EAP authentication with Cisco AP

Peter Param pparam at stvincents.com.au
Tue Oct 23 01:25:24 CEST 2007


Hi All,

I have been trying, unsuccessfully, to get a windows supplicant (as
shipped with Vista) to authenticate via freeradius/ldap.  The
freeradius/ldap combo works well with the existing VPN authen/auth that
we have here on campus but not with EAP.  I'm not sure what or where to
go from here ...any pointers?

freeradius logging:

Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.56.7.81:1645, id=246,
length=130
        User-Name = "timmy"
        Framed-MTU = 1400
        Called-Station-Id = "0013.6067.bcb0"
        Calling-Station-Id = "001b.7728.a8c0"
        Service-Type = Login-User
        Message-Authenticator = 0x7d2246236182294e8085da177383f3b4
        EAP-Message = 0x0202000801746e67
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 6722
        NAS-IP-Address = 10.56.7.81
        NAS-Identifier = "svhwapmed0301"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "timmy", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 2 length 8
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
  modcall[authorize]: module "files" returns notfound for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for timmy
radius_xlat:  '(cn=timmy)'
radius_xlat:  'ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap-dev.stvincents.com.au:389, authentication
0
rlm_ldap: bind as cn=superuser,o=schs,c=au/ldapadmin to
ldap-dev.stvincents.com.au:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in
ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au, with filter (cn=timmy)
rlm_ldap: checking if remote access for timmy is allowed by cn
rlm_ldap: Password header not found in password timmysPASSWORD for user
timmy
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value timmysPASSWORD &
op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user timmy authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "people_search" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 246 to 10.56.7.81 port 1645
        EAP-Message = 0x010300160410da433545ecf08558fb23fb9d7a1e9251
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x84dc68e3b83cac07d2bdde56656fa45b
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.56.7.81:1645, id=247,
length=146
        User-Name = "timmy"
        Framed-MTU = 1400
        Called-Station-Id = "0013.6067.bcb0"
        Calling-Station-Id = "001b.7728.a8c0"
        Service-Type = Login-User
        Message-Authenticator = 0x80896aec4445abeab1b82e57df662896
        EAP-Message = 0x020300060319
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 6722
        State = 0x84dc68e3b83cac07d2bdde56656fa45b
        NAS-IP-Address = 10.56.7.81
        NAS-Identifier = "svhwapmed0301"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "timmy", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
  modcall[authorize]: module "files" returns notfound for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for timmy
radius_xlat:  '(cn=timmy)'
radius_xlat:  'ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au, with filter (cn=timmy)
rlm_ldap: checking if remote access for timmy is allowed by cn
rlm_ldap: Password header not found in password timmysPASSWORD for user
timmy
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value timmysPASSWORD &
op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user timmy authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "people_search" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: EAP-NAK asked for EAP-Type/peap
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 247 to 10.56.7.81 port 1645
        EAP-Message = 0x010400061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa67de6a6917fb1801883447f7d07bf73
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.56.7.81:1645, id=248,
length=286
        User-Name = "timmy"
        Framed-MTU = 1400
        Called-Station-Id = "0013.6067.bcb0"
        Calling-Station-Id = "001b.7728.a8c0"
        Service-Type = Login-User
        Message-Authenticator = 0x63c0e15a97da9e0708a94a4866dd3f63
        EAP-Message = 

0x0204009219800000008816030100830100007f0301471d2dfcffd525f06e56ea45e95ba59040cf607de28f6ec019a0bfc7562fb67a209ef61a1f6dfa89b1f9f

32b95eb9a60448a86c1603e922cedbdc32dfcb09a3ba40018002f00350005000ac009c00ac013c01400320038001300040100001e000000080006000003746e67

000a00080006001700180019000b00020100
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 6722
        State = 0xa67de6a6917fb1801883447f7d07bf73
        NAS-IP-Address = 10.56.7.81
        NAS-Identifier = "svhwapmed0301"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "timmy", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: EAP packet type response id 4 length 146
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
  modcall[authorize]: module "files" returns notfound for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for timmy
radius_xlat:  '(cn=timmy)'
radius_xlat:  'ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au, with filter (cn=timmy)
rlm_ldap: checking if remote access for timmy is allowed by cn
rlm_ldap: Password header not found in password timmysPASSWORD for user
timmy
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value timmysPASSWORD &
op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user timmy authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "people_search" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0083], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 248 to 10.56.7.81 port 1645
        EAP-Message = 

0x0105040a19c0000006f1160301004a020000460301471df0af1061ddbf5eb56761e29205a9e3e6f2c629dfedd7e48986d1d70a1bdc20c8f928a15bdc928654f

737f82c0d065558cc630a34842ed95c75e9255ffe68e0002f0016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886

f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153

013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
        EAP-Message = 

0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3

035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d652043

69747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f742063657

27469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
        EAP-Message = 

0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab

450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24

a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf

13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
        EAP-Message = 

0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e8350365000

3ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f7669

6e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7

374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
        EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2a41bebb402ac05cba1644abf67b505d
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.56.7.81:1645, id=249,
length=146
        User-Name = "timmy"
        Framed-MTU = 1400
        Called-Station-Id = "0013.6067.bcb0"
        Calling-Station-Id = "001b.7728.a8c0"
        Service-Type = Login-User
        Message-Authenticator = 0x92dcb7065be1aacef1d3c822189d80ac
        EAP-Message = 0x020500061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 6722
        State = 0x2a41bebb402ac05cba1644abf67b505d
        NAS-IP-Address = 10.56.7.81
        NAS-Identifier = "svhwapmed0301"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "timmy", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
  modcall[authorize]: module "files" returns notfound for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for timmy
radius_xlat:  '(cn=timmy)'
radius_xlat:  'ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au, with filter (cn=timmy)
rlm_ldap: checking if remote access for timmy is allowed by cn
rlm_ldap: Password header not found in password timmysPASSWORD for user
timmy
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value timmysPASSWORD &
op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user timmy authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "people_search" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 249 to 10.56.7.81 port 1645
        EAP-Message = 

0x010602f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e6365311230100603550

4071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b30190603550403

1312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864

886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
        EAP-Message = 

0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c64

46c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ad

e33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f060

3550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
        EAP-Message = 

0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636

c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798

252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6

d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1a27c6ddec22fc7e8ba7321a04a67cdf
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.56.7.81:1645, id=250,
length=348
        User-Name = "timmy"
        Framed-MTU = 1400
        Called-Station-Id = "0013.6067.bcb0"
        Calling-Station-Id = "001b.7728.a8c0"
        Service-Type = Login-User
        Message-Authenticator = 0x28fd9e0202cf42bd44781d1936b19d5b
        EAP-Message = 

0x020600d01980000000c61603010086100000820080c8496ebc39e0d28f133239b1bfefccb1784377f1b07bd7d12bf071b224065604e7e5e9cf15bff61442b71

af55ac6c6858f77849b77a5c2166d136211cd01d13e4310bc0c7ca31c3cd4753fc290d89f66f4d7d741efe6111767af2458fce838b9433fb7f29c861f5512c2fc

841101765ff968fd0af7618fca760a1b0f52c8c12f1403010001011603010030ffc6b4939e760c4cb04e95cd91fc9b2ad09413ca627eaf3c5c2393a7c5faf2a00

61a5537352eda0ae57c30df28076830
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 6722
        State = 0x1a27c6ddec22fc7e8ba7321a04a67cdf
        NAS-IP-Address = 10.56.7.81
        NAS-Identifier = "svhwapmed0301"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "timmy", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 6 length 208
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
  modcall[authorize]: module "files" returns notfound for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for timmy
radius_xlat:  '(cn=timmy)'
radius_xlat:  'ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au, with filter (cn=timmy)
rlm_ldap: checking if remote access for timmy is allowed by cn
rlm_ldap: Password header not found in password timmysPASSWORD for user
timmy
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value timmysPASSWORD &
op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user timmy authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "people_search" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 250 to 10.56.7.81 port 1645
        EAP-Message = 

0x01070041190014030100010116030100306b3fd8715c33413675406c2dba6d3c4cf5b81093805d860c763723e87d2f53c3c9c1b337b68f0ca371f395bf52371

262
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x750739061080eab3d90e47746efede12
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.56.7.81:1645, id=251,
length=146
        User-Name = "timmy"
        Framed-MTU = 1400
        Called-Station-Id = "0013.6067.bcb0"
        Calling-Station-Id = "001b.7728.a8c0"
        Service-Type = Login-User
        Message-Authenticator = 0xac51a58b821abc23ae73f0b5faba230f
        EAP-Message = 0x020700061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 6722
        State = 0x750739061080eab3d90e47746efede12
        NAS-IP-Address = 10.56.7.81
        NAS-Identifier = "svhwapmed0301"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "timmy", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 7 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
  modcall[authorize]: module "files" returns notfound for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for timmy
radius_xlat:  '(cn=timmy)'
radius_xlat:  'ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=people,ou=darlinghurst,ou=nsw,o=schs,c=au, with filter (cn=timmy)
rlm_ldap: checking if remote access for timmy is allowed by cn
rlm_ldap: Password header not found in password timmysPASSWORD for user
timmy
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value timmysPASSWORD &
op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user timmy authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "people_search" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 251 to 10.56.7.81 port 1645
        EAP-Message = 

0x010800501900170301002056b3fce58dfde9876381acb7eb7ec8139c58d280947a6c2cae9d9eeba78271f61703010020086e9221f752701d9d96797db6f7ae6

c3d6ff0e8afe29639e9607da3bb708140
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x144352a3976c560713ae411bf3b1f1fd
Finished request 5
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 246 with timestamp 471df0af
Cleaning up request 1 ID 247 with timestamp 471df0af
Cleaning up request 2 ID 248 with timestamp 471df0af
Cleaning up request 3 ID 249 with timestamp 471df0af
Cleaning up request 4 ID 250 with timestamp 471df0af
Cleaning up request 5 ID 251 with timestamp 471df0af
Nothing to do.  Sleeping until we see a request.


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been virus
scanned and although no viruses were detected by the system, St Vincents &
Mater Health Sydney accepts no liability for any consequential damage
resulting from email containing any computer viruses.

**********************************************************************



More information about the Freeradius-Users mailing list