issues with peap + tlv part 1

Damon McDougald robspierre19 at yahoo.com
Wed Jul 26 18:41:35 CEST 2006





  



Hello to all,

Here is my dillema:
 rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding
tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure.  User was
rejcted rejected earlier in this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select


as you can see the tlv failure during peap handshake. 
I have seen the previous post and I have heeded their
warning of making sure the mschap module is
configured, but when I have configured these settings
I have no luck.  I am attaching my eap.conf and
radius.conf files  
as well as the below output for radius -X.

**************************************************
Wed Jul 26 06:38:27 2006 : Info: Starting - reading
configuration files ...
Wed Jul 26 06:38:27 2006 : Debug: reread_config: 
reading radiusd.conf
Wed Jul 26 06:38:27 2006 : Debug: Config:   including
file: /usr/local/etc/raddb/proxy.conf
Wed Jul 26 06:38:27 2006 : Debug: Config:   including
file: /usr/local/etc/raddb/clients.conf
Wed Jul 26 06:38:27 2006 : Debug: Config:   including
file: /usr/local/etc/raddb/snmp.conf
Wed Jul 26 06:38:27 2006 : Debug: Config:   including
file: /usr/local/etc/raddb/eap.conf
Wed Jul 26 06:38:27 2006 : Debug: Config:   including
file: /usr/local/etc/raddb/sql.conf
Wed Jul 26 06:38:27 2006 : Debug:  main: prefix =
"/usr/local"
Wed Jul 26 06:38:27 2006 : Debug:  main: localstatedir
= "/usr/local/var"
Wed Jul 26 06:38:27 2006 : Debug:  main: logdir =
"/usr/local/var/log/radius"
Wed Jul 26 06:38:27 2006 : Debug:  main: libdir =
"/usr/local/lib"
Wed Jul 26 06:38:27 2006 : Debug:  main: radacctdir =
"/usr/local/var/log/radius/radacct"
Wed Jul 26 06:38:27 2006 : Debug:  main:
hostname_lookups = no
Wed Jul 26 06:38:27 2006 : Debug:  main:
max_request_time = 30
Wed Jul 26 06:38:27 2006 : Debug:  main: cleanup_delay
= 5
Wed Jul 26 06:38:27 2006 : Debug:  main: max_requests
= 1024
Wed Jul 26 06:38:27 2006 : Debug:  main:
delete_blocked_requests = 0
Wed Jul 26 06:38:27 2006 : Debug:  main: port = 0
Wed Jul 26 06:38:27 2006 : Debug:  main:
allow_core_dumps = no
Wed Jul 26 06:38:27 2006 : Debug:  main:
log_stripped_names = no
Wed Jul 26 06:38:27 2006 : Debug:  main: log_file =
"/usr/local/var/log/radius/radius.log"
Wed Jul 26 06:38:27 2006 : Debug:  main: log_auth = no
Wed Jul 26 06:38:27 2006 : Debug:  main:
log_auth_badpass = no
Wed Jul 26 06:38:27 2006 : Debug:  main:
log_auth_goodpass = no
Wed Jul 26 06:38:27 2006 : Debug:  main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
Wed Jul 26 06:38:27 2006 : Debug:  main: user =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  main: group =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  main: usercollide =
no
Wed Jul 26 06:38:27 2006 : Debug:  main: lower_user =
"no"
Wed Jul 26 06:38:27 2006 : Debug:  main: lower_pass =
"no"
Wed Jul 26 06:38:27 2006 : Debug:  main: nospace_user
= "no"
Wed Jul 26 06:38:27 2006 : Debug:  main: nospace_pass
= "no"
Wed Jul 26 06:38:27 2006 : Debug:  main: checkrad =
"/usr/local/sbin/checkrad"
Wed Jul 26 06:38:27 2006 : Debug:  main:
proxy_requests = yes
Wed Jul 26 06:38:27 2006 : Debug:  proxy: retry_delay
= 5
Wed Jul 26 06:38:27 2006 : Debug:  proxy: retry_count
= 3
Wed Jul 26 06:38:27 2006 : Debug:  proxy: synchronous
= no
Wed Jul 26 06:38:27 2006 : Debug:  proxy:
default_fallback = yes
Wed Jul 26 06:38:27 2006 : Debug:  proxy: dead_time =
120
Wed Jul 26 06:38:27 2006 : Debug:  proxy:
post_proxy_authorize = no
Wed Jul 26 06:38:27 2006 : Debug:  proxy:
wake_all_if_all_dead = no
Wed Jul 26 06:38:27 2006 : Debug:  security:
max_attributes = 200
Wed Jul 26 06:38:27 2006 : Debug:  security:
reject_delay = 1
Wed Jul 26 06:38:27 2006 : Debug:  security:
status_server = no
Wed Jul 26 06:38:27 2006 : Debug:  main: debug_level =
0
Wed Jul 26 06:38:27 2006 : Debug: read_config_files: 
reading dictionary
Wed Jul 26 06:38:27 2006 : Debug: read_config_files: 
reading naslist
Wed Jul 26 06:38:27 2006 : Info: Using deprecated
naslist file.  Support for this will go away soon.
Wed Jul 26 06:38:27 2006 : Debug: read_config_files: 
reading clients
Wed Jul 26 06:38:27 2006 : Debug: read_config_files: 
reading realms
Wed Jul 26 06:38:27 2006 : Debug: radiusd:  entering
modules setup
Wed Jul 26 06:38:27 2006 : Debug: Module: Library
search path is /usr/local/lib
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded exec 
Wed Jul 26 06:38:27 2006 : Debug:  exec: wait = yes
Wed Jul 26 06:38:27 2006 : Debug:  exec: program =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  exec: input_pairs =
"request"
Wed Jul 26 06:38:27 2006 : Debug:  exec: output_pairs
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  exec: packet_type =
"(null)"
Wed Jul 26 06:38:27 2006 : Info: rlm_exec: Wait=yes
but no output defined. Did you mean output=none?
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
exec (exec) 
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded expr 
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
expr (expr) 
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded PAP 
Wed Jul 26 06:38:27 2006 : Debug:  pap:
encryption_scheme = "crypt"
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
pap (pap) 
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded CHAP 
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
chap (chap) 
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded
MS-CHAP 
Wed Jul 26 06:38:27 2006 : Debug:  mschap: use_mppe =
yes
Wed Jul 26 06:38:27 2006 : Debug:  mschap:
require_encryption = yes
Wed Jul 26 06:38:27 2006 : Debug:  mschap:
require_strong = yes
Wed Jul 26 06:38:27 2006 : Debug:  mschap:
with_ntdomain_hack = no
Wed Jul 26 06:38:27 2006 : Debug:  mschap: passwd =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  mschap: ntlm_auth =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
mschap (mschap) 
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded
System 
Wed Jul 26 06:38:27 2006 : Debug:  unix: cache = no
Wed Jul 26 06:38:27 2006 : Debug:  unix: passwd =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  unix: shadow =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  unix: group =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  unix: radwtmp =
"/usr/local/var/log/radius/radwtmp"
Wed Jul 26 06:38:27 2006 : Debug:  unix: usegroup = no
Wed Jul 26 06:38:27 2006 : Debug:  unix: cache_reload
= 600
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
unix (unix) 
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded LDAP 
Wed Jul 26 06:38:27 2006 : Debug:  ldap: server =
"56.207.1.134"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: port = 389
Wed Jul 26 06:38:27 2006 : Debug:  ldap: net_timeout =
1
Wed Jul 26 06:38:27 2006 : Debug:  ldap: timeout = 4
Wed Jul 26 06:38:27 2006 : Debug:  ldap: timelimit = 3
Wed Jul 26 06:38:27 2006 : Debug:  ldap: identity =
"CN=SVTest45,OU=Users,OU=Surface Visibility
POC,OU=Server
Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: tls_mode = no
Wed Jul 26 06:38:27 2006 : Debug:  ldap: start_tls =
no
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
tls_cacertfile = "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: tls_cacertdir
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: tls_certfile
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: tls_keyfile =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: tls_randfile
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
tls_require_cert = "allow"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: password =
"Ytilibis6"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: basedn =
"OU=Users,OU=Surface Visibility POC,OU=Server
Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: filter =
"(&(sAMAccountName=%{user-name}))"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: base_filter =
"(objectclass=radiusprofile)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
default_profile = "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
profile_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
password_header = "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
password_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: access_attr =
"dialupAccess"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
groupname_attribute = "cn"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
groupmembership_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
dictionary_mapping =
"/usr/local/etc/raddb/ldap.attrmap"
Wed Jul 26 06:38:27 2006 : Debug:  ldap: ldap_debug =
0
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
ldap_connections_number = 5
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
compare_check_items = yes
Wed Jul 26 06:38:27 2006 : Debug:  ldap:
access_attr_used_for_allow = yes
Wed Jul 26 06:38:27 2006 : Debug:  ldap: do_xlat = yes
Wed Jul 26 06:38:27 2006 : Debug:  ldap: set_auth_type
= yes
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap:
Registering ldap_groupcmp for Ldap-Group
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap:
Registering ldap_xlat with xlat_name ldap
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: reading
ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCheckItem mapped to RADIUS $GENERIC$
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusReplyItem mapped to RADIUS $GENERIC$
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusAuthType mapped to RADIUS Auth-Type
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusSimultaneousUse mapped to RADIUS
Simultaneous-Use
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCalledStationId mapped to RADIUS
Called-Station-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallingStationId mapped to RADIUS
Calling-Station-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
lmPassword mapped to RADIUS LM-Password
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
ntPassword mapped to RADIUS NT-Password
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusExpiration mapped to RADIUS Expiration
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusNASIpAddress mapped to RADIUS NAS-IP-Address
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusServiceType mapped to RADIUS Service-Type
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedProtocol mapped to RADIUS Framed-Protocol
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPAddress mapped to RADIUS
Framed-IP-Address
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPNetmask mapped to RADIUS
Framed-IP-Netmask
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedRoute mapped to RADIUS Framed-Route
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedRouting mapped to RADIUS Framed-Routing
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFilterId mapped to RADIUS Filter-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedMTU mapped to RADIUS Framed-MTU
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedCompression mapped to RADIUS
Framed-Compression
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginIPHost mapped to RADIUS Login-IP-Host
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginService mapped to RADIUS Login-Service
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallbackNumber mapped to RADIUS Callback-Number
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallbackId mapped to RADIUS Callback-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusClass mapped to RADIUS Class
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusSessionTimeout mapped to RADIUS Session-Timeout
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusIdleTimeout mapped to RADIUS Idle-Timeout
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusTerminationAction mapped to RADIUS
Termination-Action
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATService mapped to RADIUS
Login-LAT-Service
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATNode mapped to RADIUS Login-LAT-Node
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusPortLimit mapped to RADIUS Port-Limit
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATPort mapped to RADIUS Login-LAT-Port
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusReplyMessage mapped to RADIUS Reply-Message
Wed Jul 26 06:38:27 2006 : Debug: conns: 0x8139828
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
ldap (ldap) 
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded eap 
Wed Jul 26 06:38:27 2006 : Debug:  eap:
default_eap_type = "peap"
Wed Jul 26 06:38:27 2006 : Debug:  eap: timer_expire =
60
Wed Jul 26 06:38:27 2006 : Debug:  eap:
ignore_unknown_eap_types = no
Wed Jul 26 06:38:27 2006 : Debug:  eap:
cisco_accounting_username_bug = no
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type md5
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type leap
Wed Jul 26 06:38:27 2006 : Debug:  gtc: challenge =
"Password: "
Wed Jul 26 06:38:27 2006 : Debug:  gtc: auth_type =
"PAP"
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type gtc
Wed Jul 26 06:38:27 2006 : Debug:  tls:
rsa_key_exchange = no
Wed Jul 26 06:38:27 2006 : Debug:  tls:
dh_key_exchange = yes
Wed Jul 26 06:38:27 2006 : Debug:  tls: rsa_key_length
= 512
Wed Jul 26 06:38:27 2006 : Debug:  tls: dh_key_length
= 512
Wed Jul 26 06:38:27 2006 : Debug:  tls: verify_depth =
0
Wed Jul 26 06:38:27 2006 : Debug:  tls: CA_path =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  tls: pem_file_type
= yes
Wed Jul 26 06:38:27 2006 : Debug:  tls:
private_key_file =
"/usr/local/etc/raddb/certs/server_keycert.pem"
Wed Jul 26 06:38:27 2006 : Debug:  tls:
certificate_file =
"/usr/local/etc/raddb/certs/server_keycert.pem"
Wed Jul 26 06:38:27 2006 : Debug:  tls: CA_file =
"/usr/local/etc/raddb/certs/cacert.pem"
Wed Jul 26 06:38:27 2006 : Debug:  tls:
private_key_password = ""
Wed Jul 26 06:38:27 2006 : Debug:  tls: dh_file =
"/usr/local/etc/raddb/certs/dh"
Wed Jul 26 06:38:27 2006 : Debug:  tls: random_file =
"/usr/local/etc/raddb/certs/random"
Wed Jul 26 06:38:27 2006 : Debug:  tls: fragment_size
= 1024
Wed Jul 26 06:38:27 2006 : Debug:  tls: include_length
= yes
Wed Jul 26 06:38:27 2006 : Debug:  tls: check_crl = no
Wed Jul 26 06:38:27 2006 : Debug:  tls: check_cert_cn
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug:  tls: cipher_list =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug:  tls:
check_cert_issuer = "(null)"
Wed Jul 26 06:38:27 2006 : Info: rlm_eap_tls: Loading
the certificate file as a chain
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type tls
Wed Jul 26 06:38:28 2006 : Debug:  peap:
default_eap_type = "mschapv2"
Wed Jul 26 06:38:28 2006 : Debug:  peap:
copy_request_to_tunnel = yes
Wed Jul 26 06:38:28 2006 : Debug:  peap:
use_tunneled_reply = yes
Wed Jul 26 06:38:28 2006 : Debug:  peap:
proxy_tunneled_request_as_eap = yes
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type peap
Wed Jul 26 06:38:28 2006 : Debug:  mschapv2:
with_ntdomain_hack = no
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type mschapv2
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
eap (eap) 
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
preprocess 
Wed Jul 26 06:38:28 2006 : Debug:  preprocess:
huntgroups = "/usr/local/etc/raddb/huntgroups"
Wed Jul 26 06:38:28 2006 : Debug:  preprocess: hints =
"/usr/local/etc/raddb/hints"
Wed Jul 26 06:38:28 2006 : Debug:  preprocess:
with_ascend_hack = no
Wed Jul 26 06:38:28 2006 : Debug:  preprocess:
ascend_channels_per_line = 23
Wed Jul 26 06:38:28 2006 : Debug:  preprocess:
with_ntdomain_hack = no
Wed Jul 26 06:38:28 2006 : Debug:  preprocess:
with_specialix_jetstream_hack = no
Wed Jul 26 06:38:28 2006 : Debug:  preprocess:
with_cisco_vsa_hack = no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
preprocess (preprocess) 
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded realm

Wed Jul 26 06:38:28 2006 : Debug:  realm: format =
"suffix"
Wed Jul 26 06:38:28 2006 : Debug:  realm: delimiter =
"@"
Wed Jul 26 06:38:28 2006 : Debug:  realm:
ignore_default = no
Wed Jul 26 06:38:28 2006 : Debug:  realm: ignore_null
= no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
realm (suffix) 
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded files

Wed Jul 26 06:38:28 2006 : Debug:  files: usersfile =
"/usr/local/etc/raddb/users"
Wed Jul 26 06:38:28 2006 : Debug:  files:
acctusersfile = "/usr/local/etc/raddb/acct_users"
Wed Jul 26 06:38:28 2006 : Debug:  files:
preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"
Wed Jul 26 06:38:28 2006 : Debug:  files: compat =
"no"
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
files (files) 
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
Acct-Unique-Session-Id 
Wed Jul 26 06:38:28 2006 : Debug:  acct_unique: key =
"User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
acct_unique (acct_unique) 
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
detail 
Wed Jul 26 06:38:28 2006 : Debug:  detail: detailfile
=
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Wed Jul 26 06:38:28 2006 : Debug:  detail: detailperm
= 384
Wed Jul 26 06:38:28 2006 : Debug:  detail: dirperm =
493
Wed Jul 26 06:38:28 2006 : Debug:  detail: locking =
no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
detail (detail) 
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
radutmp 
Wed Jul 26 06:38:28 2006 : Debug:  radutmp: filename =
"/usr/local/var/log/radius/radutmp"
Wed Jul 26 06:38:28 2006 : Debug:  radutmp: username =
"%{User-Name}"
Wed Jul 26 06:38:28 2006 : Debug:  radutmp:
case_sensitive = yes
Wed Jul 26 06:38:28 2006 : Debug:  radutmp:
check_with_nas = yes
Wed Jul 26 06:38:28 2006 : Debug:  radutmp: perm = 384
Wed Jul 26 06:38:28 2006 : Debug:  radutmp: callerid =
yes
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
radutmp (radutmp) 
Wed Jul 26 06:38:28 2006 : Debug: Listening on
authentication *:1812
Wed Jul 26 06:38:28 2006 : Debug: Listening on
accounting *:1813
Wed Jul 26 06:38:28 2006 : Info: Ready to process
requests.
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=96, length=142
	User-Name = "svtest21"
	Framed-MTU = 1400
	Called-Station-Id = "0014.f213.f740"
	Calling-Station-Id = "0002.7848.9017"
	Service-Type = Login-User
	Message-Authenticator =
0x9f1c51bffb5629597ad2b909fd38c9b4
	EAP-Message = 0x0203000d017376746573743231
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 549
	NAS-IP-Address = 170.248.233.102
	NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 3 length 13
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 0
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
Identity
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type tls
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls:
Initiate
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: Start
returned 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns handled
for request 0
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 0
Sending Access-Challenge of id 96 to 170.248.233.102
port 21645
	EAP-Message = 0x010400061920
	Message-Authenticator =
0x00000000000000000000000000000000
	State = 0x29ca0021777c690970b4a5471a00217b
Wed Jul 26 06:38:57 2006 : Debug: Finished request 0
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=97, length=253
	User-Name = "svtest21"
	Framed-MTU = 1400
	Called-Station-Id = "0014.f213.f740"
	Calling-Station-Id = "0002.7848.9017"
	Service-Type = Login-User
	Message-Authenticator =
0x88d642315545479df646345555800e93
	EAP-Message =
0x0204006a198000000060160301005b0100005703011c65d617c07403a366a2f3b6de705e884da5fd14fbdb9cf0d0df33bfc72f8eca20a34c239b5b06e80ed486fd8dadac40a1485d19d957e58d20b52c8859b8180b71001000040005000a000900640062000300060100
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 549
	State = 0x29ca0021777c690970b4a5471a00217b
	NAS-IP-Address = 170.248.233.102
	NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 4 length 106
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 1
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:  Length
Included
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_verify
returned 11 
Wed Jul 26 06:38:57 2006 : Debug:     (other):
before/accept initialization 
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
before/accept initialization 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: <<<
TLS 1.0 Handshake [length 005b], ClientHello  
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 read client hello A 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: >>>
TLS 1.0 Handshake [length 004a], ServerHello  
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 write server hello A 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: >>>
TLS 1.0 Handshake [length 04b3], Certificate  
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 write certificate A 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: >>>
TLS 1.0 Handshake [length 0004], ServerHelloDone  
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 write server done A 
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 flush data 
Wed Jul 26 06:38:57 2006 : Error:     TLS_accept:error
in SSLv3 read client certificate A 
Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Wed Jul 26 06:38:57 2006 : Debug: In SSL Handshake
Phase 
Wed Jul 26 06:38:57 2006 : Debug: In SSL Accept mode  
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_process
returned 13 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns handled
for request 1
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 1
Sending Access-Challenge of id 97 to 170.248.233.102
port 21645
	EAP-Message =
0x0105040a19c000000510160301004a02000046030144c75451b02d92afcc20f4bfec1431803916822f1e67ae67bb168cd36ae3781420ff042ce2de3d04fef6469395e00f0b4645de855ae3345e0dca33873b5e1da24000040016030104b30b0004af0004ac000216308202123082017ba003020102020101300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313630335a170d3037303732353230313630335a304c310b3009060355040613025553310b30090603550408130244
	EAP-Message =
0x43311d301b060355040a1314535631412061746c20656e7669726f6e6d656e743111300f06035504031308737631612e61746c30819f300d06092a864886f70d010101050003818d0030818902818100d026b1347e5fca59da1a427f07370f05445287b8f01a6d12f4577cb529b4dffe3dae2daeabfd2df7312eb97bc10cf73404c337e26bf70b9b13927c9862bcad706325f743685725808b823dc84967582da67ce2bec405ea60a35bdada7926c4a0b2fe3f9a0e1ffa0a56426199381aaf4e15a39b951aab58d368a579563018678b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500
	EAP-Message =
0x03818100d6ce9ff21b40746b76f18af5a0e80bc090171bee7d777371035b02f7b2b8ef1fab3da34c0021e5f8b414c7b5e55ba7c8780d6c7dfdca776da44cd927bd6616fdeade53adcf5b7716f2ed067184489262c99b26b699d901c241db457aad494f780e33787f63f3d95757f5a15b8c16ccbd09ec653e24c82e8fec0ce602a0be019f0002903082028c308201f5a003020102020900c9abfb98ff97b24c300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313233395a170d30
	EAP-Message =
0x37303732353230313233395a3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e7430819f300d06092a864886f70d010101050003818d0030818902818100d8cdddeec55c7306f917a047380659df940a0b96f3f2f576c91b6b6d7747eb0bc2d1bef222dfaa423a8c18f202e92ccef8f6d72b3526432cd4aee488d7d8c9b431f73429468b22cccf63aceb530f4e3b5262a35e5e22e51046594d6c91aca5f056982de1acc5a26480c4eac144cb4be74185df3ce999d574a30f28acfd1f9d750203010001a3819b308198301d0603551d0e04160414682319
	EAP-Message =
0x51745c11e5fd6f7155d54baba5f067ea053069060355
	Message-Authenticator =
0x00000000000000000000000000000000
	State = 0x498b302c3c413c59d2b3adf67bbc1530
Wed Jul 26 06:38:57 2006 : Debug: Finished request 1
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=98, length=153
	User-Name = "svtest21"
	Framed-MTU = 1400
	Called-Station-Id = "0014.f213.f740"
	Calling-Station-Id = "0002.7848.9017"
	Service-Type = Login-User
	Message-Authenticator =
0x8fdcb1d1de429fbc882c9013f501fdcd
	EAP-Message = 0x020500061900
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 549
	State = 0x498b302c3c413c59d2b3adf67bbc1530
	NAS-IP-Address = 170.248.233.102
	NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 5 length 6
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 2
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
Received EAP-TLS ACK message
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: ack
handshake fragment handler
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_verify
returned 1 
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_process
returned 13 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns handled
for request 2
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 2
Sending Access-Challenge of id 98 to 170.248.233.102
port 21645
	EAP-Message =
0x0106011619001d2304623060801468231951745c11e5fd6f7155d54baba5f067ea05a13da43b3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74820900c9abfb98ff97b24c300c0603551d13040530030101ff300d06092a864886f70d0101040500038181008a788b3b91705246ab003c122a42a3fb149874df853c1f93a2795fdc5b1aa5cddecd2186ffe71fcb52fb5d743ead84a7e048e208c7ad094c9fa2399316be0f28eb493779a06158dc9ac392d222e1aed63a5dd8e777ff732889080dd2fe018edd6125d4c3305aa7684b64676530258eb4
	EAP-Message =
0xb7281afd5b9d99013d400bf868323f7716030100040e000000
	Message-Authenticator =
0x00000000000000000000000000000000
	State = 0x2d8cf9192d110361c694d24de7cdbdcb
Wed Jul 26 06:38:57 2006 : Debug: Finished request 2
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=99, length=339
	User-Name = "svtest21"
	Framed-MTU = 1400
	Called-Station-Id = "0014.f213.f740"
	Calling-Station-Id = "0002.7848.9017"
	Service-Type = Login-User
	Message-Authenticator =
0x577ebfac24aca5a457822e75d9c31c9a
	EAP-Message =
0x020600c01980000000b616030100861000008200802bce54d10c0c817b71cdbd91c896ebad0cdc051937e0da1262ac04109f34cb9a96cccf31d124ebfaf28f76a8fc1439f6d99c32df59ea9978238a8b772bd8911804ee7ec9395d0113cf158f355433885581aa136a7f4f93ddf11cd77e91e45da81f9892c5f9c71b955604d3f9692d2747b674d08f488486c16835b67dd1a483cb14030100010116030100207feb620c9d4e1bd873ba0e6a5ee8e501066967ac10d6e7d0696263466cf12ab4
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 549
	State = 0x2d8cf9192d110361c694d24de7cdbdcb
	NAS-IP-Address = 170.248.233.102
	NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 6 length 192
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 3
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:  Length
Included
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_verify
returned 11 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: <<<
TLS 1.0 Handshake [length 0086], ClientKeyExchange  
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 read client key exchange A 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: <<<
TLS 1.0 ChangeCipherSpec [length 0001]  
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: <<<
TLS 1.0 Handshake [length 0010], Finished  
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 read finished A 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: >>>
TLS 1.0 ChangeCipherSpec [length 0001]  
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 write change cipher spec A 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: >>>
TLS 1.0 Handshake [length 0010], Finished  
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 write finished A 
Wed Jul 26 06:38:57 2006 : Debug:     TLS_accept:
SSLv3 flush data 
Wed Jul 26 06:38:57 2006 : Debug:     (other): SSL
negotiation finished successfully 
Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Wed Jul 26 06:38:57 2006 : Debug: SSL Connection
Established 
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_process
returned 13 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns handled
for request 3
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 3
Sending Access-Challenge of id 99 to 170.248.233.102
port 21645
	EAP-Message =
0x0107003119001403010001011603010020d8095d07b6faed0612c8cc397d7585f0435501e4a1d7e201ff89e8f9cbf87a46
	Message-Authenticator =
0x00000000000000000000000000000000
	State = 0x33722640f43f50eda977125b0e4f529e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 3
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=100, length=153
	User-Name = "svtest21"
	Framed-MTU = 1400
	Called-Station-Id = "0014.f213.f740"
	Calling-Station-Id = "0002.7848.9017"
	Service-Type = Login-User
	Message-Authenticator =
0xdedb196149d987712093702f74fd8fc4
	EAP-Message = 0x020700061900
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 549
	State = 0x33722640f43f50eda977125b0e4f529e
	NAS-IP-Address = 170.248.233.102
	NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 7 length 6
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 4
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
Received EAP-TLS ACK message
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: ack
handshake is finished
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_verify
returned 3 
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_process
returned 3 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
EAPTLS_SUCCESS
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns handled
for request 4
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 4
Sending Access-Challenge of id 100 to 170.248.233.102
port 21645
	EAP-Message =
0x010800201900170301001584f67b6b13ffeffe18862f7659b9a66c4a8e4b996a
	Message-Authenticator =
0x00000000000000000000000000000000
	State = 0xdd383d12bf43f94234041e3c55ca3ad2
Wed Jul 26 06:38:57 2006 : Debug: Finished request 4
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=101, length=183
	User-Name = "svtest21"
	Framed-MTU = 1400
	Called-Station-Id = "0014.f213.f740"
	Calling-Station-Id = "0002.7848.9017"
	Service-Type = Login-User
	Message-Authenticator =
0x6f47dd19e1bd452975489d9ec5395fb9
	EAP-Message =
0x02080024190017030100195e17a3dd5ae16018a9127bd42ab172908103052ca1cb861bd6
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 549
	State = 0xdd383d12bf43f94234041e3c55ca3ad2
	NAS-IP-Address = 170.248.233.102
	NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 8 length 36
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_verify
returned 7 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_process
returned 7 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Session established.  Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Identity - svtest21
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug:   PEAP: Got tunneled
identity of svtest21
Wed Jul 26 06:38:57 2006 : Debug:   PEAP: Setting
default EAP type for tunneled EAP session.
Wed Jul 26 06:38:57 2006 : Debug:   PEAP: Setting
User-Name to svtest21
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 8 length 13
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
Identity
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type mschapv2
Wed Jul 26 06:38:57 2006 : Info: rlm_eap_mschapv2:
Issuing Challenge
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns handled
for request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 5
Wed Jul 26 06:38:57 2006 : Debug:   PEAP: Got tunneled
Access-Challenge
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns handled
for request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 5
Sending Access-Challenge of id 101 to 170.248.233.102
port 21645
	EAP-Message =
0x010900391900170301002e31ec119dd45b49159e2e527731844ab3c0e71c00ac7fe0b3dbd8013265ccbd9c45669b8a7f8f93b2abe77640bce3
	Message-Authenticator =
0x00000000000000000000000000000000
	State = 0x04f10b8ab1550375bf94e3b173867c1e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 5
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=102, length=237
	User-Name = "svtest21"
	Framed-MTU = 1400
	Called-Station-Id = "0014.f213.f740"
	Calling-Station-Id = "0002.7848.9017"
	Service-Type = Login-User
	Message-Authenticator =
0x6cddd56e038eeeeb62b8d2b97207575d
	EAP-Message =
0x0209005a1900170301004f7ebe8c95ba80a65659e251d4be48f417110e8259b3bd8da9941229cd56c49dc70cec66fe0744d7386212187e0fa66b5324340dbb71fcde3c038d9440eb2b9c732c9aea2ef4a4d94639d6d05eab8d9b
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 549
	State = 0x04f10b8ab1550375bf94e3b173867c1e
	NAS-IP-Address = 170.248.233.102
	NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 9 length 90
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_verify
returned 7 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_process
returned 7 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Session established.  Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap: EAP
type mschapv2
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug:   PEAP: Setting
User-Name to svtest21
Wed Jul 26 06:38:57 2006 : Debug:   PEAP: Adding old
state with 1a 55
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 9 length 67
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
EAP/mschapv2
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type mschapv2
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group MS-CHAP for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling mschap (rlm_mschap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:   rlm_mschap: No
User-Password configured.  Cannot create LM-Password.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_mschap: No
User-Password configured.  Cannot create NT-Password.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_mschap: Told
to do MS-CHAPv2 for svtest21 with NT-Password
Wed Jul 26 06:38:57 2006 : Debug:   rlm_mschap:
FAILED: No NT/LM-Password.  Cannot perform
authentication.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_mschap:
FAILED: MS-CHAP2-Response is incorrect
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "mschap" returns reject
for request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group MS-CHAP (returns reject) for request 6
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Freeing
handler
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns reject for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns reject) for request 6
Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to
validate the user.
Wed Jul 26 06:38:57 2006 : Debug:   PEAP: Tunneled
authentication was rejected.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
FAILURE
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns handled
for request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 6
Sending Access-Challenge of id 102 to 170.248.233.102
port 21645
	EAP-Message =
0x010a00261900170301001b233d655aa5fa5426d55aef5a34e07a87d731e1bbe2f875598be5af
	Message-Authenticator =
0x00000000000000000000000000000000
	State = 0x5dc9719865b138594344825c77fe148e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 6
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=103, length=185
	User-Name = "svtest21"
	Framed-MTU = 1400
	Called-Station-Id = "0014.f213.f740"
	Calling-Station-Id = "0002.7848.9017"
	Service-Type = Login-User
	Message-Authenticator =
0x57ad285f9dcb4ce9f76d13fc72ae4152
	EAP-Message =
0x020a00261900170301001b0c3225d3742832f0f869716ddf76a1852229df75c229af8417b16a
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 549
	State = 0x5dc9719865b138594344825c77fe148e
	NAS-IP-Address = 170.248.233.102
	NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "preprocess" returns ok for
request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling chap (rlm_chap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from chap (rlm_chap)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "chap" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling mschap (rlm_mschap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "mschap" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling suffix (rlm_realm) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug:     rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from suffix (rlm_realm)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "suffix" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP
packet type response id 10 length 38
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "eap" returns updated for
request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: calling files (rlm_files) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:     users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authorize]: returned from files (rlm_files)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authorize]: module "files" returns ok for
request 7
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
rad_check_password:  Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug:   Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: calling eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_verify
returned 7 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug:   eaptls_process
returned 7 
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Session established.  Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Received EAP-TLV response.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap_peap:  Had
sent TLV failure.  User was rejcted rejected earlier
in this session.
Wed Jul 26 06:38:57 2006 : Debug:  rlm_eap: Handler
failed in EAP/peap
Wed Jul 26 06:38:57 2006 : Debug:   rlm_eap: Failed in
EAP select
Wed Jul 26 06:38:57 2006 : Debug:  
modsingle[authenticate]: returned from eap (rlm_eap)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:  
modcall[authenticate]: module "eap" returns invalid
for request 7
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns invalid) for request 7
Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to
validate the user.
Wed Jul 26 06:38:57 2006 : Debug: Delaying request 7
for 1 seconds
Wed Jul 26 06:38:57 2006 : Debug: Finished request 7
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=103, length=185
Sending Access-Reject of id 103 to 170.248.233.102
port 21645
	EAP-Message = 0x040a0004
	Message-Authenticator =
0x00000000000000000000000000000000
Wed Jul 26 06:39:02 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:39:02 2006 : Debug: Waking up in 1
seconds...
Wed Jul 26 06:39:03 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
0 ID 96 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
1 ID 97 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
2 ID 98 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
3 ID 99 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
4 ID 100 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
5 ID 101 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
6 ID 102 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
7 ID 103 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Nothing to do. 
Sleeping until we see a request.
******************************************************
eap.conf
******************************************************
# -*- text -*-
#
#  Whatever you do, do NOT set 'Auth-Type := EAP'. 
The server
#  is smart enough to figure this out on its own.  The
most
#  common side effect of setting 'Auth-Type := EAP' is
that the
#  users then cannot use ANY other authentication
method.
#
#	$Id: eap.conf,v 1.4.4.3 2006/04/28 18:25:03 aland
Exp $
#
	eap {
		#  Invoke the default supported EAP type when
		#  EAP-Identity response is received.
		#
		#  The incoming EAP messages DO NOT specify which
EAP
		#  type they will be using, so it MUST be set here.
		#
		#  For now, only one default EAP type may be used at
a time.
		#
		#  If the EAP-Type attribute is set by another
module,
		#  then that EAP type takes precedence over the
		#  default type configured here.
		#
		default_eap_type = peap 

		#  A list is maintained to correlate EAP-Response
		#  packets with EAP-Request packets.  After a
		#  configurable length of time, entries in the list
		#  expire, and are deleted.
		#
		timer_expire     = 60

		#  There are many EAP types, but the server has
support
		#  for only a limited subset.  If the server
receives
		#  a request for an EAP type it does not support,
then
		#  it normally rejects the request.  By setting this
		#  configuration to "yes", you can tell the server
to
		#  instead keep processing the request.  Another
module
		#  MUST then be configured to proxy the request to
		#  another RADIUS server which supports that EAP
type.
		#
		#  If another module is NOT configured to handle the
		#  request, then the request will still end up being
		#  rejected.
		ignore_unknown_eap_types = no

		# Cisco AP1230B firmware 12.2(13)JA1 has a bug. 
When given
		# a User-Name attribute in an Access-Accept, it
copies one
		# more byte than it should.
		#
		# We can work around it by configurably adding an
extra
		# zero byte.
		cisco_accounting_username_bug = no

		# Supported EAP-types

		#
		#  We do NOT recommend using EAP-MD5 authentication
		#  for wireless connections.  It is insecure, and
does
		#  not provide for dynamic WEP keys.
		#
		md5 {
		}

		# Cisco LEAP
		#
		#  We do not recommend using LEAP in new
deployments.  See:
		#  http://www.securiteam.com/tools/5TP012ACKE.html
		#
		#  Cisco LEAP uses the MS-CHAP algorithm (but not
		#  the MS-CHAP attributes) to perform it's
authentication.
		#
		#  As a result, LEAP *requires* access to the
plain-text
		#  User-Password, or the NT-Password attributes.
		#  'System' authentication is impossible with LEAP.
		#
		leap {
		}

		#  Generic Token Card.
		#
		#  Currently, this is only permitted inside of
EAP-TTLS,
		#  or EAP-PEAP.  The module "challenges" the user
with
		#  text, and the response from the user is taken to
be
		#  the User-Password.
		#
		#  Proxying the tunneled EAP-GTC session is a bad
idea,
		#  the users password will go over the wire in
plain-text,
		#  for anyone to see.
		#
		gtc {
			#  The default challenge, which many clients
			#  ignore..
			#challenge = "Password: "

			#  The plain-text response which comes back
			#  is put into a User-Password attribute,
			#  and passed to another module for
			#  authentication.  This allows the EAP-GTC
			#  response to be checked against plain-text,
			#  or crypt'd passwords.
			#
			#  If you say "Local" instead of "PAP", then
			#  the module will look for a User-Password
			#  configured for the request, and do the
			#  authentication itself.
			#
			auth_type = PAP
		}

		## EAP-TLS
		#
		#  To generate ctest certificates, run the script
		#
		#	../scripts/certs.sh
		#
		#  The documents on http://www.freeradius.org/doc
		#  are old, but 
may be helpful.
		#
		#  See also:
		#
		# 
http://www.dslreports.com/forum/remark,9286052~mode=flat
		#
		tls {
			private_key_password = 
			private_key_file =
${raddbdir}/certs/server_keycert.pem

			#  If Private key & Certificate are located in
			#  the same file, then private_key_file &
			#  certificate_file must contain the same file
			#  name.
			certificate_file =
${raddbdir}/certs/server_keycert.pem

			#  Trusted Root CA list
			CA_file = ${raddbdir}/certs/cacert.pem

			dh_file = ${raddbdir}/certs/dh
			random_file = ${raddbdir}/certs/random

			#
			#  This can never exceed the size of a RADIUS
			#  packet (4096 bytes), and is preferably half
			#  that, to accomodate other attributes in
			#  RADIUS packet.  On most APs the MAX packet
			#  length is configured between 1500 - 1600
			#  In these cases, fragment size should be
			#  1024 or less.
			#
			fragment_size = 1024

			#  include_length is a flag which is
			#  by default set to yes If set to
			#  yes, Total Length of the message is
			#  included in EVERY packet we send.
			#  If set to no, Total Length of the
			#  message is included ONLY in the
			#  First packet of a fragment series.
			#
			include_length = yes

			#  Check the Certificate Revocation List
			#
			#  1) Copy CA certificates and CRLs to same
directory.
			#  2) Execute 'c_rehash <CA certs&CRLs Directory>'.
			#    'c_rehash' is OpenSSL's command.
			#  3) Add 'CA_path=<CA certs&CRLs directory>'
			#      to radiusd.conf's tls section.
			#  4) uncomment the line below.
			#  5) Restart radiusd
		#	check_crl = yes

		       #
		       #  If check_cert_issuer is set, the value
will
		       #  be checked against the DN of the issuer in
		       #  the client certificate.  If the values do
not
		       #  match, the cerficate verification will
fail,
		       #  rejecting the user.
		       #
		#       check_cert_issuer =
"/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"

		       #
		       #  If check_cert_cn is set, the value will
		       #  be xlat'ed and checked against the CN
		       #  in the client certificate.  If the values
		       #  do not match, the certificate verification
		       #  will fail rejecting the user.
		       #
		       #  This check is done only if the previous
		       #  "check_cert_issuer" is not set, or if
		       #  the check succeeds.
		       #
		#	check_cert_cn = %{User-Name}
		#
			# Set this option to specify the allowed
			# TLS cipher suites.  The format is listed
			# in "man 1 ciphers".
		#	cipher_list = "DEFAULT"
		}

		#  The TTLS module implements the EAP-TTLS protocol,
		#  which can be described as EAP inside of Diameter,
		#  inside of TLS, inside of EAP, inside of RADIUS...
		#
		#  Surprisingly, it works quite well.
		#
		#  The TTLS module needs the TLS module to be
installed
		#  and configured, in order to use the TLS tunnel
		#  inside of the EAP packet.  You will still need to
		#  configure the TLS module, even if you do not want
		#  to deploy EAP-TLS in your network.  Users will
not
		#  be able to request EAP-TLS, as it requires them
to
		#  have a client certificate.  EAP-TTLS does not
		#  require a client certificate.
		#
		#ttls {
			#  The tunneled EAP session needs a default
			#  EAP type which is separate from the one for
			#  the non-tunneled EAP module.  Inside of the
			#  TTLS tunnel, we recommend using EAP-MD5.
			#  If the request does not contain an EAP
			#  conversation, then this configuration entry
			#  is ignored.
		#	default_eap_type = md5

			#  The tunneled authentication request does
			#  not usually contain useful attributes
			#  like 'Calling-Station-Id', etc.  These
			#  attributes are outside of the tunnel,
			#  and normally unavailable to the tunneled
			#  authentication request.
			#
			#  By setting this configuration entry to
			#  'yes', any attribute which NOT in the
			#  tunneled authentication request, but
			#  which IS available outside of the tunnel,
			#  is copied to the tunneled request.
			#
			# allowed values: {no, yes}
		#	copy_request_to_tunnel = no

			#  The reply attributes sent to the NAS are
			#  usually based on the name of the user
			#  'outside' of the tunnel (usually
			#  'anonymous').  If you want to send the
			#  reply attributes based on the user name
			#  inside of the tunnel, then set this
			#  configuration entry to 'yes', and the reply
			#  to the NAS will be taken from the reply to
			#  the tunneled request.
			#
			# allowed values: {no, yes}
		#	use_tunneled_reply = no
		#}

		#
		#  The tunneled EAP session needs a default EAP type
		#  which is separate from the one for the
non-tunneled
		#  EAP module.  Inside of the TLS/PEAP tunnel, we
		#  recommend using EAP-MS-CHAPv2.
		#
		#  The PEAP module needs the TLS module to be
installed
		#  and configured, in order to use the TLS tunnel
		#  inside of the EAP packet.  You will still need to
		#  configure the TLS module, even if you do not want
		#  to deploy EAP-TLS in your network.  Users will
not
		#  be able to request EAP-TLS, as it requires them
to
		#  have a client certificate.  EAP-PEAP does not
		#  require a client certificate.
		#
		 peap {
			#  The tunneled EAP session needs a default
			#  EAP type which is separate from the one for
			#  the non-tunneled EAP module.  Inside of the
			#  PEAP tunnel, we recommend using MS-CHAPv2,
			#  as that is the default type supported by
			#  Windows clients.
			default_eap_type = mschapv2

			#  the PEAP module also has these configuration
			#  items, which are the same as for TTLS.
			copy_request_to_tunnel = yes 
			use_tunneled_reply = yes

			#  When the tunneled session is proxied, the
			#  home server may not understand EAP-MSCHAP-V2.
			#  Set this entry to "no" to proxy the tunneled
			#  EAP-MSCHAP-V2 as normal MSCHAPv2.
		#	proxy_tunneled_request_as_eap = yes
		}

		#
		#  This takes no configuration.
		#
		#  Note that it is the EAP MS-CHAPv2 sub-module, not
		#  the main 'mschap' module.
		#
		#  Note also that in order for this sub-module to
work,
		#  the main 'mschap' module MUST ALSO be configured.
		#
		#  This module is the *Microsoft* implementation of
MS-CHAPv2
		#  in EAP.  There is another (incompatible)
implementation
		#  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS
does not
		#  currently support.
		#
		mschapv2 {
		}
	}

*****************************************************

Thanks,

Damon

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the Freeradius-Users mailing list