Proxy not sending out packets (was Re: Proxying a PEAP request to an IAS server)
Dan Newcombe
DanNewcombe at mail.clayton.edu
Wed Nov 9 05:48:17 CET 2005
Okay...I've been digging at this for quite a while and have found
something quite stumping which seems to be what is keeping all of this
from working.
The short of it is I'm trying to get 802.1x with PEAP to be proxied by
freeradius to an ias radius server.
It appears I have everything working with one small exception -
freeradius seems to be unwilling to send a packet to the ias radius server.
I will put more of the logs below, but the gist of it is at this part of
the process:
Sending Access-Request of id 1 to 172.28.240.114:1812
(where 172.28.240.114 is the ias box) no packet appears to be dropped on
the network.
What I've done for experimenting is tcpdump -i eth0 host 172.28.240.114
which shows nothing at all being sent
I have modified the proxy.conf to change my proxy setup for this realm
to various things and found:
remote server changed to another IP address which is not local to the
machine: same thing - no packet ever tries to go
set the loopback address (127.0.0.1) as the remote server - packet is
sniffed on the lo interface and received (and rejected) by freeradius
set the host ip address (172.28.240.73) as the remote server - packet
is not sniffed (logical) but freeradius sees (and rejects) it.
set the host ip address again as the remote server, but set it to use
a different port, with netcat running on that port - netcat gets the
packet - has no idea what to do with it, but gets the packet.
setup another interface on the box, set the remote server address to
be one that would route to that interface - tcpdump on that interface
sees no packet.
best deduction is that for some reason in proxying, freeradius does not
want to send a packet. I say in proxying, because we have our network
switches set to use RADIUS to authenticate the users connecting to the
console. Also, running radclient from the freeradius server works just
fine against the same server. In fact, if I cut and snip what
freeradius is trying to send and send it via radclient, I get a
successfull response from ias, which makes me think once I can resolve
this, everything will work!
For sanity's sake
172.28.240.73 - the freeradius server
172.28.240.114 - the ias radius server
172.25.7.11 - the switch I consoled into, and also the switch I'm
trying to authenticate through
1.0.5 - the version of freeradius I'm running, lovingly compiled by
hand on Debian
3 - the number of hairs I have left on my head after dealing with
this (it was 5 before dealing with this :)
Thanks for any help,
-Dan
==== A dump of a packet when the "remote server" for the CSUIAS realm
was set to 127.0.0.1 ============
nazgul:/etc/freeradius# tcpdump -s 900 -ni lo
tcpdump: listening on lo
21:16:47.041823 127.0.0.1.1814 > 127.0.0.1.1812: rad-access-req 202 [id
0] Attr[ User{CCSU\testuser} Called_station{00-11-88-12-6e-70}
Calling_station{00-0f-1f-43-c8-38} NAS_id{00-11-88-12-6e-5d}
NAS_ipaddr{172.25.7.11} NAS_port{19} Framed_mtu{1500}
NAS_port_type{Ethernet} Vendor_specific{} Vendor_specific{}
Proxy_state{22} ] (DF)
21:16:52.040815 127.0.0.1.1812 > 127.0.0.1.1814: rad-access-reject 24
[id 0] Attr[ Proxy_state{22} ] (DF)
===== debug log and tcpdump when someone logs into a network switch
console ===============
23:26:11.575681 172.28.240.73.1814 > 172.28.240.114.1812:
rad-access-req 95 [id 0] Attr[ User{testuser} Pass
NAS_id{00-11-88-12-6E-5D} Message_auth{. u5m....|.}
NAS_ipaddr{172.25.7.11} Proxy_state{50} ] (DF)
23:26:11.596478 172.28.240.114.1812 > 172.28.240.73.1814:
rad-access-accept 115 [id 0] Attr[ Proxy_state{50}
Filter_id{Enterasys:version=1:mgmt=su:policy=Administrator}
Callback-number{} Service_type{Framed} Class{l[.>} ]
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=48, length=85
--- Walking the entire request list ---
Waking up in 31 seconds...
Threads: total/active/spare threads = 5/0/5
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
User-Name = "testuser"
User-Password = "testpw"
NAS-Identifier = "00-11-88-12-6E-5D"
Message-Authenticator = 0x9a0b5e2c470c9fcac6a09234573345ff
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "testuser"
rlm_realm: Proxying request from user testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
Sending Access-Request of id 0 to 172.28.240.114:1812
User-Name = "testuser"
User-Password = "testpw"
NAS-Identifier = "00-11-88-12-6E-5D"
Message-Authenticator = 0x00000000000000000000000000000000
NAS-IP-Address = 172.25.7.11
Proxy-State = 0x3438
Thread 1 waiting to be assigned a request
rad_recv: Access-Accept packet from host 172.28.240.114:1812, id=0,
length=115
Waking up in 31 seconds...
Thread 2 got semaphore
Thread 2 handling request 0, (1 handled so far)
Proxy-State = 0x3438
Filter-Id = "Enterasys:version=1:mgmt=su:policy=Administrator"
Callback-Number = ""
Service-Type = Framed-User
Class =
0x6c560839000001370001a81cf07101c5dfba78f198dc0000000000000599
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
modcall[post-proxy]: module "eap" returns noop for request 0
modcall: group post-proxy returns noop for request 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Proxy reply, or no User-Name. Ignoring.
modcall[authorize]: module "suffix" returns noop for request 0
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 48 to 172.25.7.11:1024
Filter-Id = "Enterasys:version=1:mgmt=su:policy=Administrator"
Callback-Number = ""
Service-Type = Framed-User
Class =
0x6c560839000001370001a81cf07101c5dfba78f198dc0000000000000599
Finished request 0
Going to the next request
Thread 2 waiting to be assigned a request
================== debug log of an attempt to authenticate that goes
nowhere ====================
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=1, length=154
--- Walking the entire request list ---
Waking up in 31 seconds...
Threads: total/active/spare threads = 5/0/5
Thread 2 got semaphore
Thread 2 handling request 0, (1 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
EAP-Message = 0x0201001201434353555c646e6577636f6d62
Message-Authenticator = 0x538d455841aa6f9e794454ed014c4c34
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall[authorize]: module "files" returns notfound for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 1 to 172.25.7.11:1024
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc86bbdd3696698a7def762dc1963927b
Finished request 0
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=2, length=266
Waking up in 31 seconds...
Thread 1 got semaphore
Thread 1 handling request 1, (1 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0xc86bbdd3696698a7def762dc1963927b
EAP-Message =
0x0202007019800000006616030100610100005d030143714c6f2181d0b5d0781a5526feb2634ac81878633b1050c8256342b1ff31722012e3b8e757d55a0347cf458a9bcc7563b58fb7c21a1b4fd6554c0357c4e4de5a001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x2710051dea259f64bcde584986c72019
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall[authorize]: module "files" returns notfound for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 2 to 172.25.7.11:1024
EAP-Message =
0x0103040a19c0000006f1160301004a02000046030143714c768c3c914fae39af24593e0fa20df2e73277e0a0ca898fd315d29623cd20a9dcdcad52cee9b9737568a4dd4eb81d8a918f8cd2ada99c554f2c147472615700040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb00d1df8886b0763b59097c29799c48b
Finished request 1
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=3, length=160
Waking up in 31 seconds...
Thread 3 got semaphore
Thread 3 handling request 2, (1 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0xb00d1df8886b0763b59097c29799c48b
EAP-Message = 0x020300061900
Message-Authenticator = 0xf4cc5aa5c77cf23ec54fe5416cd8ac43
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall[authorize]: module "files" returns notfound for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 3 to 172.25.7.11:1024
EAP-Message =
0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdfe217f6b86aacab3ceb8cd578d30130
Finished request 2
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=4, length=346
Waking up in 31 seconds...
Thread 4 got semaphore
Thread 4 handling request 3, (1 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0xdfe217f6b86aacab3ceb8cd578d30130
EAP-Message =
0x020400c01980000000b616030100861000008200801abea01e59447b7487945ce0c6a1939f9024559cdbdf4db367dd2307ccaacda61b35c88bebbace250a035ea874f034cd68db015730aa2275176e1d44f9bc42d3778b92515ee3db74f1cdb934e4a7563c8d3023c1d682432b4b1c54ccf814072029fbf280d7839228e43aa1f5182e2cd41a464074ee5bcb04acd7c91dffe82da81403010001011603010020f979140948ef0d69e6ed37208bd370211ffe8698bc6b224efc2f1a3009d6e1c8
Message-Authenticator = 0x758083c377abf2476fd048ad63817010
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall[authorize]: module "files" returns notfound for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 4 to 172.25.7.11:1024
EAP-Message =
0x0105003119001403010001011603010020dfe71da8858751da7b53f8c8255d63be61e489853343260807fd78989dfdbd30
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x688dc6131bc8de96fe4556e270ee6cab
Finished request 3
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=5, length=160
Waking up in 31 seconds...
Thread 5 got semaphore
Thread 5 handling request 4, (1 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0x688dc6131bc8de96fe4556e270ee6cab
EAP-Message = 0x020500061900
Message-Authenticator = 0x3159c60ff905f339906fbd99de3b6990
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall[authorize]: module "files" returns notfound for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 5 to 172.25.7.11:1024
EAP-Message =
0x0106002019001703010015c463829b6b4560e641e57ca75b240b3703c4f8d595
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf7773669edf567c57a7d1fe7997e1095
Finished request 4
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=6, length=195
Waking up in 31 seconds...
Thread 2 got semaphore
Thread 2 handling request 5, (2 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0xf7773669edf567c57a7d1fe7997e1095
EAP-Message =
0x020600291900170301001ef168d1db99648ba8fe8420eea79dbc9766e48f25c0acd7e7151f2de55156
Message-Authenticator = 0x3a13f0279313eabd4c3a010e21c33c53
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 41
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall[authorize]: module "files" returns notfound for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CCSU\testuser
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0206001201434353555c646e6577636f6d62
PEAP: Got tunneled identity of CCSU\testuser
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CCSU\testuser
PEAP: Sending tunneled request
EAP-Message = 0x0206001201434353555c646e6577636f6d62
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 3
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
PEAP: Got tunneled reply RADIUS code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Cancelling proxy to realm CSUIAS until the tunneled EAP
session has been established
PEAP: Processing from tunneled session code 0x81368a8 11
EAP-Message =
0x010700271a01070022104ef58089f77b5c2e215455a0214797ac434353555c646e6577636f6d62
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7bdbbfc9b677e96180952fde499faca5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 6 to 172.25.7.11:1024
EAP-Message =
0x0107003e190017030100335818057c9e75e2c583397931eb09d053f6ba1a00d28ceb953b16211fd02f602e0f55902e64986399b5a4e95d31c07b989ac055
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfe97f345bc26792731d4535853ba38f6
Finished request 5
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=7, length=249
Waking up in 31 seconds...
Thread 1 got semaphore
Thread 1 handling request 6, (2 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0xfe97f345bc26792731d4535853ba38f6
EAP-Message =
0x0207005f1900170301005473e7401e75b295d4df0d99b751527b98b6100869ec8f61afcc0dc5671a6993382b0abe9512856589fa7b4577222685ee2cb147fb557c52b0dfb51ef8f8e96d2fa0afd9c663a42131977b526c2196151e0b6c2c31
Message-Authenticator = 0x39167876a62a58fad10952b390e76499
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 95
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
modcall[authorize]: module "files" returns notfound for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020700481a0207004331b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed400434353555c646e6577636f6d62
PEAP: Setting User-Name to CCSU\testuser
PEAP: Adding old state with 7b db
PEAP: Sending tunneled request
EAP-Message =
0x020700481a0207004331b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed400434353555c646e6577636f6d62
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "CCSU\\testuser"
State = 0x7bdbbfc9b677e96180952fde499faca5
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 72
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 3
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
PEAP: Got tunneled reply RADIUS code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Not-EAP proxy set. Not composing EAP
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
PEAP: Tunneled authentication will be proxied to CSUIAS
PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
Tunneled session will be proxied. Not doing EAP.
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Request of id 0 to 172.28.240.114:1812
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
MS-CHAP-Challenge = 0x4ef58089f77b5c2e215455a0214797ac
MS-CHAP2-Response =
0x0743b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed4
Proxy-State = 0x37
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=7, length=249
Ignoring duplicate packet from client c2-test:1024 - ID: 7, due to
outstanding proxied request 6.
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 43714c76
Cleaning up request 1 ID 2 with timestamp 43714c76
Cleaning up request 2 ID 3 with timestamp 43714c76
Cleaning up request 3 ID 4 with timestamp 43714c76
Cleaning up request 4 ID 5 with timestamp 43714c76
Cleaning up request 5 ID 6 with timestamp 43714c76
Re-sending Access-Request of id 0 to 172.28.240.114:1812
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
Client-IP-Address = 127.0.0.1
Stripped-User-Name = "CCSU\\testuser"
Realm = "NULL"
EAP-Type = MS-CHAP-V2
MS-CHAP-Challenge = 0x4ef58089f77b5c2e215455a0214797ac
MS-CHAP2-Response =
0x0743b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed4
Proxy-State = 0x37
Waking up in 5 seconds...
--- Walking the entire request list ---
Re-sending Access-Request of id 0 to 172.28.240.114:1812
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
Client-IP-Address = 127.0.0.1
Stripped-User-Name = "CCSU\\testuser"
Realm = "NULL"
EAP-Type = MS-CHAP-V2
MS-CHAP-Challenge = 0x4ef58089f77b5c2e215455a0214797ac
MS-CHAP2-Response =
0x0743b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed4
Proxy-State = 0x37
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=8, length=154
--- Walking the entire request list ---
Waking up in 1 seconds...
Thread 3 got semaphore
Thread 3 handling request 7, (2 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
EAP-Message = 0x0208001201434353555c646e6577636f6d62
Message-Authenticator = 0x7275c633c8f20f6fdfa4c30d6faf7c47
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 8 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
modcall[authorize]: module "files" returns notfound for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 8 to 172.25.7.11:1024
EAP-Message = 0x010900061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x29d8d0d5b9d8a5cd3fbabb0a80e28188
Finished request 7
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=9, length=266
Server rejecting request 6.
marking authentication server 172.28.240.114:1812 for realm CSUIAS dead
marking authentication server 172.28.240.114:1812 for realm ENTERASYS dead
Sending Access-Reject of id 7 to 172.25.7.11:1024
Cleaning up request 6 ID 7 with timestamp 43714c76
Thread 4 got semaphore
Thread 4 handling request 8, (2 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0x29d8d0d5b9d8a5cd3fbabb0a80e28188
EAP-Message =
0x0209007019800000006616030100610100005d030143714c8dcd705643668282d8ed80212e942c0922cb61f14be2335fc94fc29ed320a9dcdcad52cee9b9737568a4dd4eb81d8a918f8cd2ada99c554f2c1474726157001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x8e737499b971df9cc99f4480c4e15530
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
Waking up in 1 seconds...
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 9 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
modcall[authorize]: module "files" returns notfound for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
Threads: total/active/spare threads = 5/1/4
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 9 to 172.25.7.11:1024
EAP-Message =
0x010a040a19c0000006f1160301004a02000046030143714c938d084249e44d6a7c4b15bb082c005da6d19bbb3a080e02d9fe95ee5220e2f1afcfb69fe6292453b7acfde05714d20f7b5956725828155956a8f3df8bd200040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa8e06c9d7bdc1d4a87729159f7fdb3bd
Finished request 8
Going to the next request
Thread 4 waiting to be assigned a request
--- Walking the entire request list ---
Waking up in 5 seconds...
Threads: total/active/spare threads = 5/0/5
--- Walking the entire request list ---
Cleaning up request 7 ID 8 with timestamp 43714c93
Cleaning up request 8 ID 9 with timestamp 43714c93
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=10,
length=172
--- Walking the entire request list ---
Waking up in 31 seconds...
Thread 5 got semaphore
Thread 5 handling request 9, (2 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0x29d8d0d5b9d8a5cd3fbabb0a80e28188
EAP-Message = 0x020a001201434353555c646e6577636f6d62
Message-Authenticator = 0xd52c402a2bef7759250278d558729c97
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 10 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
modcall[authorize]: module "files" returns notfound for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 10 to 172.25.7.11:1024
EAP-Message = 0x010b00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb554fb398ed4bc54d95a7b037b10b40b
Finished request 9
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=11,
length=234
Waking up in 31 seconds...
Thread 2 got semaphore
Thread 2 handling request 10, (3 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0xb554fb398ed4bc54d95a7b037b10b40b
EAP-Message =
0x020b005019800000004616030100410100003d030143714cab8d13dc2ced8bfb3041266671ed7e36fe1fd639cbe3c3e5fe8297eb2000001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x52726700cba4c943a7ecd06bfbf63439
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
modcall[authorize]: module "preprocess" returns ok for request 10
modcall[authorize]: module "chap" returns noop for request 10
modcall[authorize]: module "mschap" returns noop for request 10
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 10
rlm_eap: EAP packet type response id 11 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
modcall[authorize]: module "files" returns notfound for request 10
modcall: group authorize returns updated for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 10
modcall: group authenticate returns handled for request 10
Sending Access-Challenge of id 11 to 172.25.7.11:1024
EAP-Message =
0x010c040a19c0000006f1160301004a02000046030143714cb18054b420dee6b33795f0c55116b04cbddddca2f09cacfa1f82a3af1c202c3ec96233a50aba2d7027af50961b3b1f4367b3d37b73e42f32f082c5ee9fb800040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x72ff7284b054639a39021cbf746c0c34
Finished request 10
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=12,
length=160
Waking up in 31 seconds...
Thread 1 got semaphore
Thread 1 handling request 11, (3 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0x72ff7284b054639a39021cbf746c0c34
EAP-Message = 0x020c00061900
Message-Authenticator = 0x508100e93d05291f51ac7efeedc8248b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
modcall[authorize]: module "chap" returns noop for request 11
modcall[authorize]: module "mschap" returns noop for request 11
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 11
rlm_eap: EAP packet type response id 12 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
modcall[authorize]: module "files" returns notfound for request 11
modcall: group authorize returns updated for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 11
modcall: group authenticate returns handled for request 11
Sending Access-Challenge of id 12 to 172.25.7.11:1024
EAP-Message =
0x010d02f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf75bc99fb3760ef5328bf217cdfa3f8f
Finished request 11
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=13,
length=346
Waking up in 31 seconds...
Thread 3 got semaphore
Thread 3 handling request 12, (3 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0xf75bc99fb3760ef5328bf217cdfa3f8f
EAP-Message =
0x020d00c01980000000b61603010086100000820080a6ecadf8ef8b6ac564a27b58f6445c84cc77802d308bf729f1c5a7be5382b62f425ac1e92180f8cd97e790ef445df949b131229fee34b7508620e98b9fe5dea6f58be3cd6fa24ab4fec5d36fa4500cae5ed2080b2f33bbada936246b346e0893fd2b979c735f5be6c74de6bb3ca7321c81fae2b7e75d34ee18f26d63e7478b191403010001011603010020f8460c7964c23451cd12be32412d967d8575db782c62654d6674bcb90e7b8c9b
Message-Authenticator = 0x34d9e04aa9c02f053cc2c0848b4ab10f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
modcall[authorize]: module "preprocess" returns ok for request 12
modcall[authorize]: module "chap" returns noop for request 12
modcall[authorize]: module "mschap" returns noop for request 12
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 12
rlm_eap: EAP packet type response id 13 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
modcall[authorize]: module "files" returns notfound for request 12
modcall: group authorize returns updated for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 12
modcall: group authenticate returns handled for request 12
Sending Access-Challenge of id 13 to 172.25.7.11:1024
EAP-Message =
0x010e00311900140301000101160301002007ed2f01861fd6060dc9194df759dc74d68b4f9031eb1415b77526975406609d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7374ecc4a25e36807cbff1cb600466e5
Finished request 12
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=14,
length=160
Waking up in 31 seconds...
Thread 4 got semaphore
Thread 4 handling request 13, (3 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0x7374ecc4a25e36807cbff1cb600466e5
EAP-Message = 0x020e00061900
Message-Authenticator = 0x3af6ccade7a12834464a0839480dc48a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: EAP packet type response id 14 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
modcall[authorize]: module "files" returns notfound for request 13
modcall: group authorize returns updated for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 13
modcall: group authenticate returns handled for request 13
Sending Access-Challenge of id 14 to 172.25.7.11:1024
EAP-Message =
0x010f002019001703010015dee804f79e02f544702f9429da4834aa06d242c56f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdb4c47ab7a22e4eff1430f19483e02e1
Finished request 13
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=15,
length=195
Waking up in 31 seconds...
Thread 5 got semaphore
Thread 5 handling request 14, (3 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0xdb4c47ab7a22e4eff1430f19483e02e1
EAP-Message =
0x020f00291900170301001ef98d6be68461c6fa36a3f5e7a06af1bf76272bf0dd6da34aa952753e442c
Message-Authenticator = 0x34e4fe3e00872195f599c727f9d47edc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 15 length 41
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
modcall[authorize]: module "files" returns notfound for request 14
modcall: group authorize returns updated for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CCSU\testuser
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020f001201434353555c646e6577636f6d62
PEAP: Got tunneled identity of CCSU\testuser
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CCSU\testuser
PEAP: Sending tunneled request
EAP-Message = 0x020f001201434353555c646e6577636f6d62
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 15 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 3
modcall[authorize]: module "files" returns ok for request 14
modcall: group authorize returns updated for request 14
PEAP: Got tunneled reply RADIUS code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 14
modcall: group authenticate returns handled for request 14
PEAP: Cancelling proxy to realm CSUIAS until the tunneled EAP
session has been established
PEAP: Processing from tunneled session code 0x81364a8 11
EAP-Message =
0x011000271a0110002210bd65e21cc40b0c0fdc3aa51d142aa75c434353555c646e6577636f6d62
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7b678c5b5dea5fd306109e4075d33313
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 14
modcall: group authenticate returns handled for request 14
Sending Access-Challenge of id 15 to 172.25.7.11:1024
EAP-Message =
0x0110003e190017030100331019916a1e8d44d01c39e713848a50414430c30c501b9eb338aab3000546bdb4037ff9cbdafe94b2e2eeb9f57eac5b3c9d1d63
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x225a27645d5b540886f99013fec42790
Finished request 14
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.25.7.11:1024, id=16,
length=249
Waking up in 31 seconds...
Thread 2 got semaphore
Thread 2 handling request 15, (4 handled so far)
User-Name = "CCSU\\testuser"
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
State = 0x225a27645d5b540886f99013fec42790
EAP-Message =
0x0210005f19001703010054a24d2bc6a22bd39c868802c6f180c0d4a93c9535414de111489a80cc840ad2510ed807eeb1b50f2e483c29ecd55ead0ba47ec871319d7ecbe7ab3293318441a0bf394ae16bc83024c72141e77611d0c8a5f247d8
Message-Authenticator = 0xdeb694ff4f0424445070812af1b8b97c
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: EAP packet type response id 16 length 95
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
modcall[authorize]: module "files" returns notfound for request 15
modcall: group authorize returns updated for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x021000481a02100043319cd5b8af1bac308c329ad74aff1593420000000000000000737c0c0335036db6dc57eaad1865d5eacc034b8596c0d51500434353555c646e6577636f6d62
PEAP: Setting User-Name to CCSU\testuser
PEAP: Adding old state with 7b 67
PEAP: Sending tunneled request
EAP-Message =
0x021000481a02100043319cd5b8af1bac308c329ad74aff1593420000000000000000737c0c0335036db6dc57eaad1865d5eacc034b8596c0d51500434353555c646e6577636f6d62
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "CCSU\\testuser"
State = 0x7b678c5b5dea5fd306109e4075d33313
Called-Station-Id = "00-11-88-12-6e-70"
Calling-Station-Id = "00-0f-1f-43-c8-38"
NAS-Identifier = "00-11-88-12-6e-5d"
NAS-IP-Address = 172.25.7.11
NAS-Port = 19
Framed-MTU = 1500
NAS-Port-Type = Ethernet
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "CCSU\testuser"
rlm_realm: Proxying request from user CCSU\testuser to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: EAP packet type response id 16 length 72
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched entry DEFAULT at line 3
modcall[authorize]: module "files" returns ok for request 15
modcall: group authorize returns updated for request 15
PEAP: Got tunneled reply RADIUS code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Not-EAP proxy set. Not composing EAP
modcall[authenticate]: module "eap" returns handled for request 15
modcall: group authenticate returns handled for request 15
PEAP: Tunneled authentication will be proxied to CSUIAS
PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
Tunneled session will be proxied. Not doing EAP.
modcall[authenticate]: module "eap" returns handled for request 15
modcall: group authenticate returns handled for request 15
ERROR: Failed to find live home server for realm CSUIAS
Error trying to proxy request 15: Rejecting it
Server rejecting request 15.
Finished request 15
Going to the next request
Thread 2 waiting to be assigned a request
And the config files:
users =======>>>>
DEFAULT NAS-Identifier == "00-11-88-12-6E-5D", Proxy-To-Realm := "ENTERASYS"
DEFAULT FreeRADIUS-Proxied-To != 127.0.0.1, Proxy-To-Realm := "LOCAL"
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "CSUIAS"
proxy.conf ======>>>>
proxy server {
synchronous = no
retry_delay = 5
retry_count = 3
dead_time = 120
default_fallback = yes
post_proxy_authorize = yes
}
realm LOCAL {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm NULL {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm CSUIAS {
type = radius
authhost = 172.28.240.114:1812
accthost = 172.28.240.114:1813
secret = itsasecret
}
realm ENTERASYS {
type = radius
authhost = 172.28.240.114:1812
accthost = 172.28.240.114:1813
secret = itsasecret
}
eap.conf ====>>
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
check_crl = no
proxy_tunneled_request_as_eap = no
}
peap {
default_eap_type = mschapv2
proxy_tunneled_request_as_eap = no
copy_request_to_tunnel = yes
}
mschapv2 {
}
}
radius.conf ======>>>>>
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
user = root
group = root
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
shadow = /etc/shadow
radwtmp = ${logdir}/radwtmp
}
$INCLUDE ${confdir}/eap.conf
mschap {
authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = no
}
realm IPASS {
format = prefix
delimiter = "/"
ignore_default = no
ignore_null = no
}
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
realm realmpercent {
format = suffix
delimiter = "%"
ignore_default = no
ignore_null = no
}
realm ntdomain {
format = prefix
delimiter = "\\"
ignore_default = no
ignore_null = no
}
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
}
instantiate {
exec
expr
}
authorize {
preprocess
chap
mschap
suffix
eap
files
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
radutmp
sql
}
session {
radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {
eap
}
More information about the Freeradius-Users
mailing list