PEAP authentication with freerad ?

thomas hahusseau thomas.hahusseau at gmail.com
Tue Jun 6 20:10:27 CEST 2006


I dont understand why it doesn't work , Password are in clear in LDAP base ,
the only thing that i want is freeradius recieve login and password form an
PEAP (Mschapv2) authentification request and compare it from password and
login stocked in LDAP database if it's matched so allow the access.

here is my conf file "users"

DEFAULT Auth-Type = EAP, EAP-Type == EAP-PEAP
DEFAULT Auth-Type = LDAP

there to different situation , in both of them authentication section about
LDAP and EAP are uncommented.

++++First : If I uncomment "eap" in authorize section of radiusd.conf :

        #  This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
        #  authentication.
        #
        #  It also sets the EAP-Type attribute in the request
        #  attribute list to the EAP type from the packet.
        eap
I've got that kind of error :
-----------------------------------------------
lm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 7
modcall: group authorize returns updated for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client
Access_Point_3COM port 1 cli 004096a1ce69)
Delaying request 7 for 1 seconds
Finished request 7
------------------------------------------

Authorize part with ldap works well but not the authentification one with
eap (the tls handshake works well)

++++Second : If I comment "eap" in authorize section of radiusd.conf

I've got a long output attached in that mail.

As a conclusion if I edit the users config file like that :



I hope you could help I'm blocked on that problem for 2 weeks and the end of
my training period is close and I would like to finish it before :).

Thank you

2006/6/6, Alan DeKok <aland at nitros9.org>:
>
> "thomas hahusseau" <thomas.hahusseau at gmail.com> wrote:
> > modcall: entering group Auth-Type for request 6
> >   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
> >   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
>
>   This means that the server has no clear-text password.  i.e. it
> wasn't retrieved from LDAP.  See the rest of the debug log to see what
> was retrieved from LDAP.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060606/00188e79/attachment.html>
-------------- next part --------------
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /opt/freeradius/etc/raddb/clients.conf
Config:   including file: /opt/freeradius/etc/raddb/eap.conf
 main: prefix = "/opt/freeradius"
 main: localstatedir = "/var"
 main: logdir = "/var/log/freeradius"
 main: libdir = "/opt/freeradius/lib"
 main: radacctdir = "/var/log/freeradius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/freeradius/radius.log"
 main: log_auth = yes
 main: log_auth_badpass = yes
 main: log_auth_goodpass = yes
 main: pidfile = "/var/run/freeradius/freeradius.pid"
 main: user = "freerad"
 main: group = "freerad"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/opt/freeradius/sbin/checkrad"
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /opt/freeradius/lib
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: use_mppe = yes
 mschap: require_encryption = yes
 mschap: require_strong = yes
 mschap: with_ntdomain_hack = yes
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap) 
Module: Loaded LDAP 
 ldap: server = "localhost"
 ldap: port = 389
 ldap: net_timeout = 1
 ldap: timeout = 4
 ldap: timelimit = 3
 ldap: identity = ""
 ldap: tls_mode = no
 ldap: start_tls = no
 ldap: tls_cacertfile = "(null)"
 ldap: tls_cacertdir = "(null)"
 ldap: tls_certfile = "(null)"
 ldap: tls_keyfile = "(null)"
 ldap: tls_randfile = "(null)"
 ldap: tls_require_cert = "allow"
 ldap: password = ""
 ldap: basedn = "dc=dist,dc=demo,dc=net"
 ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
 ldap: base_filter = "(objectclass=radiusprofile)"
 ldap: default_profile = "(null)"
 ldap: profile_attribute = "(null)"
 ldap: password_header = "(null)"
 ldap: password_attribute = "userPassword"
 ldap: access_attr = "uid"
 ldap: groupname_attribute = "cn"
 ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
 ldap: groupmembership_attribute = "(null)"
 ldap: dictionary_mapping = "/opt/freeradius/etc/raddb/ldap.attrmap"
 ldap: ldap_debug = 0
 ldap: ldap_connections_number = 5
 ldap: compare_check_items = no
 ldap: access_attr_used_for_allow = yes
 ldap: do_xlat = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /opt/freeradius/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP userPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8152010
Module: Instantiated ldap (ldap) 
Module: Loaded eap 
 eap: default_eap_type = "peap"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type leap
 tls: rsa_key_exchange = yes
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 2048
 tls: dh_key_length = 1024
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/opt/freeradius/etc/raddb/radcerts/dist-aaa.key.pem"
 tls: certificate_file = "/opt/freeradius/etc/raddb/radcerts/dist-aaa.crt.pem"
 tls: CA_file = "/opt/freeradius/etc/raddb/radcerts/DEMO.NET.pem"
 tls: private_key_password = "AZert12@"
 tls: dh_file = "/opt/freeradius/etc/raddb/radcerts/dh"
 tls: random_file = "/dev/urandom"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/opt/freeradius/etc/raddb/huntgroups"
 preprocess: hints = "/opt/freeradius/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = yes
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded detail 
 detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (auth_log) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix) 
 realm: format = "prefix"
 realm: delimiter = "\"
 realm: ignore_default = yes
 realm: ignore_null = yes
Module: Instantiated realm (ntdomain) 
Module: Loaded files 
 files: usersfile = "/opt/freeradius/etc/raddb/users"
 files: acctusersfile = "/opt/freeradius/etc/raddb/acct_users"
 files: preproxy_usersfile = "/opt/freeradius/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
 detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/var/log/freeradius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
 detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (reply_log) 
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.5:3314, id=139, length=116
	NAS-IP-Address = 192.168.0.5
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Framed-MTU = 1400
	User-Name = "test"
	Calling-Station-Id = "004096a1ce69"
	Called-Station-Id = "000fcb00f04c"
	NAS-Identifier = "DIST-AP"
	EAP-Message = 0x020100090174657374
	Message-Authenticator = 0x04e30ce26d28e459d6f26e8cefe9c11b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 0
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 139 to 192.168.0.5:3314
	EAP-Message = 0x010200061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe2babc9392179f148e247671f72305a5
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3315, id=140, length=231
	NAS-IP-Address = 192.168.0.5
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Framed-MTU = 1400
	User-Name = "test"
	Calling-Station-Id = "004096a1ce69"
	Called-Station-Id = "000fcb00f04c"
	NAS-Identifier = "DIST-AP"
	State = 0xe2babc9392179f148e247671f72305a5
	EAP-Message = 0x0202006a198000000060160301005b010000570301448582e62696a93ad9f85a6479619877a5bba09e5759d86527f1f93e6be0a6fc00003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100
	Message-Authenticator = 0x992f0055961626e9b956aab6309c6cd6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:  '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 1
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns ok for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
    (other): before/accept initialization 
    TLS_accept: before/accept initialization 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello  
    TLS_accept: SSLv3 read client hello A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello  
    TLS_accept: SSLv3 write server hello A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 057c], Certificate  
    TLS_accept: SSLv3 write certificate A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
    TLS_accept: SSLv3 write server done A 
    TLS_accept: SSLv3 flush data 
    TLS_accept:error in SSLv3 read client certificate A 
In SSL Handshake Phase 
In SSL Accept mode  
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 140 to 192.168.0.5:3315
	EAP-Message = 0x0103040a19c0000005d9160301004a0200004603014485ccf27a934f8e54aed80b8318b512e34a72e2324bb62a6eec2e281671685b205a4549dfb51f96dbcf1a2fc980af56892b7b846608521bcf28458ad1b0df756f003500160301057c0b00057800057500030c3082030830820271a003020102020200be300d06092a864886f70d0101050500302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e4554301e170d3036303630363132333234365a170d3037303630363132333234365a30133111300f06035504031308444953542d41414130819f300d06092a864886f70d0101
	EAP-Message = 0x01050003818d0030818902818100c1b030c295f8a7f7e9f7abd3f8b71689751760134fd5fb5df1593b6b1cdc86c6b0860eabccd56de45d84e6552785c74d73ffa0850f089f27bbf07dae30282ccdb5bfefc143cc558ded6750a336d6d15b08708e74868528f719b30da9b72b769ad235f5e798559396f04e2454c8fd4454a82174648f451853c190bc9541122a350203010001a382014d3082014930320603551d12042b30298613687474703a2f2f7777772e64656d6f2e6e65748112706b692e61646d696e4064656d6f2e6e657430210603551d11041a30188216646973742d6161612e646973742e64656d6f2e6e6574300c0603551d130101ff04
	EAP-Message = 0x023000300e0603551d0f0101ff0404030205e030130603551d25040c300a06082b06010505070301301106096086480186f8420101040403020640301d0603551d0e0416041428172fdf3387a4a92b5a3d36051a8f6741e8251b30570603551d230450304e801431dace396ed49614cd8f3319ca8eef3bc73bc266a133a431302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e455482010130320603551d1f042b30293027a025a0238621687474703a2f2f7065612d706b692f63726c2f64656d6f6e65742d63612e63726c300d06092a864886f70d01010505000381810052f7f4
	EAP-Message = 0x754b9a6cce0bf6cdf3c5124f5e0e19aa4c6d08fa2efb2c0c367426067f6e954277922f03200825710a5e19789946052bee720df75b51b44260f5b22a29d8b524f16b16bab1abcac475a2c7bddfdd302b859d75dc7944d66904f11baf6de789a1966bae39d51c1746bc2468609d27d98b913e1a00ff8d3ffe16be82c4d90002633082025f308201c8a003020102020101300d06092a864886f70d0101050500302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e4554301e170d3035303131313233303030305a170d3135303131313233303030305a302f310b300906035504061302
	EAP-Message = 0x4652310d300b060355040a130444454d4f3111300f06
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9fb8632237c591687df8a547dfa52813
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3316, id=141, length=131
	NAS-IP-Address = 192.168.0.5
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Framed-MTU = 1400
	User-Name = "test"
	Calling-Station-Id = "004096a1ce69"
	Called-Station-Id = "000fcb00f04c"
	NAS-Identifier = "DIST-AP"
	State = 0x9fb8632237c591687df8a547dfa52813
	EAP-Message = 0x020300061900
	Message-Authenticator = 0xbcec195ea2780d126608bd15249630f4
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat:  '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 2
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 141 to 192.168.0.5:3316
	EAP-Message = 0x010401df19000355040b130844454d4f2e4e455430819f300d06092a864886f70d010101050003818d0030818902818100ee2768d790e52a0c45ab78147c99e54bfda0e5800a195914de98837d1ed7e95a7ac8a038b81fef29d5e6a732c4db1e00bbd8da7568a56ca131245664f39780607bcd5ca499c436e26344250635f5da06bc806ad217a1b121e818159205e91b28471f755b529dbbc1a7befa7931e9ce1b4cfb86411cdbdb6e1fc3b5a505d4f28f0203010001a3818a30818730320603551d11042b30298613687474703a2f2f7777772e64656d6f2e6e65748112706b692e61646d696e4064656d6f2e6e6574300f0603551d130101ff040530
	EAP-Message = 0x030101ff300e0603551d0f0101ff040403020106301106096086480186f8420101040403020007301d0603551d0e0416041431dace396ed49614cd8f3319ca8eef3bc73bc266300d06092a864886f70d01010505000381810081629fb4a5a981a2b5d379e7255fa66fd89f4b8633caf740811fcd8fe30cac5271e2a4602eaee83cfa85f4c4a24c633290763d33c13e774f8c2e8860fd6ba39b7dd53d96c39c1c47353c42505b5f2cb9aae3416bd03fd32fdd8da78e4fe90518ca909530fcd3d95b2350a4d6a6b5cc54feedbf4448fad8c67274bf10cb7a98c516030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x03dd52501ef84ed73033ff48b051003a
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3317, id=142, length=333
	NAS-IP-Address = 192.168.0.5
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Framed-MTU = 1400
	User-Name = "test"
	Calling-Station-Id = "004096a1ce69"
	Called-Station-Id = "000fcb00f04c"
	NAS-Identifier = "DIST-AP"
	State = 0x03dd52501ef84ed73033ff48b051003a
	EAP-Message = 0x020400d01980000000c616030100861000008200800649870266020468f6e16a3871866f124269221f94d74b49b4e72b91767f5c57effbf208e798c082d62a5cf8ac89be33be026471ec4dcf0ae489affee52ddb9797d7d7d685218701711ba089805ff6244bb99639cc5f8078ae23ae48b4945ae3343c59475753bc72a81081aa5db2b243bc8553e6de15a6469b88b8f5be165f71140301000101160301003073efb355587a1ec5eabeb6897a5bed979a447634e768df8fff527881ad1de1a76334f5906df16c18164654314f63d0be
	Message-Authenticator = 0xb5f904f764096b757d272c14599f2a91
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat:  '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 3
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns ok for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange  
    TLS_accept: SSLv3 read client key exchange A 
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]  
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 read finished A 
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]  
    TLS_accept: SSLv3 write change cipher spec A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 write finished A 
    TLS_accept: SSLv3 flush data 
    (other): SSL negotiation finished successfully 
SSL Connection Established 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 142 to 192.168.0.5:3317
	EAP-Message = 0x0105004119001403010001011603010030b8b9dc269f2e472af82680c5913f1041b77683e211936bd49ac4d96d3b68df3a40c9b60e6794a654e1644b90da5582c7
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xf2927c8675e70ce765bb95f8c0b06815
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3318, id=143, length=131
	NAS-IP-Address = 192.168.0.5
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Framed-MTU = 1400
	User-Name = "test"
	Calling-Station-Id = "004096a1ce69"
	Called-Station-Id = "000fcb00f04c"
	NAS-Identifier = "DIST-AP"
	State = 0xf2927c8675e70ce765bb95f8c0b06815
	EAP-Message = 0x020500061900
	Message-Authenticator = 0x0b5e01918e895755c7029b917e16c034
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat:  '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 4
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns ok for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3 
  eaptls_process returned 3 
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 143 to 192.168.0.5:3318
	EAP-Message = 0x0106005019001703010020d86c6100f4b1153d4f31e19dce57eda8640d534c385891c31f9c71889f8369301703010020161eb07affd44a8a07ebcf3fd73cb15410559dd2d1f621bed896bd10be6989c1
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x15421a936c003ca505f7926331cf807f
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3319, id=144, length=205
	NAS-IP-Address = 192.168.0.5
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Framed-MTU = 1400
	User-Name = "test"
	Calling-Station-Id = "004096a1ce69"
	Called-Station-Id = "000fcb00f04c"
	NAS-Identifier = "DIST-AP"
	State = 0x15421a936c003ca505f7926331cf807f
	EAP-Message = 0x020600501900170301002050d109c9bd7aa09cd72266171ae319c8892383aef5dc4ed96a60c86947e5aab317030100207715ebe05bf12f0561a2e2bec1211b99f22e290404fc32d4757c2e47716eb1cf
	Message-Authenticator = 0xa23e39f4f568fc98391c8f95f081b389
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat:  '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 5
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns ok for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - test
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled identity of test
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to test
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat:  '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 5
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns ok for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 144 to 192.168.0.5:3319
	EAP-Message = 0x0107006019001703010020b4535b429de7c20b3b85b130159d84d1f052623b5ef630d16205b79a1e2d384517030100306318b7160fdcdc4654750d74e6484e49cb224c5b3c6ea564f459f3a29c5e2e6df9529f16f227f0c86a360e6513bb1ab6
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3d2a6faf63b792b94c0e6d40197cf833
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3320, id=145, length=253
	NAS-IP-Address = 192.168.0.5
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Framed-MTU = 1400
	User-Name = "test"
	Calling-Station-Id = "004096a1ce69"
	Called-Station-Id = "000fcb00f04c"
	NAS-Identifier = "DIST-AP"
	State = 0x3d2a6faf63b792b94c0e6d40197cf833
	EAP-Message = 0x02070080190017030100209634618e4eb61d40690211ba511b58ca94fc377a92fe404cdb730a588854677a1703010050d6f9645bf5085bb28a1caf327ea103b184078f22e264ac35134f5c4d1afb907d5d9121d3229da20861eebdf623c6e269959cecc963e8c8a6c38079ffa1b37d45abc11161561785f68f5a610666d3110c
	Message-Authenticator = 0x70b4890f54b099c69712d1cc8223fec8
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat:  '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 6
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 6
modcall: group authorize returns ok for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to test
  PEAP: Adding old state with 9a 3d
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat:  '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 6
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 6
modcall: group authorize returns ok for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client localhost port 0)
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 145 to 192.168.0.5:3320
	EAP-Message = 0x010800501900170301002016434d9c118208f1dd2377baa2d9c09021a3e5da0f3558b0426328dac50ae6a7170301002057a477397eec22f9515f6b170b3c4c550faebdc5a05d501d81c8207d8b16a632
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x168fbbea61f6fad33ae78c898d68ebd2
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3321, id=146, length=205
	NAS-IP-Address = 192.168.0.5
	NAS-Port-Type = Wireless-802.11
	NAS-Port = 1
	Framed-MTU = 1400
	User-Name = "test"
	Calling-Station-Id = "004096a1ce69"
	Called-Station-Id = "000fcb00f04c"
	NAS-Identifier = "DIST-AP"
	State = 0x168fbbea61f6fad33ae78c898d68ebd2
	EAP-Message = 0x0208005019001703010020e35fd95fa1fa68fd53abc23d627780adee7a91d9e9cefb34fc21cef97433326817030100206d0389c712254567cf0405f811b8c141f689f681ee326f5fb631cd0e30e39169
	Message-Authenticator = 0x6d5a37c42f0a8f95513faf8834be2006
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat:  '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
  modcall[authorize]: module "auth_log" returns ok for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
    rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
  modcall[authorize]: module "ntdomain" returns noop for request 7
    users: Matched entry DEFAULT at line 215
  modcall[authorize]: module "files" returns ok for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 7
modcall: group authorize returns ok for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client Access_Point_3COM port 1 cli 004096a1ce69)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 139 with timestamp 4485ccf2
Cleaning up request 1 ID 140 with timestamp 4485ccf2
Cleaning up request 2 ID 141 with timestamp 4485ccf2
Sending Access-Reject of id 146 to 192.168.0.5:3321
	EAP-Message = 0x04080004
	Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 142 with timestamp 4485ccf3
Cleaning up request 4 ID 143 with timestamp 4485ccf3
Cleaning up request 5 ID 144 with timestamp 4485ccf3
Cleaning up request 6 ID 145 with timestamp 4485ccf3
Cleaning up request 7 ID 146 with timestamp 4485ccf3
Nothing to do.  Sleeping until we see a request.



More information about the Freeradius-Users mailing list