issues with peap + tlv part 1
Damon McDougald
robspierre19 at yahoo.com
Wed Jul 26 18:41:35 CEST 2006
Hello to all,
Here is my dillema:
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding
tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was
rejcted rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
as you can see the tlv failure during peap handshake.
I have seen the previous post and I have heeded their
warning of making sure the mschap module is
configured, but when I have configured these settings
I have no luck. I am attaching my eap.conf and
radius.conf files
as well as the below output for radius -X.
**************************************************
Wed Jul 26 06:38:27 2006 : Info: Starting - reading
configuration files ...
Wed Jul 26 06:38:27 2006 : Debug: reread_config:
reading radiusd.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/proxy.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/clients.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/snmp.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/eap.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/sql.conf
Wed Jul 26 06:38:27 2006 : Debug: main: prefix =
"/usr/local"
Wed Jul 26 06:38:27 2006 : Debug: main: localstatedir
= "/usr/local/var"
Wed Jul 26 06:38:27 2006 : Debug: main: logdir =
"/usr/local/var/log/radius"
Wed Jul 26 06:38:27 2006 : Debug: main: libdir =
"/usr/local/lib"
Wed Jul 26 06:38:27 2006 : Debug: main: radacctdir =
"/usr/local/var/log/radius/radacct"
Wed Jul 26 06:38:27 2006 : Debug: main:
hostname_lookups = no
Wed Jul 26 06:38:27 2006 : Debug: main:
max_request_time = 30
Wed Jul 26 06:38:27 2006 : Debug: main: cleanup_delay
= 5
Wed Jul 26 06:38:27 2006 : Debug: main: max_requests
= 1024
Wed Jul 26 06:38:27 2006 : Debug: main:
delete_blocked_requests = 0
Wed Jul 26 06:38:27 2006 : Debug: main: port = 0
Wed Jul 26 06:38:27 2006 : Debug: main:
allow_core_dumps = no
Wed Jul 26 06:38:27 2006 : Debug: main:
log_stripped_names = no
Wed Jul 26 06:38:27 2006 : Debug: main: log_file =
"/usr/local/var/log/radius/radius.log"
Wed Jul 26 06:38:27 2006 : Debug: main: log_auth = no
Wed Jul 26 06:38:27 2006 : Debug: main:
log_auth_badpass = no
Wed Jul 26 06:38:27 2006 : Debug: main:
log_auth_goodpass = no
Wed Jul 26 06:38:27 2006 : Debug: main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
Wed Jul 26 06:38:27 2006 : Debug: main: user =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: main: group =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: main: usercollide =
no
Wed Jul 26 06:38:27 2006 : Debug: main: lower_user =
"no"
Wed Jul 26 06:38:27 2006 : Debug: main: lower_pass =
"no"
Wed Jul 26 06:38:27 2006 : Debug: main: nospace_user
= "no"
Wed Jul 26 06:38:27 2006 : Debug: main: nospace_pass
= "no"
Wed Jul 26 06:38:27 2006 : Debug: main: checkrad =
"/usr/local/sbin/checkrad"
Wed Jul 26 06:38:27 2006 : Debug: main:
proxy_requests = yes
Wed Jul 26 06:38:27 2006 : Debug: proxy: retry_delay
= 5
Wed Jul 26 06:38:27 2006 : Debug: proxy: retry_count
= 3
Wed Jul 26 06:38:27 2006 : Debug: proxy: synchronous
= no
Wed Jul 26 06:38:27 2006 : Debug: proxy:
default_fallback = yes
Wed Jul 26 06:38:27 2006 : Debug: proxy: dead_time =
120
Wed Jul 26 06:38:27 2006 : Debug: proxy:
post_proxy_authorize = no
Wed Jul 26 06:38:27 2006 : Debug: proxy:
wake_all_if_all_dead = no
Wed Jul 26 06:38:27 2006 : Debug: security:
max_attributes = 200
Wed Jul 26 06:38:27 2006 : Debug: security:
reject_delay = 1
Wed Jul 26 06:38:27 2006 : Debug: security:
status_server = no
Wed Jul 26 06:38:27 2006 : Debug: main: debug_level =
0
Wed Jul 26 06:38:27 2006 : Debug: read_config_files:
reading dictionary
Wed Jul 26 06:38:27 2006 : Debug: read_config_files:
reading naslist
Wed Jul 26 06:38:27 2006 : Info: Using deprecated
naslist file. Support for this will go away soon.
Wed Jul 26 06:38:27 2006 : Debug: read_config_files:
reading clients
Wed Jul 26 06:38:27 2006 : Debug: read_config_files:
reading realms
Wed Jul 26 06:38:27 2006 : Debug: radiusd: entering
modules setup
Wed Jul 26 06:38:27 2006 : Debug: Module: Library
search path is /usr/local/lib
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded exec
Wed Jul 26 06:38:27 2006 : Debug: exec: wait = yes
Wed Jul 26 06:38:27 2006 : Debug: exec: program =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: exec: input_pairs =
"request"
Wed Jul 26 06:38:27 2006 : Debug: exec: output_pairs
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: exec: packet_type =
"(null)"
Wed Jul 26 06:38:27 2006 : Info: rlm_exec: Wait=yes
but no output defined. Did you mean output=none?
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
exec (exec)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded expr
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
expr (expr)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded PAP
Wed Jul 26 06:38:27 2006 : Debug: pap:
encryption_scheme = "crypt"
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
pap (pap)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded CHAP
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
chap (chap)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded
MS-CHAP
Wed Jul 26 06:38:27 2006 : Debug: mschap: use_mppe =
yes
Wed Jul 26 06:38:27 2006 : Debug: mschap:
require_encryption = yes
Wed Jul 26 06:38:27 2006 : Debug: mschap:
require_strong = yes
Wed Jul 26 06:38:27 2006 : Debug: mschap:
with_ntdomain_hack = no
Wed Jul 26 06:38:27 2006 : Debug: mschap: passwd =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: mschap: ntlm_auth =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
mschap (mschap)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded
System
Wed Jul 26 06:38:27 2006 : Debug: unix: cache = no
Wed Jul 26 06:38:27 2006 : Debug: unix: passwd =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: unix: shadow =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: unix: group =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: unix: radwtmp =
"/usr/local/var/log/radius/radwtmp"
Wed Jul 26 06:38:27 2006 : Debug: unix: usegroup = no
Wed Jul 26 06:38:27 2006 : Debug: unix: cache_reload
= 600
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
unix (unix)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded LDAP
Wed Jul 26 06:38:27 2006 : Debug: ldap: server =
"56.207.1.134"
Wed Jul 26 06:38:27 2006 : Debug: ldap: port = 389
Wed Jul 26 06:38:27 2006 : Debug: ldap: net_timeout =
1
Wed Jul 26 06:38:27 2006 : Debug: ldap: timeout = 4
Wed Jul 26 06:38:27 2006 : Debug: ldap: timelimit = 3
Wed Jul 26 06:38:27 2006 : Debug: ldap: identity =
"CN=SVTest45,OU=Users,OU=Surface Visibility
POC,OU=Server
Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_mode = no
Wed Jul 26 06:38:27 2006 : Debug: ldap: start_tls =
no
Wed Jul 26 06:38:27 2006 : Debug: ldap:
tls_cacertfile = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_cacertdir
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_certfile
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_keyfile =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_randfile
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
tls_require_cert = "allow"
Wed Jul 26 06:38:27 2006 : Debug: ldap: password =
"Ytilibis6"
Wed Jul 26 06:38:27 2006 : Debug: ldap: basedn =
"OU=Users,OU=Surface Visibility POC,OU=Server
Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
Wed Jul 26 06:38:27 2006 : Debug: ldap: filter =
"(&(sAMAccountName=%{user-name}))"
Wed Jul 26 06:38:27 2006 : Debug: ldap: base_filter =
"(objectclass=radiusprofile)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
default_profile = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
profile_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
password_header = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
password_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: access_attr =
"dialupAccess"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
groupname_attribute = "cn"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
groupmembership_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
dictionary_mapping =
"/usr/local/etc/raddb/ldap.attrmap"
Wed Jul 26 06:38:27 2006 : Debug: ldap: ldap_debug =
0
Wed Jul 26 06:38:27 2006 : Debug: ldap:
ldap_connections_number = 5
Wed Jul 26 06:38:27 2006 : Debug: ldap:
compare_check_items = yes
Wed Jul 26 06:38:27 2006 : Debug: ldap:
access_attr_used_for_allow = yes
Wed Jul 26 06:38:27 2006 : Debug: ldap: do_xlat = yes
Wed Jul 26 06:38:27 2006 : Debug: ldap: set_auth_type
= yes
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap:
Registering ldap_groupcmp for Ldap-Group
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap:
Registering ldap_xlat with xlat_name ldap
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: reading
ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCheckItem mapped to RADIUS $GENERIC$
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusReplyItem mapped to RADIUS $GENERIC$
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusAuthType mapped to RADIUS Auth-Type
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusSimultaneousUse mapped to RADIUS
Simultaneous-Use
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCalledStationId mapped to RADIUS
Called-Station-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallingStationId mapped to RADIUS
Calling-Station-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
lmPassword mapped to RADIUS LM-Password
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
ntPassword mapped to RADIUS NT-Password
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusExpiration mapped to RADIUS Expiration
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusNASIpAddress mapped to RADIUS NAS-IP-Address
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusServiceType mapped to RADIUS Service-Type
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedProtocol mapped to RADIUS Framed-Protocol
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPAddress mapped to RADIUS
Framed-IP-Address
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPNetmask mapped to RADIUS
Framed-IP-Netmask
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedRoute mapped to RADIUS Framed-Route
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedRouting mapped to RADIUS Framed-Routing
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFilterId mapped to RADIUS Filter-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedMTU mapped to RADIUS Framed-MTU
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedCompression mapped to RADIUS
Framed-Compression
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginIPHost mapped to RADIUS Login-IP-Host
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginService mapped to RADIUS Login-Service
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallbackNumber mapped to RADIUS Callback-Number
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallbackId mapped to RADIUS Callback-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusClass mapped to RADIUS Class
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusSessionTimeout mapped to RADIUS Session-Timeout
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusIdleTimeout mapped to RADIUS Idle-Timeout
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusTerminationAction mapped to RADIUS
Termination-Action
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATService mapped to RADIUS
Login-LAT-Service
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATNode mapped to RADIUS Login-LAT-Node
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusPortLimit mapped to RADIUS Port-Limit
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATPort mapped to RADIUS Login-LAT-Port
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusReplyMessage mapped to RADIUS Reply-Message
Wed Jul 26 06:38:27 2006 : Debug: conns: 0x8139828
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
ldap (ldap)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded eap
Wed Jul 26 06:38:27 2006 : Debug: eap:
default_eap_type = "peap"
Wed Jul 26 06:38:27 2006 : Debug: eap: timer_expire =
60
Wed Jul 26 06:38:27 2006 : Debug: eap:
ignore_unknown_eap_types = no
Wed Jul 26 06:38:27 2006 : Debug: eap:
cisco_accounting_username_bug = no
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type md5
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type leap
Wed Jul 26 06:38:27 2006 : Debug: gtc: challenge =
"Password: "
Wed Jul 26 06:38:27 2006 : Debug: gtc: auth_type =
"PAP"
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type gtc
Wed Jul 26 06:38:27 2006 : Debug: tls:
rsa_key_exchange = no
Wed Jul 26 06:38:27 2006 : Debug: tls:
dh_key_exchange = yes
Wed Jul 26 06:38:27 2006 : Debug: tls: rsa_key_length
= 512
Wed Jul 26 06:38:27 2006 : Debug: tls: dh_key_length
= 512
Wed Jul 26 06:38:27 2006 : Debug: tls: verify_depth =
0
Wed Jul 26 06:38:27 2006 : Debug: tls: CA_path =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: tls: pem_file_type
= yes
Wed Jul 26 06:38:27 2006 : Debug: tls:
private_key_file =
"/usr/local/etc/raddb/certs/server_keycert.pem"
Wed Jul 26 06:38:27 2006 : Debug: tls:
certificate_file =
"/usr/local/etc/raddb/certs/server_keycert.pem"
Wed Jul 26 06:38:27 2006 : Debug: tls: CA_file =
"/usr/local/etc/raddb/certs/cacert.pem"
Wed Jul 26 06:38:27 2006 : Debug: tls:
private_key_password = ""
Wed Jul 26 06:38:27 2006 : Debug: tls: dh_file =
"/usr/local/etc/raddb/certs/dh"
Wed Jul 26 06:38:27 2006 : Debug: tls: random_file =
"/usr/local/etc/raddb/certs/random"
Wed Jul 26 06:38:27 2006 : Debug: tls: fragment_size
= 1024
Wed Jul 26 06:38:27 2006 : Debug: tls: include_length
= yes
Wed Jul 26 06:38:27 2006 : Debug: tls: check_crl = no
Wed Jul 26 06:38:27 2006 : Debug: tls: check_cert_cn
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: tls: cipher_list =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: tls:
check_cert_issuer = "(null)"
Wed Jul 26 06:38:27 2006 : Info: rlm_eap_tls: Loading
the certificate file as a chain
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type tls
Wed Jul 26 06:38:28 2006 : Debug: peap:
default_eap_type = "mschapv2"
Wed Jul 26 06:38:28 2006 : Debug: peap:
copy_request_to_tunnel = yes
Wed Jul 26 06:38:28 2006 : Debug: peap:
use_tunneled_reply = yes
Wed Jul 26 06:38:28 2006 : Debug: peap:
proxy_tunneled_request_as_eap = yes
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type peap
Wed Jul 26 06:38:28 2006 : Debug: mschapv2:
with_ntdomain_hack = no
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type mschapv2
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
eap (eap)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
preprocess
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
huntgroups = "/usr/local/etc/raddb/huntgroups"
Wed Jul 26 06:38:28 2006 : Debug: preprocess: hints =
"/usr/local/etc/raddb/hints"
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
with_ascend_hack = no
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
ascend_channels_per_line = 23
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
with_ntdomain_hack = no
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
with_specialix_jetstream_hack = no
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
with_cisco_vsa_hack = no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
preprocess (preprocess)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded realm
Wed Jul 26 06:38:28 2006 : Debug: realm: format =
"suffix"
Wed Jul 26 06:38:28 2006 : Debug: realm: delimiter =
"@"
Wed Jul 26 06:38:28 2006 : Debug: realm:
ignore_default = no
Wed Jul 26 06:38:28 2006 : Debug: realm: ignore_null
= no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
realm (suffix)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded files
Wed Jul 26 06:38:28 2006 : Debug: files: usersfile =
"/usr/local/etc/raddb/users"
Wed Jul 26 06:38:28 2006 : Debug: files:
acctusersfile = "/usr/local/etc/raddb/acct_users"
Wed Jul 26 06:38:28 2006 : Debug: files:
preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"
Wed Jul 26 06:38:28 2006 : Debug: files: compat =
"no"
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
files (files)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
Acct-Unique-Session-Id
Wed Jul 26 06:38:28 2006 : Debug: acct_unique: key =
"User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
acct_unique (acct_unique)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
detail
Wed Jul 26 06:38:28 2006 : Debug: detail: detailfile
=
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Wed Jul 26 06:38:28 2006 : Debug: detail: detailperm
= 384
Wed Jul 26 06:38:28 2006 : Debug: detail: dirperm =
493
Wed Jul 26 06:38:28 2006 : Debug: detail: locking =
no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
detail (detail)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
radutmp
Wed Jul 26 06:38:28 2006 : Debug: radutmp: filename =
"/usr/local/var/log/radius/radutmp"
Wed Jul 26 06:38:28 2006 : Debug: radutmp: username =
"%{User-Name}"
Wed Jul 26 06:38:28 2006 : Debug: radutmp:
case_sensitive = yes
Wed Jul 26 06:38:28 2006 : Debug: radutmp:
check_with_nas = yes
Wed Jul 26 06:38:28 2006 : Debug: radutmp: perm = 384
Wed Jul 26 06:38:28 2006 : Debug: radutmp: callerid =
yes
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
radutmp (radutmp)
Wed Jul 26 06:38:28 2006 : Debug: Listening on
authentication *:1812
Wed Jul 26 06:38:28 2006 : Debug: Listening on
accounting *:1813
Wed Jul 26 06:38:28 2006 : Info: Ready to process
requests.
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=96, length=142
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x9f1c51bffb5629597ad2b909fd38c9b4
EAP-Message = 0x0203000d017376746573743231
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 0
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 3 length 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 0
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 0
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 0
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
Identity
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type tls
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
Initiate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Start
returned 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 0
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 0
Sending Access-Challenge of id 96 to 170.248.233.102
port 21645
EAP-Message = 0x010400061920
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x29ca0021777c690970b4a5471a00217b
Wed Jul 26 06:38:57 2006 : Debug: Finished request 0
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=97, length=253
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x88d642315545479df646345555800e93
EAP-Message =
0x0204006a198000000060160301005b0100005703011c65d617c07403a366a2f3b6de705e884da5fd14fbdb9cf0d0df33bfc72f8eca20a34c239b5b06e80ed486fd8dadac40a1485d19d957e58d20b52c8859b8180b71001000040005000a000900640062000300060100
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x29ca0021777c690970b4a5471a00217b
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 1
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 4 length 106
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 1
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 1
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 1
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Length
Included
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 11
Wed Jul 26 06:38:57 2006 : Debug: (other):
before/accept initialization
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
before/accept initialization
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<<
TLS 1.0 Handshake [length 005b], ClientHello
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 read client hello A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 Handshake [length 004a], ServerHello
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write server hello A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 Handshake [length 04b3], Certificate
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write certificate A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 Handshake [length 0004], ServerHelloDone
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write server done A
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 flush data
Wed Jul 26 06:38:57 2006 : Error: TLS_accept:error
in SSLv3 read client certificate A
Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Wed Jul 26 06:38:57 2006 : Debug: In SSL Handshake
Phase
Wed Jul 26 06:38:57 2006 : Debug: In SSL Accept mode
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 1
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 1
Sending Access-Challenge of id 97 to 170.248.233.102
port 21645
EAP-Message =
0x0105040a19c000000510160301004a02000046030144c75451b02d92afcc20f4bfec1431803916822f1e67ae67bb168cd36ae3781420ff042ce2de3d04fef6469395e00f0b4645de855ae3345e0dca33873b5e1da24000040016030104b30b0004af0004ac000216308202123082017ba003020102020101300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313630335a170d3037303732353230313630335a304c310b3009060355040613025553310b30090603550408130244
EAP-Message =
0x43311d301b060355040a1314535631412061746c20656e7669726f6e6d656e743111300f06035504031308737631612e61746c30819f300d06092a864886f70d010101050003818d0030818902818100d026b1347e5fca59da1a427f07370f05445287b8f01a6d12f4577cb529b4dffe3dae2daeabfd2df7312eb97bc10cf73404c337e26bf70b9b13927c9862bcad706325f743685725808b823dc84967582da67ce2bec405ea60a35bdada7926c4a0b2fe3f9a0e1ffa0a56426199381aaf4e15a39b951aab58d368a579563018678b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500
EAP-Message =
0x03818100d6ce9ff21b40746b76f18af5a0e80bc090171bee7d777371035b02f7b2b8ef1fab3da34c0021e5f8b414c7b5e55ba7c8780d6c7dfdca776da44cd927bd6616fdeade53adcf5b7716f2ed067184489262c99b26b699d901c241db457aad494f780e33787f63f3d95757f5a15b8c16ccbd09ec653e24c82e8fec0ce602a0be019f0002903082028c308201f5a003020102020900c9abfb98ff97b24c300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313233395a170d30
EAP-Message =
0x37303732353230313233395a3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e7430819f300d06092a864886f70d010101050003818d0030818902818100d8cdddeec55c7306f917a047380659df940a0b96f3f2f576c91b6b6d7747eb0bc2d1bef222dfaa423a8c18f202e92ccef8f6d72b3526432cd4aee488d7d8c9b431f73429468b22cccf63aceb530f4e3b5262a35e5e22e51046594d6c91aca5f056982de1acc5a26480c4eac144cb4be74185df3ce999d574a30f28acfd1f9d750203010001a3819b308198301d0603551d0e04160414682319
EAP-Message =
0x51745c11e5fd6f7155d54baba5f067ea053069060355
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x498b302c3c413c59d2b3adf67bbc1530
Wed Jul 26 06:38:57 2006 : Debug: Finished request 1
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=98, length=153
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x8fdcb1d1de429fbc882c9013f501fdcd
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x498b302c3c413c59d2b3adf67bbc1530
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 2
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 5 length 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 2
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 2
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 2
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
Received EAP-TLS ACK message
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: ack
handshake fragment handler
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 1
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 2
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 2
Sending Access-Challenge of id 98 to 170.248.233.102
port 21645
EAP-Message =
0x0106011619001d2304623060801468231951745c11e5fd6f7155d54baba5f067ea05a13da43b3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74820900c9abfb98ff97b24c300c0603551d13040530030101ff300d06092a864886f70d0101040500038181008a788b3b91705246ab003c122a42a3fb149874df853c1f93a2795fdc5b1aa5cddecd2186ffe71fcb52fb5d743ead84a7e048e208c7ad094c9fa2399316be0f28eb493779a06158dc9ac392d222e1aed63a5dd8e777ff732889080dd2fe018edd6125d4c3305aa7684b64676530258eb4
EAP-Message =
0xb7281afd5b9d99013d400bf868323f7716030100040e000000
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x2d8cf9192d110361c694d24de7cdbdcb
Wed Jul 26 06:38:57 2006 : Debug: Finished request 2
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=99, length=339
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x577ebfac24aca5a457822e75d9c31c9a
EAP-Message =
0x020600c01980000000b616030100861000008200802bce54d10c0c817b71cdbd91c896ebad0cdc051937e0da1262ac04109f34cb9a96cccf31d124ebfaf28f76a8fc1439f6d99c32df59ea9978238a8b772bd8911804ee7ec9395d0113cf158f355433885581aa136a7f4f93ddf11cd77e91e45da81f9892c5f9c71b955604d3f9692d2747b674d08f488486c16835b67dd1a483cb14030100010116030100207feb620c9d4e1bd873ba0e6a5ee8e501066967ac10d6e7d0696263466cf12ab4
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x2d8cf9192d110361c694d24de7cdbdcb
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 3
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 6 length 192
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 3
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 3
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 3
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Length
Included
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 11
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<<
TLS 1.0 Handshake [length 0086], ClientKeyExchange
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 read client key exchange A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<<
TLS 1.0 ChangeCipherSpec [length 0001]
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<<
TLS 1.0 Handshake [length 0010], Finished
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 read finished A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 ChangeCipherSpec [length 0001]
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write change cipher spec A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 Handshake [length 0010], Finished
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write finished A
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 flush data
Wed Jul 26 06:38:57 2006 : Debug: (other): SSL
negotiation finished successfully
Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Wed Jul 26 06:38:57 2006 : Debug: SSL Connection
Established
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 3
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 3
Sending Access-Challenge of id 99 to 170.248.233.102
port 21645
EAP-Message =
0x0107003119001403010001011603010020d8095d07b6faed0612c8cc397d7585f0435501e4a1d7e201ff89e8f9cbf87a46
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x33722640f43f50eda977125b0e4f529e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 3
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=100, length=153
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0xdedb196149d987712093702f74fd8fc4
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x33722640f43f50eda977125b0e4f529e
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 4
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 7 length 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 4
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 4
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 4
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
Received EAP-TLS ACK message
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: ack
handshake is finished
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 3
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 3
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_SUCCESS
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 4
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 4
Sending Access-Challenge of id 100 to 170.248.233.102
port 21645
EAP-Message =
0x010800201900170301001584f67b6b13ffeffe18862f7659b9a66c4a8e4b996a
Message-Authenticator =
0x00000000000000000000000000000000
State = 0xdd383d12bf43f94234041e3c55ca3ad2
Wed Jul 26 06:38:57 2006 : Debug: Finished request 4
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=101, length=183
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x6f47dd19e1bd452975489d9ec5395fb9
EAP-Message =
0x02080024190017030100195e17a3dd5ae16018a9127bd42ab172908103052ca1cb861bd6
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0xdd383d12bf43f94234041e3c55ca3ad2
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 8 length 36
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Session established. Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Identity - svtest21
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Got tunneled
identity of svtest21
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting
default EAP type for tunneled EAP session.
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting
User-Name to svtest21
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 8 length 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
Identity
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type mschapv2
Wed Jul 26 06:38:57 2006 : Info: rlm_eap_mschapv2:
Issuing Challenge
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 5
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Got tunneled
Access-Challenge
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 5
Sending Access-Challenge of id 101 to 170.248.233.102
port 21645
EAP-Message =
0x010900391900170301002e31ec119dd45b49159e2e527731844ab3c0e71c00ac7fe0b3dbd8013265ccbd9c45669b8a7f8f93b2abe77640bce3
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x04f10b8ab1550375bf94e3b173867c1e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 5
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=102, length=237
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x6cddd56e038eeeeb62b8d2b97207575d
EAP-Message =
0x0209005a1900170301004f7ebe8c95ba80a65659e251d4be48f417110e8259b3bd8da9941229cd56c49dc70cec66fe0744d7386212187e0fa66b5324340dbb71fcde3c038d9440eb2b9c732c9aea2ef4a4d94639d6d05eab8d9b
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x04f10b8ab1550375bf94e3b173867c1e
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 9 length 90
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Session established. Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAP
type mschapv2
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting
User-Name to svtest21
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Adding old
state with 1a 55
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 9 length 67
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
EAP/mschapv2
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type mschapv2
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group MS-CHAP for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling mschap (rlm_mschap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: No
User-Password configured. Cannot create LM-Password.
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: No
User-Password configured. Cannot create NT-Password.
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: Told
to do MS-CHAPv2 for svtest21 with NT-Password
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap:
FAILED: No NT/LM-Password. Cannot perform
authentication.
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap:
FAILED: MS-CHAP2-Response is incorrect
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "mschap" returns reject
for request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group MS-CHAP (returns reject) for request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Freeing
handler
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns reject for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns reject) for request 6
Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to
validate the user.
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Tunneled
authentication was rejected.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
FAILURE
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 6
Sending Access-Challenge of id 102 to 170.248.233.102
port 21645
EAP-Message =
0x010a00261900170301001b233d655aa5fa5426d55aef5a34e07a87d731e1bbe2f875598be5af
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x5dc9719865b138594344825c77fe148e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 6
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=103, length=185
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x57ad285f9dcb4ce9f76d13fc72ae4152
EAP-Message =
0x020a00261900170301001b0c3225d3742832f0f869716ddf76a1852229df75c229af8417b16a
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x5dc9719865b138594344825c77fe148e
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 10 length 38
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 7
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 7
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 7
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Session established. Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Received EAP-TLV response.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Had
sent TLV failure. User was rejcted rejected earlier
in this session.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Handler
failed in EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Failed in
EAP select
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns invalid
for request 7
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns invalid) for request 7
Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to
validate the user.
Wed Jul 26 06:38:57 2006 : Debug: Delaying request 7
for 1 seconds
Wed Jul 26 06:38:57 2006 : Debug: Finished request 7
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=103, length=185
Sending Access-Reject of id 103 to 170.248.233.102
port 21645
EAP-Message = 0x040a0004
Message-Authenticator =
0x00000000000000000000000000000000
Wed Jul 26 06:39:02 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:39:02 2006 : Debug: Waking up in 1
seconds...
Wed Jul 26 06:39:03 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
0 ID 96 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
1 ID 97 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
2 ID 98 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
3 ID 99 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
4 ID 100 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
5 ID 101 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
6 ID 102 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
7 ID 103 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Nothing to do.
Sleeping until we see a request.
******************************************************
eap.conf
******************************************************
# -*- text -*-
#
# Whatever you do, do NOT set 'Auth-Type := EAP'.
The server
# is smart enough to figure this out on its own. The
most
# common side effect of setting 'Auth-Type := EAP' is
that the
# users then cannot use ANY other authentication
method.
#
# $Id: eap.conf,v 1.4.4.3 2006/04/28 18:25:03 aland
Exp $
#
eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received.
#
# The incoming EAP messages DO NOT specify which
EAP
# type they will be using, so it MUST be set here.
#
# For now, only one default EAP type may be used at
a time.
#
# If the EAP-Type attribute is set by another
module,
# then that EAP type takes precedence over the
# default type configured here.
#
default_eap_type = peap
# A list is maintained to correlate EAP-Response
# packets with EAP-Request packets. After a
# configurable length of time, entries in the list
# expire, and are deleted.
#
timer_expire = 60
# There are many EAP types, but the server has
support
# for only a limited subset. If the server
receives
# a request for an EAP type it does not support,
then
# it normally rejects the request. By setting this
# configuration to "yes", you can tell the server
to
# instead keep processing the request. Another
module
# MUST then be configured to proxy the request to
# another RADIUS server which supports that EAP
type.
#
# If another module is NOT configured to handle the
# request, then the request will still end up being
# rejected.
ignore_unknown_eap_types = no
# Cisco AP1230B firmware 12.2(13)JA1 has a bug.
When given
# a User-Name attribute in an Access-Accept, it
copies one
# more byte than it should.
#
# We can work around it by configurably adding an
extra
# zero byte.
cisco_accounting_username_bug = no
# Supported EAP-types
#
# We do NOT recommend using EAP-MD5 authentication
# for wireless connections. It is insecure, and
does
# not provide for dynamic WEP keys.
#
md5 {
}
# Cisco LEAP
#
# We do not recommend using LEAP in new
deployments. See:
# http://www.securiteam.com/tools/5TP012ACKE.html
#
# Cisco LEAP uses the MS-CHAP algorithm (but not
# the MS-CHAP attributes) to perform it's
authentication.
#
# As a result, LEAP *requires* access to the
plain-text
# User-Password, or the NT-Password attributes.
# 'System' authentication is impossible with LEAP.
#
leap {
}
# Generic Token Card.
#
# Currently, this is only permitted inside of
EAP-TTLS,
# or EAP-PEAP. The module "challenges" the user
with
# text, and the response from the user is taken to
be
# the User-Password.
#
# Proxying the tunneled EAP-GTC session is a bad
idea,
# the users password will go over the wire in
plain-text,
# for anyone to see.
#
gtc {
# The default challenge, which many clients
# ignore..
#challenge = "Password: "
# The plain-text response which comes back
# is put into a User-Password attribute,
# and passed to another module for
# authentication. This allows the EAP-GTC
# response to be checked against plain-text,
# or crypt'd passwords.
#
# If you say "Local" instead of "PAP", then
# the module will look for a User-Password
# configured for the request, and do the
# authentication itself.
#
auth_type = PAP
}
## EAP-TLS
#
# To generate ctest certificates, run the script
#
# ../scripts/certs.sh
#
# The documents on http://www.freeradius.org/doc
# are old, but
may be helpful.
#
# See also:
#
#
http://www.dslreports.com/forum/remark,9286052~mode=flat
#
tls {
private_key_password =
private_key_file =
${raddbdir}/certs/server_keycert.pem
# If Private key & Certificate are located in
# the same file, then private_key_file &
# certificate_file must contain the same file
# name.
certificate_file =
${raddbdir}/certs/server_keycert.pem
# Trusted Root CA list
CA_file = ${raddbdir}/certs/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
#
# This can never exceed the size of a RADIUS
# packet (4096 bytes), and is preferably half
# that, to accomodate other attributes in
# RADIUS packet. On most APs the MAX packet
# length is configured between 1500 - 1600
# In these cases, fragment size should be
# 1024 or less.
#
fragment_size = 1024
# include_length is a flag which is
# by default set to yes If set to
# yes, Total Length of the message is
# included in EVERY packet we send.
# If set to no, Total Length of the
# message is included ONLY in the
# First packet of a fragment series.
#
include_length = yes
# Check the Certificate Revocation List
#
# 1) Copy CA certificates and CRLs to same
directory.
# 2) Execute 'c_rehash <CA certs&CRLs Directory>'.
# 'c_rehash' is OpenSSL's command.
# 3) Add 'CA_path=<CA certs&CRLs directory>'
# to radiusd.conf's tls section.
# 4) uncomment the line below.
# 5) Restart radiusd
# check_crl = yes
#
# If check_cert_issuer is set, the value
will
# be checked against the DN of the issuer in
# the client certificate. If the values do
not
# match, the cerficate verification will
fail,
# rejecting the user.
#
# check_cert_issuer =
"/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
#
# If check_cert_cn is set, the value will
# be xlat'ed and checked against the CN
# in the client certificate. If the values
# do not match, the certificate verification
# will fail rejecting the user.
#
# This check is done only if the previous
# "check_cert_issuer" is not set, or if
# the check succeeds.
#
# check_cert_cn = %{User-Name}
#
# Set this option to specify the allowed
# TLS cipher suites. The format is listed
# in "man 1 ciphers".
# cipher_list = "DEFAULT"
}
# The TTLS module implements the EAP-TTLS protocol,
# which can be described as EAP inside of Diameter,
# inside of TLS, inside of EAP, inside of RADIUS...
#
# Surprisingly, it works quite well.
#
# The TTLS module needs the TLS module to be
installed
# and configured, in order to use the TLS tunnel
# inside of the EAP packet. You will still need to
# configure the TLS module, even if you do not want
# to deploy EAP-TLS in your network. Users will
not
# be able to request EAP-TLS, as it requires them
to
# have a client certificate. EAP-TTLS does not
# require a client certificate.
#
#ttls {
# The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
# TTLS tunnel, we recommend using EAP-MD5.
# If the request does not contain an EAP
# conversation, then this configuration entry
# is ignored.
# default_eap_type = md5
# The tunneled authentication request does
# not usually contain useful attributes
# like 'Calling-Station-Id', etc. These
# attributes are outside of the tunnel,
# and normally unavailable to the tunneled
# authentication request.
#
# By setting this configuration entry to
# 'yes', any attribute which NOT in the
# tunneled authentication request, but
# which IS available outside of the tunnel,
# is copied to the tunneled request.
#
# allowed values: {no, yes}
# copy_request_to_tunnel = no
# The reply attributes sent to the NAS are
# usually based on the name of the user
# 'outside' of the tunnel (usually
# 'anonymous'). If you want to send the
# reply attributes based on the user name
# inside of the tunnel, then set this
# configuration entry to 'yes', and the reply
# to the NAS will be taken from the reply to
# the tunneled request.
#
# allowed values: {no, yes}
# use_tunneled_reply = no
#}
#
# The tunneled EAP session needs a default EAP type
# which is separate from the one for the
non-tunneled
# EAP module. Inside of the TLS/PEAP tunnel, we
# recommend using EAP-MS-CHAPv2.
#
# The PEAP module needs the TLS module to be
installed
# and configured, in order to use the TLS tunnel
# inside of the EAP packet. You will still need to
# configure the TLS module, even if you do not want
# to deploy EAP-TLS in your network. Users will
not
# be able to request EAP-TLS, as it requires them
to
# have a client certificate. EAP-PEAP does not
# require a client certificate.
#
peap {
# The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
# PEAP tunnel, we recommend using MS-CHAPv2,
# as that is the default type supported by
# Windows clients.
default_eap_type = mschapv2
# the PEAP module also has these configuration
# items, which are the same as for TTLS.
copy_request_to_tunnel = yes
use_tunneled_reply = yes
# When the tunneled session is proxied, the
# home server may not understand EAP-MSCHAP-V2.
# Set this entry to "no" to proxy the tunneled
# EAP-MSCHAP-V2 as normal MSCHAPv2.
# proxy_tunneled_request_as_eap = yes
}
#
# This takes no configuration.
#
# Note that it is the EAP MS-CHAPv2 sub-module, not
# the main 'mschap' module.
#
# Note also that in order for this sub-module to
work,
# the main 'mschap' module MUST ALSO be configured.
#
# This module is the *Microsoft* implementation of
MS-CHAPv2
# in EAP. There is another (incompatible)
implementation
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS
does not
# currently support.
#
mschapv2 {
}
}
*****************************************************
Thanks,
Damon
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Freeradius-Users
mailing list