Cisco Access Points

tnt at kalik.co.yu tnt at kalik.co.yu
Mon May 14 21:30:26 CEST 2007


You haven't configured peap and tls in eap.conf.

Ivan Kalik
Kalik Informatika ISP


Dana 14/5/2007, "Christian Ejlertsen" <chr.ejlertsen at has.dk> piše:

>This is what I get.
>
>triagia ~ # radiusd -A -X
>Starting - reading configuration files ...
>reread_config:  reading radiusd.conf
>Config:   including file: /etc/raddb/proxy.conf
>Config:   including file: /etc/raddb/clients.conf
>Config:   including file: /etc/raddb/snmp.conf
>Config:   including file: /etc/raddb/eap.conf
>Config:   including file: /etc/raddb/sql.conf
> main: prefix = "/usr"
> main: localstatedir = "/var"
> main: logdir = "/var/log/radius"
> main: libdir = "/usr/lib"
> main: radacctdir = "/var/log/radius/radacct"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = "/var/log/radius/radius.log"
> main: log_auth = no
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = "/var/run/radiusd/radiusd.pid"
> main: user = "radiusd"
> main: group = "radiusd"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/sbin/checkrad"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: post_proxy_authorize = no
> proxy: wake_all_if_all_dead = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
>read_config_files:  reading dictionary
>read_config_files:  reading naslist
>Using deprecated naslist file.  Support for this will go away soon.
>read_config_files:  reading clients
>read_config_files:  reading realms
>radiusd:  entering modules setup
>Module: Library search path is /usr/lib
>Module: Loaded exec
> exec: wait = yes
> exec: program = "(null)"
> exec: input_pairs = "request"
> exec: output_pairs = "(null)"
> exec: packet_type = "(null)"
>rlm_exec: Wait=yes but no output defined. Did you mean output=none?
>Module: Instantiated exec (exec)
>Module: Loaded expr
>Module: Instantiated expr (expr)
>Module: Loaded PAP
> pap: encryption_scheme = "crypt"
> pap: auto_header = no
>Module: Instantiated pap (pap)
>Module: Loaded CHAP
>Module: Instantiated chap (chap)
>Module: Loaded MS-CHAP
> mschap: use_mppe = yes
> mschap: require_encryption = no
> mschap: require_strong = no
> mschap: with_ntdomain_hack = no
> mschap: passwd = "(null)"
> mschap: ntlm_auth = "(null)"
>Module: Instantiated mschap (mschap)
>Module: Loaded System
> unix: cache = no
> unix: passwd = "(null)"
> unix: shadow = "(null)"
> unix: group = "(null)"
> unix: radwtmp = "/var/log/radius/radwtmp"
> unix: usegroup = no
> unix: cache_reload = 600
>Module: Instantiated unix (unix)
>Module: Loaded eap
> eap: default_eap_type = "md5"
> eap: timer_expire = 60
> eap: ignore_unknown_eap_types = no
> eap: cisco_accounting_username_bug = no
>rlm_eap: Loaded and initialized type md5
>rlm_eap: Loaded and initialized type leap
> gtc: challenge = "Password: "
> gtc: auth_type = "PAP"
>rlm_eap: Loaded and initialized type gtc
> mschapv2: with_ntdomain_hack = no
>rlm_eap: Loaded and initialized type mschapv2
>Module: Instantiated eap (eap)
>Module: Loaded preprocess
> preprocess: huntgroups = "/etc/raddb/huntgroups"
> preprocess: hints = "/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> preprocess: with_alvarion_vsa_hack = no
>Module: Instantiated preprocess (preprocess)
>Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> realm: ignore_default = no
> realm: ignore_null = no
>Module: Instantiated realm (suffix)
>Module: Loaded files
> files: usersfile = "/etc/raddb/users"
> files: acctusersfile = "/etc/raddb/acct_users"
> files: preproxy_usersfile = "/etc/raddb/preproxy_users"
> files: compat = "no"
>[/etc/raddb/users]:65 WARNING! Check item "MS-CHAP-Use-NTLM-Auth" ?found in
>reply item list for user "wifiuser". ?This attribute MUST go on the first
>line with the other check items
>Module: Instantiated files (files)
>Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>Client-IP-Address, NAS-Port"
>Module: Instantiated acct_unique (acct_unique)
>Module: Loaded detail
> detail: detailfile =
>"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
>Module: Instantiated detail (detail)
>Module: Loaded radutmp
> radutmp: filename = "/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: case_sensitive = yes
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
>Module: Instantiated radutmp (radutmp)
>Listening on authentication *:1812
>Listening on accounting *:1813
>Ready to process requests.
>rad_recv: Access-Request packet from host 192.168.150.250:1645, id=11,
>length=135
>        User-Name = "wifiuser"
>        Framed-MTU = 1400
>        Called-Station-Id = "0017.0e86.2cb0"
>        Calling-Station-Id = "000e.35e6.0bd0"
>        Service-Type = Login-User
>        Message-Authenticator = 0xcef467e8a3b24b5c3eef6b1ebfea8bb1
>        EAP-Message = 0x0202000d017769666975736572
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 346
>        NAS-IP-Address = 192.168.150.250
>        NAS-Identifier = "VOICE-AP"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  modcall[authorize]: module "mschap" returns noop for request 0
>    rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 0
>  rlm_eap: EAP packet type response id 2 length 13
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 0
>    users: Matched entry wifiuser at line 65
>  modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns updated) for request 0
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>  rlm_eap: EAP Identity
>  rlm_eap: processing type md5
>rlm_eap_md5: Issuing Challenge
>  modcall[authenticate]: module "eap" returns handled for request 0
>modcall: leaving group authenticate (returns handled) for request 0
>Sending Access-Challenge of id 11 to 192.168.150.250 port 1645
>        EAP-Message = 0x010300160410ec940a7577c4d10df211a4ddfebde7ca
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x977d6e6a369cd2ece8aca6a5b16ab920
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.150.250:1645, id=12,
>length=146
>        User-Name = "wifiuser"
>        Framed-MTU = 1400
>        Called-Station-Id = "0017.0e86.2cb0"
>        Calling-Station-Id = "000e.35e6.0bd0"
>        Service-Type = Login-User
>        Message-Authenticator = 0x20d261fff76441857c609d0742b6ce64
>        EAP-Message = 0x020300060319
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 346
>        State = 0x977d6e6a369cd2ece8aca6a5b16ab920
>        NAS-IP-Address = 192.168.150.250
>        NAS-Identifier = "VOICE-AP"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 1
>  modcall[authorize]: module "preprocess" returns ok for request 1
>  modcall[authorize]: module "chap" returns noop for request 1
>  modcall[authorize]: module "mschap" returns noop for request 1
>    rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 1
>  rlm_eap: EAP packet type response id 3 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 1
>    users: Matched entry wifiuser at line 65
>  modcall[authorize]: module "files" returns ok for request 1
>modcall: leaving group authorize (returns updated) for request 1
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 1
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP NAK
> rlm_eap: EAP-NAK asked for EAP-Type/peap
> rlm_eap: No such EAP type peap
>  rlm_eap: Failed in EAP select
>  modcall[authenticate]: module "eap" returns invalid for request 1
>modcall: leaving group authenticate (returns invalid) for request 1
>auth: Failed to validate the user.
>Delaying request 1 for 1 seconds
>Finished request 1
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.150.250:1645, id=12,
>length=146
>Sending Access-Reject of id 12 to 192.168.150.250 port 1645
>        EAP-Message = 0x04030004
>        Message-Authenticator = 0x00000000000000000000000000000000
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>rad_recv: Access-Request packet from host 192.168.150.250:1645, id=13,
>length=135
>        User-Name = "wifiuser"
>        Framed-MTU = 1400
>        Called-Station-Id = "0017.0e86.2cb0"
>        Calling-Station-Id = "000e.35e6.0bd0"
>        Service-Type = Login-User
>        Message-Authenticator = 0xccf58d6473294ed5df1a339437f920a6
>        EAP-Message = 0x0201000d017769666975736572
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 347
>        NAS-IP-Address = 192.168.150.250
>        NAS-Identifier = "VOICE-AP"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 2
>  modcall[authorize]: module "preprocess" returns ok for request 2
>  modcall[authorize]: module "chap" returns noop for request 2
>  modcall[authorize]: module "mschap" returns noop for request 2
>    rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 2
>  rlm_eap: EAP packet type response id 1 length 13
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 2
>    users: Matched entry wifiuser at line 65
>  modcall[authorize]: module "files" returns ok for request 2
>modcall: leaving group authorize (returns updated) for request 2
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 2
>  rlm_eap: EAP Identity
>  rlm_eap: processing type md5
>rlm_eap_md5: Issuing Challenge
>  modcall[authenticate]: module "eap" returns handled for request 2
>modcall: leaving group authenticate (returns handled) for request 2
>Sending Access-Challenge of id 13 to 192.168.150.250 port 1645
>        EAP-Message = 0x0102001604104ca975f3dc58a7f606b7e2201a8ab6c9
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x1bdaf4a324a3a44870d446bb2de9dac1
>Finished request 2
>Going to the next request
>Cleaning up request 0 ID 11 with timestamp 4648921b
>Cleaning up request 1 ID 12 with timestamp 4648921b
>Waking up in 1 seconds...
>rad_recv: Access-Request packet from host 192.168.150.250:1645, id=14,
>length=135
>        User-Name = "wifiuser"
>        Framed-MTU = 1400
>        Called-Station-Id = "0017.0e86.2cb0"
>        Calling-Station-Id = "000e.35e6.0bd0"
>        Service-Type = Login-User
>        Message-Authenticator = 0x078522217ed23ba2b860e12164af494c
>        EAP-Message = 0x0203000d017769666975736572
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 347
>        NAS-IP-Address = 192.168.150.250
>        NAS-Identifier = "VOICE-AP"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 3
>  modcall[authorize]: module "preprocess" returns ok for request 3
>  modcall[authorize]: module "chap" returns noop for request 3
>  modcall[authorize]: module "mschap" returns noop for request 3
>    rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 3
>  rlm_eap: EAP packet type response id 3 length 13
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 3
>    users: Matched entry wifiuser at line 65
>  modcall[authorize]: module "files" returns ok for request 3
>modcall: leaving group authorize (returns updated) for request 3
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 3
>  rlm_eap: EAP Identity
>  rlm_eap: processing type md5
>rlm_eap_md5: Issuing Challenge
>  modcall[authenticate]: module "eap" returns handled for request 3
>modcall: leaving group authenticate (returns handled) for request 3
>Sending Access-Challenge of id 14 to 192.168.150.250 port 1645
>        EAP-Message = 0x010400160410da2d678cd3e4a1a4339bc82f9880c72a
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x807cb82738bed6f381363d412f391090
>Finished request 3
>Going to the next request
>Waking up in 1 seconds...
>rad_recv: Access-Request packet from host 192.168.150.250:1645, id=15,
>length=146
>        User-Name = "wifiuser"
>        Framed-MTU = 1400
>        Called-Station-Id = "0017.0e86.2cb0"
>        Calling-Station-Id = "000e.35e6.0bd0"
>        Service-Type = Login-User
>        Message-Authenticator = 0x51d62b2354da5f1a1f4dcf989ac44156
>        EAP-Message = 0x020400060319
>        NAS-Port-Type = Wireless-802.11
>        NAS-Port = 347
>        State = 0x807cb82738bed6f381363d412f391090
>        NAS-IP-Address = 192.168.150.250
>        NAS-Identifier = "VOICE-AP"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 4
>  modcall[authorize]: module "preprocess" returns ok for request 4
>  modcall[authorize]: module "chap" returns noop for request 4
>  modcall[authorize]: module "mschap" returns noop for request 4
>    rlm_realm: No '@' in User-Name = "wifiuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 4
>  rlm_eap: EAP packet type response id 4 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 4
>    users: Matched entry wifiuser at line 65
>  modcall[authorize]: module "files" returns ok for request 4
>modcall: leaving group authorize (returns updated) for request 4
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 4
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP NAK
> rlm_eap: EAP-NAK asked for EAP-Type/peap
> rlm_eap: No such EAP type peap
>  rlm_eap: Failed in EAP select
>  modcall[authenticate]: module "eap" returns invalid for request 4
>modcall: leaving group authenticate (returns invalid) for request 4
>auth: Failed to validate the user.
>Delaying request 4 for 1 seconds
>Finished request 4
>Going to the next request
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 15 to 192.168.150.250 port 1645
>        EAP-Message = 0x04040004
>        Message-Authenticator = 0x00000000000000000000000000000000
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 2 ID 13 with timestamp 46489220
>Cleaning up request 3 ID 14 with timestamp 46489220
>Cleaning up request 4 ID 15 with timestamp 46489220
>Nothing to do.  Sleeping until we see a request.
>
>> -----Original Message-----
>> From: freeradius-users-bounces+chr.ejlertsen=has.dk at lists.freeradius.org
>> [mailto:freeradius-users-
>> bounces+chr.ejlertsen=has.dk at lists.freeradius.org] On Behalf Of Riccardo
>> Veraldi
>> Sent: 14. maj 2007 18:37
>> To: FreeRadius users mailing list
>> Subject: Re: Cisco Access Points
>>
>>
>> radiusd -A -X
>>
>> an tell what you see on the radius server
>>
>>
>> thanks
>>
>> Rick
>>
>>
>> Christian Ejlertsen wrote:
>> >
>> > Hello to all
>> >
>> > I'm very new at this whole radius deal so I hope I can find a kind
>> > soul that could help me with this setup.
>> >
>> > I'm sorry if this is described somewhere I've been looking around and
>> > I don't seem to find this.
>> >
>> > For now i'm trying to get a very simple setup to work
>> >
>> > I have a Cisco 1121G AP which I want to use with my freeeradius server
>> > EAP/PEAP
>> >
>> > Nothing fancy just a user local on the freeradius server
>> >
>> > I can't get the user credentials to authenticate
>> >
>> > It's a Windows machine that I trying to authenticate with and the
>> > wireless netcard is set to use EAP (PEAP), no certificates and
>> > EAP-MSCHAPv2 as authentication method.
>> >
>> > I have a user in the radius users file called
>> >
>> > wifiuser User-Password := "SomePasswordHere"
>> >
>> > MS-CHAP-Use-NTLM-Auth := 0
>> >
>> > In the clients.conf I have
>> >
>> > client 192.168.150.250 {
>> >
>> > secret = SomePasswordHere
>> >
>> > shortname = CiscoAP1121
>> >
>> > nastype = cisco
>> >
>> > }
>> >
>> > In the eap.conf I unmarked
>> >
>> > default_eap_type = mschapv2
>> >
>> > Then I read this in the eap.conf
>> >
>> > # This module is the *Microsoft* implementation of MS-CHAPv2
>> >
>> > # in EAP. There is another (incompatible) implementation
>> >
>> > # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
>> >
>> > # currently support.
>> >
>> > #
>> >
>> > mschapv2 {
>> >
>> > }
>> >
>> > Does this apply to my setup and if so what is an alternative to what
>> > I'm trying todo?
>> >
>> > When I debug on the cisco AP I get the following lines that are odd
>> > (Full log in bottom of the mail)
>> >
>> > *Apr 23 19:50:57.298: RADIUS: AAA Unsupported [263] 12
>> >
>> > *Apr 23 19:50:57.299: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA]
>> >
>> > *Apr 23 19:50:57.299: RADIUS: AAA Unsupported [156] 3
>> >
>> > *Apr 23 19:50:57.299: RADIUS: 33
>> >
>> > It's a pretty standard Freeradius config havn't done anything to it
>> > but added some users and one other client.
>> >
>> > Thank you in advance
>> >
>> > Christian
>> >
>> > -------- LOGS BELOW ---------
>> >
>> > All I get in radius.log is
>> >
>> > Mon May 14 19:50:20 2007 : Info: rlm_eap_md5: Issuing Challenge
>> >
>> > --------------- CISCO DEBUG RADIUS -----------------------
>> >
>> > *Apr 23 19:50:57.288: RADIUS/ENCODE(000000D3):Orig. component type =
>> DOT11
>> >
>> > *Apr 23 19:50:57.288: RADIUS: AAA Unsupported [263] 12
>> >
>> > *Apr 23 19:50:57.288: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA]
>> >
>> > *Apr 23 19:50:57.288: RADIUS: AAA Unsupported [156] 3
>> >
>> > *Apr 23 19:50:57.288: RADIUS: 33 [3]
>> >
>> > *Apr 23 19:50:57.288: RADIUS(000000D3): Storing nasport 336 in rad_db
>> >
>> > *Apr 23 19:50:57.289: RADIUS(000000D3): Config NAS IP: 192.168.150.250
>> >
>> > *Apr 23 19:50:57.289: RADIUS/ENCODE(000000D3): acct_session_id: 82
>> >
>> > *Apr 23 19:50:57.289: RADIUS(000000D3): Config NAS IP: 192.168.150.250
>> >
>> > *Apr 23 19:50:57.289: RADIUS(000000D3): sending
>> >
>> > *Apr 23 19:50:57.290: RADIUS(000000D3): Send Access-Request to
>> > 192.168.150.1:1812 id 1645/33, len 135
>> >
>> > *Apr 23 19:50:57.290: RADIUS: authenticator EA B6 33 72 6C 09 8E CF -
>> > 84 B1 60 BB 54 B8 55 BF
>> >
>> > *Apr 23 19:50:57.290: RADIUS: User-Name [1] 10 "wifiuser"
>> >
>> > *Apr 23 19:50:57.290: RADIUS: Framed-MTU [12] 6 1400
>> >
>> > *Apr 23 19:50:57.290: RADIUS: Called-Station-Id [30] 16 "0017.0e86.2cb0"
>> >
>> > *Apr 23 19:50:57.290: RADIUS: Calling-Station-Id [31] 16
>> "000e.35e6.0bd0"
>> >
>> > *Apr 23 19:50:57.290: RADIUS: Service-Type [6] 6 Login [1]
>> >
>> > *Apr 23 19:50:57.291: RADIUS: Message-Authenticato[80] 18 *
>> >
>> > *Apr 23 19:50:57.291: RADIUS: EAP-Message [79] 15
>> >
>> > *Apr 23 19:50:57.291: RADIUS: 02 02 00 0D 01 77 69 66 69 75 73 65 72
>> > [?????wifiuser]
>> >
>> > *Apr 23 19:50:57.291: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
>> >
>> > *Apr 23 19:50:57.292: RADIUS: NAS-Port [5] 6 336
>> >
>> > *Apr 23 19:50:57.292: RADIUS: NAS-IP-Address [4] 6 192.168.150.250
>> >
>> > *Apr 23 19:50:57.292: RADIUS: Nas-Identifier [32] 10 "VOICE-AP"
>> >
>> > *Apr 23 19:50:57.293: RADIUS: Received from id 1645/33
>> > 192.168.150.1:1812, Access-Challenge, len 80
>> >
>> > *Apr 23 19:50:57.294: RADIUS: authenticator F9 A4 EE 6B E1 5A 8A AB -
>> > F5 BD 19 CA 96 33 48 CA
>> >
>> > *Apr 23 19:50:57.294: RADIUS: EAP-Message [79] 24
>> >
>> > *Apr 23 19:50:57.294: RADIUS: 01 03 00 16 04 10 41 8F DB 50 B7 94 9A
>> > 30 DF CE [??????A??P???0??]
>> >
>> > *Apr 23 19:50:57.294: RADIUS: 60 DA D1 51 EB 08 [`??Q??]
>> >
>> > *Apr 23 19:50:57.294: RADIUS: Message-Authenticato[80] 18 *
>> >
>> > *Apr 23 19:50:57.294: RADIUS: State [24] 18
>> >
>> > *Apr 23 19:50:57.295: RADIUS: DE 53 56 01 A4 DC 17 CD C0 B9 E0 46 DF
>> > 21 54 FB [?SV????????F?!T?]
>> >
>> > *Apr 23 19:50:57.295: RADIUS(000000D3): Received from id 1645/33
>> >
>> > *Apr 23 19:50:57.296: RADIUS/DECODE: EAP-Message fragments, 22, total
>> > 22 bytes
>> >
>> > *Apr 23 19:50:57.298: RADIUS/ENCODE(000000D3):Orig. component type =
>> DOT11
>> >
>> > *Apr 23 19:50:57.298: RADIUS: AAA Unsupported [263] 12
>> >
>> > *Apr 23 19:50:57.299: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA]
>> >
>> > *Apr 23 19:50:57.299: RADIUS: AAA Unsupported [156] 3
>> >
>> > *Apr 23 19:50:57.299: RADIUS: 33 [3]
>> >
>> > *Apr 23 19:50:57.299: RADIUS(000000D3): Using existing nas_port 336
>> >
>> > *Apr 23 19:50:57.300: RADIUS(000000D3): Config NAS IP: 192.168.150.250
>> >
>> > *Apr 23 19:50:57.300: RADIUS/ENCODE(000000D3): acct_session_id: 82
>> >
>> > *Apr 23 19:50:57.300: RADIUS(000000D3): Config NAS IP: 192.168.150.250
>> >
>> > *Apr 23 19:50:57.300: RADIUS(000000D3): sending
>> >
>> > *Apr 23 19:50:57.300: RADIUS(000000D3): Send Access-Request to
>> > 192.168.150.1:1812 id 1645/34, len 146
>> >
>> > *Apr 23 19:50:57.300: RADIUS: authenticator 56 F3 92 78 A7 7A 09 FA -
>> > 99 29 51 99 7D E0 9F B3
>> >
>> > *Apr 23 19:50:57.301: RADIUS: User-Name [1] 10 "wifiuser"
>> >
>> > *Apr 23 19:50:57.301: RADIUS: Framed-MTU [12] 6 1400
>> >
>> > *Apr 23 19:50:57.301: RADIUS: Called-Station-Id [30] 16 "0017.0e86.2cb0"
>> >
>> > *Apr 23 19:50:57.301: RADIUS: Calling-Station-Id [31] 16
>> "000e.35e6.0bd0"
>> >
>> > *Apr 23 19:50:57.301: RADIUS: Service-Type [6] 6 Login [1]
>> >
>> > *Apr 23 19:50:57.302: RADIUS: Message-Authenticato[80] 18 *
>> >
>> > *Apr 23 19:50:57.302: RADIUS: EAP-Message [79] 8
>> >
>> > *Apr 23 19:50:57.302: RADIUS: 02 03 00 06 03 19 [??????]
>> >
>> > *Apr 23 19:50:57.302: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19]
>> >
>> > *Apr 23 19:50:57.302: RADIUS: NAS-Port [5] 6 336
>> >
>> > *Apr 23 19:50:57.302: RADIUS: State [24] 18
>> >
>> > *Apr 23 19:50:57.302: RADIUS: DE 53 56 01 A4 DC 17 CD C0 B9 E0 46 DF
>> > 21 54 FB [?SV????????F?!T?]
>> >
>> > *Apr 23 19:50:57.302: RADIUS: NAS-IP-Address [4] 6 192.168.150.250
>> >
>> > *Apr 23 19:50:57.303: RADIUS: Nas-Identifier [32] 10 "VOICE-AP"
>> >
>> > *Apr 23 19:51:02.527: RADIUS: no sg in radius-timers: ctx 0xC2506C sg
>> > 0x0000
>> >
>> > *Apr 23 19:51:02.527: RADIUS: Retransmit to (192.168.150.1:1812,1813)
>> > for id 1645/34
>> >
>> > *Apr 23 19:51:02.527: RADIUS: Received from id 1645/34
>> > 192.168.150.1:1812, Access-Reject, len 44
>> >
>> > *Apr 23 19:51:02.528: RADIUS: authenticator 27 C2 B4 DD 14 F9 C3 C0 -
>> > DF 88 BD B5 DC 0D 6C 63
>> >
>> > *Apr 23 19:51:02.528: RADIUS: EAP-Message [79] 6
>> >
>> > *Apr 23 19:51:02.528: RADIUS: 04 03 00 04 [????]
>> >
>> > *Apr 23 19:51:02.528: RADIUS: Message-Authenticato[80] 18 *
>> >
>> > *Apr 23 19:51:02.529: RADIUS(000000D3): Received from id 1645/34
>> >
>> > *Apr 23 19:51:02.529: RADIUS/DECODE: EAP-Message fragments, 4, total 4
>> > bytes
>> >
>> > ------------------------ CISCO DEBUG RADIUS END ---------------------
>> >
>> > ------------------------------------------------------------------------
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list