Big Problem with peap-mschapv2+freeradius 1.1.7

Christian Frank christian.frank at rsel.renesas.com
Thu Aug 16 09:38:31 CEST 2007


Hi,

I have a big problem with my radius setup. I want to authenticate
my users with peap+mschapv2. The radius backend is an ldap server.

I have this setup working with Freeradius 1.0.1 on Redhat 4 ES.

But after upgrading to 1.1.7 this setup does not work anymore.
I configured my radius/eap/client config file the same way like the old file was.

I additionally tried to start the new radius with the old config files with the same effect, it does not work.


Here is my setup:

Freeradius 1.1.7
OPenldap (newest version)
Clients: Windows Xp Sp 2 WPA Supplicant, Juniper Odyysee Client, Cisco Secure Services Client

In my ldap i have following attributes:

cn,uid, description, UserPassword,

If i look at the logfiles, i can see that the ldap authorization seems to work. It seems that something
goes wrong with the authentication. But i cant find the reason :-( ...


Here is the logfile output of radiusd -X:

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/freeradius/etc/raddb/proxy.conf
Config:   including file: /usr/local/freeradius/etc/raddb/clients.conf
Config:   including file: /usr/local/freeradius/etc/raddb/snmp.conf
Config:   including file: /usr/local/freeradius/etc/raddb/eap.conf
Config:   including file: /usr/local/freeradius/etc/raddb/sql.conf
  main: prefix = "/usr/local/freeradius"
  main: localstatedir = "/usr/local/freeradius/var"
  main: logdir = "/usr/local/freeradius/var/log/radius"
  main: libdir = "/usr/local/freeradius/lib"
  main: radacctdir = "/usr/local/freeradius/var/log/radius/radacct"
  main: hostname_lookups = no
  main: max_request_time = 30
  main: cleanup_delay = 5
  main: max_requests = 1024
  main: delete_blocked_requests = 0
  main: port = 0
  main: allow_core_dumps = no
  main: log_stripped_names = no
  main: log_file = "/usr/local/freeradius/var/log/radius/radius.log"
  main: log_auth = no
  main: log_auth_badpass = no
  main: log_auth_goodpass = no
  main: pidfile = "/usr/local/freeradius/var/run/radiusd/radiusd.pid"
  main: user = "radiusd"
  main: group = "radiusd"
  main: usercollide = no
  main: lower_user = "no"
  main: lower_pass = "no"
  main: nospace_user = "no"
  main: nospace_pass = "no"
  main: checkrad = "/usr/local/freeradius/sbin/checkrad"
  main: proxy_requests = yes
  proxy: retry_delay = 5
  proxy: retry_count = 3
  proxy: synchronous = no
  proxy: default_fallback = yes
  proxy: dead_time = 120
  proxy: post_proxy_authorize = no
  proxy: wake_all_if_all_dead = no
  security: max_attributes = 200
  security: reject_delay = 1
  security: status_server = no
  main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/freeradius/lib
Module: Loaded exec
  exec: wait = yes
  exec: program = "(null)"
  exec: input_pairs = "request"
  exec: output_pairs = "(null)"
  exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
  pap: encryption_scheme = "crypt"
  pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
  mschap: use_mppe = yes
  mschap: require_encryption = no
  mschap: require_strong = no
  mschap: with_ntdomain_hack = no
  mschap: passwd = "(null)"
  mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
  unix: cache = no
  unix: passwd = "(null)"
  unix: shadow = "(null)"
  unix: group = "(null)"
  unix: radwtmp = "/usr/local/freeradius/var/log/radius/radwtmp"
  unix: usegroup = no
  unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
  eap: default_eap_type = "peap"
  eap: timer_expire = 60
  eap: ignore_unknown_eap_types = no
  eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
  gtc: challenge = "Password: "
  gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
  tls: rsa_key_exchange = no
  tls: dh_key_exchange = yes
  tls: rsa_key_length = 512
  tls: dh_key_length = 512
  tls: verify_depth = 0
  tls: CA_path = "(null)"
  tls: pem_file_type = yes
  tls: private_key_file = "/usr/local/certs/wcsserver.key"
  tls: certificate_file = "/usr/local/certs/wcsserver.pem"
  tls: CA_file = "/usr/local/certs/root.pem"
  tls: private_key_password = "wcs"
  tls: dh_file = "/usr/local/freeradius/etc/raddb/certs/dh"
  tls: random_file = "/usr/local/freeradius/etc/raddb/certs/random"
  tls: fragment_size = 1024
  tls: include_length = yes
  tls: check_crl = no
  tls: check_cert_cn = "(null)"
  tls: cipher_list = "(null)"
  tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
  peap: default_eap_type = "mschapv2"
  peap: copy_request_to_tunnel = no
  peap: use_tunneled_reply = no
  peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
  mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
  preprocess: huntgroups = "/usr/local/freeradius/etc/raddb/huntgroups"
  preprocess: hints = "/usr/local/freeradius/etc/raddb/hints"
  preprocess: with_ascend_hack = no
  preprocess: ascend_channels_per_line = 23
  preprocess: with_ntdomain_hack = no
  preprocess: with_specialix_jetstream_hack = no
  preprocess: with_cisco_vsa_hack = no
  preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
  realm: format = "suffix"
  realm: delimiter = "@"
  realm: ignore_default = no
  realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
  files: usersfile = "/usr/local/freeradius/etc/raddb/users"
  files: acctusersfile = "/usr/local/freeradius/etc/raddb/acct_users"
  files: preproxy_usersfile = "/usr/local/freeradius/etc/raddb/preproxy_users"
  files: compat = "no"
Module: Instantiated files (files)
Module: Loaded LDAP
  ldap: server = "150.150.40.241"
  ldap: port = 389
  ldap: net_timeout = 1
  ldap: timeout = 4
  ldap: timelimit = 3
  ldap: identity = "cn=Manager,dc=rsel,dc=com"
  ldap: tls_mode = no
  ldap: start_tls = no
  ldap: tls_cacertfile = "(null)"
  ldap: tls_cacertdir = "(null)"
  ldap: tls_certfile = "(null)"
  ldap: tls_keyfile = "(null)"
  ldap: tls_randfile = "(null)"
  ldap: tls_require_cert = "allow"
  ldap: password = "secret"
  ldap: basedn = "dc=rsel,dc=com"
  ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  ldap: base_filter = "(objectclass=radiusprofile)"
  ldap: default_profile = "(null)"
  ldap: profile_attribute = "(null)"
  ldap: password_header = "(null)"
  ldap: password_attribute = "(null)"
  ldap: access_attr = "uid"
  ldap: groupname_attribute = "cn"
  ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  ldap: groupmembership_attribute = "(null)"
  ldap: dictionary_mapping = "/usr/local/freeradius/etc/raddb/ldap.attrmap"
  ldap: ldap_debug = 0
  ldap: ldap_connections_number = 5
  ldap: compare_check_items = no
  ldap: access_attr_used_for_allow = yes
  ldap: do_xlat = yes
  ldap: set_auth_type = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: Over-riding set_auth_type, as we're not listed in the "authenticate" section.
rlm_ldap: reading ldap<->radius mappings from file /usr/local/freeradius/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
conns: 0x9979d68
Module: Instantiated ldap (ldap)
Module: Loaded Acct-Unique-Session-Id
  acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
  detail: detailfile = "/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
  detail: detailperm = 384
  detail: dirperm = 493
  detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
  radutmp: filename = "/usr/local/freeradius/var/log/radius/radutmp"
  radutmp: username = "%{User-Name}"
  radutmp: case_sensitive = yes
  radutmp: check_with_nas = yes
  radutmp: perm = 384
  radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 150.150.40.141:32769, id=107, length=150
     User-Name = "cfra"
     Calling-Station-Id = "00-0D-F0-1E-DE-BF"
     Called-Station-Id = "00-0B-85-91-89-B0:RSEL"
     NAS-Port = 29
     NAS-IP-Address = 150.150.40.141
     NAS-Identifier = "RSEL-WLC"
     Airespace-Wlan-Id = 1
     Service-Type = Framed-User
     Framed-MTU = 1300
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x020400090163667261
     Message-Authenticator = 0x4d1154f01781893214d80dc924c4cdb8
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
   modcall[authorize]: module "chap" returns noop for request 0
   modcall[authorize]: module "mschap" returns noop for request 0
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 0
   rlm_eap: EAP packet type response id 4 length 9
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 0
     users: Matched entry DEFAULT at line 153
     users: Matched entry DEFAULT at line 172
   modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 150.150.40.241:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=rsel,dc=com/secret to 150.150.40.241:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 107 to 150.150.40.141 port 32769
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010500061920
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x68eb865ee357444579d56ef8dd18b568
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 150.150.40.141:32769, id=108, length=239
     User-Name = "cfra"
     Calling-Station-Id = "00-0D-F0-1E-DE-BF"
     Called-Station-Id = "00-0B-85-91-89-B0:RSEL"
     NAS-Port = 29
     NAS-IP-Address = 150.150.40.141
     NAS-Identifier = "RSEL-WLC"
     Airespace-Wlan-Id = 1
     Service-Type = Framed-User
     Framed-MTU = 1300
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x0205005019800000004616030100410100003d030146bb0481120e954898fc6765c741badb30fa41d1af048bb118f6dd383aeea06600001600040005000a000900640062000300060013001200630100
     State = 0x68eb865ee357444579d56ef8dd18b568
     Message-Authenticator = 0x2a025ab7d5abf0ac510f213d9016805d
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
   modcall[authorize]: module "preprocess" returns ok for request 1
   modcall[authorize]: module "chap" returns noop for request 1
   modcall[authorize]: module "mschap" returns noop for request 1
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 1
   rlm_eap: EAP packet type response id 5 length 80
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 1
     users: Matched entry DEFAULT at line 153
     users: Matched entry DEFAULT at line 172
   modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 1
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
     (other): before/accept initialization
     TLS_accept: before/accept initialization
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
     TLS_accept: SSLv3 read client hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
     TLS_accept: SSLv3 write server hello A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 04e9], Certificate
     TLS_accept: SSLv3 write certificate A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
     TLS_accept: SSLv3 write server done A
     TLS_accept: SSLv3 flush data
     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
   eaptls_process returned 13
   rlm_eap_peap: EAPTLS_HANDLED
   modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 108 to 150.150.40.141 port 32769
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 
0x0106040a19c000000546160301004a02000046030146bb04823834ea970dc6dc2ef5bec117c325fedde71c1240ea63dfd128d8096520e3d954c547d2a4c0e0bcdffdd83ba7f747963e13375345a09eab86e6787d70f000040016030104e90b0004e50004e200027430820270308201d9a003020102020101300d06092a864886f70d0101050500306d3110300e060355040313075253454c204341310b3009060355040b13024954310b3009060355040b13024954310d300b060355040a13045253454c3111300f060355040713084c616e64736875743110300e0603550408130742617661726961310b3009060355040613024445301e170d303730
     EAP-Message = 
0x3830363030303030305a170d3038303830363233353935395a301f311d301b060355040313147763732e7273656c2e72656e657361732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100bfdca3c73f9d3442ee1d8fd3edb90bc20a935415000efe8003eca3cea0168658ccf33924df3648aa81744a9d15f69ceece4373e1b25d294f93b93cb98371cb9cfd159a917c2e099b8954d9751626ba4a0fe8972b9459538ff3894d078253dec1e445d976ad05207e6d4d2da68d1343e6db85fe7f64bab0f83a8dca8afd1d26370203010001a36e306c30160603551d250101ff040c300a06082b060105050703013052060355
     EAP-Message = 
0x1d1f044b30493047a045a0438641687474703a2f2f70633430333335313a383038302f736572766c65742f636f6d2e66756e6b2e6f6463612e7365727665722e736572766c6574732e47657443524c300d06092a864886f70d0101050500038181001ed004b5c41754dc2c5cfaaac2217d6a90aca3b5aaf7a27461102d4acdfe2905836a9baed7c6aaa41914893be6cfad54589fa57b359a491097b6d60fe8b2a090e68a2adc4f2654875d9585a9759eefa924cf421c29f71e08a4eeb5ad5d23da6bdd9b5a9bac4549edd8004c553ca9a19c948c0a895f0622141645d18dfea4427800026830820264308201cda003020102020100300d06092a864886
     EAP-Message = 
0xf70d0101050500306d3110300e060355040313075253454c204341310b3009060355040b13024954310b3009060355040b13024954310d300b060355040a13045253454c3111300f060355040713084c616e64736875743110300e0603550408130742617661726961310b3009060355040613024445301e170d3037303830363030303030305a170d3137303830363233353935395a306d3110300e060355040313075253454c204341310b3009060355040b13024954310b3009060355040b13024954310d300b060355040a13045253454c3111300f060355040713084c616e64736875743110300e0603550408130742617661726961310b300906
     EAP-Message = 0x035504061302444530819d300d06092a864886f70d01
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x7faa5cbebe7ecf725bf86d55d240bbe8
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 150.150.40.141:32769, id=109, length=165
     User-Name = "cfra"
     Calling-Station-Id = "00-0D-F0-1E-DE-BF"
     Called-Station-Id = "00-0B-85-91-89-B0:RSEL"
     NAS-Port = 29
     NAS-IP-Address = 150.150.40.141
     NAS-Identifier = "RSEL-WLC"
     Airespace-Wlan-Id = 1
     Service-Type = Framed-User
     Framed-MTU = 1300
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x020600061900
     State = 0x7faa5cbebe7ecf725bf86d55d240bbe8
     Message-Authenticator = 0xe15ed9d6d6a23fbc6b6b571b22ea97da
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
   modcall[authorize]: module "preprocess" returns ok for request 2
   modcall[authorize]: module "chap" returns noop for request 2
   modcall[authorize]: module "mschap" returns noop for request 2
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 2
   rlm_eap: EAP packet type response id 6 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 2
     users: Matched entry DEFAULT at line 153
     users: Matched entry DEFAULT at line 172
   modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 2
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns updated) for request 2
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   rlm_eap_peap: EAPTLS_HANDLED
   modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 109 to 150.150.40.141 port 32769
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 
0x0107014c19000101050003818b0030818702818100b74f716b56b2464b8bd640955a1ffb274335f05646eddff3f93dcd47520eb764f5bd05d510275861f30e7e727c4b0ccc10797b1ed07bf9e98d88ba4d91ef041e0fc5a7f755b4b375d196170ab1a47c38a75e8d44bf09e20fe0e86994fe89060820e9f5fd284dc1551d48aa64951dbed7410548aeac1824ac5ddbdf629c946be5020111a316301430120603551d130101ff040830060101ff020100300d06092a864886f70d0101050500038181005649f966db9fe97da32747c5cc3af6cf15fde8f9c0db98db3aae700e3e74d1cc0fd07969def57f876d864aa05a01a5ef961487081ad57e4b18e7
     EAP-Message = 0xd3a445ed9de2c9f4e79376f2991b4796ecf3ecb27786443b7e99b9e24b27756c03d9123a93a1eb8c091b796e6ce73f66a9700a71f24f7874de816052c4bc1f25b05235abf93c16030100040e000000
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x23155c0d1d93ad5dbc16ec39a8d2c3b9
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 150.150.40.141:32769, id=110, length=351
     User-Name = "cfra"
     Calling-Station-Id = "00-0D-F0-1E-DE-BF"
     Called-Station-Id = "00-0B-85-91-89-B0:RSEL"
     NAS-Port = 29
     NAS-IP-Address = 150.150.40.141
     NAS-Identifier = "RSEL-WLC"
     Airespace-Wlan-Id = 1
     Service-Type = Framed-User
     Framed-MTU = 1300
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 
0x020700c01980000000b61603010086100000820080495fd3d574ec2239838b12e8424f7be6f1c2ec76d01f8a1e98f29dfab39473b098c9ff3cf88c3c8bc70998c01deb0c23178b4eb276583ef49ab2674a59df2d72f001f5085ec1a47cbddbf2b9e2fa8dc0f69337f0ad559106dfa4274f5938f819812e5054614fc378fa02204aa694b064b1a87d3e7c4f969af871e6a11d10fe1a14030100010116030100201934f29bfc4143780f9d8a064a905b28d39133a3ce5ba7cf8c71cff46fa43caf
     State = 0x23155c0d1d93ad5dbc16ec39a8d2c3b9
     Message-Authenticator = 0x393a942966cf2b7c324ddd4dd16dec0d
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
   modcall[authorize]: module "preprocess" returns ok for request 3
   modcall[authorize]: module "chap" returns noop for request 3
   modcall[authorize]: module "mschap" returns noop for request 3
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 3
   rlm_eap: EAP packet type response id 7 length 192
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 3
     users: Matched entry DEFAULT at line 153
     users: Matched entry DEFAULT at line 172
   modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 3
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 3
modcall: leaving group authorize (returns updated) for request 3
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
   eaptls_verify returned 11
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
     TLS_accept: SSLv3 read client key exchange A
   rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
     TLS_accept: SSLv3 read finished A
   rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
     TLS_accept: SSLv3 write change cipher spec A
   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
     TLS_accept: SSLv3 write finished A
     TLS_accept: SSLv3 flush data
     (other): SSL negotiation finished successfully
SSL Connection Established
   eaptls_process returned 13
   rlm_eap_peap: EAPTLS_HANDLED
   modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 110 to 150.150.40.141 port 32769
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010800311900140301000101160301002082da3d461e5ae1bf666a365a53d76857c9ff00417315c05c661163e3c961f9dd
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x3f6e7b9f5ef8c1f052063c8070722eb5
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 150.150.40.141:32769, id=111, length=165
     User-Name = "cfra"
     Calling-Station-Id = "00-0D-F0-1E-DE-BF"
     Called-Station-Id = "00-0B-85-91-89-B0:RSEL"
     NAS-Port = 29
     NAS-IP-Address = 150.150.40.141
     NAS-Identifier = "RSEL-WLC"
     Airespace-Wlan-Id = 1
     Service-Type = Framed-User
     Framed-MTU = 1300
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x020800061900
     State = 0x3f6e7b9f5ef8c1f052063c8070722eb5
     Message-Authenticator = 0xe57181a04355eb33e37ba9aca6cd8514
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
   modcall[authorize]: module "preprocess" returns ok for request 4
   modcall[authorize]: module "chap" returns noop for request 4
   modcall[authorize]: module "mschap" returns noop for request 4
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 4
   rlm_eap: EAP packet type response id 8 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 4
     users: Matched entry DEFAULT at line 153
     users: Matched entry DEFAULT at line 172
   modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 4
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 4
modcall: leaving group authorize (returns updated) for request 4
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake is finished
   eaptls_verify returned 3
   eaptls_process returned 3
   rlm_eap_peap: EAPTLS_SUCCESS
   modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 111 to 150.150.40.141 port 32769
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x01090020190017030100156e23c73668274ce98de77cea4b16a1ac74a092de4e
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xad83e1fbd1b19043a005f2c19aeef040
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 150.150.40.141:32769, id=112, length=191
     User-Name = "cfra"
     Calling-Station-Id = "00-0D-F0-1E-DE-BF"
     Called-Station-Id = "00-0B-85-91-89-B0:RSEL"
     NAS-Port = 29
     NAS-IP-Address = 150.150.40.141
     NAS-Identifier = "RSEL-WLC"
     Airespace-Wlan-Id = 1
     Service-Type = Framed-User
     Framed-MTU = 1300
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x02090020190017030100152026241d2abf412ed21c7e07fec512665f40ff40c9
     State = 0xad83e1fbd1b19043a005f2c19aeef040
     Message-Authenticator = 0xa865b16188d69faf0368c5f653c609a2
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
   modcall[authorize]: module "preprocess" returns ok for request 5
   modcall[authorize]: module "chap" returns noop for request 5
   modcall[authorize]: module "mschap" returns noop for request 5
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 5
   rlm_eap: EAP packet type response id 9 length 32
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 5
     users: Matched entry DEFAULT at line 153
     users: Matched entry DEFAULT at line 172
   modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 5
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Process1ing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   eaptls_process returned 7
   rlm_eap_peap: EAPTLS_OK
   rlm_eap_peap: Session established.  Decoding tunneled attributes.
   rlm_eap_peap: Identity - cfra
   rlm_eap_peap: Tunneled data is valid.
   PEAP: Got tunneled identity of cfra
   PEAP: Setting default EAP type for tunneled EAP session.
   PEAP: Setting User-Name to cfra
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
   modcall[authorize]: module "preprocess" returns ok for request 5
   modcall[authorize]: module "chap" returns noop for request 5
   modcall[authorize]: module "mschap" returns noop for request 5
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 5
   rlm_eap: EAP packet type response id 9 length 9
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 5
     users: Matched entry DEFAULT at line 153
   modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 5
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
   rlm_eap: EAP Identity
   rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
   modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
   PEAP: Got tunneled Access-Challenge
   modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 112 to 150.150.40.141 port 32769
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010a00351900170301002aff32a30b0e247564738de0340239c09df40a8bc617850bc63caa463b8ed880c9dc10bdccdacd8e5a3f08
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0x4892210e53e8fe174260c82262478541
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 150.150.40.141:32769, id=113, length=245
     User-Name = "cfra"
     Calling-Station-Id = "00-0D-F0-1E-DE-BF"
     Called-Station-Id = "00-0B-85-91-89-B0:RSEL"
     NAS-Port = 29
     NAS-IP-Address = 150.150.40.141
     NAS-Identifier = "RSEL-WLC"
     Airespace-Wlan-Id = 1
     Service-Type = Framed-User
     Framed-MTU = 1300
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x020a00561900170301004bd1add2fef5102e65f6ff8f7a230b9eb0720cfe38fe6a7cdd411f085025c7d4ef8b22504381b79e2235c204df4517fbe4c63e48a840ea6dcce4a245a3505e36162e4e9c468ec874ce80befb
     State = 0x4892210e53e8fe174260c82262478541
     Message-Authenticator = 0x0c8912dbebdfc69e7bc99568217feaac
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
   modcall[authorize]: module "preprocess" returns ok for request 6
   modcall[authorize]: module "chap" returns noop for request 6
   modcall[authorize]: module "mschap" returns noop for request 6
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 6
   rlm_eap: EAP packet type response id 10 length 86
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 6
     users: Matched entry DEFAULT at line 153
     users: Matched entry DEFAULT at line 172
   modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 6
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   eaptls_process returned 7
   rlm_eap_peap: EAPTLS_OK
   rlm_eap_peap: Session established.  Decoding tunneled attributes.
   rlm_eap_peap: EAP type mschapv2
   rlm_eap_peap: Tunneled data is valid.
   PEAP: Setting User-Name to cfra
   PEAP: Adding old state with 07 60
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
   modcall[authorize]: module "preprocess" returns ok for request 6
   modcall[authorize]: module "chap" returns noop for request 6
   modcall[authorize]: module "mschap" returns noop for request 6
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 6
   rlm_eap: EAP packet type response id 10 length 63
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 6
     users: Matched entry DEFAULT at line 153
   modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 6
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/mschapv2
   rlm_eap: processing type mschapv2
   Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
   rlm_mschap: Told to do MS-CHAPv2 for cfra with NT-Password
   rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
   modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
   rlm_eap: Freeing handler
   modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
   PEAP: Tunneled authentication was rejected.
   rlm_eap_peap: FAILURE
   modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 113 to 150.150.40.141 port 32769
     Framed-IP-Address = 255.255.255.254
     Framed-MTU = 576
     Service-Type = Framed-User
     EAP-Message = 0x010b00261900170301001b227f4f0044ed450b943d764372f9aeaaf71c46a3058b6d5c1868d3
     Message-Authenticator = 0x00000000000000000000000000000000
     State = 0xd997668a26711f7f503add1a238036b5
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 150.150.40.141:32769, id=114, length=197
     User-Name = "cfra"
     Calling-Station-Id = "00-0D-F0-1E-DE-BF"
     Called-Station-Id = "00-0B-85-91-89-B0:RSEL"
     NAS-Port = 29
     NAS-IP-Address = 150.150.40.141
     NAS-Identifier = "RSEL-WLC"
     Airespace-Wlan-Id = 1
     Service-Type = Framed-User
     Framed-MTU = 1300
     NAS-Port-Type = Wireless-802.11
     EAP-Message = 0x020b00261900170301001b9a93dc0f7a25b95069f4c7e40e2cbbc67b017273477fe23f6cdecb
     State = 0xd997668a26711f7f503add1a238036b5
     Message-Authenticator = 0x732ff4feed977f31e020b461f7c174bb
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
   modcall[authorize]: module "preprocess" returns ok for request 7
   modcall[authorize]: module "chap" returns noop for request 7
   modcall[authorize]: module "mschap" returns noop for request 7
     rlm_realm: No '@' in User-Name = "cfra", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 7
   rlm_eap: EAP packet type response id 11 length 38
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 7
     users: Matched entry DEFAULT at line 153
     users: Matched entry DEFAULT at line 172
   modcall[authorize]: module "files" returns ok for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cfra
radius_xlat:  '(uid=cfra)'
radius_xlat:  'dc=rsel,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=rsel,dc=com, with filter (uid=cfra)
rlm_ldap: checking if remote access for cfra is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cfra authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
   modcall[authorize]: module "ldap" returns ok for request 7
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 7
modcall: leaving group authorize (returns updated) for request 7
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
   eaptls_verify returned 7
   rlm_eap_tls: Done initial handshake
   eaptls_process returned 7
   rlm_eap_peap: EAPTLS_OK
   rlm_eap_peap: Session established.  Decoding tunneled attributes.
   rlm_eap_peap: Received EAP-TLV response.
   rlm_eap_peap: Tunneled data is valid.
   rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected earlier in this session.
  rlm_eap: Handler failed in EAP/peap
   rlm_eap: Failed in EAP select
   modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 114 to 150.150.40.141 port 32769
     EAP-Message = 0x040b0004
     Message-Authenticator = 0x00000000000000000000000000000000


Thanks for your help,
Christian

****************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on
it, is prohibited.
E-mail messages are not necessarily secure.  Renesas does not accept
responsibility for any changes made to this message after it was sent.
Please note that this email message has been swept by Renesas for
the presence of computer viruses.

Renesas Semiconductor Europe (Landshut) GmbH
Jenaer Strasse 1, 84034 Landshut
Tel.: +49-(0)871-684-0, Fax: +49-(0)871-684-150
www.rsel.renesas.com

GESCHAEFTSFUEHRER:  Dipl.-Ing. YOSHIHARU KAKUI
GESCHAEFTSFUEHRER:  Dipl.-Phys. STEFAN SAUER

Registergericht Landshut HRB 1464
Ust-ldNr.: DE 128953054  Steuer-Nr.: 132/136/30347

HypoVereinsbank, Landshut, Kto.-Nr. 3704 700 (BLZ  743 200 73) 
Mizuho Corporate Bank (Germany) AG, Frankfurt, Kto.-Nr. 200 733 (BLZ 503 308 00)
****************************************************************************




More information about the Freeradius-Users mailing list