PEAP MSCHAPv2 - Novell eDir
O'Connell Catriona
cczcso at nottingham.ac.uk
Wed Jul 26 14:47:25 CEST 2006
Dear All,
I'm trying (and failing) to implement 802.1x using WPA2 between an XP PC
and the AP, PEAP and MSCHAPv2 with FreeRadius 1.1.0. The backend is a
Novell LDAP server running eDirectory with Universal Passwords enabled.
I've set up the ldap module following the instructions from Novell (
www.novell.com/documentation/edir_radius/pdfdoc/radadmin/radadmin.pdf )
except for the post-auth section as FR complains about the lack of a
post-auth method in ldap. Another difference is that the LDAP server is
running on 636/tcp only, so I added the port=636 to the ldap config and
commented-out the start_tls option.
I've been working on this for weeks and not getting very far - so any
insight would be appreciated.
Thank you
Catriona
Debug follows:
[root at auth1 raddb]# /usr/sbin/tcpdump -i eth0 -w
/home/cczcso/cap-060726C -s 1500 &
[1] 18467
[root at auth1 raddb]# tcpdump: listening on eth0, link-type EN10MB
(Ethernet), capture size 1500 bytes
[root at auth1 raddb]# /etc/init.d/radiusd xstart
Starting RADIUS server: Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded LDAP
ldap: server = "ldapsvr.nottingham.ac.uk"
ldap: port = 636
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "cn=RADIUSadmin,o=university"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "/etc/raddb/certs/UONLDAP-CA-SelfSignedCert.b64"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "demand"
ldap: password = "whatever"
ldap: basedn = "o=university"
ldap: filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "nspmPassword"
ldap: access_attr = "(null)"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=Gr
oupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
ldap: set_auth_type = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x95bce58
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=17,
length=129
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0xd0706757be777867d17441eca5dd4bf4
EAP-Message = 0x0202000b0163637a63736f
NAS-Port-Type = Wireless-802.11
NAS-Port = 260
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldapsvr.nottingham.ac.uk:636, authentication 0
rlm_ldap: setting TLS mode to 1
rlm_ldap: setting TLS CACert File to
/etc/raddb/certs/UONLDAP-CA-SelfSignedCert.b64
rlm_ldap: setting TLS Require Cert to demand
rlm_ldap: bind as cn=RADIUSadmin,o=university/whatever to
ldapsvr.nottingham.ac.uk:636
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 17 to 128.243.13.34 port 1645
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5339d02618b5ac497127a65bc432c74c
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=18,
length=216
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x3e27b9c3e604609dce42e692bf464d05
EAP-Message =
0x0203005019800000004616030100410100003d030144c75f3bb06cf457b7ba71b2f3b0
bd4697d0d2eaa9dce8139e7abf0458b6beb800001600040005000a000900640062000300
060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 260
State = 0x5339d02618b5ac497127a65bc432c74c
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 18 to 128.243.13.34 port 1645
EAP-Message =
0x0104040a19c0000006f1160301004a02000046030144c75f2365aa56fbe7b62c4833a8
5f417734b7267e596c569e9d715092a68c64200c45484fd5036f705cd8766788cecf9d49
1b5b5272b17fe58e400cb36aab85e400040016030106940b00069000068d0002cd308202
c930820232a003020102020102300d06092a864886f70d010104050030819f310b300906
03550406130243413111300f0603550408130850726f76696e6365311230100603550407
1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112
3010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420
6365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578
616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133
323631305a30819b310b30090603550406130243413111300f0603550408130850726f76
696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f
7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706
035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109
011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d01010105
0003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c843
4a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae66
16aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc87
73999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001
a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01
01040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6
f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e8
0d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c5
0e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082
031fa003020102020100300d06092a864886f70d010104050030819f310b300906035504
06130243413111300f0603550408130850726f76696e6365311230100603550407130953
6f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112301006
0355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572
74696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d
706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x16022638546c0923e554e322141c18e6
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=19,
length=142
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x0b97ecc096b8bff8904d170c175cb5e2
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 260
State = 0x16022638546c0923e554e322141c18e6
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 19 to 128.243.13.34 port 1645
EAP-Message =
0x010502f71900170d3036303132343133323630375a30819f310b300906035504061302
43413111300f0603550408130850726f76696e63653112301006035504071309536f6d65
204369747931153013060355040a130c4f7267616e697a6174696f6e3112301006035504
0b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572746966
69636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c65
2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b1
9724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b
41e8
EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133
249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b432
50ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416
041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1
801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b300906
03550406130243413111300f0603550408130850726f76696e6365311230100603550407
1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112
3010
EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063
657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578
616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d
01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f
834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229b
a2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658c
e1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e00
0000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x003c807d75b594d1d3a3764f50db43ee
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=20,
length=328
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x386e9fe0b194cff5133667db11769877
EAP-Message =
0x020500c01980000000b61603010086100000820080ce17e21fa5ccc64be10321a18ddf
e63c313ac2f0fac6319ae17ba1f0892ae98044e434ceb3e2a01e6f1df50d132c9fced284
9f5a940057f566e9cfd5243977f65622eafffe1286b523ccb2d680d40bfb67fadd54cbb8
ea8f9a524c171cda0e7342db3ce1f43621bebf7b02f64a237c7cc8b23be172a1059d160d
bf95228a33a31403010001011603010020cd956a90839d44b1128f0801654f9e12fc3b09
5a13c11f773e96ad83fa6aa41a
NAS-Port-Type = Wireless-802.11
NAS-Port = 260
State = 0x003c807d75b594d1d3a3764f50db43ee
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 5 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 20 to 128.243.13.34 port 1645
EAP-Message =
0x01060031190014030100010116030100205132f431789957801f761cb082af90ea117e
e618d6758c089f3c676bd11bc6ab
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3551305d8ad2486511fb677041e42e4f
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=21,
length=142
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x12bfd77ad4cc09a26e11efbe17ae8386
EAP-Message = 0x020600061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 260
State = 0x3551305d8ad2486511fb677041e42e4f
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 21 to 128.243.13.34 port 1645
EAP-Message =
0x0107002019001703010015a41d21eff28d2b8ea55f15286a0485105e6db05cc1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf974be77c72057cac6c9bcf66345781b
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=22,
length=170
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x8cc82c03422303bc20988737f61faea4
EAP-Message =
0x02070022190017030100171f16bf5f905bfc5a54363ffe6ce1edadaae940f63ef6d3
NAS-Port-Type = Wireless-802.11
NAS-Port = 260
State = 0xf974be77c72057cac6c9bcf66345781b
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 34
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - cczcso
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of cczcso
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to cczcso
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 22 to 128.243.13.34 port 1645
EAP-Message =
0x010800371900170301002c425f072e04a68daf256cd58d8f78c61a98c231ea9be68a8c
0cbe76d9e607a02bbbe49a87e659e9488a03e65c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae01d72cb0cea1c7bed6cdea14272854
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=23,
length=224
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0xa9321ffd596a6d141423b960921d1ebb
EAP-Message =
0x020800581900170301004dd973feec5317e088d2254f0464a2110e785d4a6cf778cdff
15b78e5dd5e6390188de26cc3f85eb6234321fef4fad4f458c16a903ce9e00b5d596420d
d3441ede8a37dadc12ee5f89f6783afbd5
NAS-Port-Type = Wireless-802.11
NAS-Port = 260
State = 0xae01d72cb0cea1c7bed6cdea14272854
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 8 length 88
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to cczcso
PEAP: Adding old state with 1d b5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 8 length 65
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for cczcso with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
Login incorrect: [cczcso/<no User-Password attribute>] (from client
localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 23 to 128.243.13.34 port 1645
EAP-Message =
0x010900261900170301001b5ada41d28aca4a6d445ce8eaa7cffbf59279004b7300263d
d1b9e4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa79166509f9ba349827c1a4ae8dde2ff
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=24,
length=174
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x129315f3cf5436eb5c4b7df7c0accd58
EAP-Message =
0x020900261900170301001bb7ac1518a6af85f83b33e44c264e1e37ef2ecb78c9096833
e5044c
NAS-Port-Type = Wireless-802.11
NAS-Port = 260
State = 0xa79166509f9ba349827c1a4ae8dde2ff
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 9 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Login incorrect: [cczcso/<no User-Password attribute>] (from client
test-ap port 260 cli 000e.35db.4af2)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 24 to 128.243.13.34 port 1645
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 17 with timestamp 44c75f23
Cleaning up request 1 ID 18 with timestamp 44c75f23
Cleaning up request 2 ID 19 with timestamp 44c75f23
Cleaning up request 3 ID 20 with timestamp 44c75f23
Cleaning up request 4 ID 21 with timestamp 44c75f23
Cleaning up request 5 ID 22 with timestamp 44c75f23
Cleaning up request 6 ID 23 with timestamp 44c75f23
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 24 with timestamp 44c75f24
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=25,
length=129
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x2a953d446c13615ce39859363d22e5f3
EAP-Message = 0x0202000b0163637a63736f
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 2 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 8
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 25 to 128.243.13.34 port 1645
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6be438890312338382f240a3328c1142
Finished request 8
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=26,
length=216
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x3ac5f06a25dadfb787bc6ca98f32ad4a
EAP-Message =
0x0203005019800000004616030100410100003d030144c75f4677da152e555b5327d88d
4686dd4b5ffded75b3529e02a8b3b340899000001600040005000a000900640062000300
060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
State = 0x6be438890312338382f240a3328c1142
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 9
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 26 to 128.243.13.34 port 1645
EAP-Message =
0x0104040a19c0000006f1160301004a02000046030144c75f2e762037af43414d118e83
4b1dc2c8a5e91277c2a72aead80361777efa20ba5e1d6ea2e037b4bc992876256f67e266
beb843b38364cde39f20d9f40f70e300040016030106940b00069000068d0002cd308202
c930820232a003020102020102300d06092a864886f70d010104050030819f310b300906
03550406130243413111300f0603550408130850726f76696e6365311230100603550407
1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112
3010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420
6365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578
616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133
323631305a30819b310b30090603550406130243413111300f0603550408130850726f76
696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f
7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706
035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109
011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d01010105
0003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c843
4a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae66
16aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc87
73999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001
a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01
01040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6
f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e8
0d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c5
0e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082
031fa003020102020100300d06092a864886f70d010104050030819f310b300906035504
06130243413111300f0603550408130850726f76696e6365311230100603550407130953
6f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112301006
0355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572
74696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d
706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3a965ec092c72beff1469ffd09d88e68
Finished request 9
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=27,
length=142
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x4c609b88a50310f9d020cde848c00788
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
State = 0x3a965ec092c72beff1469ffd09d88e68
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
modcall[authorize]: module "preprocess" returns ok for request 10
modcall[authorize]: module "chap" returns noop for request 10
modcall[authorize]: module "mschap" returns noop for request 10
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 10
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 10
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 10
modcall: leaving group authorize (returns updated) for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 27 to 128.243.13.34 port 1645
EAP-Message =
0x010502f71900170d3036303132343133323630375a30819f310b300906035504061302
43413111300f0603550408130850726f76696e63653112301006035504071309536f6d65
204369747931153013060355040a130c4f7267616e697a6174696f6e3112301006035504
0b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572746966
69636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c65
2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b1
9724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b
41e8
EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133
249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b432
50ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416
041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1
801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b300906
03550406130243413111300f0603550408130850726f76696e6365311230100603550407
1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e3112
3010
EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063
657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578
616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d
01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f
834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229b
a2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658c
e1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e00
0000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x96427b04732b210a418a7d7805daa0a8
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=28,
length=328
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0xbfc4cb26790fa85bab4681d5c15681b5
EAP-Message =
0x020500c01980000000b6160301008610000082008011666663181aa5f8f026f47f804b
10bbb93c3988c6d8945257c6cd638aaba3c15effecf95f9c88b593f3fabdac47b4332743
c4ed758b1822e06b7e890fd0d12f31de058bebff3be45515696ed8ff6580f527b33c346b
a50f81207901a6609ff32cf3aff18fb36a78aab2977a9edee743e9a8cbdfb7e076c97ab4
fe9a44f6fd951403010001011603010020b248849d3af197ac90007d1271dcea41e8b2e7
b94f9688763b3504decd0149da
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
State = 0x96427b04732b210a418a7d7805daa0a8
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
modcall[authorize]: module "chap" returns noop for request 11
modcall[authorize]: module "mschap" returns noop for request 11
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 11
rlm_eap: EAP packet type response id 5 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 11
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 11
modcall: leaving group authorize (returns updated) for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 28 to 128.243.13.34 port 1645
EAP-Message =
0x010600311900140301000101160301002062b94b2b608b9cfb729e0c11cc95b437a0ff
224a09b728c2869a49b3306976f3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe62eae39a8cb1c18e047e8c800b367e4
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=29,
length=142
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x017a1b8bcfb94b9b2efb603960809fa1
EAP-Message = 0x020600061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
State = 0xe62eae39a8cb1c18e047e8c800b367e4
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
modcall[authorize]: module "preprocess" returns ok for request 12
modcall[authorize]: module "chap" returns noop for request 12
modcall[authorize]: module "mschap" returns noop for request 12
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 12
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 12
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 12
modcall: leaving group authorize (returns updated) for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 29 to 128.243.13.34 port 1645
EAP-Message =
0x01070020190017030100154c54223ffd2f906a49347b28a7591ff425eecf2cc1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd5b96209e22a855ea27b52d6b089c1c5
Finished request 12
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=30,
length=170
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0xc685fe88f7e03a2d48e0d2e91bba2b09
EAP-Message =
0x0207002219001703010017067de3143498c00b85aac542de549ba3bc1bf4d4c43292
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
State = 0xd5b96209e22a855ea27b52d6b089c1c5
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: EAP packet type response id 7 length 34
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 13
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - cczcso
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of cczcso
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to cczcso
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: EAP packet type response id 7 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 13
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 30 to 128.243.13.34 port 1645
EAP-Message =
0x010800371900170301002cb7e8f0985faf7283b7a6dd0103c5353ffbf4173e90216cc0
294f5ae33eaa66fb2bb5d132fc6d7a84e39b0a94
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xff9e8c0d2d0b71350dd1cfb728fbc396
Finished request 13
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=31,
length=224
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x1358a7490c3e86a7df72b072df117bf6
EAP-Message =
0x020800581900170301004d86b0e046e14db36638b52e8ecb6ba3a04cf2b6d1b549d1e8
33754da4a44e97d2bd022fd87a45d504058b41d8402ffd1fdf36c38ab27708fc8a8f9545
faa72a1121414c31d8f654d31f7ec7a27b
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
State = 0xff9e8c0d2d0b71350dd1cfb728fbc396
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 8 length 88
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 14
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to cczcso
PEAP: Adding old state with b0 75
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 8 length 65
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 14
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 14
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for cczcso with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 14
modcall: leaving group MS-CHAP (returns reject) for request 14
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 14
modcall: leaving group authenticate (returns reject) for request 14
auth: Failed to validate the user.
Login incorrect: [cczcso/<no User-Password attribute>] (from client
localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 31 to 128.243.13.34 port 1645
EAP-Message =
0x010900261900170301001b713226eed13f53fc1ca06e097ca77ce773dd3cb6b59c7caa
bcb553
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xde94aaf9d23667a65f8dec50d6365580
Finished request 14
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 128.243.13.34:1645, id=32,
length=174
User-Name = "cczcso"
Framed-MTU = 1400
Called-Station-Id = "0011.9335.1210"
Calling-Station-Id = "000e.35db.4af2"
Service-Type = Login-User
Message-Authenticator = 0x179a4da59d173a630bebe38ac5a08d1c
EAP-Message =
0x020900261900170301001b73248026aad62299e34b48cae67e6146cf758f688ea6a9e5
b54add
NAS-Port-Type = Wireless-802.11
NAS-Port = 261
State = 0xde94aaf9d23667a65f8dec50d6365580
NAS-IP-Address = 128.243.13.34
NAS-Identifier = "tmp-ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: EAP packet type response id 9 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 15
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cczcso
radius_xlat: '(cn=cczcso)'
radius_xlat: 'o=university'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=university, with filter (cn=cczcso)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cczcso authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 15
modcall: leaving group authenticate (returns invalid) for request 15
auth: Failed to validate the user.
Login incorrect: [cczcso/<no User-Password attribute>] (from client
test-ap port 261 cli 000e.35db.4af2)
Delaying request 15 for 1 seconds
Finished request 15
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 32 to 128.243.13.34 port 1645
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 25 with timestamp 44c75f2e
Cleaning up request 9 ID 26 with timestamp 44c75f2e
Cleaning up request 10 ID 27 with timestamp 44c75f2e
Cleaning up request 11 ID 28 with timestamp 44c75f2e
Cleaning up request 12 ID 29 with timestamp 44c75f2e
Cleaning up request 13 ID 30 with timestamp 44c75f2e
Cleaning up request 14 ID 31 with timestamp 44c75f2e
Waking up in 1 seconds...
Catriona O'Connell
Network Security Analyst
Network Team, Information Services,
The University of Nottingham, Cripps Computing Centre, University Park,
Nottingham, NG7 2RD
Tel: 0115 8467710
This message has been checked for viruses but the contents of an attachment
may still contain software viruses, which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
More information about the Freeradius-Users
mailing list