PEAP authentication with freerad ?
thomas hahusseau
thomas.hahusseau at gmail.com
Tue Jun 6 20:10:27 CEST 2006
I dont understand why it doesn't work , Password are in clear in LDAP base ,
the only thing that i want is freeradius recieve login and password form an
PEAP (Mschapv2) authentification request and compare it from password and
login stocked in LDAP database if it's matched so allow the access.
here is my conf file "users"
DEFAULT Auth-Type = EAP, EAP-Type == EAP-PEAP
DEFAULT Auth-Type = LDAP
there to different situation , in both of them authentication section about
LDAP and EAP are uncommented.
++++First : If I uncomment "eap" in authorize section of radiusd.conf :
# This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
# authentication.
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
eap
I've got that kind of error :
-----------------------------------------------
lm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client
Access_Point_3COM port 1 cli 004096a1ce69)
Delaying request 7 for 1 seconds
Finished request 7
------------------------------------------
Authorize part with ldap works well but not the authentification one with
eap (the tls handshake works well)
++++Second : If I comment "eap" in authorize section of radiusd.conf
I've got a long output attached in that mail.
As a conclusion if I edit the users config file like that :
I hope you could help I'm blocked on that problem for 2 weeks and the end of
my training period is close and I would like to finish it before :).
Thank you
2006/6/6, Alan DeKok <aland at nitros9.org>:
>
> "thomas hahusseau" <thomas.hahusseau at gmail.com> wrote:
> > modcall: entering group Auth-Type for request 6
> > rlm_mschap: No User-Password configured. Cannot create LM-Password.
> > rlm_mschap: No User-Password configured. Cannot create NT-Password.
>
> This means that the server has no clear-text password. i.e. it
> wasn't retrieved from LDAP. See the rest of the debug log to see what
> was retrieved from LDAP.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060606/00188e79/attachment.html>
-------------- next part --------------
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /opt/freeradius/etc/raddb/clients.conf
Config: including file: /opt/freeradius/etc/raddb/eap.conf
main: prefix = "/opt/freeradius"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/opt/freeradius/lib"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/opt/freeradius/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /opt/freeradius/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded LDAP
ldap: server = "localhost"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = ""
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = ""
ldap: basedn = "dc=dist,dc=demo,dc=net"
ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "uid"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/opt/freeradius/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /opt/freeradius/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP userPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8152010
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type leap
tls: rsa_key_exchange = yes
tls: dh_key_exchange = yes
tls: rsa_key_length = 2048
tls: dh_key_length = 1024
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/opt/freeradius/etc/raddb/radcerts/dist-aaa.key.pem"
tls: certificate_file = "/opt/freeradius/etc/raddb/radcerts/dist-aaa.crt.pem"
tls: CA_file = "/opt/freeradius/etc/raddb/radcerts/DEMO.NET.pem"
tls: private_key_password = "AZert12@"
tls: dh_file = "/opt/freeradius/etc/raddb/radcerts/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/opt/freeradius/etc/raddb/huntgroups"
preprocess: hints = "/opt/freeradius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = yes
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
realm: format = "prefix"
realm: delimiter = "\"
realm: ignore_default = yes
realm: ignore_null = yes
Module: Instantiated realm (ntdomain)
Module: Loaded files
files: usersfile = "/opt/freeradius/etc/raddb/users"
files: acctusersfile = "/opt/freeradius/etc/raddb/acct_users"
files: preproxy_usersfile = "/opt/freeradius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (reply_log)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.5:3314, id=139, length=116
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
EAP-Message = 0x020100090174657374
Message-Authenticator = 0x04e30ce26d28e459d6f26e8cefe9c11b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 0
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 139 to 192.168.0.5:3314
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe2babc9392179f148e247671f72305a5
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3315, id=140, length=231
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0xe2babc9392179f148e247671f72305a5
EAP-Message = 0x0202006a198000000060160301005b010000570301448582e62696a93ad9f85a6479619877a5bba09e5759d86527f1f93e6be0a6fc00003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100
Message-Authenticator = 0x992f0055961626e9b956aab6309c6cd6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 1
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 057c], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 140 to 192.168.0.5:3315
EAP-Message = 0x0103040a19c0000005d9160301004a0200004603014485ccf27a934f8e54aed80b8318b512e34a72e2324bb62a6eec2e281671685b205a4549dfb51f96dbcf1a2fc980af56892b7b846608521bcf28458ad1b0df756f003500160301057c0b00057800057500030c3082030830820271a003020102020200be300d06092a864886f70d0101050500302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e4554301e170d3036303630363132333234365a170d3037303630363132333234365a30133111300f06035504031308444953542d41414130819f300d06092a864886f70d0101
EAP-Message = 0x01050003818d0030818902818100c1b030c295f8a7f7e9f7abd3f8b71689751760134fd5fb5df1593b6b1cdc86c6b0860eabccd56de45d84e6552785c74d73ffa0850f089f27bbf07dae30282ccdb5bfefc143cc558ded6750a336d6d15b08708e74868528f719b30da9b72b769ad235f5e798559396f04e2454c8fd4454a82174648f451853c190bc9541122a350203010001a382014d3082014930320603551d12042b30298613687474703a2f2f7777772e64656d6f2e6e65748112706b692e61646d696e4064656d6f2e6e657430210603551d11041a30188216646973742d6161612e646973742e64656d6f2e6e6574300c0603551d130101ff04
EAP-Message = 0x023000300e0603551d0f0101ff0404030205e030130603551d25040c300a06082b06010505070301301106096086480186f8420101040403020640301d0603551d0e0416041428172fdf3387a4a92b5a3d36051a8f6741e8251b30570603551d230450304e801431dace396ed49614cd8f3319ca8eef3bc73bc266a133a431302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e455482010130320603551d1f042b30293027a025a0238621687474703a2f2f7065612d706b692f63726c2f64656d6f6e65742d63612e63726c300d06092a864886f70d01010505000381810052f7f4
EAP-Message = 0x754b9a6cce0bf6cdf3c5124f5e0e19aa4c6d08fa2efb2c0c367426067f6e954277922f03200825710a5e19789946052bee720df75b51b44260f5b22a29d8b524f16b16bab1abcac475a2c7bddfdd302b859d75dc7944d66904f11baf6de789a1966bae39d51c1746bc2468609d27d98b913e1a00ff8d3ffe16be82c4d90002633082025f308201c8a003020102020101300d06092a864886f70d0101050500302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e4554301e170d3035303131313233303030305a170d3135303131313233303030305a302f310b300906035504061302
EAP-Message = 0x4652310d300b060355040a130444454d4f3111300f06
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9fb8632237c591687df8a547dfa52813
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3316, id=141, length=131
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x9fb8632237c591687df8a547dfa52813
EAP-Message = 0x020300061900
Message-Authenticator = 0xbcec195ea2780d126608bd15249630f4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 2
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 141 to 192.168.0.5:3316
EAP-Message = 0x010401df19000355040b130844454d4f2e4e455430819f300d06092a864886f70d010101050003818d0030818902818100ee2768d790e52a0c45ab78147c99e54bfda0e5800a195914de98837d1ed7e95a7ac8a038b81fef29d5e6a732c4db1e00bbd8da7568a56ca131245664f39780607bcd5ca499c436e26344250635f5da06bc806ad217a1b121e818159205e91b28471f755b529dbbc1a7befa7931e9ce1b4cfb86411cdbdb6e1fc3b5a505d4f28f0203010001a3818a30818730320603551d11042b30298613687474703a2f2f7777772e64656d6f2e6e65748112706b692e61646d696e4064656d6f2e6e6574300f0603551d130101ff040530
EAP-Message = 0x030101ff300e0603551d0f0101ff040403020106301106096086480186f8420101040403020007301d0603551d0e0416041431dace396ed49614cd8f3319ca8eef3bc73bc266300d06092a864886f70d01010505000381810081629fb4a5a981a2b5d379e7255fa66fd89f4b8633caf740811fcd8fe30cac5271e2a4602eaee83cfa85f4c4a24c633290763d33c13e774f8c2e8860fd6ba39b7dd53d96c39c1c47353c42505b5f2cb9aae3416bd03fd32fdd8da78e4fe90518ca909530fcd3d95b2350a4d6a6b5cc54feedbf4448fad8c67274bf10cb7a98c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x03dd52501ef84ed73033ff48b051003a
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3317, id=142, length=333
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x03dd52501ef84ed73033ff48b051003a
EAP-Message = 0x020400d01980000000c616030100861000008200800649870266020468f6e16a3871866f124269221f94d74b49b4e72b91767f5c57effbf208e798c082d62a5cf8ac89be33be026471ec4dcf0ae489affee52ddb9797d7d7d685218701711ba089805ff6244bb99639cc5f8078ae23ae48b4945ae3343c59475753bc72a81081aa5db2b243bc8553e6de15a6469b88b8f5be165f71140301000101160301003073efb355587a1ec5eabeb6897a5bed979a447634e768df8fff527881ad1de1a76334f5906df16c18164654314f63d0be
Message-Authenticator = 0xb5f904f764096b757d272c14599f2a91
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 3
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns ok for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 142 to 192.168.0.5:3317
EAP-Message = 0x0105004119001403010001011603010030b8b9dc269f2e472af82680c5913f1041b77683e211936bd49ac4d96d3b68df3a40c9b60e6794a654e1644b90da5582c7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf2927c8675e70ce765bb95f8c0b06815
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3318, id=143, length=131
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0xf2927c8675e70ce765bb95f8c0b06815
EAP-Message = 0x020500061900
Message-Authenticator = 0x0b5e01918e895755c7029b917e16c034
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 4
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns ok for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 143 to 192.168.0.5:3318
EAP-Message = 0x0106005019001703010020d86c6100f4b1153d4f31e19dce57eda8640d534c385891c31f9c71889f8369301703010020161eb07affd44a8a07ebcf3fd73cb15410559dd2d1f621bed896bd10be6989c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x15421a936c003ca505f7926331cf807f
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3319, id=144, length=205
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x15421a936c003ca505f7926331cf807f
EAP-Message = 0x020600501900170301002050d109c9bd7aa09cd72266171ae319c8892383aef5dc4ed96a60c86947e5aab317030100207715ebe05bf12f0561a2e2bec1211b99f22e290404fc32d4757c2e47716eb1cf
Message-Authenticator = 0xa23e39f4f568fc98391c8f95f081b389
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 5
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - test
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of test
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to test
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 5
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 144 to 192.168.0.5:3319
EAP-Message = 0x0107006019001703010020b4535b429de7c20b3b85b130159d84d1f052623b5ef630d16205b79a1e2d384517030100306318b7160fdcdc4654750d74e6484e49cb224c5b3c6ea564f459f3a29c5e2e6df9529f16f227f0c86a360e6513bb1ab6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d2a6faf63b792b94c0e6d40197cf833
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3320, id=145, length=253
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x3d2a6faf63b792b94c0e6d40197cf833
EAP-Message = 0x02070080190017030100209634618e4eb61d40690211ba511b58ca94fc377a92fe404cdb730a588854677a1703010050d6f9645bf5085bb28a1caf327ea103b184078f22e264ac35134f5c4d1afb907d5d9121d3229da20861eebdf623c6e269959cecc963e8c8a6c38079ffa1b37d45abc11161561785f68f5a610666d3110c
Message-Authenticator = 0x70b4890f54b099c69712d1cc8223fec8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 6
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to test
PEAP: Adding old state with 9a 3d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 6
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 145 to 192.168.0.5:3320
EAP-Message = 0x010800501900170301002016434d9c118208f1dd2377baa2d9c09021a3e5da0f3558b0426328dac50ae6a7170301002057a477397eec22f9515f6b170b3c4c550faebdc5a05d501d81c8207d8b16a632
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x168fbbea61f6fad33ae78c898d68ebd2
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3321, id=146, length=205
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x168fbbea61f6fad33ae78c898d68ebd2
EAP-Message = 0x0208005019001703010020e35fd95fa1fa68fd53abc23d627780adee7a91d9e9cefb34fc21cef97433326817030100206d0389c712254567cf0405f811b8c141f689f681ee326f5fb631cd0e30e39169
Message-Authenticator = 0x6d5a37c42f0a8f95513faf8834be2006
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 7
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 7
modcall: group authorize returns ok for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client Access_Point_3COM port 1 cli 004096a1ce69)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 139 with timestamp 4485ccf2
Cleaning up request 1 ID 140 with timestamp 4485ccf2
Cleaning up request 2 ID 141 with timestamp 4485ccf2
Sending Access-Reject of id 146 to 192.168.0.5:3321
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 142 with timestamp 4485ccf3
Cleaning up request 4 ID 143 with timestamp 4485ccf3
Cleaning up request 5 ID 144 with timestamp 4485ccf3
Cleaning up request 6 ID 145 with timestamp 4485ccf3
Cleaning up request 7 ID 146 with timestamp 4485ccf3
Nothing to do. Sleeping until we see a request.
More information about the Freeradius-Users
mailing list