error in SSLv3 read client certificate A
Ancalagon
ancalagon at bluebottle.com
Fri Aug 24 14:35:22 CEST 2007
Hi all
I have an SSL error.
I have installed a server on a vmware VM, and on it, I was able to make
EAP/TLS without any problem.
That is on a Suse 10. The FR version is 1.1.0. The openssl version is
0.9.8a (package openssl-0.9.8a-18.4). The compat-openssl097g-0.9.7g-13.2
is also installed.
I made a Xen domU with a Suse 10. I copy the /etc/raddb to the xen domU,
and start the server. With the xen domU I'm able to make MAC
authentication, but, when I want to enable also the EAP/TLS.
I got the following error :
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
*TLS_accept*: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
*TLS_accept*: *SSLv3* read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
*TLS_accept*: *SSLv3* write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 12a2], Certificate
*TLS_accept*: *SSLv3* write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 000e], CertificateRequest
*TLS_accept*: *SSLv3* write certificate request A
*TLS_accept*: *SSLv3* flush data
*TLS_accept*:*error* in *SSLv3* read client certificate A
In SSL Handshake Phase
In SSL Accept mode
After that, there is a loop with "Access-Challenge" and the port keep to
be closed.
On the xen domU, the version of radius is 1.1.0
The version of openssl is 0.9.8a (package openssl-0.9.8a-16). The
compat-openssl097g-0.9.7g-11 is also installed.
The supplicant is a Windows XP SP2
Thanks for any help
Ancalagon
Here a complete log :
The IP address of the FR is 10.10.22.222
The IP of the AP is 10.10.22.8
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: bind_address = 10.10.22.222 IP address [10.10.22.222]
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "yes"
main: lower_pass = "yes"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "/etc/raddb/cacerts/"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/BALIN.pem"
tls: certificate_file = "/etc/raddb/certs/BALIN.pem"
tls: CA_file = "(null)"
tls: private_key_password = "******"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = yes
tls: check_cert_cn = "%{User-Name}"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded LDAP
ldap: server = "10.10.22.222"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "cn=admin,dc=company,dc=test"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = "*****"
ldap: basedn = "dc=company,dc=test"
ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "uid"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = yes
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
ldap: edir_account_policy_check = no
ldap: set_auth_type = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: Over-riding set_auth_type, as we're not listed in the
"authenticate" section.
rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS NAS-Port-Id
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS NAS-Port-Type
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS NAS-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x5555557a5420
Module: Instantiated ldap (ldap)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication 10.10.22.222:1812
Listening on accounting 10.10.22.222:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=143,
length=205
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0207000b01585054455354
Message-Authenticator = 0x35d62b249b863c177d4663bf92391b74
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_eap: EAP packet type response id 7 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 143 to 10.10.22.8 port 1024
EAP-Message = 0x010800060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x25c308680d7c72cc1f78bf6a548311d1
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=144,
length=292
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x25c308680d7c72cc1f78bf6a548311d1
EAP-Message =
0x020800500d800000004616030100410100003d030146ced9e2ca2f9040f64a516358ecc7209b6f9b7d738e332a0c209a933c27e98300001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x033115f290de31d0309264338bc8af51
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_eap: EAP packet type response id 8 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 12a2], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 000e], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 144 to 10.10.22.8 port 1024
EAP-Message =
0x0109040a0dc000001309160301004a02000046030146cec8073eb4b4f6f3ee90841d97f4d2cd5950fe1765f13c409bfd32d68175bc2064b6217103f637ebd06212b630440e2aa27fb1a3fdbe533a62bf99b073a11e1100040016030112a20b00129e00129b00064a308206463082042ea003020102020103300d06092a864886f70d0101050500307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130553756243413123302106092a864886f70d01090116146c6f67697374696340636f6d
EAP-Message =
0x69746572692e6265301e170d3037303630353134343130325a170d3137303630323134343130325a307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130542414c494e3123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e626530820222300d06092a864886f70d01010105000382020f003082020a0282020100a16a2a34bf1b96e1ea0bd4139b3932cdd36dd5dc27319cbb646d449ddc7957ba4033e3da40ff1faf3e50369a9dd86ec6426bd1f904fe
EAP-Message =
0x46ce2f3991e88e71921b5a9c438bb499b083cc9b8ff9053bb78f640741b9450106bc38935548e4e84064706b87939b45afeae8f54eba236d0eb10ab0e24a91836da1269558f548e1404083d09f1c5ef16a04d71daaae7e4d8cd813e6b504f1e8fbe7fbc5626f5e88949914d0ba6fa8251ad4cd50011f78e8f56349d236c0ccd0f4e33f8f017d315a2049cde819595366d4f39bfe59514ecafaac65137076a42972c912bdfb559f76e1543aa680851037a8a3a74696d9b884ee95aa26a4bfdde2756e53efed54d89007529b28d516312403af94ff96c80d0203c88b56c5b3e1fd75bc059c74f0096ea2aee53f1e0570264a50cc163be97a9e478b9d9d0c
EAP-Message =
0x877fe3447d42cbc47eccdc17ba1f58d3b6c49869a6cb027464588ef0b9c19fb0b9973f12655962a6b5d81469654397eebc6c5da4013dcabe34fa7c5c21c3c8406459bfeeaacc90db5768a207771009d3fa694a1fbb9bff1e6ec4cad763c13f74a046acd36043fd37b28823171ec62a5cdc6d3eee81ba41829829090bb0ca1624d35e966a6c685c502195cab4d0168424277901dc4207e8a17ca5437caa18eaac42c99cafa9023c760c7d3d4cefdd0c3eab96ba0fd7144698ae55ff9d3383755b485668d065938f3df4a928bb7b0203010001a381d23081cf300c0603551d130101ff04023000301106096086480186f84201010404030205a030390609
EAP-Message = 0x6086480186f842010d042c162a42414c494e20536572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x38cde1036ec530eb79833ddd0e0d91a6
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=145,
length=218
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x38cde1036ec530eb79833ddd0e0d91a6
EAP-Message = 0x020900060d00
Message-Authenticator = 0xf9e7e6874c2dddbd73eedc5586a4e9c0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_eap: EAP packet type response id 9 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 145 to 10.10.22.8 port 1024
EAP-Message =
0x010a040a0dc000001309766572204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604144743ccf509e7fbdfde43593e1bfc76ab94a47de9301f0603551d230418301680142e056f0838c7777e4676696dd17fdffd557cdd8930130603551d25040c300a06082b06010505070301301c0603551d1104153013821162616c696e2e636f6d69746572692e6265300d06092a864886f70d010105050003820201008e6ba1ac563fe4e39d54d5d97ea3c715e1b0677c15cb205cdd32fb393573bdc3cbf65d7fe1198194de2ae1ece320757aa07f51600a68a646cae74540a416c38eaa800f62d54b22b65f2eb7
EAP-Message =
0x390fbbb83c6db45edc7cff3f631103582eece62a1a2c65696ed7b985ff415541e7c20ed68adf7c86668d48cba43696d76d77f19bb63953a4a87d5660b9eada868a6aa963d0fb62caded8e3e5f18c94b2c6f77f3769fcb0c9f2ae57488ce0ed490ff82f6dbfe9356a8d3bd1ae99151892b51c6ed1e29c7ebdc1031777bed9a3100fa1f286a416e7f153089e89fa4961854f97a1868e44e47c83edc49e1a35110f82b14e5ef785c3514fdcf2af20b29a56ae1ab5fbf94e1654438f6bc15318b905b0e8aab8e148611c7536b746d07fb03e5c495dcc7043e0c8e509e27ae2f67930aaf61d66c7841d4ca4c6850a24c5fceba76889e87d627ef06f48adfd9c
EAP-Message =
0x115a8538ff89a311c19c8b13b8744698e2332baee87dbf327e99c89853313ccd35e9fafba5ef3c0e5ef250ed1ebdabd5185d1cbcc6b27292b9d164e84dba0fbca94bffc5f731c4d316083175ef2379de60610656e9bc851922b6576418b272641e99aca9f68ad03e63a66b5cc83c496577e86ff0e1ef332be90d583b7d0cd13d5c08c9e649cf18b2e4d938dcf8cd0f457b808ea2c1d0cdd9322b3bfde7d016daa2ac68e1e0040fd81ded1ded5e4be298bf6a9591522176a80006323082062e30820416a003020102020102300d06092a864886f70d0101050500307d310b30090603550406130242453110300e0603550408130742454c4749554d3113
EAP-Message =
0x3011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d06035504031306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265301e170d3037303630353134343031365a170d3137303630323134343031365a307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130553756243413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265308202
EAP-Message = 0x22300d06092a864886f70d01010105000382020f0030
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8ea25b4708c7dfc009cab784c6064dd1
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=146,
length=218
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x8ea25b4708c7dfc009cab784c6064dd1
EAP-Message = 0x020a00060d00
Message-Authenticator = 0xa0f1f89749109edcb5c4b6b8ba7ecfbc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
rlm_eap: EAP packet type response id 10 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 146 to 10.10.22.8 port 1024
EAP-Message =
0x010b040a0dc00000130982020a0282020100d882fa95e8d4bd71732ea535182ac05bc095bc52c0ea55eab26bec1751795413b27815488ecedd9cca6e1bce21a8bb1cb285b12686b6b77a4f91bf3043c65025b343fe8f8cc015ad70c630c0c6ce2c9ee2d702ece13f306b438c2a3bee0e3c4de2ac007525a890b04d67bcff032bd909efebea3d6b8df57c4edba1f055948f8b584a704b24d1e8c28449825705f3c3bdad8f863d7b6a274028c2cdfa5724aafdd46067151656ff0ebec18cd825a05858423cc983c1baa0cffdbb88954cb3fd361b885eb1e91650613af631533d5ccce2b73070f28929f6c0b79f57d8478f104e42ef8895c81b9cae0da4ce
EAP-Message =
0x3c1e51112bbc9bbbcd7f12c550466bf84823db89710cf993522e4a3b15379453900a5e6f7e22aaeab1f2ceec26476cf1519c7f6f7aac52f99e3490bbc9d83a135e9a4aea7ecbb238b4500d2614465f23d8ec118785335b2d0261930940d7b288e204964776fe548bf34e7f79b8c67ad90ed6c6d20548b556193f3e0c07b73ce30a6bfa59eece19499ea0c5eb812ba759b65c28b70b1aec0a5de8a0772eb21176f91921c9aa447850af35fcfa975d4ca15543d80aaf963c542f9349a27f24d8f7eed2648f5cea65ef5d32eb1ef8b602367ca2e59243b3f54a8ef3c872fa58cce494cefeb4e6874b9dababe972edf1d02c531aa249eddb99e6f42c223387
EAP-Message =
0x38146319faf5df938ccdb5c9690f886a31470467ca7e1d450203010001a381b93081b6300f0603551d130101ff040530030101ff301106096086480186f84201010404030206c0303206096086480186f842010d042516235375624341204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604142e056f0838c7777e4676696dd17fdffd557cdd89301f0603551d23041830168014f7065eae7de0f71ccc4af436e2a9de730fb69e61301c0603551d1104153013821162616c696e2e636f6d69746572692e6265300d06092a864886f70d010105050003820201008c49de7d69e2e7772465c1910cd94a34
EAP-Message =
0x26a9eee42487c3a7ede8666cbedd93dc9e5676e82f92d6bfdc4273685a917eb3bb8f870a5a4fa08326b7d33a340b3c566081780443a10aa472a4d8b9f2c5d1ed373bf68f1f7c3b62654fb78cb0bfca7caf40d48f9924272092bba18b03e442115056edbfcd1852438275ebc2c1d31a00923b94e003b5b3dbeb0c762baf339f9c40538da28696f964f9a69ae1c8923001a8225afc7dec8aa1040d455a1f3f70cf38c5664bc91fedc5c6041dc3055ead27c5d75e3f7b336358cf02f04e733998c00b231e738d29d73021e3f2ab0a7bb0581d5bf366cd5954d9bcbeb76cc106dd8f67f61e9fd5fb7e5a9224583209ec1c6da72ead32517b45360065babec7
EAP-Message = 0x30404719a25565b1b018ee1b3140a208ad74c7bb2557
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x56c4aaa602ee163eae0551c02201778d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=147,
length=218
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x56c4aaa602ee163eae0551c02201778d
EAP-Message = 0x020b00060d00
Message-Authenticator = 0xba9515c4b486e9213d3ad85ecd98fb46
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
rlm_eap: EAP packet type response id 11 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 147 to 10.10.22.8 port 1024
EAP-Message =
0x010c040a0dc00000130979101945c8a25e08ce719f139daab89f2913ec5a47308ebdf22f8a97b42772d43600a550950c3cfb38f75aad86fc924bb06e4a869f5a7d3bd1edd940b87322b6df7c676584cc8d206b0f32d24aca570c1e10e3f9754f04ceb9a8d01dba47327277c18279173b000dd3748b98c2c18cc7b486a2eea4c1c0aba7d1b8a6d050be0908f254c10fd7a773794d45c9cea67f454d5d7a14b24c3dca291f10f784f0318f705ac70ec12ec9bb5a974d292f3a17b568f0e06d01f9d557c499087518643b980be0d34eaaff5210d1fa4a3e153db7d2a0ed6cf742f21180d0fe471d3b00061630820612308203faa003020102020101300d06
EAP-Message =
0x092a864886f70d0101050500307d310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d06035504031306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265301e170d3037303630353134333935335a170d3137303630323134333935335a307d310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d0603550403
EAP-Message =
0x1306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e626530820222300d06092a864886f70d01010105000382020f003082020a0282020100b20918065a6b84ce3d8f7249c8cb3c071b17ec534527ca69411e2cb8cdfaacdea3cd4390ff22a4b6042992f4392daf7bfc6e0ded3c4097d64330d5e8c8cbf5d6156e6fe02554157b82c65f82cf3f76bfe265ed9b4d48f75f28a2e792d402bfbf35f3d14aa5d6e45de6d56e93b56bd6fd7b418b1924ad9a864d49911fe14a5878713085105e59fe76aa2a8dd1ce01e06dd702d0bee64af8942164d34f2b5132a1dcd2170c76abf5ef18010038650334
EAP-Message =
0xe7c057b193c1aa785eb9a379469f00a2c8f3f8c896daaa870262959a5f7f347ce278ab2a061b4014a86c6d3456e93c0ed3785f77124133022702e3667939a0c4e04f495ba87b13b44b5b436f388154dbb149b8e9e9f23b4e758428069193b40e63d15d0b72f24c9e4b31c57ebb4ad7512af91de3642797873865b4f72d3b4f175578d9afca22a482d11a2b13d4f84150512af014c7f3ac8263d4d8ef8f759da9a5c0f299e48720e3c8806cdb158cd2950858860ea156c092bfc14ee6b5ddb3967603a7faaaae7ca7848e2fe9a5020b24b6b6f37e40d310def881f1cb3012775f2e3e01dcd923b23a249036469329c8aa026250b3ac74b67f5ca83b2a89
EAP-Message = 0xb66fb39b83ca59af7cbef82422266215e4e0ca723d01
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9374b4d75d282399cb8b5ee098d52f4
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=148,
length=218
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xd9374b4d75d282399cb8b5ee098d52f4
EAP-Message = 0x020c00060d00
Message-Authenticator = 0xbe496ef0960ec9f9529915f7e1311eb2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
rlm_eap: EAP packet type response id 12 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 148 to 10.10.22.8 port 1024
EAP-Message =
0x010d03130d8000001309287c4f702752528018133c52b1a1b2c65a9046b7393dfef9a8cfce4b7b0eaba4d0876452089da5fb76a49c4c84254b97cfa5df4bbcbb429a619cf3cb0f310203010001a3819c308199300f0603551d130101ff040530030101ff301106096086480186f84201010404030206c0303306096086480186f842010d04261624526f6f744341204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414f7065eae7de0f71ccc4af436e2a9de730fb69e61301f0603551d23041830168014f7065eae7de0f71ccc4af436e2a9de730fb69e61300d06092a864886f70d01010505000382
EAP-Message =
0x02010069571a370042802a5ffcc227b9042613264a0fee01fd7ea644da3fe106e27d90a2141c1070ddb524dbde6f76a4db718073fcb260e736bf00fdafa030721e5258f45af055ae11145ef2a72f62cc1eb29ee94ebf260db383abaf0deae176be6c635d433ea7825e86831cba931871aa80e3a1817077513bdfb7c7712d9e3d44e9d10623fb16d4493c2c27eff2390bfbf405867b2823bc09aa1e1b47823d93753d1a83cbdb8ab723e71f366f1ba6809cf3841ecba97af8c61f1130974453450f5dc6cd2ce448921b8098d9240513732c2886619ec8a37ec23ff77c134933f0c3f8541e614f2629d03ab9a3ffe3fe6581af46c85381b7e5ad9bb8f527
EAP-Message =
0x0512b77de2468c133d0466be87f1e6b202840e861390e620c1d2d740d54f168292899289ea9c55288fc0eb2ff82c7886db4d8e1adf70dcdb9f4f7ee205b7be2cbb1145ad42b94025c5e7e89e19d7edf4a96e69e91d61607325bf96ff0f5512720a7b79317f02378c877e19530579dba8b21cc44fde51a798e007dc5e21c2aa70ed898ca3ab43dd7aa18b0dec276e6479dbe89656055e2748f08cb958f7e9811eed49be433d619f944b56ad7a07d551045e6da7abec0b08d6a37767892f6cd69e26d22963747efe7c3bdaca393e0de33d9ca762d5a72478e448be92093baf0746c22bcfcac1ac1be4b926dd6a2e6e56f92846f676899a09dc13038237e0
EAP-Message = 0x06a018f7c83684195b160301000e0d0000060301020500000e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x444beecadbaa5b4df899c0b46fb8d48c
Finished request 6
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 143 with timestamp 46cec807
Cleaning up request 2 ID 144 with timestamp 46cec807
Cleaning up request 3 ID 145 with timestamp 46cec807
Cleaning up request 4 ID 146 with timestamp 46cec807
Cleaning up request 5 ID 147 with timestamp 46cec807
Cleaning up request 6 ID 148 with timestamp 46cec807
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=150,
length=205
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0214000b01585054455354
Message-Authenticator = 0x7ae3b604ace299bf07962cf0cf81ce7f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
rlm_eap: EAP packet type response id 20 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 150 to 10.10.22.8 port 1024
EAP-Message = 0x011500060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1109360f80f9381e0c71a20c69fca75b
Finished request 7
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=151,
length=292
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1109360f80f9381e0c71a20c69fca75b
EAP-Message =
0x021500500d800000004616030100410100003d030146ceda0317f0de45d00a0ca3569cb0c54836d7f75457cbd58acda87003f4cba500001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xb045b522839c9210bb82bf0c83159af1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
rlm_eap: EAP packet type response id 21 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 8
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 12a2], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 000e], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 151 to 10.10.22.8 port 1024
EAP-Message =
0x0116040a0dc000001309160301004a02000046030146cec8281d2fa7b65ef67ea9ac41178a3018d75c08ada670bbf858283e5645e820e96f598a80ac7187bf87e3b8161211d2876cf6f12793f4738df009779c8217fd00040016030112a20b00129e00129b00064a308206463082042ea003020102020103300d06092a864886f70d0101050500307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130553756243413123302106092a864886f70d01090116146c6f67697374696340636f6d
EAP-Message =
0x69746572692e6265301e170d3037303630353134343130325a170d3137303630323134343130325a307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130542414c494e3123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e626530820222300d06092a864886f70d01010105000382020f003082020a0282020100a16a2a34bf1b96e1ea0bd4139b3932cdd36dd5dc27319cbb646d449ddc7957ba4033e3da40ff1faf3e50369a9dd86ec6426bd1f904fe
EAP-Message =
0x46ce2f3991e88e71921b5a9c438bb499b083cc9b8ff9053bb78f640741b9450106bc38935548e4e84064706b87939b45afeae8f54eba236d0eb10ab0e24a91836da1269558f548e1404083d09f1c5ef16a04d71daaae7e4d8cd813e6b504f1e8fbe7fbc5626f5e88949914d0ba6fa8251ad4cd50011f78e8f56349d236c0ccd0f4e33f8f017d315a2049cde819595366d4f39bfe59514ecafaac65137076a42972c912bdfb559f76e1543aa680851037a8a3a74696d9b884ee95aa26a4bfdde2756e53efed54d89007529b28d516312403af94ff96c80d0203c88b56c5b3e1fd75bc059c74f0096ea2aee53f1e0570264a50cc163be97a9e478b9d9d0c
EAP-Message =
0x877fe3447d42cbc47eccdc17ba1f58d3b6c49869a6cb027464588ef0b9c19fb0b9973f12655962a6b5d81469654397eebc6c5da4013dcabe34fa7c5c21c3c8406459bfeeaacc90db5768a207771009d3fa694a1fbb9bff1e6ec4cad763c13f74a046acd36043fd37b28823171ec62a5cdc6d3eee81ba41829829090bb0ca1624d35e966a6c685c502195cab4d0168424277901dc4207e8a17ca5437caa18eaac42c99cafa9023c760c7d3d4cefdd0c3eab96ba0fd7144698ae55ff9d3383755b485668d065938f3df4a928bb7b0203010001a381d23081cf300c0603551d130101ff04023000301106096086480186f84201010404030205a030390609
EAP-Message = 0x6086480186f842010d042c162a42414c494e20536572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x225bdb4562224573e767890c65122ca6
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=152,
length=218
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x225bdb4562224573e767890c65122ca6
EAP-Message = 0x021600060d00
Message-Authenticator = 0x415d1bcc45107409b29d9015fa7c9102
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
rlm_eap: EAP packet type response id 22 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 9
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 152 to 10.10.22.8 port 1024
EAP-Message =
0x0117040a0dc000001309766572204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604144743ccf509e7fbdfde43593e1bfc76ab94a47de9301f0603551d230418301680142e056f0838c7777e4676696dd17fdffd557cdd8930130603551d25040c300a06082b06010505070301301c0603551d1104153013821162616c696e2e636f6d69746572692e6265300d06092a864886f70d010105050003820201008e6ba1ac563fe4e39d54d5d97ea3c715e1b0677c15cb205cdd32fb393573bdc3cbf65d7fe1198194de2ae1ece320757aa07f51600a68a646cae74540a416c38eaa800f62d54b22b65f2eb7
EAP-Message =
0x390fbbb83c6db45edc7cff3f631103582eece62a1a2c65696ed7b985ff415541e7c20ed68adf7c86668d48cba43696d76d77f19bb63953a4a87d5660b9eada868a6aa963d0fb62caded8e3e5f18c94b2c6f77f3769fcb0c9f2ae57488ce0ed490ff82f6dbfe9356a8d3bd1ae99151892b51c6ed1e29c7ebdc1031777bed9a3100fa1f286a416e7f153089e89fa4961854f97a1868e44e47c83edc49e1a35110f82b14e5ef785c3514fdcf2af20b29a56ae1ab5fbf94e1654438f6bc15318b905b0e8aab8e148611c7536b746d07fb03e5c495dcc7043e0c8e509e27ae2f67930aaf61d66c7841d4ca4c6850a24c5fceba76889e87d627ef06f48adfd9c
EAP-Message =
0x115a8538ff89a311c19c8b13b8744698e2332baee87dbf327e99c89853313ccd35e9fafba5ef3c0e5ef250ed1ebdabd5185d1cbcc6b27292b9d164e84dba0fbca94bffc5f731c4d316083175ef2379de60610656e9bc851922b6576418b272641e99aca9f68ad03e63a66b5cc83c496577e86ff0e1ef332be90d583b7d0cd13d5c08c9e649cf18b2e4d938dcf8cd0f457b808ea2c1d0cdd9322b3bfde7d016daa2ac68e1e0040fd81ded1ded5e4be298bf6a9591522176a80006323082062e30820416a003020102020102300d06092a864886f70d0101050500307d310b30090603550406130242453110300e0603550408130742454c4749554d3113
EAP-Message =
0x3011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d06035504031306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265301e170d3037303630353134343031365a170d3137303630323134343031365a307c310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310e300c0603550403130553756243413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265308202
EAP-Message = 0x22300d06092a864886f70d01010105000382020f0030
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa331ce3a7c15d39bdefcb7fa6343a0a8
Finished request 9
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=153,
length=218
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xa331ce3a7c15d39bdefcb7fa6343a0a8
EAP-Message = 0x021700060d00
Message-Authenticator = 0x1c3809e25f39acf6b3eaceb713e19425
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
modcall[authorize]: module "preprocess" returns ok for request 10
rlm_eap: EAP packet type response id 23 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 10
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 10
modcall: leaving group authorize (returns updated) for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 153 to 10.10.22.8 port 1024
EAP-Message =
0x0118040a0dc00000130982020a0282020100d882fa95e8d4bd71732ea535182ac05bc095bc52c0ea55eab26bec1751795413b27815488ecedd9cca6e1bce21a8bb1cb285b12686b6b77a4f91bf3043c65025b343fe8f8cc015ad70c630c0c6ce2c9ee2d702ece13f306b438c2a3bee0e3c4de2ac007525a890b04d67bcff032bd909efebea3d6b8df57c4edba1f055948f8b584a704b24d1e8c28449825705f3c3bdad8f863d7b6a274028c2cdfa5724aafdd46067151656ff0ebec18cd825a05858423cc983c1baa0cffdbb88954cb3fd361b885eb1e91650613af631533d5ccce2b73070f28929f6c0b79f57d8478f104e42ef8895c81b9cae0da4ce
EAP-Message =
0x3c1e51112bbc9bbbcd7f12c550466bf84823db89710cf993522e4a3b15379453900a5e6f7e22aaeab1f2ceec26476cf1519c7f6f7aac52f99e3490bbc9d83a135e9a4aea7ecbb238b4500d2614465f23d8ec118785335b2d0261930940d7b288e204964776fe548bf34e7f79b8c67ad90ed6c6d20548b556193f3e0c07b73ce30a6bfa59eece19499ea0c5eb812ba759b65c28b70b1aec0a5de8a0772eb21176f91921c9aa447850af35fcfa975d4ca15543d80aaf963c542f9349a27f24d8f7eed2648f5cea65ef5d32eb1ef8b602367ca2e59243b3f54a8ef3c872fa58cce494cefeb4e6874b9dababe972edf1d02c531aa249eddb99e6f42c223387
EAP-Message =
0x38146319faf5df938ccdb5c9690f886a31470467ca7e1d450203010001a381b93081b6300f0603551d130101ff040530030101ff301106096086480186f84201010404030206c0303206096086480186f842010d042516235375624341204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604142e056f0838c7777e4676696dd17fdffd557cdd89301f0603551d23041830168014f7065eae7de0f71ccc4af436e2a9de730fb69e61301c0603551d1104153013821162616c696e2e636f6d69746572692e6265300d06092a864886f70d010105050003820201008c49de7d69e2e7772465c1910cd94a34
EAP-Message =
0x26a9eee42487c3a7ede8666cbedd93dc9e5676e82f92d6bfdc4273685a917eb3bb8f870a5a4fa08326b7d33a340b3c566081780443a10aa472a4d8b9f2c5d1ed373bf68f1f7c3b62654fb78cb0bfca7caf40d48f9924272092bba18b03e442115056edbfcd1852438275ebc2c1d31a00923b94e003b5b3dbeb0c762baf339f9c40538da28696f964f9a69ae1c8923001a8225afc7dec8aa1040d455a1f3f70cf38c5664bc91fedc5c6041dc3055ead27c5d75e3f7b336358cf02f04e733998c00b231e738d29d73021e3f2ab0a7bb0581d5bf366cd5954d9bcbeb76cc106dd8f67f61e9fd5fb7e5a9224583209ec1c6da72ead32517b45360065babec7
EAP-Message = 0x30404719a25565b1b018ee1b3140a208ad74c7bb2557
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x99f2c661566892ec27307b1827453a83
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=154,
length=218
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x99f2c661566892ec27307b1827453a83
EAP-Message = 0x021800060d00
Message-Authenticator = 0x32170d2e8a8b86e847ada3f5b139e6c7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
rlm_eap: EAP packet type response id 24 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 11
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 11
modcall: leaving group authorize (returns updated) for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 154 to 10.10.22.8 port 1024
EAP-Message =
0x0119040a0dc00000130979101945c8a25e08ce719f139daab89f2913ec5a47308ebdf22f8a97b42772d43600a550950c3cfb38f75aad86fc924bb06e4a869f5a7d3bd1edd940b87322b6df7c676584cc8d206b0f32d24aca570c1e10e3f9754f04ceb9a8d01dba47327277c18279173b000dd3748b98c2c18cc7b486a2eea4c1c0aba7d1b8a6d050be0908f254c10fd7a773794d45c9cea67f454d5d7a14b24c3dca291f10f784f0318f705ac70ec12ec9bb5a974d292f3a17b568f0e06d01f9d557c499087518643b980be0d34eaaff5210d1fa4a3e153db7d2a0ed6cf742f21180d0fe471d3b00061630820612308203faa003020102020101300d06
EAP-Message =
0x092a864886f70d0101050500307d310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d06035504031306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e6265301e170d3037303630353134333935335a170d3137303630323134333935335a307d310b30090603550406130242453110300e0603550408130742454c4749554d31133011060355040a130a436f6d697465205220493111300f060355040b13084c6f676973746963310f300d0603550403
EAP-Message =
0x1306526f6f7443413123302106092a864886f70d01090116146c6f67697374696340636f6d69746572692e626530820222300d06092a864886f70d01010105000382020f003082020a0282020100b20918065a6b84ce3d8f7249c8cb3c071b17ec534527ca69411e2cb8cdfaacdea3cd4390ff22a4b6042992f4392daf7bfc6e0ded3c4097d64330d5e8c8cbf5d6156e6fe02554157b82c65f82cf3f76bfe265ed9b4d48f75f28a2e792d402bfbf35f3d14aa5d6e45de6d56e93b56bd6fd7b418b1924ad9a864d49911fe14a5878713085105e59fe76aa2a8dd1ce01e06dd702d0bee64af8942164d34f2b5132a1dcd2170c76abf5ef18010038650334
EAP-Message =
0xe7c057b193c1aa785eb9a379469f00a2c8f3f8c896daaa870262959a5f7f347ce278ab2a061b4014a86c6d3456e93c0ed3785f77124133022702e3667939a0c4e04f495ba87b13b44b5b436f388154dbb149b8e9e9f23b4e758428069193b40e63d15d0b72f24c9e4b31c57ebb4ad7512af91de3642797873865b4f72d3b4f175578d9afca22a482d11a2b13d4f84150512af014c7f3ac8263d4d8ef8f759da9a5c0f299e48720e3c8806cdb158cd2950858860ea156c092bfc14ee6b5ddb3967603a7faaaae7ca7848e2fe9a5020b24b6b6f37e40d310def881f1cb3012775f2e3e01dcd923b23a249036469329c8aa026250b3ac74b67f5ca83b2a89
EAP-Message = 0xb66fb39b83ca59af7cbef82422266215e4e0ca723d01
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x05e009629f5cb5879444646fa6d15269
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.22.8:1024, id=155,
length=218
Framed-MTU = 1480
NAS-IP-Address = 10.10.22.8
NAS-Identifier = "switch-8-00-1"
User-Name = "WINXPSP2"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 4
NAS-Port-Type = Ethernet
NAS-Port-Id = "4"
Called-Station-Id = "00-18-71-45-79-40"
Calling-Station-Id = "00-30-05-6d-2c-c5"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x05e009629f5cb5879444646fa6d15269
EAP-Message = 0x021900060d00
Message-Authenticator = 0xafc92c43b0fb9214fe427e0a2eb68b7d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
modcall[authorize]: module "preprocess" returns ok for request 12
rlm_eap: EAP packet type response id 25 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
users: Matched entry WINXPSP2 at line 11
modcall[authorize]: module "files" returns ok for request 12
rlm_ldap: - authorize
rlm_ldap: performing user authorization for WINXPSP2
radius_xlat: '(uid=WINXPSP2)'
radius_xlat: 'dc=company,dc=test'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=company,dc=test, with filter
(uid=WINXPSP2)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 12
modcall: leaving group authorize (returns updated) for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 155 to 10.10.22.8 port 1024
EAP-Message =
0x011a03130d8000001309287c4f702752528018133c52b1a1b2c65a9046b7393dfef9a8cfce4b7b0eaba4d0876452089da5fb76a49c4c84254b97cfa5df4bbcbb429a619cf3cb0f310203010001a3819c308199300f0603551d130101ff040530030101ff301106096086480186f84201010404030206c0303306096086480186f842010d04261624526f6f744341204f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414f7065eae7de0f71ccc4af436e2a9de730fb69e61301f0603551d23041830168014f7065eae7de0f71ccc4af436e2a9de730fb69e61300d06092a864886f70d01010505000382
EAP-Message =
0x02010069571a370042802a5ffcc227b9042613264a0fee01fd7ea644da3fe106e27d90a2141c1070ddb524dbde6f76a4db718073fcb260e736bf00fdafa030721e5258f45af055ae11145ef2a72f62cc1eb29ee94ebf260db383abaf0deae176be6c635d433ea7825e86831cba931871aa80e3a1817077513bdfb7c7712d9e3d44e9d10623fb16d4493c2c27eff2390bfbf405867b2823bc09aa1e1b47823d93753d1a83cbdb8ab723e71f366f1ba6809cf3841ecba97af8c61f1130974453450f5dc6cd2ce448921b8098d9240513732c2886619ec8a37ec23ff77c134933f0c3f8541e614f2629d03ab9a3ffe3fe6581af46c85381b7e5ad9bb8f527
EAP-Message =
0x0512b77de2468c133d0466be87f1e6b202840e861390e620c1d2d740d54f168292899289ea9c55288fc0eb2ff82c7886db4d8e1adf70dcdb9f4f7ee205b7be2cbb1145ad42b94025c5e7e89e19d7edf4a96e69e91d61607325bf96ff0f5512720a7b79317f02378c877e19530579dba8b21cc44fde51a798e007dc5e21c2aa70ed898ca3ab43dd7aa18b0dec276e6479dbe89656055e2748f08cb958f7e9811eed49be433d619f944b56ad7a07d551045e6da7abec0b08d6a37767892f6cd69e26d22963747efe7c3bdaca393e0de33d9ca762d5a72478e448be92093baf0746c22bcfcac1ac1be4b926dd6a2e6e56f92846f676899a09dc13038237e0
EAP-Message = 0x06a018f7c83684195b160301000e0d0000060301020500000e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0e3f75aa987e84b3da24e5ab556c9467
Finished request 12
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 150 with timestamp 46cec828
Cleaning up request 8 ID 151 with timestamp 46cec828
Cleaning up request 9 ID 152 with timestamp 46cec828
Cleaning up request 10 ID 153 with timestamp 46cec828
Cleaning up request 11 ID 154 with timestamp 46cec828
Cleaning up request 12 ID 155 with timestamp 46cec828
Nothing to do. Sleeping until we see a request.
----------------------------------------------------------------------
Find out how you can get spam free email.
http://www.bluebottle.com/tag/3
More information about the Freeradius-Users
mailing list