freeradius + ad
Alexsander
alexsander.rodrigues at gmail.com
Fri Aug 24 15:23:35 CEST 2007
Hi Alan, this is complete log captured using:
s8860ru01:/# radiusd -X -A -y -z > /a.txt
##################################LOG OUTPUT
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc//raddb/proxy.conf
Config: including file: /etc//raddb/clients.conf
Config: including file: /etc//raddb/snmp.conf
Config: including file: /etc//raddb/eap.conf
Config: including file: /etc//raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = no
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc//raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc//raddb/certs/cert-srv.pem"
tls: CA_file = "/etc//raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc//raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = yes
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc//raddb/huntgroups"
preprocess: hints = "/etc//raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc//raddb/users"
files: acctusersfile = "/etc//raddb/acct_users"
files: preproxy_usersfile = "/etc//raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.134.64.199:1231, id=140, length=114
User-Name = "REFAP\\dadfh9"
EAP-Message = 0x020100110152454641505c646164666839
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
Message-Authenticator = 0x64ee87ca05f11e052253303cce5d3bfa
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 140 to 10.134.64.199 port 1231
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3ee82f6d2fee661c1d6e3e1125156a45
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1232, id=141, length=195
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x0202005019800000004616030100410100003d030146cc7753fbcbfe623b08a80f7f24893612d45b8a726bbd929be16c29591239ae00001600040005000a000900640062000300060013001200630100
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0x3ee82f6d2fee661c1d6e3e1125156a45
Message-Authenticator = 0x0da53d7bb6c10baef39a6c73d730f3a5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 1
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 141 to 10.134.64.199 port 1232
EAP-Message =
0x0103040a19c0000006f1160301004a02000046030146cc7712088010763c5bfd59a7b0138caef15e0bd1518f5ab2473360c0bae7652096977cfe243bf7b430cf5c0d3b53369be5a25c1919d0bfc5c59d9d95c9ffcc8600040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2158b4d0bcc2b9833607168102b810e4
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1233, id=142, length=121
User-Name = "REFAP\\dadfh9"
EAP-Message = 0x020300061900
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0x2158b4d0bcc2b9833607168102b810e4
Message-Authenticator = 0xa4acb09c7aaeeb7dc6885fafa64cbd24
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 2
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 142 to 10.134.64.199 port 1233
EAP-Message =
0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbea918a7aabdf863b0a8993a986bc0e4
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1234, id=143, length=307
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x020400c01980000000b616030100861000008200809ee2532b93d4da0634c2e5605ef1cb3590b28aaa22866a7998a8ef6371b3899e388bfd93ee762155dc589e49c24c10bcc4d41b816e64e1c3e986e3d8b49df98d8b1777527f7e0a4aef44f25af41bf0f3144ed63c8c58155ca3e0fa8c76fe923c1817fd90566ee266303c882928d29b9a1e4f89df2b7cae485c142073cd1797ad1403010001011603010020bd72885ee934038184a2c93d2bf4d4d949f78016c057ed4265191cb1e9c98d0a
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0xbea918a7aabdf863b0a8993a986bc0e4
Message-Authenticator = 0xe6244a3e7361d383effe5defe1afc2c2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 3
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 143 to 10.134.64.199 port 1234
EAP-Message =
0x0105003119001403010001011603010020f0b8cf98244b41915628735161c48a0be0938ebd00b6460d3c407c61356e814e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4a10edb13b1e99b184ee9d866914014d
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1235, id=144, length=121
User-Name = "REFAP\\dadfh9"
EAP-Message = 0x020500061900
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0x4a10edb13b1e99b184ee9d866914014d
Message-Authenticator = 0x33fe552a2d6f1e71067200905580db49
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 4
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 144 to 10.134.64.199 port 1235
EAP-Message =
0x01060020190017030100151b9bba790bfc7b5a0f7f9fe40c0234b9db22e5ce97
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe8ece2a915c6e5e3ba1070753b175b3d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1236, id=144, length=155
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x020600281900170301001de4c747c0136bc59e625986a9cb00d7ef95af7d9eef6e6ae9ea5e87f869
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0xe8ece2a915c6e5e3ba1070753b175b3d
Message-Authenticator = 0xaf70a7e892f4fc656fab1d44702cb005
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 40
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 5
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - REFAP\dadfh9
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of REFAP\dadfh9
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to REFAP\dadfh9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 5
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 144 to 10.134.64.199 port 1236
EAP-Message =
0x0107003d19001703010032c915aa440c2e2a3127c590e7fddd30ad922e0f337d203f8695235332cfef983f94b3d44731e8e3806795f729676a6d09e040
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe7aa2703e6e5c01128cb6c5fd950f698
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1237, id=148, length=209
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x0207005e19001703010053e374d07dc1833544683a655c1259cbcd80f7596615b8464ce3855b496d435f781253b7f262c9f72e61ed10c31d4e20cd4040c79ae5e4f4594004ea45dca2a827d98c062895d3fa64aacbcd38fb7578fbcd99f0
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0xe7aa2703e6e5c01128cb6c5fd950f698
Message-Authenticator = 0xd77264e71400d5b0c2c35efa96350132
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 94
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 6
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to REFAP\dadfh9
PEAP: Adding old state with d6 06
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 71
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 6
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for dadfh9 with NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Domain'
radius_xlat: '--domain=REFAP'
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat: '--username=dadfh9'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
mschap2: 64
radius_xlat: '--challenge=15e8193f70a261c9'
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat: '--nt-response=b5064e14567ab057f0757ee512947c1a900138564585ef02'
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
Login incorrect (rlm_mschap: Logon failure (0xc000006d)):
[REFAP\\dadfh9/<no User-Password attribute>] (from client localhost
port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 148 to 10.134.64.199 port 1237
EAP-Message =
0x010800261900170301001bcf8d0672eb86e1390bc935e52c899b3e0cbd1b49c5ba9bca909ef9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2f3bcebbb17b2644f32476024092b306
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1238, id=154, length=153
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x020800261900170301001b9cb6b011625874f25a5fdcac815e8d2c7d78bdd9da37463a84b443
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0x2f3bcebbb17b2644f32476024092b306
Message-Authenticator = 0x932f129f85d86526c0a18904abfa5700
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 7
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected
earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Login incorrect: [REFAP\\dadfh9/<no User-Password attribute>] (from
client 10.134.64.199 port 16 cli 00-0f-ea-21-ee-51)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1238, id=154, length=153
Sending Access-Reject of id 154 to 10.134.64.199 port 1238
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 140 with timestamp 46cc7712
Cleaning up request 1 ID 141 with timestamp 46cc7712
Cleaning up request 2 ID 142 with timestamp 46cc7712
Cleaning up request 3 ID 143 with timestamp 46cc7712
Cleaning up request 4 ID 144 with timestamp 46cc7712
Cleaning up request 5 ID 144 with timestamp 46cc7712
Cleaning up request 6 ID 148 with timestamp 46cc7712
Cleaning up request 7 ID 154 with timestamp 46cc7712
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.134.64.199:1239, id=28, length=114
User-Name = "REFAP\\dadfh9"
EAP-Message = 0x020900110152454641505c646164666839
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
Message-Authenticator = 0x42ef55b0cada8e2df184805730ad3d21
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 9 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 8
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 28 to 10.134.64.199 port 1239
EAP-Message = 0x010a00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe945fb09221bc1b56c94cc9e4e61fe2c
Finished request 8
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1240, id=29, length=195
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x020a005019800000004616030100410100003d030146cc779232905d520a55772234cc390b5f45501c504e1972b0a83d6c54dddc7c00001600040005000a000900640062000300060013001200630100
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0xe945fb09221bc1b56c94cc9e4e61fe2c
Message-Authenticator = 0x1d38884f1ead6144e8d25f9598efc415
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 10 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 9
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 29 to 10.134.64.199 port 1240
EAP-Message =
0x010b040a19c0000006f1160301004a02000046030146cc7751fa7cf1895d52c458aee1a930b97ed6c240c8df092af6c0a65c4ca6de208d16fcaab5ecfdd66838f59215ea84da9e541cbc8e052afb2ac6bf9f941c925a00040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcfff382af11a4eb4cd0bbb0b22f7b0f9
Finished request 9
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1241, id=30, length=121
User-Name = "REFAP\\dadfh9"
EAP-Message = 0x020b00061900
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0xcfff382af11a4eb4cd0bbb0b22f7b0f9
Message-Authenticator = 0x736ad43a6b7dfd5b67c91b812d56407f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
modcall[authorize]: module "preprocess" returns ok for request 10
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 10
modcall[authorize]: module "chap" returns noop for request 10
modcall[authorize]: module "mschap" returns noop for request 10
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 10
rlm_eap: EAP packet type response id 11 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 10
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 10
modcall: leaving group authorize (returns updated) for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 30 to 10.134.64.199 port 1241
EAP-Message =
0x010c02f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf5f1c97139e76c166e21dc751f687f0f
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1242, id=31, length=307
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x020c00c01980000000b6160301008610000082008041558fe660bc2c671521e47a8154f66dfa3fc01171b954247f3326929ef9900d9281461b022bb0423abb4e6860b6a5bd36d15106e33f8f2a0a10970f97060feba5825d97cc7e95b1dc60b1cc5a8d5db6adc40007108a6e7ce0e2e6be1e5b7509d22a867e8e35c42958d93340902f81bfdaeb9012b5b7edd717a8bb4ab02b7672140301000101160301002077663a2d7fda9ad37ecb1eaf8bdfc6e6df8ded51a2c1321df23bcf4b0486ff01
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0xf5f1c97139e76c166e21dc751f687f0f
Message-Authenticator = 0xc04b7361c1950cfd4213d9ed16787720
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 11
modcall[authorize]: module "chap" returns noop for request 11
modcall[authorize]: module "mschap" returns noop for request 11
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 11
rlm_eap: EAP packet type response id 12 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 11
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 11
modcall: leaving group authorize (returns updated) for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 31 to 10.134.64.199 port 1242
EAP-Message =
0x010d0031190014030100010116030100201c8d9b8ad5818a4c6a49d4f43f98f9d926aeda09d631c176346cd3bf2cc2d2d3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa616bdeb300012fec81b590d8e9c156c
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1243, id=32, length=121
User-Name = "REFAP\\dadfh9"
EAP-Message = 0x020d00061900
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0xa616bdeb300012fec81b590d8e9c156c
Message-Authenticator = 0x0fc823d3dfcfaeed8d649191c26ab9ed
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
modcall[authorize]: module "preprocess" returns ok for request 12
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 12
modcall[authorize]: module "chap" returns noop for request 12
modcall[authorize]: module "mschap" returns noop for request 12
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 12
rlm_eap: EAP packet type response id 13 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 12
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 12
modcall: leaving group authorize (returns updated) for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 32 to 10.134.64.199 port 1243
EAP-Message =
0x010e002019001703010015a7a70786afd4df2fa7add3e8d9b41ae224d8a8ea2d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaea351ba290828f9c75a7ae236deb40f
Finished request 12
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1244, id=32, length=155
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x020e00281900170301001d41f9fbd7579322722231d0314b1b43136a5e79063d7e4a9fa29933e02f
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0xaea351ba290828f9c75a7ae236deb40f
Message-Authenticator = 0x5e9bf8656a4e1d80d941bd7bc4fb03da
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: EAP packet type response id 14 length 40
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 13
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - REFAP\dadfh9
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of REFAP\dadfh9
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to REFAP\dadfh9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: EAP packet type response id 14 length 17
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 13
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 32 to 10.134.64.199 port 1244
EAP-Message =
0x010f003d19001703010032d88462194552c8140367279b03f82b35860abd3f9d3726dcfb4b95dc0c8c0964dbace7a64958ec014c16179769192a414471
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x727e8ea1a49d7e5724e9253092b7cd0f
Finished request 13
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1245, id=34, length=209
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x020f005e190017030100536f0a05d9545bda21e58c148072ddb40474a6b9f5fadb7dc1c6647ee4e28c6e7aa6fd2f03ba79f2c6a3e98fe72dd4e318e3fdb2e224c66ed7b375088527088c3ef9dc8e1870cc8bd463af305aa9e98ce4c5ed52
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0x727e8ea1a49d7e5724e9253092b7cd0f
Message-Authenticator = 0x478879902f7819c3e711f04915dd4ff5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 15 length 94
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 14
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to REFAP\dadfh9
PEAP: Adding old state with f3 a0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 15 length 71
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 14
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 14
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for dadfh9 with NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Domain'
radius_xlat: '--domain=REFAP'
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat: '--username=dadfh9'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
mschap2: f6
radius_xlat: '--challenge=4f8b745b654820d4'
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat: '--nt-response=95d375f0bae9b0ae4089d5561975162f8be08a90138e6c46'
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 14
modcall: leaving group MS-CHAP (returns reject) for request 14
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 14
modcall: leaving group authenticate (returns reject) for request 14
auth: Failed to validate the user.
Login incorrect (rlm_mschap: Logon failure (0xc000006d)):
[REFAP\\dadfh9/<no User-Password attribute>] (from client localhost
port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 34 to 10.134.64.199 port 1245
EAP-Message =
0x011000261900170301001ba8de1ddcb8721c35a977e24b46480db3ddf09233dc88a1db9165fe
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6603b9e60c00ae9c6e5e7c74b3752c55
Finished request 14
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1246, id=52, length=153
User-Name = "REFAP\\dadfh9"
EAP-Message =
0x021000261900170301001bfd56ee2848408240c537d973f4254806d8af9eefd4937c652bfd2b
NAS-IP-Address = 10.134.64.199
Service-Type = Login-User
Calling-Station-Id = "00-0f-ea-21-ee-51"
NAS-Port-Type = Ethernet
NAS-Port = 16
State = 0x6603b9e60c00ae9c6e5e7c74b3752c55
Message-Authenticator = 0x85a7dee1fb2004dabcb8f13021ce71b5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822
modcall[authorize]: module "auth_log" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: EAP packet type response id 16 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 15
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected
earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 15
modcall: leaving group authenticate (returns invalid) for request 15
auth: Failed to validate the user.
Login incorrect: [REFAP\\dadfh9/<no User-Password attribute>] (from
client 10.134.64.199 port 16 cli 00-0f-ea-21-ee-51)
Delaying request 15 for 1 seconds
Finished request 15
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.134.64.199:1246, id=52, length=153
Sending Access-Reject of id 52 to 10.134.64.199 port 1246
EAP-Message = 0x04100004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 28 with timestamp 46cc7751
Cleaning up request 9 ID 29 with timestamp 46cc7751
Cleaning up request 10 ID 30 with timestamp 46cc7751
Cleaning up request 11 ID 31 with timestamp 46cc7751
Cleaning up request 12 ID 32 with timestamp 46cc7751
Cleaning up request 13 ID 32 with timestamp 46cc7751
Cleaning up request 14 ID 34 with timestamp 46cc7751
Cleaning up request 15 ID 52 with timestamp 46cc7751
Nothing to do. Sleeping until we see a request.
--
Alexsander A. Rodrigues
Se você tivesse que identificar, em uma palavra, a razão pela qual a
raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial,
essa palavra seria "REUNIÕES".
L.F.V.
http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267
More information about the Freeradius-Users
mailing list