VLAN assigment and Alcatel Omniswitch 7800
Oxiel Contreras
oxielc at yahoo.it
Thu Feb 8 00:25:59 CET 2007
Helo gurus.
I'm new to radius, but willing to learn :)
Using OpenSuSE 10.1 and freeradius-1.1.0-19 and Windows2K as AD and Alcatel
Omniswitch 7800 with 802.1x and Port Mobility features enabled.
I've followed the steps from:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
The authentication of WindowsXP Supplicants with EAP/PEAP is working great,
now i need to assign VLANs to this setup, i've searched the list and google
and found this setting for /etc/raddb/users:
jose Auth-Type == EAP
Tunnel-Type += VLAN,
Tunnel-Medium-Type += IEEE-802,
Tunnel-Private-Group-Id += 3
But the port is never assigned to VLAN 3 for the user "jose".
Is it possible to assign VLAN's with Alcatel ?
Do i need any extra license ?
Anybody have this running ?
It seems to me, that the VLAN parameters are never returned to the switch in
the Access-Accept parth of this the result from radiusd -X.
oxiel:/etc/raddb # radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "/usr/bin/ntlm_auth --username=%{mschap:User-Name}
--request-nt-key --domain=%{mschap:NT-Domain}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=206,
length=91
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
NAS-Port = 85
EAP-Message = 0x020200150153414755415041435c616d6730383731
Message-Authenticator = 0x4857fea61c5a9d66c114985dba27c8a2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 21
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 206 to 192.168.10.20 port 1067
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d6d6f0ddf48bb99c12194dfda4a1c27
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=207,
length=168
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
State = 0x9d6d6f0ddf48bb99c12194dfda4a1c27
NAS-Port = 85
EAP-Message =
0x0203005019800000004616030100410100003d030145c3b7635173ec271fb507e42e9738c3b4f164ffc4085f6bac9ecda83ac963b300001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xb2fbd984a0e1f39320472d32182a9a49
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06e3], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 207 to 192.168.10.20 port 1067
EAP-Message =
0x0104040a19c000000740160301004a02000046030145c3b9289f95159048307de2e5d8706c092897f0ec1ac572005c17e96e26ec7f20a28e7c07be63f2cc73041f94a317f13932b2fbd6a5fe5871ef5c48cc5f66e0e500040016030106e30b0006df0006dc0002e3308202df30820248a003020102020104300d06092a864886f70d01010505003081ac310b300906035504061302424f311330110603550408130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173311630140603550403130d6164
EAP-Message =
0x6d696e6973747261746f72312c302a06092a864886f70d010901161d6d656e64657a2e616e647265734073616775617061632e636f6d2e626f301e170d3036313233303030323231335a170d3037313233303030323231335a3081a4310b300906035504061302424f311330110603550408130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173310e300c060355040313056f7869656c312c302a06092a864886f70d010901161d6d656e64657a2e616e647265734073616775617061632e636f6d
EAP-Message =
0x2e626f30819f300d06092a864886f70d010101050003818d0030818902818100d4bffbbfb022a7f958b349e687938d4957a97ad7bcafb5809650d765d01756a5c00de2e70f2e8f85b11be4b9e5bef2f3ae9f1d3b0621c220b8797d1ed166e7d9a8ebeafd94917c202578632e6995ec7d71af019b0672b0b2954a482b2b692d8ddac2f4b90920f694eca2108d5cdf2a56819b7066ca84d93ce7daf81d9622850f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181004377bcfc4439739f4796cfe2f00c81d6ec2b59daf43c6e6d84c379e650ee50979acce1fff0f9b8ff2b5f4ea4
EAP-Message =
0xb0ecde0f2330b714b271df9698fdcd756f12cd137889646279b9a6f4ee7093e2dafaaa875395a366bbf9f874bad9f3ebab34b626168e0d0f3c2618916e2da198e8bccbd5ba4ad4e1370b00108e78beabfff3a0410003f3308203ef30820358a0030201020209009c7ed6d4d9c27eca300d06092a864886f70d01010505003081ac310b300906035504061302424f311330110603550408130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173311630140603550403130d61646d696e697374726174
EAP-Message = 0x6f72312c302a06092a864886f70d010901161d6d656e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3f79572080cc5e023f870a7ff061f9c0
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=208,
length=94
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
State = 0x3f79572080cc5e023f870a7ff061f9c0
NAS-Port = 85
EAP-Message = 0x020400061900
Message-Authenticator = 0x7b66c08480bde9c011c3ea836c8c7d4b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 208 to 192.168.10.20 port 1067
EAP-Message =
0x01050346190064657a2e616e647265734073616775617061632e636f6d2e626f301e170d3036313233303030323130395a170d3038313232393030323130395a3081ac310b300906035504061302424f311330110603550408130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72312c302a06092a864886f70d010901161d6d656e64657a2e616e647265734073616775617061632e636f6d2e626f30819f300d06092a864886f70d01
EAP-Message =
0x0101050003818d0030818902818100a7ac18689f583d3798fa66644e9a0779f600d95e1e22398818f6ae4e7237c9876bb1dcff55570a031544606660d7b641cd09cdd8f6d0fae1ad005631f6139ee924aa795047fc9a5ec9960fafbea87111b8a78e84b940685d65fe8ab8643ba8b43c8268198966f013a744b159786e0d7e4b47ee15777ec7c2e74dad5f055787d30203010001a382011530820111301d0603551d0e041604148e06fc719eca87d27e9e33510370513812b461ce3081e10603551d230481d93081d680148e06fc719eca87d27e9e33510370513812b461cea181b2a481af3081ac310b300906035504061302424f3113301106035504
EAP-Message =
0x08130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72312c302a06092a864886f70d010901161d6d656e64657a2e616e647265734073616775617061632e636f6d2e626f8209009c7ed6d4d9c27eca300c0603551d13040530030101ff300d06092a864886f70d0101050500038181004ea0901bc63f1d9e4e65fe67fca6dc432b009e35d3939dedb0c6b4910f8920a1404562099fa54a30a4169807aae290c93f2188d8b808696875ba
EAP-Message =
0xab8df4968fc8672f948da1000b3a59aa766c9fa48b42a5fc5534a209c0db7bd21c1732f0377e94fe2ec09f619eb1c939d2a4275f6b812050d32901b820ff1cc88e7c0b21e5e316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x06b3a931efea56a67d3b12175eeadfc0
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=209,
length=280
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
State = 0x06b3a931efea56a67d3b12175eeadfc0
NAS-Port = 85
EAP-Message =
0x020500c01980000000b616030100861000008200800d59b5ba20edb2d54cd0d56be84aa6133a0b2628cd1ca03c0254343106a80a06ae14b39969a0feb9613d84a85a14917f95379ec54a8754d4808477557e179694065ac61dbe7841ae33223f2f8d1976886ca4f3b54e942c3fb697ba293a8fedf822348fd2c4c0a68505f1c6b67878d5c31cb5663fdd5e976675fce1ed3421e55c1403010001011603010020e023e4faf2cc10f4334474ed9751c5a959ffc9241ea03e2bf209c5f29cd8a2c3
Message-Authenticator = 0x11546e4b95a7e95f3dfdeb0f29124125
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 5 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 209 to 192.168.10.20 port 1067
EAP-Message =
0x0106003119001403010001011603010020f67af346039e8ee2405b3764ad5f918dfe61c4af3546e8ad1dd15bd21ca0d376
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917ea9cbbe5c65d8ed6bff5fdcca7db7
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=210,
length=94
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
State = 0x917ea9cbbe5c65d8ed6bff5fdcca7db7
NAS-Port = 85
EAP-Message = 0x020600061900
Message-Authenticator = 0xa8af04dbd0c91ab153eacfb1b8b1f172
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 210 to 192.168.10.20 port 1067
EAP-Message =
0x01070020190017030100156bd5621bae4fb38c5dbe91e2c3b6c323cf23571705
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x98187c2d49a89527610d15cdff70fff3
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=211,
length=132
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
State = 0x98187c2d49a89527610d15cdff70fff3
NAS-Port = 85
EAP-Message =
0x0207002c19001703010021016436b91df2958d8e27a515af65591aa2c33e93d338a338ff2c309d65ff914296
Message-Authenticator = 0xaaadbac57d1774f3ce893f338f253858
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 44
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - MYDOMAIN\jose
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of MYDOMAIN\jose
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to MYDOMAIN\jose
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 21
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 211 to 192.168.10.20 port 1067
EAP-Message =
0x010800411900170301003630ab9d3435ef1d9c7dc7e6f242cd9270664e0e0fb207b960deb02b81bcd1b744a3888a0a56fe498640433309cac513a1bf3aa1674bde
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7a92e7a96eacd44d4fd1ff63e908e9e2
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=212,
length=186
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
State = 0x7a92e7a96eacd44d4fd1ff63e908e9e2
NAS-Port = 85
EAP-Message =
0x0208006219001703010057df9dbbc7ef4684b090bdc706cd290f6f1fef65e3cdbb93aa0b1577dede1e9be3922c12e5af05e556bd3f9802d88d1c591ae180857fc263931b085e38adfdfe9d52508d6475a8b1b95de28fcd44329a3c916a40863eb07d
Message-Authenticator = 0xcefaa60b5f32ef01b79a062ee8e8f3fe
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 8 length 98
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to MYDOMAIN\jose
PEAP: Adding old state with 3c ec
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 8 length 75
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for jose with NT-Password
radius_xlat: Running registered xlat function of module mschap for string
'User-Name'
radius_xlat: Running registered xlat function of module mschap for string
'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string
'Challenge'
mschap2: a9
radius_xlat: Running registered xlat function of module mschap for string
'NT-Response'
radius_xlat: '/usr/bin/ntlm_auth --username=jose --request-nt-key
--domain=MYDOMAIN --challenge=23482ae45d3e185d
--nt-response=144c32fdf284bad9c7d9d789db878b80428eaa7ad9ae1a42'
Exec-Program: /usr/bin/ntlm_auth --username=jose --request-nt-key
--domain=MYDOMAIN --challenge=23482ae45d3e185d
--nt-response=144c32fdf284bad9c7d9d789db878b80428eaa7ad9ae1a42
Exec-Program output: NT_KEY: 0A83D7C2B162B94C31CE636B6CA6ECCC
Exec-Program-Wait: plaintext: NT_KEY: 0A83D7C2B162B94C31CE636B6CA6ECCC
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 6
modcall: leaving group MS-CHAP (returns ok) for request 6
MSCHAP Success
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 212 to 192.168.10.20 port 1067
EAP-Message =
0x0109004a1900170301003fb564a89db69f923da3b09305d5b6869317541502643d9f145c8d9a34b6b85d9665ebfc45825ac25a188472d3c2f691811a34f54f2d7b08242e961c2592bc38
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3be7bff9e8a4a52effea7ebb58c23d24
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=213,
length=117
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
State = 0x3be7bff9e8a4a52effea7ebb58c23d24
NAS-Port = 85
EAP-Message =
0x0209001d19001703010012f357dcf3cd2394e7337a3b0eaaa702c74609
Message-Authenticator = 0x022702d1f3f76c72f2b4d875449abc97
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 9 length 29
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to MYDOMAIN\jose
PEAP: Adding old state with 6b 13
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 9 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 7
modcall: leaving group authenticate (returns ok) for request 7
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 213 to 192.168.10.20 port 1067
EAP-Message =
0x010a00261900170301001b37f4320b69bebda8e841f4a55f6b41d84be0b529cb34d5a4357b38
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5597f1b859aff68c52dff25df3151a93
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.10.20:1067, id=214,
length=126
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
State = 0x5597f1b859aff68c52dff25df3151a93
NAS-Port = 85
EAP-Message =
0x020a00261900170301001beac5a6d4d8702084479528a2ebd32267a4b66e9fbfef2b28315132
Message-Authenticator = 0x1f655acb0e50dfe0dd70edac651c8093
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 161
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 8
modcall: leaving group authenticate (returns ok) for request 8
Sending Access-Accept of id 214 to 192.168.10.20 port 1067
MS-MPPE-Recv-Key =
0x0206f3af33e5e4224da7e663dfc79d8ff204c559d839a39343e1c91ad4198502
MS-MPPE-Send-Key =
0xae765f9bcca046bb7be43f55bbb5673120009c23275ed77f1526cef3639e3272
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "MYDOMAIN\\jose"
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 192.168.10.20:1067, id=215,
length=82
Acct-Status-Type = Start
User-Name = "MYDOMAIN\\jose"
NAS-IP-Address = 192.168.10.20
Acct-Session-Id = "0015c5551a97"
NAS-Port = 85
Xylan-Slot-Port = "3/17"
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 9
modcall[preacct]: module "preprocess" returns noop for request 9
rlm_acct_unique: Hashing 'NAS-Port = 85,Client-IP-Address =
192.168.10.20,NAS-IP-Address = 192.168.10.20,Acct-Session-Id =
"0015c5551a97",User-Name = "MYDOMAIN\\jose"'
rlm_acct_unique: Acct-Unique-Session-ID = "eed7faa245223d13".
modcall[preacct]: module "acct_unique" returns ok for request 9
rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 9
modcall[preacct]: module "files" returns noop for request 9
modcall: leaving group preacct (returns ok) for request 9
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 9
radius_xlat: '/var/log/radius/radacct/192.168.10.20/detail-20070202'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.10.20/detail-20070202
modcall[accounting]: module "detail" returns ok for request 9
modcall[accounting]: module "unix" returns ok for request 9
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: 'MYDOMAIN\\jose'
modcall[accounting]: module "radutmp" returns ok for request 9
modcall: leaving group accounting (returns ok) for request 9
Sending Accounting-Response of id 215 to 192.168.10.20 port 1067
Finished request 9
Going to the next request
Cleaning up request 9 ID 215 with timestamp 45c3b928
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 206 with timestamp 45c3b928
Cleaning up request 1 ID 207 with timestamp 45c3b928
Cleaning up request 2 ID 208 with timestamp 45c3b928
Cleaning up request 3 ID 209 with timestamp 45c3b928
Cleaning up request 4 ID 210 with timestamp 45c3b928
Cleaning up request 5 ID 211 with timestamp 45c3b928
Cleaning up request 6 ID 212 with timestamp 45c3b928
Cleaning up request 7 ID 213 with timestamp 45c3b928
Cleaning up request 8 ID 214 with timestamp 45c3b928
Nothing to do. Sleeping until we see a request.
Thanks and best regards to all of you.
Oxiel
Chiacchiera con i tuoi amici in tempo reale!
http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com
More information about the Freeradius-Users
mailing list