Cannot authenticate using PEAPv0 and Windows XP SP3 native supplicant
Hi I spent 3 weeks trying to make FreeRadius work with PEAPv0 and WinXP SP3 native supplicant. I can authenticate using local flat file or ntlm_auth but authentication from WinXP doesn't work. Here's the log: FreeRADIUS Version 2.1.5, for host i486-pc-linux-gnu, built on Mar 13 2009 at 19:44:44 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/control-socket including configuration file /etc/freeradius/sites-enabled/inner-tunnel group = freerad user = freerad including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = no zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 10.112.250.66 { require_message_authenticator = no secret = "XXXXXXXX" shortname = "XXXXXXXX" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 2048 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.pem" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "XXXXXXXX" dh_file = "/etc/freeradius/certs/dh" random_file = "/etc/freeradius/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } } modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/freeradius/freeradius.sock" } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/freeradius/freeradius.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=153, length=249 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x5baffb9dd034cd9aa3cb29a45831918b EAP-Message = 0x0201000f015456505c703734303038 NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 153 to 10.112.250.68 port 1645 Session-Timeout = 3600 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065cdfc3973f250f474980ad2ad Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=154, length=332 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x722d94e3ceca44322ee60ba3bc0e13df EAP-Message = 0x0202005019800000004616030100410100003d030149bf736722dcce9632a19c40c8caac0b9ac85b77726a8e2a55e2fef92ab5db2200001600040005000a000900640062000300060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" State = 0xcdfe2065cdfc3973f250f474980ad2ad NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 70 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 08f1], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 154 to 10.112.250.68 port 1645 EAP-Message = 0x0103040019c00000092e160301002a02000026030149bf736738a1795e83e117ee5d27d262d6f7af42b18f18a9925a94c6d2d1d3000000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261 EAP-Message = 0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6 EAP-Message = 0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100 EAP-Message = 0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106 EAP-Message = 0x28079b2e590993d13d8ea1c9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065ccfd3973f250f474980ad2ad Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=155, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xd0131129f48c7f344a6d29179fc4adba EAP-Message = 0x020300061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" State = 0xcdfe2065ccfd3973f250f474980ad2ad NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 155 to 10.112.250.68 port 1645 EAP-Message = 0x010403fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361 EAP-Message = 0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02 EAP-Message = 0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9 EAP-Message = 0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043 EAP-Message = 0x6572746966696361 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065cffa3973f250f474980ad2ad Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=156, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x7a6f3b1b53834e2106f048f4218e8fdc EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" State = 0xcdfe2065cffa3973f250f474980ad2ad NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 156 to 10.112.250.68 port 1645 EAP-Message = 0x010501481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3 EAP-Message = 0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065cefb3973f250f474980ad2ad Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=157, length=574 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xab5bdc9d3518e5ff8322121b07cd24f1 EAP-Message = 0x0205014019800000013616030101061000010201001e7cd090ff71bf192b8cdc4b91cd2b54c0934456f9e035acc7374c09873d855badaf066e3c9aac495ca867532f2bc0b14b291b2b518497991f12cdc908b2a6f18f23f636c2be3fea94c876feca9534fcb0279764c69b050d11e1963a8d93e64e83802927a7bb646fc2aa7126dbdb0903f2e400a1843921e97db7f31813a1504e79b2c1081c1faba8fa6fab41e426a2059ee10f14e75d991a00ea67d47c5bfc047d585b239c90a7548b3258b88c1e5aa38073ec9c957c01e379d0178001a4f251eac068b24ddf5cefa362116e0b68aa518da2d9cb214da11796cf49337fc6c5581e44c11173f10d79 EAP-Message = 0x5ba4e12506fad7fb811e6786855ef98f9f9fbd8c3f8140ac14030100010116030100208c79d5a0fe46df96051e904c0b9980fc6fb0ff0e4b181cec34f6d74da4f4a16f NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" State = 0xcdfe2065cefb3973f250f474980ad2ad NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 157 to 10.112.250.68 port 1645 EAP-Message = 0x0106003119001403010001011603010020b6916cdea4d91c27b28b16722d40ca38b7e83bc89a7936c95fdafc48c86d8883 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065c9f83973f250f474980ad2ad Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=158, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x44325309820ffa12b30c214d2694708d EAP-Message = 0x020600061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" State = 0xcdfe2065c9f83973f250f474980ad2ad NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 158 to 10.112.250.68 port 1645 EAP-Message = 0x010700201900170301001535401f02148f70a1bda51fa3b69abb7dc556d20673 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065c8f93973f250f474980ad2ad Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=159, length=290 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x3b372e42aa519786123f192e486d2982 EAP-Message = 0x020700261900170301001bab7b003deb0b93e4d5ce89d15660b21eefa1929c675a008d180777 NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" State = 0xcdfe2065c8f93973f250f474980ad2ad NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - XXXXXXXX\XXXXXXXX [peap] Got tunneled request EAP-Message = 0x0207000f015456505c703734303038 server { PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX Sending tunneled request EAP-Message = 0x0207000f015456505c703734303038 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Session-Timeout = 3600 EAP-Message = 0x010800241a0108001f10335a4805c94f167ffc24ceaae6a242d45456505c703734303038 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8514698c851c73de6383db5f8319a5b1 [peap] Got tunneled reply RADIUS code 11 Session-Timeout = 3600 EAP-Message = 0x010800241a0108001f10335a4805c94f167ffc24ceaae6a242d45456505c703734303038 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8514698c851c73de6383db5f8319a5b1 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 159 to 10.112.250.68 port 1645 EAP-Message = 0x0108003b19001703010030bef0b99fb4258235bc8654c2dae2d201c3530fd9ebaa29893a52f6ab129eb45585066c663582c6e0bc7b3f3be28205f8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065cbf63973f250f474980ad2ad Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=160, length=344 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xfd2b892111c1f12c1e60fb4820524b78 EAP-Message = 0x0208005c1900170301005161f7025ea840d7f5823c98e467db708e6fbdfa2ce84fc8dddfdef59c419b2c1734b908b114fee270d140e76d2fdd604b262cf5018e4b3286cff5c09f0f50790b51047b0e94e5957bca3eda76c63f882238 NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" State = 0xcdfe2065cbf63973f250f474980ad2ad NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 92 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800451a02080040318c57226b5d6ea2d975f66b2a193e898800000000000000005fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a005456505c703734303038 server { PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX Sending tunneled request EAP-Message = 0x020800451a02080040318c57226b5d6ea2d975f66b2a193e898800000000000000005fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a005456505c703734303038 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "XXXXXXXX\\XXXXXXXX" State = 0x8514698c851c73de6383db5f8319a5b1 Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 3472 NAS-Port-Id = "3472" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 69 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password [mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX [mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX [mschap] mschap2: 33 [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=665a186a2744c21d [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=5fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Session-Timeout = 3600 EAP-Message = 0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8514698c841d73de6383db5f8319a5b1 [peap] Got tunneled reply RADIUS code 11 Session-Timeout = 3600 EAP-Message = 0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8514698c841d73de6383db5f8319a5b1 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 160 to 10.112.250.68 port 1645 EAP-Message = 0x0109004a1900170301003f6145ec30002debef77be6fabe99fbe76b3510591ae8dfd4bb27523dbefd8970ce673f9bcd55ac41603f5163ef61aaba69c074a5cb60d0c7b9c23856fe47a96 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065caf73973f250f474980ad2ad Finished request 7. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 153 with timestamp +11 Cleaning up request 1 ID 154 with timestamp +11 Cleaning up request 2 ID 155 with timestamp +11 Cleaning up request 3 ID 156 with timestamp +11 Cleaning up request 4 ID 157 with timestamp +11 Cleaning up request 5 ID 158 with timestamp +11 Cleaning up request 6 ID 159 with timestamp +12 Cleaning up request 7 ID 160 with timestamp +12 Ready to process requests. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=161, length=249 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xe228fa4baf34109d516a99e37534a781 EAP-Message = 0x0202000f015456505c703734303038 NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 161 to 10.112.250.68 port 1645 Session-Timeout = 3600 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5758044a576992b17b71cf6b836ab72 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=162, length=332 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xa4c8094461a7f9af463251323caf79f6 EAP-Message = 0x0203005019800000004616030100410100003d030149bf7385ae4924e8192fd3dfa74c41b19ad157988c44e52d14e99da996adc3b400001600040005000a000900640062000300060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" State = 0xa5758044a576992b17b71cf6b836ab72 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 70 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 08f1], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 162 to 10.112.250.68 port 1645 EAP-Message = 0x0104040019c00000092e160301002a02000026030149bf738605a363453e465ca291b4794959af9290b7601d1a37417a2b497a03ce0000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261 EAP-Message = 0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6 EAP-Message = 0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100 EAP-Message = 0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106 EAP-Message = 0x28079b2e590993d13d8ea1c9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5758044a471992b17b71cf6b836ab72 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=163, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xb6ff7161df8db2ae677dcebd84a53b85 EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" State = 0xa5758044a471992b17b71cf6b836ab72 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 163 to 10.112.250.68 port 1645 EAP-Message = 0x010503fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361 EAP-Message = 0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02 EAP-Message = 0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9 EAP-Message = 0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043 EAP-Message = 0x6572746966696361 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5758044a770992b17b71cf6b836ab72 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=164, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xdfe51030a315137a4132e7287254ce08 EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" State = 0xa5758044a770992b17b71cf6b836ab72 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 164 to 10.112.250.68 port 1645 EAP-Message = 0x010601481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3 EAP-Message = 0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5758044a673992b17b71cf6b836ab72 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=165, length=574 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xb4de6a4ff4348463155fd850059775a1 EAP-Message = 0x0206014019800000013616030101061000010201004f4ae73fe1be7d30acfd1cb5a4389a1f9de8785911af2ca4fdb8ac00d7945565c11a43c810a30f76a3b167c95717b0639300061a901da1ce8b6485c461c3ddd413b691826bd1a9ab56a73fc38e61a1f518098a6ee597295239cb068fb70703755917e1b67fa3e66c52e8833ba3becb330065fefe7ed93bf5f653033cdaa015d1d9746f839c7e39e23b050406a51e6ea5f0e391fe57e0e4d8358aec30dd9a908155cc500ea2bc3d16da296bf140206575d391fea4c6380e799cd5f7fb51bf6c5c5bfa34c9eaac8be334db2c36fc30e59d5b9ebf0d0bfa358e6336d72762f47e063298fe22ce1d23bf EAP-Message = 0xfaad05baf0aa757cc3496a509087ec213d36bcdec3745d601403010001011603010020f1de6fa684e1822b016ea76bf478b7332fb9d7178ba963452ee3a0d0ef1c2170 NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" State = 0xa5758044a673992b17b71cf6b836ab72 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 165 to 10.112.250.68 port 1645 EAP-Message = 0x010700311900140301000101160301002007a07f19ed77680ef286f39db5f72d84904e2ce4f18605a26a891c830f788118 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5758044a172992b17b71cf6b836ab72 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=166, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xba106d6ac81c2ab2d2af33203af59dfb EAP-Message = 0x020700061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" State = 0xa5758044a172992b17b71cf6b836ab72 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 166 to 10.112.250.68 port 1645 EAP-Message = 0x0108002019001703010015d29cdc6fce0a9cafb6f20924de3208174b6df7b2f1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5758044a07d992b17b71cf6b836ab72 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=167, length=290 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x2705336f241836f6b24f00b588e13b73 EAP-Message = 0x020800261900170301001b1ad7c2bfa6dd0cf866701399664bc207fa635e0dda7be377e9f3e9 NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" State = 0xa5758044a07d992b17b71cf6b836ab72 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - XXXXXXXX\XXXXXXXX [peap] Got tunneled request EAP-Message = 0x0208000f015456505c703734303038 server { PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX Sending tunneled request EAP-Message = 0x0208000f015456505c703734303038 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Session-Timeout = 3600 EAP-Message = 0x010900241a0109001f10fb8f03dc689de41ef22260b1da587a7d5456505c703734303038 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x52cdb58652c4af523153f09f4bdf6cdf [peap] Got tunneled reply RADIUS code 11 Session-Timeout = 3600 EAP-Message = 0x010900241a0109001f10fb8f03dc689de41ef22260b1da587a7d5456505c703734303038 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x52cdb58652c4af523153f09f4bdf6cdf [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 167 to 10.112.250.68 port 1645 EAP-Message = 0x0109003b19001703010030567f55f1c932102a7393dd1788f03f0c56caa83abba0a9dea8ae9efd076672556c04f662912c3a591557a46d00dc0bb9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5758044a37c992b17b71cf6b836ab72 Finished request 14. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=168, length=344 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x51f11715a3fd4e4b3f4f60e94f2ec217 EAP-Message = 0x0209005c190017030100516108e772ad1a8697bd98eb78aa5a6ddd1ce48bbd3f5806b8976c07e1d8075fbf2b446ac911cf3d9c32dc87a9fbbb74fc4e78f278669f21845f60bb2396bc4a9fbb911b08264853bb1eb7692701c52caa07 NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" State = 0xa5758044a37c992b17b71cf6b836ab72 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 92 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900451a020900403129739db92821f571fdc45b2527a4a8710000000000000000a3a3783202886260550809a31b871ef23053c43001e5ac32005456505c703734303038 server { PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX Sending tunneled request EAP-Message = 0x020900451a020900403129739db92821f571fdc45b2527a4a8710000000000000000a3a3783202886260550809a31b871ef23053c43001e5ac32005456505c703734303038 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "XXXXXXXX\\XXXXXXXX" State = 0x52cdb58652c4af523153f09f4bdf6cdf Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 3473 NAS-Port-Id = "3473" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 69 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password [mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX [mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX [mschap] mschap2: fb [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=3fd187592f201e30 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=a3a3783202886260550809a31b871ef23053c43001e5ac32 Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Session-Timeout = 3600 EAP-Message = 0x010a00331a0309002e533d42394142373544343636363846334341393643424445424444414632363045373245414244463433 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x52cdb58653c7af523153f09f4bdf6cdf [peap] Got tunneled reply RADIUS code 11 Session-Timeout = 3600 EAP-Message = 0x010a00331a0309002e533d42394142373544343636363846334341393643424445424444414632363045373245414244463433 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x52cdb58653c7af523153f09f4bdf6cdf [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 168 to 10.112.250.68 port 1645 EAP-Message = 0x010a004a1900170301003f7cf22b3d3b98defde4a8507f1d8a31afc97dcbeb2dbfee786dfafacde6932185a0d25b034e2adea0a020d3893597c210a797cc4a9ebc8cd55def9c36429564 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa5758044a27f992b17b71cf6b836ab72 Finished request 15. Going to the next request Waking up in 4.9 seconds. Cleaning up request 8 ID 161 with timestamp +42 Cleaning up request 9 ID 162 with timestamp +42 Cleaning up request 10 ID 163 with timestamp +42 Cleaning up request 11 ID 164 with timestamp +42 Cleaning up request 12 ID 165 with timestamp +42 Cleaning up request 13 ID 166 with timestamp +42 Cleaning up request 14 ID 167 with timestamp +42 Cleaning up request 15 ID 168 with timestamp +42 Ready to process requests. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=169, length=249 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x3be0e1f7c4bdcd75667064f66e9619ce EAP-Message = 0x0202000f015456505c703734303038 NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 169 to 10.112.250.68 port 1645 Session-Timeout = 3600 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe0dfc443e0dcdd5bdcf2e1539bf5f4d5 Finished request 16. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=170, length=332 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xbf6cb6e421103d910c3c82c82f88bd5f EAP-Message = 0x0203005019800000004616030100410100003d030149bf739e913e31e053095a9e843be3c58f034a298848371dd1c09614cd391e4f00001600040005000a000900640062000300060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" State = 0xe0dfc443e0dcdd5bdcf2e1539bf5f4d5 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 70 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 08f1], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 170 to 10.112.250.68 port 1645 EAP-Message = 0x0104040019c00000092e160301002a02000026030149bf739fccc26f0bff62d4adf8845c4e97faa5044de6a40cbc6a3d141df295460000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261 EAP-Message = 0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6 EAP-Message = 0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100 EAP-Message = 0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106 EAP-Message = 0x28079b2e590993d13d8ea1c9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe0dfc443e1dbdd5bdcf2e1539bf5f4d5 Finished request 17. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=171, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x5bd29e753b5b6c6911fe48ea4d2bfa97 EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" State = 0xe0dfc443e1dbdd5bdcf2e1539bf5f4d5 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 171 to 10.112.250.68 port 1645 EAP-Message = 0x010503fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361 EAP-Message = 0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02 EAP-Message = 0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9 EAP-Message = 0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043 EAP-Message = 0x6572746966696361 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe0dfc443e2dadd5bdcf2e1539bf5f4d5 Finished request 18. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=172, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x899989aaeffc2cf16fbb292d1c60c2d1 EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" State = 0xe0dfc443e2dadd5bdcf2e1539bf5f4d5 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 172 to 10.112.250.68 port 1645 EAP-Message = 0x010601481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3 EAP-Message = 0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe0dfc443e3d9dd5bdcf2e1539bf5f4d5 Finished request 19. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=173, length=574 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x8cfa2e92c1c9550959ecb56811542921 EAP-Message = 0x02060140198000000136160301010610000102010057de7fce03ef2b8da4e5b4a105a4938396646061d6bf4486715999c867fc99da6069907e919d977bfac45d0d866bed53b3c13df4acc7dbcf1f7de7e8e57c93656969653b30d7e96f85a8e4122e1997a86e43cfd9039e445be035d2434f9ad1f44261415ccd9c125d686ba6de81672a600dae2d4a067bc8198ea5e9a5055e0fc2f2e605e29c39af8e97ee074e666b9bdc52166efbc09204d164498d78ae57083eed44122760b6eb502fc7d24ea6184b9cf0d7a61b180116f437ce830d8df884ac7f2cda98c7ba4f234a5f160935eed729268888b8c83c23b360886bcfe0653fb9ced420787dd421ea EAP-Message = 0x841df0bb7038200cdf994122a71503bf9e1794d4f88ea851140301000101160301002040d928941d205e02f0ac96dd252e0e9e806618aff68a50fd862e43bed90802a6 NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" State = 0xe0dfc443e3d9dd5bdcf2e1539bf5f4d5 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 173 to 10.112.250.68 port 1645 EAP-Message = 0x0107003119001403010001011603010020acaa165528e5d93a321a708cf754e35cca549e7643dfef26ac19d55ccbeb412c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe0dfc443e4d8dd5bdcf2e1539bf5f4d5 Finished request 20. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=174, length=258 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0xa7fab4ed557ac954fe15e673b18d8597 EAP-Message = 0x020700061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" State = 0xe0dfc443e4d8dd5bdcf2e1539bf5f4d5 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 174 to 10.112.250.68 port 1645 EAP-Message = 0x010800201900170301001566c7f1fc2634b5b865e8288393a6cbc7af0a1d9880 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe0dfc443e5d7dd5bdcf2e1539bf5f4d5 Finished request 21. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=175, length=290 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x87b7cd805492d90012ee6fe3840fbe74 EAP-Message = 0x020800261900170301001b8c1f3e834415347b60d0401abab425d2419ebc2ca5a39c71617b70 NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" State = 0xe0dfc443e5d7dd5bdcf2e1539bf5f4d5 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - XXXXXXXX\XXXXXXXX [peap] Got tunneled request EAP-Message = 0x0208000f015456505c703734303038 server { PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX Sending tunneled request EAP-Message = 0x0208000f015456505c703734303038 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Session-Timeout = 3600 EAP-Message = 0x010900241a0109001f10ebc5d28109e59877ad0eb6e5ed998a3a5456505c703734303038 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x070b039c0702199a3e8b7d3fe7983ece [peap] Got tunneled reply RADIUS code 11 Session-Timeout = 3600 EAP-Message = 0x010900241a0109001f10ebc5d28109e59877ad0eb6e5ed998a3a5456505c703734303038 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x070b039c0702199a3e8b7d3fe7983ece [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 175 to 10.112.250.68 port 1645 EAP-Message = 0x0109003b19001703010030d6bbeeb624eae82978780dceba30ccf11d56eb19b12b72bef613865766c35f15dfe3a9861a6227996556d195699cfb17 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe0dfc443e6d6dd5bdcf2e1539bf5f4d5 Finished request 22. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=176, length=344 User-Name = "XXXXXXXX\\XXXXXXXX" Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User Message-Authenticator = 0x34211457b4aa30443e0504e440f2edaf EAP-Message = 0x0209005c1900170301005119ca998b681a059cc2e26e22eb36b08ee9a8122b45113dc28fac5da0ff4cabccdfa8310120f9c7e9f836c48018cabcf1ac6a50aa7080793c5cd352ea5939b1ce08ba92b090626e199f46b847df9c026bfd NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" State = 0xe0dfc443e6d6dd5bdcf2e1539bf5f4d5 NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 92 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900451a0209004031d57addd65a1fd2c4f3ca6a5cb544c0270000000000000000c6bf5111c616439e7175f41b9924336435d4d9446152b20c005456505c703734303038 server { PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX Sending tunneled request EAP-Message = 0x020900451a0209004031d57addd65a1fd2c4f3ca6a5cb544c0270000000000000000c6bf5111c616439e7175f41b9924336435d4d9446152b20c005456505c703734303038 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "XXXXXXXX\\XXXXXXXX" State = 0x070b039c0702199a3e8b7d3fe7983ece Framed-MTU = 1400 Called-Station-Id = "0024.148d.8271" Calling-Station-Id = "001c.bf4a.53f8" Cisco-AVPair = "ssid=XXXXXXXX" WISPr-Location-Name = "XXXXXXXX" Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 3474 NAS-Port-Id = "3474" NAS-IP-Address = 10.112.250.68 NAS-Identifier = "XXXXXXXX" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 69 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 213 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password [mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX [mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX [mschap] mschap2: eb [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ba92db7b369561bd [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=c6bf5111c616439e7175f41b9924336435d4d9446152b20c Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Session-Timeout = 3600 EAP-Message = 0x010a00331a0309002e533d35363744444133313030464533303236383636343737433830413935373733304642353544303938 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x070b039c0601199a3e8b7d3fe7983ece [peap] Got tunneled reply RADIUS code 11 Session-Timeout = 3600 EAP-Message = 0x010a00331a0309002e533d35363744444133313030464533303236383636343737433830413935373733304642353544303938 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x070b039c0601199a3e8b7d3fe7983ece [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 176 to 10.112.250.68 port 1645 EAP-Message = 0x010a004a1900170301003f01156130446ebb52b406e3df036bca41381aa01ab7af3b1de37099bc1e1e348cf7745608f1e03fd226d5e92f44622ca20a02c09289e4fb9aa04f9211b285cc Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe0dfc443e7d5dd5bdcf2e1539bf5f4d5 Finished request 23. Going to the next request Waking up in 4.9 seconds. Cleaning up request 16 ID 169 with timestamp +67 Cleaning up request 17 ID 170 with timestamp +67 Cleaning up request 18 ID 171 with timestamp +67 Cleaning up request 19 ID 172 with timestamp +67 Cleaning up request 20 ID 173 with timestamp +67 Cleaning up request 21 ID 174 with timestamp +67 Cleaning up request 22 ID 175 with timestamp +67 Cleaning up request 23 ID 176 with timestamp +67 Ready to process requests. Any ideas? Thanks in advance, Mateusz
I spent 3 weeks trying to make FreeRadius work with PEAPv0 and WinXP SP3 native supplicant. I can authenticate using local flat file or ntlm_auth but authentication from WinXP doesn't work.
++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Session-Timeout = 3600 EAP-Message = 0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8514698c841d73de6383db5f8319a5b1 [peap] Got tunneled reply RADIUS code 11 Session-Timeout = 3600 EAP-Message = 0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8514698c841d73de6383db5f8319a5b1 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 160 to 10.112.250.68 port 1645 EAP-Message = 0x0109004a1900170301003f6145ec30002debef77be6fabe99fbe76b3510591ae8dfd4bb27523dbefd8970ce673f9bcd55ac41603f5163ef61aaba69c074a5cb60d0c7b9c23856fe47a96 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcdfe2065caf73973f250f474980ad2ad Finished request 7. Going to the next request Waking up in 4.9 seconds.
ntlm_auth authenticates the user but exchange can't complete after that. This was noted previously on the list. Most people resolved this by reverting to stable Samba version. Samba 3.2.x seem to be the problem. Ivan Kalik Kalik Informatika ISP
ntlm_auth authenticates the user but exchange can't complete after that. This was noted previously on the list. Most people resolved this by reverting to stable Samba version. Samba 3.2.x seem to be the problem.
Hi, Downgrade to 3.0.28 helped! Thanks, Mateusz
participants (2)
-
Mateusz Pagacz -
tnt@kalik.net