freeradius + ad

Alexsander alexsander.rodrigues at gmail.com
Fri Aug 24 15:23:35 CEST 2007


Hi Alan, this is complete log captured using:

s8860ru01:/# radiusd -X -A -y -z > /a.txt
##################################LOG OUTPUT
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc//raddb/proxy.conf
Config:   including file: /etc//raddb/clients.conf
Config:   including file: /etc//raddb/snmp.conf
Config:   including file: /etc//raddb/eap.conf
Config:   including file: /etc//raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = yes
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = yes
 main: log_auth_badpass = yes
 main: log_auth_goodpass = yes
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = "crypt"
 pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = no
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = yes
 mschap: passwd = "(null)"
 mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded System
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = "peap"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc//raddb/certs/cert-srv.pem"
 tls: certificate_file = "/etc//raddb/certs/cert-srv.pem"
 tls: CA_file = "/etc//raddb/certs/demoCA/cacert.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/etc//raddb/certs/dh"
 tls: random_file = "/dev/urandom"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "(null)"
 tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
 mschapv2: with_ntdomain_hack = yes
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/etc//raddb/huntgroups"
 preprocess: hints = "/etc//raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
 detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/etc//raddb/users"
 files: acctusersfile = "/etc//raddb/acct_users"
 files: preproxy_usersfile = "/etc//raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
 detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.134.64.199:1231, id=140, length=114
        User-Name = "REFAP\\dadfh9"
        EAP-Message = 0x020100110152454641505c646164666839
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        Message-Authenticator = 0x64ee87ca05f11e052253303cce5d3bfa
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 17
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 140 to 10.134.64.199 port 1231
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x3ee82f6d2fee661c1d6e3e1125156a45
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1232, id=141, length=195
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x0202005019800000004616030100410100003d030146cc7753fbcbfe623b08a80f7f24893612d45b8a726bbd929be16c29591239ae00001600040005000a000900640062000300060013001200630100
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0x3ee82f6d2fee661c1d6e3e1125156a45
        Message-Authenticator = 0x0da53d7bb6c10baef39a6c73d730f3a5
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 1
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 141 to 10.134.64.199 port 1232
        EAP-Message =
0x0103040a19c0000006f1160301004a02000046030146cc7712088010763c5bfd59a7b0138caef15e0bd1518f5ab2473360c0bae7652096977cfe243bf7b430cf5c0d3b53369be5a25c1919d0bfc5c59d9d95c9ffcc8600040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
        EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
        EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
        EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
        EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2158b4d0bcc2b9833607168102b810e4
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1233, id=142, length=121
        User-Name = "REFAP\\dadfh9"
        EAP-Message = 0x020300061900
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0x2158b4d0bcc2b9833607168102b810e4
        Message-Authenticator = 0xa4acb09c7aaeeb7dc6885fafa64cbd24
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 2
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 142 to 10.134.64.199 port 1233
        EAP-Message =
0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
        EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
        EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xbea918a7aabdf863b0a8993a986bc0e4
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1234, id=143, length=307
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x020400c01980000000b616030100861000008200809ee2532b93d4da0634c2e5605ef1cb3590b28aaa22866a7998a8ef6371b3899e388bfd93ee762155dc589e49c24c10bcc4d41b816e64e1c3e986e3d8b49df98d8b1777527f7e0a4aef44f25af41bf0f3144ed63c8c58155ca3e0fa8c76fe923c1817fd90566ee266303c882928d29b9a1e4f89df2b7cae485c142073cd1797ad1403010001011603010020bd72885ee934038184a2c93d2bf4d4d949f78016c057ed4265191cb1e9c98d0a
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0xbea918a7aabdf863b0a8993a986bc0e4
        Message-Authenticator = 0xe6244a3e7361d383effe5defe1afc2c2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: EAP packet type response id 4 length 192
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 3
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 143 to 10.134.64.199 port 1234
        EAP-Message =
0x0105003119001403010001011603010020f0b8cf98244b41915628735161c48a0be0938ebd00b6460d3c407c61356e814e
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4a10edb13b1e99b184ee9d866914014d
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1235, id=144, length=121
        User-Name = "REFAP\\dadfh9"
        EAP-Message = 0x020500061900
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0x4a10edb13b1e99b184ee9d866914014d
        Message-Authenticator = 0x33fe552a2d6f1e71067200905580db49
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 4
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 144 to 10.134.64.199 port 1235
        EAP-Message =
0x01060020190017030100151b9bba790bfc7b5a0f7f9fe40c0234b9db22e5ce97
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe8ece2a915c6e5e3ba1070753b175b3d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1236, id=144, length=155
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x020600281900170301001de4c747c0136bc59e625986a9cb00d7ef95af7d9eef6e6ae9ea5e87f869
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0xe8ece2a915c6e5e3ba1070753b175b3d
        Message-Authenticator = 0xaf70a7e892f4fc656fab1d44702cb005
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 6 length 40
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 5
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - REFAP\dadfh9
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled identity of REFAP\dadfh9
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to REFAP\dadfh9
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat:  '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 6 length 17
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 5
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 144 to 10.134.64.199 port 1236
        EAP-Message =
0x0107003d19001703010032c915aa440c2e2a3127c590e7fddd30ad922e0f337d203f8695235332cfef983f94b3d44731e8e3806795f729676a6d09e040
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe7aa2703e6e5c01128cb6c5fd950f698
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1237, id=148, length=209
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x0207005e19001703010053e374d07dc1833544683a655c1259cbcd80f7596615b8464ce3855b496d435f781253b7f262c9f72e61ed10c31d4e20cd4040c79ae5e4f4594004ea45dca2a827d98c062895d3fa64aacbcd38fb7578fbcd99f0
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0xe7aa2703e6e5c01128cb6c5fd950f698
        Message-Authenticator = 0xd77264e71400d5b0c2c35efa96350132
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 7 length 94
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 6
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to REFAP\dadfh9
  PEAP: Adding old state with d6 06
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat:  '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 7 length 71
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 6
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for dadfh9 with NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Domain'
radius_xlat:  '--domain=REFAP'
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat:  '--username=dadfh9'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
 mschap2: 64
radius_xlat:  '--challenge=15e8193f70a261c9'
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat:  '--nt-response=b5064e14567ab057f0757ee512947c1a900138564585ef02'
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
  rlm_mschap: External script failed.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
Login incorrect (rlm_mschap: Logon failure (0xc000006d)):
[REFAP\\dadfh9/<no User-Password attribute>] (from client localhost
port 0)
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 148 to 10.134.64.199 port 1237
        EAP-Message =
0x010800261900170301001bcf8d0672eb86e1390bc935e52c899b3e0cbd1b49c5ba9bca909ef9
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f3bcebbb17b2644f32476024092b306
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1238, id=154, length=153
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x020800261900170301001b9cb6b011625874f25a5fdcac815e8d2c7d78bdd9da37463a84b443
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0x2f3bcebbb17b2644f32476024092b306
        Message-Authenticator = 0x932f129f85d86526c0a18904abfa5700
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: EAP packet type response id 8 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 7
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected
earlier in this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Login incorrect: [REFAP\\dadfh9/<no User-Password attribute>] (from
client 10.134.64.199 port 16 cli 00-0f-ea-21-ee-51)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1238, id=154, length=153
Sending Access-Reject of id 154 to 10.134.64.199 port 1238
        EAP-Message = 0x04080004
        Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 140 with timestamp 46cc7712
Cleaning up request 1 ID 141 with timestamp 46cc7712
Cleaning up request 2 ID 142 with timestamp 46cc7712
Cleaning up request 3 ID 143 with timestamp 46cc7712
Cleaning up request 4 ID 144 with timestamp 46cc7712
Cleaning up request 5 ID 144 with timestamp 46cc7712
Cleaning up request 6 ID 148 with timestamp 46cc7712
Cleaning up request 7 ID 154 with timestamp 46cc7712
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.134.64.199:1239, id=28, length=114
        User-Name = "REFAP\\dadfh9"
        EAP-Message = 0x020900110152454641505c646164666839
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        Message-Authenticator = 0x42ef55b0cada8e2df184805730ad3d21
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "preprocess" returns ok for request 8
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8
  rlm_eap: EAP packet type response id 9 length 17
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 8
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 8
modcall: leaving group authorize (returns updated) for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 28 to 10.134.64.199 port 1239
        EAP-Message = 0x010a00061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe945fb09221bc1b56c94cc9e4e61fe2c
Finished request 8
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1240, id=29, length=195
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x020a005019800000004616030100410100003d030146cc779232905d520a55772234cc390b5f45501c504e1972b0a83d6c54dddc7c00001600040005000a000900640062000300060013001200630100
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0xe945fb09221bc1b56c94cc9e4e61fe2c
        Message-Authenticator = 0x1d38884f1ead6144e8d25f9598efc415
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
  modcall[authorize]: module "preprocess" returns ok for request 9
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 9
  modcall[authorize]: module "chap" returns noop for request 9
  modcall[authorize]: module "mschap" returns noop for request 9
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 9
  rlm_eap: EAP packet type response id 10 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 9
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 9
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 9
modcall: leaving group authorize (returns updated) for request 9
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 29 to 10.134.64.199 port 1240
        EAP-Message =
0x010b040a19c0000006f1160301004a02000046030146cc7751fa7cf1895d52c458aee1a930b97ed6c240c8df092af6c0a65c4ca6de208d16fcaab5ecfdd66838f59215ea84da9e541cbc8e052afb2ac6bf9f941c925a00040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
        EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
        EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
        EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
        EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcfff382af11a4eb4cd0bbb0b22f7b0f9
Finished request 9
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1241, id=30, length=121
        User-Name = "REFAP\\dadfh9"
        EAP-Message = 0x020b00061900
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0xcfff382af11a4eb4cd0bbb0b22f7b0f9
        Message-Authenticator = 0x736ad43a6b7dfd5b67c91b812d56407f
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
  modcall[authorize]: module "preprocess" returns ok for request 10
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 10
  modcall[authorize]: module "chap" returns noop for request 10
  modcall[authorize]: module "mschap" returns noop for request 10
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 10
  rlm_eap: EAP packet type response id 11 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 10
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 10
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 10
modcall: leaving group authorize (returns updated) for request 10
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 30 to 10.134.64.199 port 1241
        EAP-Message =
0x010c02f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
        EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
        EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xf5f1c97139e76c166e21dc751f687f0f
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1242, id=31, length=307
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x020c00c01980000000b6160301008610000082008041558fe660bc2c671521e47a8154f66dfa3fc01171b954247f3326929ef9900d9281461b022bb0423abb4e6860b6a5bd36d15106e33f8f2a0a10970f97060feba5825d97cc7e95b1dc60b1cc5a8d5db6adc40007108a6e7ce0e2e6be1e5b7509d22a867e8e35c42958d93340902f81bfdaeb9012b5b7edd717a8bb4ab02b7672140301000101160301002077663a2d7fda9ad37ecb1eaf8bdfc6e6df8ded51a2c1321df23bcf4b0486ff01
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0xf5f1c97139e76c166e21dc751f687f0f
        Message-Authenticator = 0xc04b7361c1950cfd4213d9ed16787720
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
  modcall[authorize]: module "preprocess" returns ok for request 11
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 11
  modcall[authorize]: module "chap" returns noop for request 11
  modcall[authorize]: module "mschap" returns noop for request 11
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 11
  rlm_eap: EAP packet type response id 12 length 192
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 11
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 11
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 11
modcall: leaving group authorize (returns updated) for request 11
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 31 to 10.134.64.199 port 1242
        EAP-Message =
0x010d0031190014030100010116030100201c8d9b8ad5818a4c6a49d4f43f98f9d926aeda09d631c176346cd3bf2cc2d2d3
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa616bdeb300012fec81b590d8e9c156c
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1243, id=32, length=121
        User-Name = "REFAP\\dadfh9"
        EAP-Message = 0x020d00061900
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0xa616bdeb300012fec81b590d8e9c156c
        Message-Authenticator = 0x0fc823d3dfcfaeed8d649191c26ab9ed
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
  modcall[authorize]: module "preprocess" returns ok for request 12
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 12
  modcall[authorize]: module "chap" returns noop for request 12
  modcall[authorize]: module "mschap" returns noop for request 12
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 12
  rlm_eap: EAP packet type response id 13 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 12
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 12
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 12
modcall: leaving group authorize (returns updated) for request 12
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 32 to 10.134.64.199 port 1243
        EAP-Message =
0x010e002019001703010015a7a70786afd4df2fa7add3e8d9b41ae224d8a8ea2d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xaea351ba290828f9c75a7ae236deb40f
Finished request 12
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1244, id=32, length=155
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x020e00281900170301001d41f9fbd7579322722231d0314b1b43136a5e79063d7e4a9fa29933e02f
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0xaea351ba290828f9c75a7ae236deb40f
        Message-Authenticator = 0x5e9bf8656a4e1d80d941bd7bc4fb03da
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
  modcall[authorize]: module "preprocess" returns ok for request 13
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 13
  modcall[authorize]: module "chap" returns noop for request 13
  modcall[authorize]: module "mschap" returns noop for request 13
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 13
  rlm_eap: EAP packet type response id 14 length 40
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 13
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 13
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 13
modcall: leaving group authorize (returns updated) for request 13
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - REFAP\dadfh9
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled identity of REFAP\dadfh9
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to REFAP\dadfh9
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
  modcall[authorize]: module "preprocess" returns ok for request 13
radius_xlat:  '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 13
  modcall[authorize]: module "chap" returns noop for request 13
  modcall[authorize]: module "mschap" returns noop for request 13
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 13
  rlm_eap: EAP packet type response id 14 length 17
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 13
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 13
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 13
modcall: leaving group authorize (returns updated) for request 13
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 32 to 10.134.64.199 port 1244
        EAP-Message =
0x010f003d19001703010032d88462194552c8140367279b03f82b35860abd3f9d3726dcfb4b95dc0c8c0964dbace7a64958ec014c16179769192a414471
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x727e8ea1a49d7e5724e9253092b7cd0f
Finished request 13
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1245, id=34, length=209
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x020f005e190017030100536f0a05d9545bda21e58c148072ddb40474a6b9f5fadb7dc1c6647ee4e28c6e7aa6fd2f03ba79f2c6a3e98fe72dd4e318e3fdb2e224c66ed7b375088527088c3ef9dc8e1870cc8bd463af305aa9e98ce4c5ed52
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0x727e8ea1a49d7e5724e9253092b7cd0f
        Message-Authenticator = 0x478879902f7819c3e711f04915dd4ff5
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
  modcall[authorize]: module "preprocess" returns ok for request 14
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 14
  modcall[authorize]: module "chap" returns noop for request 14
  modcall[authorize]: module "mschap" returns noop for request 14
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 14
  rlm_eap: EAP packet type response id 15 length 94
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 14
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 14
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 14
modcall: leaving group authorize (returns updated) for request 14
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to REFAP\dadfh9
  PEAP: Adding old state with f3 a0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
  modcall[authorize]: module "preprocess" returns ok for request 14
radius_xlat:  '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 14
  modcall[authorize]: module "chap" returns noop for request 14
  modcall[authorize]: module "mschap" returns noop for request 14
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 14
  rlm_eap: EAP packet type response id 15 length 71
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 14
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 14
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 14
modcall: leaving group authorize (returns updated) for request 14
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 14
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for dadfh9 with NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Domain'
radius_xlat:  '--domain=REFAP'
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat:  '--username=dadfh9'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
 mschap2: f6
radius_xlat:  '--challenge=4f8b745b654820d4'
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat:  '--nt-response=95d375f0bae9b0ae4089d5561975162f8be08a90138e6c46'
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
  rlm_mschap: External script failed.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 14
modcall: leaving group MS-CHAP (returns reject) for request 14
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 14
modcall: leaving group authenticate (returns reject) for request 14
auth: Failed to validate the user.
Login incorrect (rlm_mschap: Logon failure (0xc000006d)):
[REFAP\\dadfh9/<no User-Password attribute>] (from client localhost
port 0)
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 34 to 10.134.64.199 port 1245
        EAP-Message =
0x011000261900170301001ba8de1ddcb8721c35a977e24b46480db3ddf09233dc88a1db9165fe
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x6603b9e60c00ae9c6e5e7c74b3752c55
Finished request 14
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1246, id=52, length=153
        User-Name = "REFAP\\dadfh9"
        EAP-Message =
0x021000261900170301001bfd56ee2848408240c537d973f4254806d8af9eefd4937c652bfd2b
        NAS-IP-Address = 10.134.64.199
        Service-Type = Login-User
        Calling-Station-Id = "00-0f-ea-21-ee-51"
        NAS-Port-Type = Ethernet
        NAS-Port = 16
        State = 0x6603b9e60c00ae9c6e5e7c74b3752c55
        Message-Authenticator = 0x85a7dee1fb2004dabcb8f13021ce71b5
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
  modcall[authorize]: module "preprocess" returns ok for request 15
radius_xlat:  '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
  modcall[authorize]: module "auth_log" returns ok for request 15
  modcall[authorize]: module "chap" returns noop for request 15
  modcall[authorize]: module "mschap" returns noop for request 15
    rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 15
  rlm_eap: EAP packet type response id 16 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 15
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 15
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
  modcall[authorize]: module "pap" returns noop for request 15
modcall: leaving group authorize (returns updated) for request 15
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected
earlier in this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 15
modcall: leaving group authenticate (returns invalid) for request 15
auth: Failed to validate the user.
Login incorrect: [REFAP\\dadfh9/<no User-Password attribute>] (from
client 10.134.64.199 port 16 cli 00-0f-ea-21-ee-51)
Delaying request 15 for 1 seconds
Finished request 15
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1246, id=52, length=153
Sending Access-Reject of id 52 to 10.134.64.199 port 1246
        EAP-Message = 0x04100004
        Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 28 with timestamp 46cc7751
Cleaning up request 9 ID 29 with timestamp 46cc7751
Cleaning up request 10 ID 30 with timestamp 46cc7751
Cleaning up request 11 ID 31 with timestamp 46cc7751
Cleaning up request 12 ID 32 with timestamp 46cc7751
Cleaning up request 13 ID 32 with timestamp 46cc7751
Cleaning up request 14 ID 34 with timestamp 46cc7751
Cleaning up request 15 ID 52 with timestamp 46cc7751
Nothing to do.  Sleeping until we see a request.


-- 
Alexsander A. Rodrigues

Se você tivesse que identificar, em uma palavra, a razão pela qual  a
raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial,
essa palavra seria "REUNIÕES".
L.F.V.

http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267




More information about the Freeradius-Users mailing list