Windows Vista doing PEAP
King, Michael
MKing at bridgew.edu
Wed Oct 4 17:04:06 CEST 2006
So we've been using FreeRADIUS talking to ActiveDirectory to
authenticate our WinXP clients (Over 2000) for over a year now.
Along comes Vista. Of COURSE it doesn't work. Microsoft changed
something, and it broke a working config. Arrg.
I'm attaching 2 debug outputs.
The first is my working XP client.
The second is Vista
My (amatuer) analyis, (Aka my gut) is that Vista is Doing something in
TLS, not PEAP. (I don't see my mschap module fire).
Any thoughts on how to fix this?
<------START OF XP CLIENT --------->
[root at radius1 mking]# /usr/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 768000
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:Us
er-Name} --challenge=%{mschap:Challenge}
--nt-response=%{mschap:NT-Response}"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "NULL"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file =
"/etc/raddb/certs/radius1.campus.bridgew.edu.key.pem"
tls: certificate_file =
"/etc/raddb/certs/radius1.campus.bridgew.edu.cer"
tls: CA_file =
"/etc/raddb/certs/Equifax_Secure_Certificate_Authority.cer"
tls: private_key_password = "d0wnh1ll"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = no
ttls: use_tunneled_reply = yes
rlm_eap: Loaded and initialized type ttls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = yes
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Addre
ss, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%
d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=35,
length=179
User-Name = "BSC\\mking"
Calling-Station-Id = "00-90-96-F4-2A-BB"
Called-Station-Id = "00-0B-85-5B-55-A0:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message = 0x0202000e014253435c6d6b696e67
Message-Authenticator = 0x18bad9509bea192f1f4d2e6cabe5fbc7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 35 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdd27246a212e89aaebc5b72fb9b697b8
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=36,
length=295
User-Name = "BSC\\mking"
Calling-Station-Id = "00-90-96-F4-2A-BB"
Called-Station-Id = "00-0B-85-5B-55-A0:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x0203007019800000006616030100610100005d03014523cca83a934082a3d7aaabd56a
7e60acbcb90646b0dde430726311381c2054201b953ad54d18bb269ea1630db140a3d975
e07b2d8a4884876ca5d83dc847ad57001600040005000a00090064006200030006001300
1200630100
State = 0xdd27246a212e89aaebc5b72fb9b697b8
Message-Authenticator = 0xe441f73fad7c493a0125ae2333e567d7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 36 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010403991900160301004a0200004603014523cca87e13d41fd13157d3e656fd7ce400
8b40ad683913b06fe7f886f60ec620445b2c7dd1811d50b1da26e1adbcc22a4fbfcae186
d07b7a989590c3bfc1339b00040016030103360b00033200032f00032c30820328308202
91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504
0613025553311c301a060355040a1313457175696661782053656375726520496e632e31
2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573
696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131
3534
EAP-Message =
0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373
616368757365747473311430120603550407130b42726964676577617465723122302006
0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06
0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d
7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d
0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74
36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d
a8f1
EAP-Message =
0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d
f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30
81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78
8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470
3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63
726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30
1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d
1301
EAP-Message =
0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d
093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28
fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f
d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad
70695ee86ba8969fc9dc16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x22f42e8ec709eb9da8340b9a3a91e77b
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=37,
length=375
User-Name = "BSC\\mking"
Calling-Station-Id = "00-90-96-F4-2A-BB"
Called-Station-Id = "00-0B-85-5B-55-A0:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x020400c01980000000b61603010086100000820080b00826875e5f5223a1a37a281d44
c8e05279730c295ebf4b0421b478f18a76b11d8ad58350d03dc0cf3dfe898eda4db0227c
8a0cb4881ea154676dc1bc2607516596648f5886eb623937b4508f41998b9f9c41d998b5
0919aecb6e286870c069f05f647ae250bc29baa90c549898ecb9adab7cfabb6ff066860a
15483bddb7ff14030100010116030100209f794546ee96366e4bec04efe5d699a99af715
d821757a86547a4960cac7ece4
State = 0x22f42e8ec709eb9da8340b9a3a91e77b
Message-Authenticator = 0xbfc4493bee43c8b17c5fcb296074fa5e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 37 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0105003119001403010001011603010020657f175ee851a17e47b8370a16c83f56e223
7231f9da8b2d742d13dcf5b60412
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe72afea6ae1b1106e28b50b5a234d821
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=38,
length=189
User-Name = "BSC\\mking"
Calling-Station-Id = "00-90-96-F4-2A-BB"
Called-Station-Id = "00-0B-85-5B-55-A0:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message = 0x020500061900
State = 0xe72afea6ae1b1106e28b50b5a234d821
Message-Authenticator = 0xa000f76900978cb8e0299c9785c1af4a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 38 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0106002019001703010015668895618d671026da3ce4284abadfb7ba0d622265
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x40842ac5d2185a145a6dded75c395891
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=39,
length=220
User-Name = "BSC\\mking"
Calling-Station-Id = "00-90-96-F4-2A-BB"
Called-Station-Id = "00-0B-85-5B-55-A0:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x020600251900170301001ab9b9562dab411f3e221fce21b27356b6a81cc3d8dc9f6d05
0af4
State = 0x40842ac5d2185a145a6dded75c395891
Message-Authenticator = 0x233111fbb57c67a85c4506cb651aa292
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 37
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - BSC\mking
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of BSC\mking
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to BSC\mking
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 39 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0107003a1900170301002f53ddb355b62c8a974d27b55d413157c8bc784f6c6a2be021
ec7abf02d3c33cc13c1666dc2a69c2a41f938b9d46f9dd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6170888e754102b293f0ea1424b17dc5
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=40,
length=274
User-Name = "BSC\\mking"
Calling-Station-Id = "00-90-96-F4-2A-BB"
Called-Station-Id = "00-0B-85-5B-55-A0:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x0207005b1900170301005019ce70863e79cb5dbae09fb721189e4d4ea25b6cbbfdec38
b936130205e6ecb5b91676b602a75ca1d77501a78af60884b7e2f120ae314fbf13975043
85959959cf50df946bb0341b98e42b469f639d72
State = 0x6170888e754102b293f0ea1424b17dc5
Message-Authenticator = 0x71db7dc82070cf0a374c2f05c7588284
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 91
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to BSC\mking
PEAP: Adding old state with 18 c2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 68
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 5
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
mschap2: 36
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --username=mking
--challenge=4b7e7c1327afd20a
--nt-response=e8040c080b7aa291f9ef0cfc52c741ea00b916b84ca45703'
Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=mking
--challenge=4b7e7c1327afd20a
--nt-response=e8040c080b7aa291f9ef0cfc52c741ea00b916b84ca45703
Exec-Program output: NT_KEY: 432E7C7653E43A57B7502B878B41AAD1
Exec-Program-Wait: plaintext: NT_KEY: 432E7C7653E43A57B7502B878B41AAD1
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 5
modcall: leaving group MS-CHAP (returns ok) for request 5
MSCHAP Success
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 40 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x0108004a1900170301003fa4cb48586e6559c4b9225d510d62d2daf87c17e6a18d50b7
2f94fcdbbf242f8939a41b04487f058d4cece2ebaf221df6ea6d78b4592e841e98ac1e75
b2b44d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbdb4287d4fcfed4285d67494311d9ec1
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=41,
length=212
User-Name = "BSC\\mking"
Calling-Station-Id = "00-90-96-F4-2A-BB"
Called-Station-Id = "00-0B-85-5B-55-A0:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x0208001d19001703010012c7f11eb2ab25ff1c379f33f2d3ab9c525429
State = 0xbdb4287d4fcfed4285d67494311d9ec1
Message-Authenticator = 0xc6730f2e83c68e118bd46a61da66edee
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 8 length 29
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to BSC\mking
PEAP: Adding old state with 38 c5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 6
modcall: leaving group authenticate (returns ok) for request 6
Login OK: [BSC\\mking] (from client localhost port 0)
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
Saving tunneled attributes for later
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 41 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010900261900170301001bcd47d72fba75f3a316d1f9e72d4695596bab33629c6e4be0
6afddb
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x566a370221ef6b6aaefb3168e88b9acf
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=42,
length=221
User-Name = "BSC\\mking"
Calling-Station-Id = "00-90-96-F4-2A-BB"
Called-Station-Id = "00-0B-85-5B-55-A0:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x020900261900170301001be7382138771e3eaacab08a10eef0c5dc919259a0defd75e6
19fd7d
State = 0x566a370221ef6b6aaefb3168e88b9acf
Message-Authenticator = 0xecd5358b3160401c2dabaae043286b09
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 9 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
Using saved attributes from the original Access-Accept
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 7
modcall: leaving group authenticate (returns ok) for request 7
Login OK: [BSC\\mking] (from client BUWiSM-1-2 port 29 cli
00-90-96-F4-2A-BB)
Sending Access-Accept of id 42 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
User-Name = "BSC\\mking"
MS-MPPE-Recv-Key =
0xc591ba3b08ad50131cfea98b977435acf2f1a67b8fa24bdc0f714f14a206dd4d
MS-MPPE-Send-Key =
0x634a3e2ae5d2af29bb76b02f332a2ea216f4ee26a99beecf7d7de7e0d50fbbef
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 35 with timestamp 4523cca8
Cleaning up request 1 ID 36 with timestamp 4523cca8
Cleaning up request 2 ID 37 with timestamp 4523cca8
Cleaning up request 3 ID 38 with timestamp 4523cca8
Cleaning up request 4 ID 39 with timestamp 4523cca8
Cleaning up request 5 ID 40 with timestamp 4523cca8
Cleaning up request 6 ID 41 with timestamp 4523cca8
Cleaning up request 7 ID 42 with timestamp 4523cca8
Nothing to do. Sleeping until we see a request.
<-------END OF XP CLIENT ----------->
<-------Start of VISTA RC1---------->
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 768000
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge}
--nt-response=%{mschap:NT-Response}"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "NULL"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file =
"/etc/raddb/certs/radius1.campus.bridgew.edu.key.pem"
tls: certificate_file =
"/etc/raddb/certs/radius1.campus.bridgew.edu.cer"
tls: CA_file =
"/etc/raddb/certs/Equifax_Secure_Certificate_Authority.cer"
tls: private_key_password = "d0wnh1ll"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = no
ttls: use_tunneled_reply = yes
rlm_eap: Loaded and initialized type ttls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = yes
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.1.21:32769, id=19,
length=179
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-04-50:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.21
NAS-Identifier = "BUWISM2-1"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message = 0x0206000e014253435c6d6b696e67
Message-Authenticator = 0x5335b5f1f1ea4714697ae8dab52086b6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 6 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 19 to 10.0.1.21 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010700061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x685d4c4ca48a8233080cf58401d7f9f1
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.21:32769, id=20,
length=303
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-04-50:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.21
NAS-Identifier = "BUWISM2-1"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x0207007819800000006e16030100690100006503014523c425e392cdb6ab121e80093b
9f9e81b904340ed9459e4a41a2e2c44f4131000018002f00350005000ac009c00ac013c0
140032003800130004010000240000000e000c0000096273635c6d6b696e67000a000800
06001700180019000b00020100
State = 0x685d4c4ca48a8233080cf58401d7f9f1
Message-Authenticator = 0xf51ef72168597a5bb9c45304b987a595
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 7 length 120
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0069], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 20 to 10.0.1.21 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010803991900160301004a0200004603014523c42a153a389c33027a20676704673a54
28622b7c411ef7ef6d8f5f6744c820883f844c82333b95bbe6fb4eb98efeed7eed2c38c2
b3746ab33ba56acb4c5d69002f0016030103360b00033200032f00032c30820328308202
91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504
0613025553311c301a060355040a1313457175696661782053656375726520496e632e31
2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573
696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131
3534
EAP-Message =
0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373
616368757365747473311430120603550407130b42726964676577617465723122302006
0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06
0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d
7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d
0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74
36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d
a8f1
EAP-Message =
0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d
f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30
81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78
8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470
3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63
726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30
1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d
1301
EAP-Message =
0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d
093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28
fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f
d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad
70695ee86ba8969fc9dc16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x12327d378a2b18e3dd3ed523aa62dd08
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.21:32769, id=21,
length=391
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-04-50:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.21
NAS-Identifier = "BUWISM2-1"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x020800d01980000000c61603010086100000820080a87da54999f079929063349f032a
8a5a70b5fe0a1808e34eaba4fff373fbe1cdda56af08f2f68aa10b5eb3690c4515f91660
b8320cd4d230e81b92515f4382569ada6bc8c077edff05fa72ef5fe36ad5025be16c510d
0d2c006f2423caa75d09b656c43edbdb1e035db2df2ef6367dc57c19605ecde7ac426ec8
10bc6179e61714030100010116030100303ae0192650047990238171481911ea4e9feddd
9623823978c81932b8991093f215abe8cc995678ca1cd047067014bfde
State = 0x12327d378a2b18e3dd3ed523aa62dd08
Message-Authenticator = 0xe1f28c4f2db04be118f2f239a24d1a60
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 8 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 21 to 10.0.1.21 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x01090041190014030100010116030100309270ea6a0446f0123968db15e799d133de68
74d37fc4e465b2b158a0af023355f67c1bcfdfd3b55d4f41d9c315d2d4df
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x164cccd238c56b132a51201da9f606d2
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 19 with timestamp 4523c42a
Cleaning up request 1 ID 20 with timestamp 4523c42a
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 21 with timestamp 4523c42c
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.0.1.21:32769, id=22,
length=179
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-04-50:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.21
NAS-Identifier = "BUWISM2-1"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message = 0x0207000e014253435c6d6b696e67
Message-Authenticator = 0xa45c092bec3fa1f4a01ddd4a480353b2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 7 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 22 to 10.0.1.21 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010800061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb7512e981ebfc531f0453b252179fb4a
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.21:32769, id=23,
length=303
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-04-50:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.21
NAS-Identifier = "BUWISM2-1"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x0208007819800000006e16030100690100006503014523c43a3bc16251e53783fce1a3
50bd27fc7b398f058ab700263b38fc84f224000018002f00350005000ac009c00ac013c0
140032003800130004010000240000000e000c0000096273635c6d6b696e67000a000800
06001700180019000b00020100
State = 0xb7512e981ebfc531f0453b252179fb4a
Message-Authenticator = 0x4037dd061564388d985a7b15ecc94b3d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 8 length 120
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0069], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 23 to 10.0.1.21 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010903991900160301004a0200004603014523c43eff68a98755cb6584a2b320e55922
67754654e2e6b77e03123132255f200e707d292a2df0d266a16ff167e9388a81e1e000e6
b47e75fc69d66565e0b3b9002f0016030103360b00033200032f00032c30820328308202
91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504
0613025553311c301a060355040a1313457175696661782053656375726520496e632e31
2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573
696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131
3534
EAP-Message =
0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373
616368757365747473311430120603550407130b42726964676577617465723122302006
0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06
0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d
7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d
0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74
36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d
a8f1
EAP-Message =
0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d
f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30
81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78
8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470
3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63
726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30
1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d
1301
EAP-Message =
0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d
093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28
fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f
d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad
70695ee86ba8969fc9dc16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x226dfc6025ceb41b405771a775872a0d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.21:32769, id=24,
length=391
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-04-50:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.21
NAS-Identifier = "BUWISM2-1"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x020900d01980000000c61603010086100000820080788fe72ca8e92cf7aa5e1e9f6f4b
a60be146ea01584bd65bde54340dfa90fc4103649b79a7af29527cd8e184a8ce2a5573d8
fe3a5d43ba54e2f595395c346262ca361c32cb98c372150af150fe43513e3796caddc08d
4d0dcad0f565a1c97077d49d493f68e838fa2253619e48eb520b29203b52b3a193576fce
d8fbc9f6b202140301000101160301003059c9797e6fb369c06f076d0590caaa9cb8fdb1
6c4b0265ae88ea00b72cb1bf7fa5c24092b4b99fb81359264d323f895c
State = 0x226dfc6025ceb41b405771a775872a0d
Message-Authenticator = 0x4824add87ee247a89d31119669853a91
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 9 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 24 to 10.0.1.21 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010a004119001403010001011603010030e17abef72a1ea429834c869af1cfdacc591d
c30a1dcaf3191eb11fcec9903709f065ecbb06360629c2a5da0e6c960790
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5ee10f39ff5d320a1966aeecffc1aef0
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.21:32769, id=25,
length=189
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-04-50:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.21
NAS-Identifier = "BUWISM2-1"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message = 0x020a00061900
State = 0x5ee10f39ff5d320a1966aeecffc1aef0
Message-Authenticator = 0xffd54fd01e3da0ecca0dc8c5e1ace252
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 10 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 25 to 10.0.1.21 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010b0050190017030100205a5b803b9936c9d7bc7bc1084668793262e8d92d5e9ab457
15a83905f499096d1703010020e1587586b0b2b020e4db4fe2e8ddc9f358dd65c45b41dc
3a4cb34437dadbffb6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6c277512990ce2e77f1b6a6f7b139385
Finished request 6
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 22 with timestamp 4523c43e
Cleaning up request 4 ID 23 with timestamp 4523c43e
Cleaning up request 5 ID 24 with timestamp 4523c43e
Cleaning up request 6 ID 25 with timestamp 4523c43e
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=9,
length=179
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-03-30:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message = 0x0202000e014253435c6d6b696e67
Message-Authenticator = 0xaf30e5052f2b362edac7d70e0ddabc3b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 2 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 9 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x71a759e20d229ec649d03cb02a88c9bc
Finished request 7
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=10,
length=335
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-03-30:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x0203009819800000008e16030100890100008503014523c445c234dcb17883e1aa617a
83e3ed34a8f7d49fab119022f6ca86585db4200e707d292a2df0d266a16ff167e9388a81
e1e000e6b47e75fc69d66565e0b3b90018002f00350005000ac009c00ac013c014003200
3800130004010000240000000e000c0000096273635c6d6b696e67000a00080006001700
180019000b00020100
State = 0x71a759e20d229ec649d03cb02a88c9bc
Message-Authenticator = 0x5a506d41bed77e362ea926f83b6db987
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 3 length 152
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0089], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read finished A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 10 to 10.0.1.12 port 32769
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message =
0x010400901900160301004a0200004603014523c44a7fd79f4548d9e376cd1a840f6239
08f7197de10c620c61dd470dce50200e707d292a2df0d266a16ff167e9388a81e1e000e6
b47e75fc69d66565e0b3b9002f0014030100010116030100304a718eb2b0428f0e39c83f
6c57c2a7ef44bffa928150bea6b0ad7c357740929d572fc96e7436ba17e9606093fe9a17
94
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x72bf131469256926f84c3cee3835349d
Finished request 8
Going to the next request
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 9 with timestamp 4523c446
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 10.0.1.12:32769, id=11,
length=252
User-Name = "BSC\\mking"
Calling-Station-Id = "00-13-02-1B-4F-01"
Called-Station-Id = "00-0B-85-24-03-30:test"
NAS-Port = 29
NAS-IP-Address = 10.0.1.12
NAS-Identifier = "BUWISM1-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4000"
EAP-Message =
0x0204004519800000003b14030100010116030100308888f68e6cf6de9c3653fdf6eed3
f2f0f341a6353fb6afb9fd6561fb1229bb07e79157e621d848fd988869da8bb98d41
State = 0x72bf131469256926f84c3cee3835349d
Message-Authenticator = 0x1b607d95cc089995e6f435db18f0b317
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 4 length 69
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 9
modcall: leaving group authenticate (returns reject) for request 9
auth: Failed to validate the user.
Login incorrect: [BSC\\mking] (from client BUWiSM-1-2 port 29 cli
00-13-02-1B-4F-01)
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 10 with timestamp 4523c44a
Sending Access-Reject of id 11 to 10.0.1.12 port 32769
EAP-Message = 0x04040004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 11 with timestamp 4523c44e
Nothing to do. Sleeping until we see a request.
<---END OF VISTA RC1 --->
More information about the Freeradius-Users
mailing list