696f6e20417574686f726974793120301e06092a86 4886f70d010901161167656e6572616c4069707363612e636f6d30819f300d06092a8648 86f7 EAP-Message = 0x0d010101050003818d0030818902818100a6f57366361da32f4fad2ad8ef0ca64befa7 1bacf7f246171bb202ab3e11898c6aa80fd8631499d71fbcb22768026ef43089ebadeb41 dcb44206fa481f138c64df872dc714d4a783e4723b32ead34d793165050933812b6ee636 ad211133362b68cabe432c37b73d69163be59dbe32a7d5df4a80fcda7370aad928822f68 bbb10203010001a38202b4308202b0300c0603551d13040530030101ff30110609608648 0186f8420101040403020007300c0603551d0f0405030307ff80306b0603551d25046430 6206082b0601050507030106082b0601050507030206082b0601050507030306082b0601 0505 EAP-Message = 0x07030406082b06010505070308060a2b060104018237020115060a2b06010401823702 0116060a2b0601040182370a0301060a2b0601040182370a0304301d0603551d0e041604 140e0760d439c91b5b5d907b23c8d2349d4a9a46393081ba0603551d230481b23081afa1 81a9a481a63081a3310b3009060355040613024553311230100603550408130942415243 454c4f4e41311230100603550407130942415243454c4f4e4131193017060355040a1310 4950532053656775726964616420434131183016060355040b130f436572746966696361 63696f6e6573311730150603550403130e495053205345525649444f524553311e301c06 092a EAP-Message = 0x864886f70d010901160f697073406d61696c2e6970732e6573820100301c0603551d11 04153013811167656e6572616c4069707363612e636f6d30090603551d12040230003043 06096086480186f842010d04361634434c41534541312043412043657274696669636174 65206973737565642062792068747470733a2f2f7777772e6970732e65732f3022060960 86480186f84201020415161368747470733a2f2f7777772e6970732e65732f3073060355 1d1f046c306a3031a02fa02d862b68747470733a2f2f7777772e6970732e65732f63726c 2f6970735345525649444f52455363726c2e63726c3035a033a031862f68747470733a2f 2f77 EAP-Message = 0x77776261636b2e6970732e65732f63726c2f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5bd47dd150af5009605cdacc8a33cfae Finished request 3 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=169, length=185 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020500061900 State = 0x5bd47dd150af5009605cdacc8a33cfae Message-Authenticator = 0xca319b1b087d5867f43ca2a3d436e6a0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 modcall[authorize]: module "unix" returns notfound for request 4 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall[authorize]: module "files" returns noop for request 4 modcall[authorize]: module "expiration" returns noop for request 4 modcall[authorize]: module "logintime" returns noop for request 4 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 169 to 10.0.1.22 port 32769 EAP-Message = 0x010603a519006970735345525649444f52455363726c2e63726c302f06082b06010505 07010104233021301f06082b060105050730018613687474703a2f2f6f6373702e697073 2e45532f300d06092a864886f70d01010505000381810027054a0c74c9145dc875c8deee 890c631e1f0184c702cb19d791c8dd3ecfb0c8f3f592b5548254621f32eb80a17d56f1e4 e7285926a47df0ca2d31c6c9f3709dc1cf5e26a4efb212e788e81985ed80e43902688763 a9133c6cf5456a22ce9656075fa6a3ee370a6e928b9e40de143019289390b7f3fcb54ef2 f7960ebb1094d40002bb308202b730820220020100300d06092a864886f70d0101040500 3081 EAP-Message = 0xa3310b3009060355040613024553311230100603550408130942415243454c4f4e4131 1230100603550407130942415243454c4f4e4131193017060355040a1310495053205365 6775726964616420434131183016060355040b130f43657274696669636163696f6e6573 311730150603550403130e495053205345525649444f524553311e301c06092a864886f7 0d010901160f697073406d61696c2e6970732e6573301e170d3938303130313233323130 375a170d3039313232393233323130375a3081a3310b3009060355040613024553311230 100603550408130942415243454c4f4e41311230100603550407130942415243454c4f4e 4131 EAP-Message = 0x193017060355040a13104950532053656775726964616420434131183016060355040b 130f43657274696669636163696f6e6573311730150603550403130e4950532053455256 49444f524553311e301c06092a864886f70d010901160f697073406d61696c2e6970732e 657330819f300d06092a864886f70d010101050003818d0030818902818100ac4f52749f 39ea8edc25c4bc985d986424093c21b3cc19b58e948e87d1f8373ea1c82d58a480355ba1 756c1d450c1f61636a5e6f9b0a4cc1c8b861233581fffeac78702d68e13a0798950254dd cd23b78053d7c8374572062412ba1361218a6e7528e0c50f34fd36d8457fe1b836efb3e1 c620 EAP-Message = 0x8ee8b438bce13ef611de8c9d010203010001300d06092a864886f70d01010405000381 81002cf3c3795824dec63bd1e04269b8ee64b33d6201b9b384df237ddd98cf10a9fe00d8 22960513075457c5a7decbd9b88842f699db14771fb6fe253de1a23e03a981d22d6c47f5 96468c22abc8cc0d0e975e8b41b43bc40a06401ddd46f401ddba822e3c3d78709e7c18d0 abf8b877074671f1ca0b635c6af97294d5014fa0db4216030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xabf70c773528c0d794f6cd39da918c4f Finished request 4 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=170, length=387 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020600d01980000000c616030100861000008200804b2ceb2529d0338f2a0b8feececa 1d5a6fe6a1a15b2e21d1f9459fec741912eb395dee2fc21372761b38aca6cd69639a3307 f8e2929083b7b05f083acaa72e73fa02e0adab2764ea6fe3900127ad8eb936fe4cbf6f27 d1bda28396d98a3b158ad1a81c890ef2d7f25279d2e3026636ba53e4e3d48161a5b4f88d 64596eb714641403010001011603010030d1e1eac0b2617cab5f73cd22e40e2ecede9002 89770803dbb96cc5bdabc098307884f4058bc98dbc2365a0eeba5011ec State = 0xabf70c773528c0d794f6cd39da918c4f Message-Authenticator = 0x964e45b9956ba62639699f1be699f5a1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 modcall[authorize]: module "unix" returns notfound for request 5 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall[authorize]: module "files" returns noop for request 5 modcall[authorize]: module "expiration" returns noop for request 5 modcall[authorize]: module "logintime" returns noop for request 5 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 170 to 10.0.1.22 port 32769 EAP-Message = 0x0107004119001403010001011603010030ad0db85f0a6ae2f1442b0f5cede52e87b536 3f91a97648ce79527519be374d9c75e4deaae32cc4ab21bc8b878be20f9a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8e85eaecc8226fe211c2fe676acabbab Finished request 5 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=171, length=185 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020700061900 State = 0x8e85eaecc8226fe211c2fe676acabbab Message-Authenticator = 0xec37697dac66fd504b727c9614b5e4bd Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 modcall[authorize]: module "unix" returns notfound for request 6 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall[authorize]: module "files" returns noop for request 6 modcall[authorize]: module "expiration" returns noop for request 6 modcall[authorize]: module "logintime" returns noop for request 6 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 171 to 10.0.1.22 port 32769 EAP-Message = 0x0108002b190017030100202932520c3037cd7231c9e4c29bd5d8178f7161d5defa1c90 95e58a8799b06bcc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4031f009ed451856af719c2e10ecb267 Finished request 6 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=172, length=222 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0208002b19001703010020badeca3e86dbf680d2b4062642dbb19cf5de37a53fa5ea82 cc655ffcdd62abe9 State = 0x4031f009ed451856af719c2e10ecb267 Message-Authenticator = 0x86a0512096f9f123c88beab135960e10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 modcall[authorize]: module "unix" returns notfound for request 7 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall[authorize]: module "files" returns noop for request 7 modcall[authorize]: module "expiration" returns noop for request 7 modcall[authorize]: module "logintime" returns noop for request 7 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - mking rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0208000a016d6b696e67 PEAP: Got tunneled identity of mking PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to mking PEAP: Sending tunneled request EAP-Message = 0x0208000a016d6b696e67 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 modcall[authorize]: module "unix" returns notfound for request 7 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall[authorize]: module "files" returns noop for request 7 modcall[authorize]: module "expiration" returns noop for request 7 modcall[authorize]: module "logintime" returns noop for request 7 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x0109001f1a0109001a1028bf33c556e4cdfa81a11bad54fdf8d76d6b696e67 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd87f3ad01d5221db60e68f86307dd262 PEAP: Processing from tunneled session code 0x819c8b8 11 EAP-Message = 0x0109001f1a0109001a1028bf33c556e4cdfa81a11bad54fdf8d76d6b696e67 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd87f3ad01d5221db60e68f86307dd262 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 Sending Access-Challenge of id 172 to 10.0.1.22 port 32769 EAP-Message = 0x0109003b19001703010030189705fc9c090c645a4b12723c7a5b55a4ddf3e91433cbfa 3d977ba7edb7f43db02190855ba535e1bbb1e9440c0320a2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x19165309aec39877b5010bb47b6dabdc Finished request 7 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=173, length=286 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0209006b190017030100608b0cb604ffd82e64496d5262cbcb1b171cce66fe9b6175f9 cea8f9a47ee102c0b35de4a50abd22a5288ba4ddf84f09f98fe72f921b8a7f609729f574 292b6ee3cae4533c4cdca8a5508761b7d28d5eeab872458ea7689d7c39feff98daa95089 State = 0x19165309aec39877b5010bb47b6dabdc Message-Authenticator = 0x495f607941b37fe4a9319edfe2e5efd8 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 modcall[authorize]: module "unix" returns notfound for request 8 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 9 length 107 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 modcall[authorize]: module "files" returns noop for request 8 modcall[authorize]: module "expiration" returns noop for request 8 modcall[authorize]: module "logintime" returns noop for request 8 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020900401a0209003b3175ee2ca867b01ee62b08d3297296360f000000000000000043 aed21fe3ad224567fa7bf4ee4761bce44d01cf2f2e3511006d6b696e67 PEAP: Setting User-Name to mking PEAP: Adding old state with ffffffd8 7f PEAP: Sending tunneled request EAP-Message = 0x020900401a0209003b3175ee2ca867b01ee62b08d3297296360f000000000000000043 aed21fe3ad224567fa7bf4ee4761bce44d01cf2f2e3511006d6b696e67 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mking" State = 0xd87f3ad01d5221db60e68f86307dd262 Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 modcall[authorize]: module "unix" returns notfound for request 8 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 9 length 64 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 modcall[authorize]: module "files" returns noop for request 8 modcall[authorize]: module "expiration" returns noop for request 8 modcall[authorize]: module "logintime" returns noop for request 8 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 8 rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=mking' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 28 radius_xlat: '--challenge=3a624fb67f99b29b' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=43aed21fe3ad224567fa7bf4ee4761bce44d01cf2f2e3511' Exec-Program output: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B Exec-Program-Wait: plaintext: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 8 modcall: group MS-CHAP returns ok for request 8 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8 PEAP: Got tunneled reply RADIUS code 11 MS-CHAP2-Success = 0x09533d3764626163383663653431383862646432623465643561613932663964326232 3965333264323661 EAP-Message = 0x010a00331a0309002e533d376462616338366365343138386264643262346564356161 39326639643262323965333264323661 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x661907626e9bc3903f8855d75ffb125c PEAP: Processing from tunneled session code 0x819c8f8 11 MS-CHAP2-Success = 0x09533d3764626163383663653431383862646432623465643561613932663964326232 3965333264323661 EAP-Message = 0x010a00331a0309002e533d376462616338366365343138386264643262346564356161 39326639643262323965333264323661 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x661907626e9bc3903f8855d75ffb125c PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8 Sending Access-Challenge of id 173 to 10.0.1.22 port 32769 EAP-Message = 0x010a005b19001703010050fa0f4abe4222911637afbdd93ec080aade40e3272ef0e89b 243c5f133170592145f6cd4d83d612798a39862b49e8b0edf16b5f47fa5ad7ed0328bef7 9e45fb733f651fa130983909ea51533590ba83ac Message-Authenticator = 0x00000000000000000000000000000000 State = 0x912a43506650f048b5c3ab58788a0740 Finished request 8 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 168 with timestamp 45c0cdfb Cleaning up request 1 ID 166 with timestamp 45c0cdfb Cleaning up request 7 ID 172 with timestamp 45c0cdfb Cleaning up request 6 ID 171 with timestamp 45c0cdfb Cleaning up request 8 ID 173 with timestamp 45c0cdfb Cleaning up request 0 ID 165 with timestamp 45c0cdfb Cleaning up request 2 ID 167 with timestamp 45c0cdfb Cleaning up request 5 ID 170 with timestamp 45c0cdfb Cleaning up request 4 ID 169 with timestamp 45c0cdfb Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=174, length=171 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0201000a016d6b696e67 Message-Authenticator = 0xfa067bd05064fe513e0bf8bd5b003ff6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 modcall[authorize]: module "unix" returns notfound for request 9 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 1 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 modcall[authorize]: module "files" returns noop for request 9 modcall[authorize]: module "expiration" returns noop for request 9 modcall[authorize]: module "logintime" returns noop for request 9 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 9 modcall: group authorize returns updated for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 9 modcall: group authenticate returns handled for request 9 Sending Access-Challenge of id 174 to 10.0.1.22 port 32769 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x24724d168a5718e218473bb54a5fd416 Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=175, length=329 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0202009619800000008c160301008701000083030145c0cf14396b1b500fe7f47427e3 42a016f21632822c80e7e79dd4a30bd9b3e020b6a3638e33dfea10a399d3ffed143abad5 128f2976e995e0678b05b4e328b876003c002f000500040035000aff830009ff82000300 080006ff8000320033003400380039003a0016001500140013001200110018001b001a00 17001900010100 State = 0x24724d168a5718e218473bb54a5fd416 Message-Authenticator = 0x581cf38304e97e7b1a3cd633a7a0c249 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 modcall[authorize]: module "chap" returns noop for request 10 modcall[authorize]: module "mschap" returns noop for request 10 modcall[authorize]: module "unix" returns notfound for request 10 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 10 rlm_eap: EAP packet type response id 2 length 150 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 10 modcall[authorize]: module "files" returns noop for request 10 modcall[authorize]: module "expiration" returns noop for request 10 modcall[authorize]: module "logintime" returns noop for request 10 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 10 modcall: group authorize returns updated for request 10 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0087], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read finished A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 10 modcall: group authenticate returns handled for request 10 Sending Access-Challenge of id 175 to 10.0.1.22 port 32769 EAP-Message = 0x010300901900160301004a02000046030145c0ce02d3ae13b4cc3889bfd36dba09b790 baf8d03b7568a086991c5493d0df20b6a3638e33dfea10a399d3ffed143abad5128f2976 e995e0678b05b4e328b876002f00140301000101160301003099f88cf3b67be829069cc7 13fa151f2f5a4b6178922c3680a6703872d7455ef75b9d56386f3286148c3052bba0e7d4 86 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa1d5f920a97340ec230fdd136023bf9a Finished request 10 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=176, length=248 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0203004519800000003b1403010001011603010030694f21d4ad9008657a4965896d73 611950e66bb3865d53634a8b9119d0fa07b669e3130a2e071763ae171143574777f5 State = 0xa1d5f920a97340ec230fdd136023bf9a Message-Authenticator = 0xd5bc7460d68f267e04b796decdf6e99a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 modcall[authorize]: module "preprocess" returns ok for request 11 modcall[authorize]: module "chap" returns noop for request 11 modcall[authorize]: module "mschap" returns noop for request 11 modcall[authorize]: module "unix" returns notfound for request 11 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 11 rlm_eap: EAP packet type response id 3 length 69 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 11 modcall[authorize]: module "files" returns noop for request 11 modcall[authorize]: module "expiration" returns noop for request 11 modcall[authorize]: module "logintime" returns noop for request 11 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 11 modcall: group authorize returns updated for request 11 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 11 modcall: group authenticate returns reject for request 11 auth: Failed to validate the user. Login incorrect: [mking] (from client BUWiSM-2-2 port 29 cli 00-0D-93-EA-89-06) Found Post-Auth-Type Processing the post-auth section of radiusd.conf modcall: entering group REJECT for request 11 radius_xlat: 'mking' attr_filter: Matched entry DEFAULT at line 11 modcall[post-auth]: module "attr_filter.access_reject" returns updated for request 11 modcall: group REJECT returns updated for request 11 Delaying request 11 for 1 seconds Finished request 11 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=176, length=248 Delaying request 11 for 1 seconds --- Walking the entire request list --- Sending Access-Reject of id 176 to 10.0.1.22 port 32769 EAP-Message = 0x04030004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 10 ID 175 with timestamp 45c0ce02 Cleaning up request 9 ID 174 with timestamp 45c0ce02 Cleaning up request 11 ID 176 with timestamp 45c0ce02 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=177, length=171 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0205000a016d6b696e67 Message-Authenticator = 0xda6e5910dcdd563176f0c096a36ccb5a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 modcall[authorize]: module "preprocess" returns ok for request 12 modcall[authorize]: module "chap" returns noop for request 12 modcall[authorize]: module "mschap" returns noop for request 12 modcall[authorize]: module "unix" returns notfound for request 12 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 12 rlm_eap: EAP packet type response id 5 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 12 modcall[authorize]: module "files" returns noop for request 12 modcall[authorize]: module "expiration" returns noop for request 12 modcall[authorize]: module "logintime" returns noop for request 12 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 12 modcall: group authorize returns updated for request 12 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 12 modcall: group authenticate returns handled for request 12 Sending Access-Challenge of id 177 to 10.0.1.22 port 32769 EAP-Message = 0x010600061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1a75f507cab69b2cdfbe5823de71edbc Finished request 12 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=178, length=329 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0206009619800000008c160301008701000083030145c0cf1c97d2dd0186cc6a642369 23a311dbb37d2878b3389e97e707b02b642520b6a3638e33dfea10a399d3ffed143abad5 128f2976e995e0678b05b4e328b876003c002f000500040035000aff830009ff82000300 080006ff8000320033003400380039003a0016001500140013001200110018001b001a00 17001900010100 State = 0x1a75f507cab69b2cdfbe5823de71edbc Message-Authenticator = 0x1db5e2ae92ed0aae82bde7920c3986bb Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 modcall[authorize]: module "chap" returns noop for request 13 modcall[authorize]: module "mschap" returns noop for request 13 modcall[authorize]: module "unix" returns notfound for request 13 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 13 rlm_eap: EAP packet type response id 6 length 150 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 modcall[authorize]: module "files" returns noop for request 13 modcall[authorize]: module "expiration" returns noop for request 13 modcall[authorize]: module "logintime" returns noop for request 13 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 13 modcall: group authorize returns updated for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0087], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0f42], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 13 modcall: group authenticate returns handled for request 13 Sending Access-Challenge of id 178 to 10.0.1.22 port 32769 EAP-Message = 0x0107040a19c000000f9f160301004a02000046030145c0ce0a30b2b9e76f88557fd122 3e643237e35b67de5b5c3e2e462c08d9dc6e206b7c1c9675af99048c4d30ae9bcfe1b92c 69ae4bc4ed22bad08580bf220f94f1002f001603010f420b000f3e000f3b00068d308206 89308205f2a0030201020203009187300d06092a864886f70d010105050030820112310b 3009060355040613024553311230100603550408130942617263656c6f6e613112301006 03550407130942617263656c6f6e6131293027060355040a132049505320436572746966 69636174696f6e20417574686f7269747920732e6c2e312e302c060355040a142567656e 6572 EAP-Message = 0x616c4069707363612e636f6d20432e492e462e2020422d423632323130363935312e30 2c060355040b1325697073434120434c41534541312043657274696669636174696f6e20 417574686f72697479312e302c06035504031325697073434120434c4153454131204365 7274696669636174696f6e20417574686f726974793120301e06092a864886f70d010901 161167656e6572616c4069707363612e636f6d301e170d3036303530343232313331345a 170d3038303530333232313331345a3081c3310b30090603550406130255533116301406 03550408130d4d617373616368757365747473311430120603550407130b427269646765 7761 EAP-Message = 0x74657231223020060355040a1319427269646765776174657220537461746520436f6c 6c656765311b3019060355040b131254656c65636f6d6d756e69636174696f6e73312030 1e06035504031317726164322e63616d7075732e627269646765772e6564753123302106 092a864886f70d010901161474656c65636f6d6d40627269646765772e65647530819f30 0d06092a864886f70d010101050003818d0030818902818100bafacc8f16e6686769b809 7698e2aeef926367d3d91ab2eb0110ca80f484c9c0ca3ce4eb11e92ffc968e9b585444c9 557738f9ae5839a7b1d10ece940548abb5def53f18be41dc5a5c83a0011481450cfeafcd 7a7e EAP-Message = 0xd7ff87eb7e1ca346ee2a361e8093b98ba19c272f43d213c7d3f58847e6709ef86714eb f0736a01d0f4c44d0203010001a38203373082033330090603551d130402300030110609 6086480186f8420101040403020640300b0603551d0f0404030203f830130603551d2504 0c300a06082b06010505070301301d0603551d0e04160414788bb22abb6e8a41d4a35b01 66a8047f0746d9b7301f0603551d230418301680140e0760d439c91b5b5d907b23c8d234 9d4a9a4639301f0603551d1104183016811474656c65636f6d6d40627269646765772e65 6475301c0603551d1204153013811167656e6572616c4069707363612e636f6d30720609 6086 EAP-Message = 0x480186f842010d046516634f7267616e697a6174696f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x85ef52c407b0ef221d26ef1553bf87d7 Finished request 13 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=179, length=185 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020700061900 State = 0x85ef52c407b0ef221d26ef1553bf87d7 Message-Authenticator = 0x8c605bb8f3971d6d0748003737019319 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 modcall[authorize]: module "chap" returns noop for request 14 modcall[authorize]: module "mschap" returns noop for request 14 modcall[authorize]: module "unix" returns notfound for request 14 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 14 rlm_eap: EAP packet type response id 7 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 modcall[authorize]: module "files" returns noop for request 14 modcall[authorize]: module "expiration" returns noop for request 14 modcall[authorize]: module "logintime" returns noop for request 14 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 14 modcall: group authorize returns updated for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 14 modcall: group authenticate returns handled for request 14 Sending Access-Challenge of id 179 to 10.0.1.22 port 32769 EAP-Message = 0x0108040619406e20496e666f726d6174696f6e204e4f542056414c4944415445442e20 434c41534541312053657276657220436572746966696361746520697373756564206279 2068747470733a2f2f7777772e69707363612e636f6d2f302f06096086480186f8420102 0422162068747470733a2f2f7777772e69707363612e636f6d2f6970736361323030322f 304306096086480186f84201040436163468747470733a2f2f7777772e69707363612e63 6f6d2f6970736361323030322f697073636132303032434c41534541312e63726c304606 096086480186f84201030439163768747470733a2f2f7777772e69707363612e636f6d2f 6970 EAP-Message = 0x736361323030322f7265766f636174696f6e434c41534541312e68746d6c3f30430609 6086480186f84201070436163468747470733a2f2f7777772e69707363612e636f6d2f69 70736361323030322f72656e6577616c434c41534541312e68746d6c3f30410609608648 0186f84201080434163268747470733a2f2f7777772e69707363612e636f6d2f69707363 61323030322f706f6c696379434c41534541312e68746d6c3081830603551d1f047c307a 3039a037a0358633687474703a2f2f7777772e69707363612e636f6d2f69707363613230 30322f697073636132303032434c41534541312e63726c303da03ba0398637687474703a 2f2f EAP-Message = 0x7777776261636b2e69707363612e636f6d2f6970736361323030322f69707363613230 3032434c41534541312e63726c303206082b0601050507010104263024302206082b0601 05050730018616687474703a2f2f6f6373702e69707363612e636f6d2f300d06092a8648 86f70d0101050500038181002f3dd42c1e10181bdd0c69894e19e045c958fd430fc2fd52 9a6c0c19db08b7df43ee5b948d26f7dbcfe04d0ae488f7ecee9dbedc296722a33c0d0291 c1244aa67c913c4e2fe2cae9087971f71e42f5da2fb52f5288ed6d4ed3e5b47165d4ba89 fd3a37d2fd6de04ad2ac3bb0873f97626c50338a20d91ea129be3539037cf4e80005ea30 8205 EAP-Message = 0xe63082054fa0030201020203009018300d06092a864886f70d01010505003081a3310b 3009060355040613024553311230100603550408130942415243454c4f4e413112301006 03550407130942415243454c4f4e4131193017060355040a131049505320536567757269 64616420434131183016060355040b130f43657274696669636163696f6e657331173015 0603550403130e495053205345525649444f524553311e301c06092a864886f70d010901 160f697073406d61696c2e6970732e6573301e170d3031313233303133333631315a170d 3235313232393133333631315a30820112310b3009060355040613024553311230100603 5504 EAP-Message = 0x08130942617263656c6f6e61311230100603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x411b15a2a0f23dca925bb877336883a0 Finished request 14 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=180, length=185 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020800061900 State = 0x411b15a2a0f23dca925bb877336883a0 Message-Authenticator = 0x2667c47e71cb63b6bd60abc6e7e8f5cb Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "mschap" returns noop for request 15 modcall[authorize]: module "unix" returns notfound for request 15 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 15 rlm_eap: EAP packet type response id 8 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 modcall[authorize]: module "files" returns noop for request 15 modcall[authorize]: module "expiration" returns noop for request 15 modcall[authorize]: module "logintime" returns noop for request 15 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 15 modcall: group authorize returns updated for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 15 modcall: group authenticate returns handled for request 15 Sending Access-Challenge of id 180 to 10.0.1.22 port 32769 EAP-Message = 0x010904061940550407130942617263656c6f6e6131293027060355040a132049505320 43657274696669636174696f6e20417574686f7269747920732e6c2e312e302c06035504 0a142567656e6572616c4069707363612e636f6d20432e492e462e2020422d4236323231 30363935312e302c060355040b1325697073434120434c41534541312043657274696669 636174696f6e20417574686f72697479312e302c06035504031325697073434120434c41 534541312043657274696669636174696f6e20417574686f726974793120301e06092a86 4886f70d010901161167656e6572616c4069707363612e636f6d30819f300d06092a8648 86f7 EAP-Message = 0x0d010101050003818d0030818902818100a6f57366361da32f4fad2ad8ef0ca64befa7 1bacf7f246171bb202ab3e11898c6aa80fd8631499d71fbcb22768026ef43089ebadeb41 dcb44206fa481f138c64df872dc714d4a783e4723b32ead34d793165050933812b6ee636 ad211133362b68cabe432c37b73d69163be59dbe32a7d5df4a80fcda7370aad928822f68 bbb10203010001a38202b4308202b0300c0603551d13040530030101ff30110609608648 0186f8420101040403020007300c0603551d0f0405030307ff80306b0603551d25046430 6206082b0601050507030106082b0601050507030206082b0601050507030306082b0601 0505 EAP-Message = 0x07030406082b06010505070308060a2b060104018237020115060a2b06010401823702 0116060a2b0601040182370a0301060a2b0601040182370a0304301d0603551d0e041604 140e0760d439c91b5b5d907b23c8d2349d4a9a46393081ba0603551d230481b23081afa1 81a9a481a63081a3310b3009060355040613024553311230100603550408130942415243 454c4f4e41311230100603550407130942415243454c4f4e4131193017060355040a1310 4950532053656775726964616420434131183016060355040b130f436572746966696361 63696f6e6573311730150603550403130e495053205345525649444f524553311e301c06 092a EAP-Message = 0x864886f70d010901160f697073406d61696c2e6970732e6573820100301c0603551d11 04153013811167656e6572616c4069707363612e636f6d30090603551d12040230003043 06096086480186f842010d04361634434c41534541312043412043657274696669636174 65206973737565642062792068747470733a2f2f7777772e6970732e65732f3022060960 86480186f84201020415161368747470733a2f2f7777772e6970732e65732f3073060355 1d1f046c306a3031a02fa02d862b68747470733a2f2f7777772e6970732e65732f63726c 2f6970735345525649444f52455363726c2e63726c3035a033a031862f68747470733a2f 2f77 EAP-Message = 0x77776261636b2e6970732e65732f63726c2f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4b637d4526e129ee143b3d9b5dce47dd Finished request 15 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=181, length=185 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020900061900 State = 0x4b637d4526e129ee143b3d9b5dce47dd Message-Authenticator = 0x42f1be03f8180080f043c511ad3944e7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 16 modcall[authorize]: module "preprocess" returns ok for request 16 modcall[authorize]: module "chap" returns noop for request 16 modcall[authorize]: module "mschap" returns noop for request 16 modcall[authorize]: module "unix" returns notfound for request 16 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 16 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 16 modcall[authorize]: module "files" returns noop for request 16 modcall[authorize]: module "expiration" returns noop for request 16 modcall[authorize]: module "logintime" returns noop for request 16 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 16 modcall: group authorize returns updated for request 16 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 16 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 16 modcall: group authenticate returns handled for request 16 Sending Access-Challenge of id 181 to 10.0.1.22 port 32769 EAP-Message = 0x010a03a519006970735345525649444f52455363726c2e63726c302f06082b06010505 07010104233021301f06082b060105050730018613687474703a2f2f6f6373702e697073 2e45532f300d06092a864886f70d01010505000381810027054a0c74c9145dc875c8deee 890c631e1f0184c702cb19d791c8dd3ecfb0c8f3f592b5548254621f32eb80a17d56f1e4 e7285926a47df0ca2d31c6c9f3709dc1cf5e26a4efb212e788e81985ed80e43902688763 a9133c6cf5456a22ce9656075fa6a3ee370a6e928b9e40de143019289390b7f3fcb54ef2 f7960ebb1094d40002bb308202b730820220020100300d06092a864886f70d0101040500 3081 EAP-Message = 0xa3310b3009060355040613024553311230100603550408130942415243454c4f4e4131 1230100603550407130942415243454c4f4e4131193017060355040a1310495053205365 6775726964616420434131183016060355040b130f43657274696669636163696f6e6573 311730150603550403130e495053205345525649444f524553311e301c06092a864886f7 0d010901160f697073406d61696c2e6970732e6573301e170d3938303130313233323130 375a170d3039313232393233323130375a3081a3310b3009060355040613024553311230 100603550408130942415243454c4f4e41311230100603550407130942415243454c4f4e 4131 EAP-Message = 0x193017060355040a13104950532053656775726964616420434131183016060355040b 130f43657274696669636163696f6e6573311730150603550403130e4950532053455256 49444f524553311e301c06092a864886f70d010901160f697073406d61696c2e6970732e 657330819f300d06092a864886f70d010101050003818d0030818902818100ac4f52749f 39ea8edc25c4bc985d986424093c21b3cc19b58e948e87d1f8373ea1c82d58a480355ba1 756c1d450c1f61636a5e6f9b0a4cc1c8b861233581fffeac78702d68e13a0798950254dd cd23b78053d7c8374572062412ba1361218a6e7528e0c50f34fd36d8457fe1b836efb3e1 c620 EAP-Message = 0x8ee8b438bce13ef611de8c9d010203010001300d06092a864886f70d01010405000381 81002cf3c3795824dec63bd1e04269b8ee64b33d6201b9b384df237ddd98cf10a9fe00d8 22960513075457c5a7decbd9b88842f699db14771fb6fe253de1a23e03a981d22d6c47f5 96468c22abc8cc0d0e975e8b41b43bc40a06401ddd46f401ddba822e3c3d78709e7c18d0 abf8b877074671f1ca0b635c6af97294d5014fa0db4216030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe56ba7f425ed6d7a7f910c8ce2be1e00 Finished request 16 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=182, length=387 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020a00d01980000000c616030100861000008200804b528a478c8009d2d624a53abf3e ff22fc9ce70a7c8ead3d399096ce924cc4bd5a8c421d4aaaefe8de060aa90074e43fb2eb c7838024f0d5358b64c0ca47b969660e2d0bff51ca13327aac7fcd0731db1240dd5b4f4a 962e4e700aa5ca9310a47aa8b2e1caa6734f5b174c19edced1f17d785dbde4e046f4c925 cdd8052c7b131403010001011603010030855a99bb5a5ff2879757acaaa280075918fd34 cc1ef336b9942dca1755bfecc70ae6103cacba5c6cf318202c9aee3678 State = 0xe56ba7f425ed6d7a7f910c8ce2be1e00 Message-Authenticator = 0x566a7f103a884ddae8ef70074b1c8aa7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 17 modcall[authorize]: module "preprocess" returns ok for request 17 modcall[authorize]: module "chap" returns noop for request 17 modcall[authorize]: module "mschap" returns noop for request 17 modcall[authorize]: module "unix" returns notfound for request 17 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 17 rlm_eap: EAP packet type response id 10 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 17 modcall[authorize]: module "files" returns noop for request 17 modcall[authorize]: module "expiration" returns noop for request 17 modcall[authorize]: module "logintime" returns noop for request 17 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 17 modcall: group authorize returns updated for request 17 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 17 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 17 modcall: group authenticate returns handled for request 17 Sending Access-Challenge of id 182 to 10.0.1.22 port 32769 EAP-Message = 0x010b0041190014030100010116030100301b45de92e00ccb321c71ba97b8fbd4ab6e43 fa3ac64687e7d89ae7a5ea47c8d7fb1aa85b107043183efa2dc4ad57481f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8898fc6c25f7bdb11904f89775f22df9 Finished request 17 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=183, length=185 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020b00061900 State = 0x8898fc6c25f7bdb11904f89775f22df9 Message-Authenticator = 0x834accfce629cde317bfc2075d6a76e2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 18 modcall[authorize]: module "preprocess" returns ok for request 18 modcall[authorize]: module "chap" returns noop for request 18 modcall[authorize]: module "mschap" returns noop for request 18 modcall[authorize]: module "unix" returns notfound for request 18 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 18 rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 18 modcall[authorize]: module "files" returns noop for request 18 modcall[authorize]: module "expiration" returns noop for request 18 modcall[authorize]: module "logintime" returns noop for request 18 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 18 modcall: group authorize returns updated for request 18 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 18 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 18 modcall: group authenticate returns handled for request 18 Sending Access-Challenge of id 183 to 10.0.1.22 port 32769 EAP-Message = 0x010c002b1900170301002043808714ad903c7f152e4c715c243dc795cb1ee203969f39 0c9c99c526d86d69 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a1f0d00d523197cc369e5d186bc93cf Finished request 18 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=184, length=222 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020c002b19001703010020e8908a40296a92ddfb27f6394ac1b3442ab2cfb2191d979e 8e4bf9d3792ac8a6 State = 0x9a1f0d00d523197cc369e5d186bc93cf Message-Authenticator = 0x69d2705cc4686669e6501d11c68deba5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 19 modcall[authorize]: module "preprocess" returns ok for request 19 modcall[authorize]: module "chap" returns noop for request 19 modcall[authorize]: module "mschap" returns noop for request 19 modcall[authorize]: module "unix" returns notfound for request 19 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 19 rlm_eap: EAP packet type response id 12 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 19 modcall[authorize]: module "files" returns noop for request 19 modcall[authorize]: module "expiration" returns noop for request 19 modcall[authorize]: module "logintime" returns noop for request 19 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 19 modcall: group authorize returns updated for request 19 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 19 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - mking rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020c000a016d6b696e67 PEAP: Got tunneled identity of mking PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to mking PEAP: Sending tunneled request EAP-Message = 0x020c000a016d6b696e67 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 19 modcall[authorize]: module "preprocess" returns ok for request 19 modcall[authorize]: module "chap" returns noop for request 19 modcall[authorize]: module "mschap" returns noop for request 19 modcall[authorize]: module "unix" returns notfound for request 19 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 19 rlm_eap: EAP packet type response id 12 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 19 modcall[authorize]: module "files" returns noop for request 19 modcall[authorize]: module "expiration" returns noop for request 19 modcall[authorize]: module "logintime" returns noop for request 19 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 19 modcall: group authorize returns updated for request 19 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 19 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 19 modcall: group authenticate returns handled for request 19 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010d001f1a010d001a10ba20acc30bdd2188214d6a234a8030e16d6b696e67 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbddad8c6ddf521b4b96f91c1e61a2ce5 PEAP: Processing from tunneled session code 0x81910d8 11 EAP-Message = 0x010d001f1a010d001a10ba20acc30bdd2188214d6a234a8030e16d6b696e67 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbddad8c6ddf521b4b96f91c1e61a2ce5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 19 modcall: group authenticate returns handled for request 19 Sending Access-Challenge of id 184 to 10.0.1.22 port 32769 EAP-Message = 0x010d003b19001703010030bf606c9604cf8968012ca988624b60d839184185bf620b95 7701201d0ef2b91ef9bf65aaea7770813bf59947e564df63 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x91c8c919e0038594249151843988b7ef Finished request 19 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.0.1.22 port 32769, id=185, length=286 User-Name = "mking" Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020d006b19001703010060a909dde80325e998e9d2a618bc794217f1f75f99c116abee 74d613c212ec53e00ebaf6ca797aa254e7ded46139c2bfb9b69b84267878e47ea59f85d4 3561c08a03df03e30c7841dd75b3cdea5ab206dbd286fb0b1b4f908f92602f6b88afdf34 State = 0x91c8c919e0038594249151843988b7ef Message-Authenticator = 0xe3388466c932cd726516cb7257b95259 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 modcall[authorize]: module "unix" returns notfound for request 20 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 13 length 107 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 modcall[authorize]: module "files" returns noop for request 20 modcall[authorize]: module "expiration" returns noop for request 20 modcall[authorize]: module "logintime" returns noop for request 20 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 20 modcall: group authorize returns updated for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020d00401a020d003b3158afc96d71efea3a29bc27ab0fee7153000000000000000063 e2f08f9de0c9713f7faa022aa65705de6b1f1e4aaf9c77006d6b696e67 PEAP: Setting User-Name to mking PEAP: Adding old state with ffffffbd ffffffda PEAP: Sending tunneled request EAP-Message = 0x020d00401a020d003b3158afc96d71efea3a29bc27ab0fee7153000000000000000063 e2f08f9de0c9713f7faa022aa65705de6b1f1e4aaf9c77006d6b696e67 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mking" State = 0xbddad8c6ddf521b4b96f91c1e61a2ce5 Calling-Station-Id = "00-0D-93-EA-89-06" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.22 NAS-Identifier = "BUWISM2-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 modcall[authorize]: module "unix" returns notfound for request 20 rlm_realm: No '@' in User-Name = "mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 13 length 64 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 modcall[authorize]: module "files" returns noop for request 20 modcall[authorize]: module "expiration" returns noop for request 20 modcall[authorize]: module "logintime" returns noop for request 20 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 20 modcall: group authorize returns updated for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 20 rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=mking' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: ba radius_xlat: '--challenge=0a110e0ea2bb062e' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=63e2f08f9de0c9713f7faa022aa65705de6b1f1e4aaf9c77' Exec-Program output: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B Exec-Program-Wait: plaintext: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 20 modcall: group MS-CHAP returns ok for request 20 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 20 modcall: group authenticate returns handled for request 20 PEAP: Got tunneled reply RADIUS code 11 MS-CHAP2-Success = 0x0d533d3033646638393739303464623066613462663738626231386430663464333230 6461613539626237 EAP-Message = 0x010e00331a030d002e533d303364663839373930346462306661346266373862623138 64306634643332306461613539626237 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe6f9e271892e2132c29236c0bbbe8c1d PEAP: Processing from tunneled session code 0x8192028 11 MS-CHAP2-Success = 0x0d533d3033646638393739303464623066613462663738626231386430663464333230 6461613539626237 EAP-Message = 0x010e00331a030d002e533d303364663839373930346462306661346266373862623138 64306634643332306461613539626237 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe6f9e271892e2132c29236c0bbbe8c1d PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 20 modcall: group authenticate returns handled for request 20 Sending Access-Challenge of id 185 to 10.0.1.22 port 32769 EAP-Message = 0x010e005b1900170301005085342526ccbdb2ee0fb0b76aa6d414edb7cdafb06af24bcd 2589fb591145f62502700741f8fa07f80bc1bc5bea7f5c30ea4fe394842200ec4d208400 433fd2db648708c83435a80ea534a12894e47cf2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x94766e89bb444749a79a2023680fac4a Finished request 20
-----Original Message-----
When I try a Mac (PowerMac 10.4.8, but have tried also on 10.3.x), it seems to not work. The Mac throws an error "802.1x Authentication has failed."
After more testing, and staring at the debug's, it seems this is where the break-down is, the MAC isn't answering the tunneled-Access Challenge. Least, this is what I'm thinking. (This is a different debug) modcall: entering group authenticate for request 23 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 23 rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=mking' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 94 radius_xlat: '--challenge=4ebfbb2c2373c4c9' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=a53b88d2b14aead7f697498aa066c2d02e79c3d0a6e84427' Exec-Program output: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B Exec-Program-Wait: plaintext: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 23 modcall: group MS-CHAP returns ok for request 23 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 23 modcall: group authenticate returns handled for request 23 PEAP: Got tunneled reply RADIUS code 11 MS-CHAP2-Success = 0x0d533d6533366237333831626238393964326130666133656535646333383130363161 6663303239326336 EAP-Message = 0x010e00331a030d002e533d653336623733383162623839396432613066613365653564 63333831303631616663303239326336 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfd5c09024628badca09e5ae9eec682e7 PEAP: Processing from tunneled session code 0x81c1788 11 MS-CHAP2-Success = 0x0d533d6533366237333831626238393964326130666133656535646333383130363161 6663303239326336 EAP-Message = 0x010e00331a030d002e533d653336623733383162623839396432613066613365653564 63333831303631616663303239326336 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfd5c09024628badca09e5ae9eec682e7 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 23 modcall: group authenticate returns handled for request 23 Sending Access-Challenge of id 4 to 10.0.1.22 port 32769 EAP-Message = 0x010e005b1900170301005075b366b0bc3665ce9cc4c3bb5d4907020fce14dcf06c5ffb cdc725c126803bd0de38918995021346758fc00ed823cc7b13be5d69ed780a80ac04bfcb 9cb85dee2ab382e8b88b3a7b7cdccfc227583867 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf3f735fa7f444b2ef47757092fcbef29 Finished request 23 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 16 ID 253 with timestamp 45c257be Cleaning up request 20 ID 1 with timestamp 45c257be Cleaning up request 22 ID 3 with timestamp 45c257be
Yes, it looks like your Mac may not like the MSCHAPv2 response for some reason. On your Mac (as root), create the directory /var/log/ eapolclient, then retry your authentication. The EAP client is OS X should write out debugging information for the EAP session into that directory and should give you a better idea of why its halting. --Mike On Feb 1, 2007, at 3:21 PM, King, Michael wrote:
-----Original Message-----
When I try a Mac (PowerMac 10.4.8, but have tried also on 10.3.x), it seems to not work. The Mac throws an error "802.1x Authentication has failed."
After more testing, and staring at the debug's, it seems this is where the break-down is, the MAC isn't answering the tunneled-Access Challenge. Least, this is what I'm thinking. (This is a different debug)
modcall: entering group authenticate for request 23 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 23 rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=mking' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 94 radius_xlat: '--challenge=4ebfbb2c2373c4c9' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=a53b88d2b14aead7f697498aa066c2d02e79c3d0a6e84427' Exec-Program output: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B Exec-Program-Wait: plaintext: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 23 modcall: group MS-CHAP returns ok for request 23 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 23 modcall: group authenticate returns handled for request 23 PEAP: Got tunneled reply RADIUS code 11 MS-CHAP2-Success = 0x0d533d65333662373338316262383939643261306661336565356463333831303631 61 6663303239326336 EAP-Message = 0x010e00331a030d002e533d6533366237333831626238393964326130666133656535 64 63333831303631616663303239326336 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfd5c09024628badca09e5ae9eec682e7 PEAP: Processing from tunneled session code 0x81c1788 11 MS-CHAP2-Success = 0x0d533d65333662373338316262383939643261306661336565356463333831303631 61 6663303239326336 EAP-Message = 0x010e00331a030d002e533d6533366237333831626238393964326130666133656535 64 63333831303631616663303239326336 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfd5c09024628badca09e5ae9eec682e7 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 23 modcall: group authenticate returns handled for request 23 Sending Access-Challenge of id 4 to 10.0.1.22 port 32769 EAP-Message = 0x010e005b1900170301005075b366b0bc3665ce9cc4c3bb5d4907020fce14dcf06c5f fb cdc725c126803bd0de38918995021346758fc00ed823cc7b13be5d69ed780a80ac04bf cb 9cb85dee2ab382e8b88b3a7b7cdccfc227583867 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf3f735fa7f444b2ef47757092fcbef29 Finished request 23 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 16 ID 253 with timestamp 45c257be Cleaning up request 20 ID 1 with timestamp 45c257be Cleaning up request 22 ID 3 with timestamp 45c257be
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
-----Original Message----- On your Mac (as root), create the directory /var/log/ eapolclient, then retry your authentication. The EAP client is OS X should write out debugging information for the EAP session into that directory and should give you a better idea of why its halting.
Man, it's hard to enable root on OSX. Anyways, I get a file called uid501-en1.log It's empty.
I'll take another look a little later to see if there's something else you have to do. It's been a while since I did this. --Mike On Feb 2, 2007, at 9:00 AM, King, Michael wrote:
-----Original Message----- On your Mac (as root), create the directory /var/log/ eapolclient, then retry your authentication. The EAP client is OS X should write out debugging information for the EAP session into that directory and should give you a better idea of why its halting.
Man, it's hard to enable root on OSX.
Anyways, I get a file called uid501-en1.log
It's empty.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
King, Michael wrote:
After more testing, and staring at the debug's, it seems this is where the break-down is, the MAC isn't answering the tunneled-Access Challenge.
Version 1.1.4 (and the CVS head) have a patch applied that makes it do MS-CHAP more correctly. This may be the issue, if the MACs don't expect that. So if 1.1.3 works, and 1.1.4 doesn't, that's the issue. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (4)
-
Alan DeKok -
King, Michael -
Matthew Balyuzi -
Michael Griego