Problems with EAP and LDAP replyItems (2.0.2)
tschaos at gmx.net
tschaos at gmx.net
Tue Aug 19 17:37:34 CEST 2008
Hi Guys,
Since freeradius2 has some major improvements I try to upgrade from 1.1.4. Unfortunately there are a few problems i encounter:
cause of some weird reason the server isn't sending back my LDAP replyItems back to the NAS along the Access-Accept packet.
In short i want to authenticate using EAP/PEAP against the server, which itself checks against our LDAP Server. Additionally the server should also send back a specific replyItem stored in our LDAP.
configuration looks like:
authorize {
preprocess
eap {
ok = return
}
ldap1
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
in ldap.attrmap the following is configured:
replyItem Airespace-Interface-Name radiusCallingStationId
so LDAP-Attribute radiusCallingStationId should be transformed to an attribute called "Airespace-Interface-Name" and sent back to the NAS.
As you can see in the following debug-output, at the beginning the server sends the attribute back as supposed, but for some weird reason in the access-accept packet the attribute isnt sent along.
whats wrong here?
Thanks in advance!
debug-output:
------------------------------------------------
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=237, length=182
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x0202000d0173737065726c3232
Message-Authenticator = 0x1c08d8491b0ebb2a032ab1ebb8f7ee59
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 2 length 13
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_))
expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.mydomain.com:389, authentication 0
rlm_ldap: bind as uid=service-user,ou=services,dc=mydomain,dc=ac,dc=at/passme to ldap.mydomain.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_))
rlm_ldap: Added User-Password = testpwd in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599"
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap1] returns ok
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 237 to 10.110.101.4 port 32770
Airespace-Interface-Name = "599"
EAP-Message = 0x0103001604104f56bcec8ceb0ba608af483ccb4111c9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b5046233b6000c0bb076d000b26f5e
Finished request 0.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=238, length=193
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x020300060319
State = 0x33b5046233b6000c0bb076d000b26f5e
Message-Authenticator = 0xae7227a437741cee122a96438eb2b8c6
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_))
expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_))
rlm_ldap: Added User-Password = testpwd in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599"
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap1] returns ok
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 238 to 10.110.101.4 port 32770
Airespace-Interface-Name = "599"
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b5046232b11d0c0bb076d000b26f5e
Finished request 1.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=239, length=299
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x0204007019800000006616030100610100005d030148aae3779ae468378b1a02b18a52c5e4aa225f2ea4fa778c7009ade24c04b71e209f4e050b6b3628bc21070999a9b287dd582f514b37e0dd5cdcf9544d19214cca001600040005000a000900640062000300060013001200630100
State = 0x33b5046232b11d0c0bb076d000b26f5e
Message-Authenticator = 0x7fe6f515212a742a05072553d45829f1
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 4 length 112
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 102
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085f], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 239 to 10.110.101.4 port 32770
EAP-Message = 0x0105040019c0000008bc160301004a02000046030148aae37d9c530e8b159ab7521d53d58b44eacaa5ead88c1de2ec18d5bacbf3bb20d8d13f1f14119a30919cd5b9769b22a4fbe7bb65902a16cae2bfa7003cd17cbc000400160301085f0b00085b00085800040c30820408308202f0a003020102020b0100000000010cfd027957300d06092a864886f70d0101050500305f310b300906035504061302424531133011060355040a130a4379626572747275737431173015060355040b130e456475636174696f6e616c20434131223020060355040313194379626572747275737420456475636174696f6e616c204341301e170d30363038313131
EAP-Message = 0x31333335335a170d3039303831313131333335335a3081b3310b3009060355040613024154310f300d060355040813065669656e6e61310f300d060355040713065669656e6e6131273025060355040a131e4d6564697a696e697363686520556e69766572736974616574205769656e310d300b060355040b130449545343312230200603550403131972616469757330312e6d6564756e697769656e2e61632e61743126302406092a864886f70d01090116177a6572746973406d6564756e697769656e2e61632e617430819f300d06092a864886f70d010101050003818d0030818902818100b218141a141f5ee1a7193e39ff21e19b635216e6ff
EAP-Message = 0x8b3ecc95ee385b9427b118ce553f672b6574934621e236b74564094c57aa5c8e913277a712fc7234bcfc653f8a6998dde35022801e86aa4dcb6fe045e31f068ff4f65a4283093e064cca5c4a959a3d53f10365fc567a205e3df20e2c30f834d8c0ab28c07da4ec233b5a770203010001a381f33081f0300e0603551d0f0101ff0404030205a0301f0603551d230418301680146565a33dd73b11a30a072537c9424a5b767750e1301d0603551d0e041604145766eed4ad9de4c3622af482419e6f6d9a688bde303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e676c6f62616c7369676e2e6e65742f656475636174696f6e61
EAP-Message = 0x6c2e63726c304f06082b0601050507010104433041303f06082b060105050730028633687474703a2f2f7365637572652e676c6f62616c7369676e2e6e65742f6361636572742f656475636174696f6e616c2e637274301106096086480186f84201010404030206c0300d06092a864886f70d010105050003820101007d4d6f5c88760278e3d5c8d61704bf3366a7c4a3cb8b32796336751dfe3dafe1e433863f217aee63a3cafe34f44184282b62c6f5eac2de6c410ded98d2f72a2f108fb7780d5a3693da8b1e8169c9927ab649c5ae99cc1d66bac0bec02783f1ed34039783cd8039611bf0350f820dc2d00f4fc1975fe81ec1887d1731b6ebc9c3
EAP-Message = 0xd4b1a042429ceeafabf4d426
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b5046231b01d0c0bb076d000b26f5e
Finished request 2.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=240, length=193
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x020500061900
State = 0x33b5046231b01d0c0bb076d000b26f5e
Message-Authenticator = 0x6ec4abd5178e006e61f2d81062fb224b
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 240 to 10.110.101.4 port 32770
EAP-Message = 0x010603fc194021684b7ee37f14ef584d748d3986b6838870b45c203c1281e3925d0e47db367cf132543d984f488f46fc6dadccaabe6c8386a64085b61289e343ec59a31bdddb2e79bf81621616cdfcbcaf49123ccdb267a1e167a65996d256a96c1220067a4c1571f5a6785a165dde13c1409d4d6e573063a46a00044630820442308203aba0030201020204040003fb300d06092a864886f70d01010505003075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a47
EAP-Message = 0x5445204379626572547275737420476c6f62616c20526f6f74301e170d3036303331343230333030305a170d3133303331343233353930305a305f310b300906035504061302424531133011060355040a130a4379626572747275737431173015060355040b130e456475636174696f6e616c20434131223020060355040313194379626572747275737420456475636174696f6e616c20434130820122300d06092a864886f70d01010105000382010f003082010a02820101009522a1101d4a46606e05919bdf83c2ed12b25a7cf8abe1f8505c282c7e7e003893b08b4af1c24c3c102c3cefb0eca1692fb9fccc08146b8d4f18f383d2faa9370820
EAP-Message = 0xaa5caa8060a2d5a52200cf5ae5b497dfba1ebe5c8e171966fdaf9f7c7b89b20e24d8c7ab63c495328d48e663597d04b833a8bdd75d64bc63b5f74d28fdf90672315cba459465a3d2b458ec3b615844a32f62b39b80b482fdd5c7cc5125e5953f472f307bacc8786ee2e16d27eb3dcc0182e835778dab58bb55d1d5a481568d1cd014b1b006dea09122f3f0a8341747c6e03ef60c5aac7e504bcde1696e06fc067e6a4db49599a0595c3566ecd949d417e060b05da5d71ae22a6e66f2af1d0203010001a382016f3082016b30450603551d1f043e303c303aa038a0368634687474703a2f2f7777772e7075626c69632d74727573742e636f6d2f636769
EAP-Message = 0x2d62696e2f43524c2f323031382f6364702e63726c301d0603551d0e041604146565a33dd73b11a30a072537c9424a5b767750e130530603551d20044c304a304806092b06010401b13e0100303b303906082b06010505070201162d687474703a2f2f7777772e7075626c69632d74727573742e636f6d2f4350532f4f6d6e69526f6f742e68746d6c3081890603551d23048181307fa179a4773075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379
EAP-Message = 0x6265725472757374
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b5046230b31d0c0bb076d000b26f5e
Finished request 3.
Going to the next request
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=241, length=193
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x020600061900
State = 0x33b5046230b31d0c0bb076d000b26f5e
Message-Authenticator = 0x6881af793ac72122f91ce70287a33857
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 241 to 10.110.101.4 port 32770
EAP-Message = 0x010700d6190020476c6f62616c20526f6f74820201a5300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100300d06092a864886f70d01010505000381810043b345835471c41fdcb23c6b4ebf26f24ef2ad9a5bfa863788e8146c4118425fef653eeb0377a0b79e757a517cbb155bb8af91a0349253ed7f2a4984acb9804bb5c7b22322fbebd8fb6ec93cf3d2d1bbbec91cff6d01db69800e99a5ea9e7b97988fb7cf229cb3b85de5a9331774c697370fb4e926825f610b3f1e3d64e92b9b16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b5046237b21d0c0bb076d000b26f5e
Finished request 4.
Going to the next request
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
Waking up in 0.3 seconds.
Waking up in 0.1 seconds.
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=242, length=379
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x020700c01980000000b61603010086100000820080759587d78c0703551ff978fe519c321fe329bccd9b7fad1efd212fe2cda2a265f46e323fe03bde8fa22c7c98049a912b4c55dbe8f24c0bfde5635d31455b532773d5e4fff79737566de5ed9216a2497fab58c9828e488099754db828e64ee445427f27ad4aad14e914298450bf18de6e2b1f82513154bfd35ff62b454e460f341403010001011603010020b296349dc8161aaa497406f4effff2fc353d108b10e272a0a03e95a9896b1a48
State = 0x33b5046237b21d0c0bb076d000b26f5e
Message-Authenticator = 0xd5307429c8e98f0c4aa87fa9b091c71d
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 7 length 192
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 182
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 242 to 10.110.101.4 port 32770
EAP-Message = 0x01080031190014030100010116030100204498dbf2c565163f7e6a26fa40eb8660016e26c757d062c77fcbf95bda412553
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b5046236bd1d0c0bb076d000b26f5e
Finished request 5.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=243, length=193
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x020800061900
State = 0x33b5046236bd1d0c0bb076d000b26f5e
Message-Authenticator = 0xf55e760a0cce74d7d22592a62623d0ee
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 243 to 10.110.101.4 port 32770
EAP-Message = 0x01090020190017030100151926618b8833d6c30ea7a122e304c84ade54456822
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b5046235bc1d0c0bb076d000b26f5e
Finished request 6.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=244, length=223
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x0209002419001703010019180323a78f7b8135a6c953f187bdffca5fa6b06c8c67df7027
State = 0x33b5046235bc1d0c0bb076d000b26f5e
Message-Authenticator = 0x9b1dec6840f0b3c3b2d74fed73c20f11
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 9 length 36
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - testuser
PEAP: Got tunneled identity of testuser
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to testuser
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 9 length 13
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_))
expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_))
rlm_ldap: Added User-Password = testpwd in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599"
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap1] returns ok
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 244 to 10.110.101.4 port 32770
EAP-Message = 0x010a00391900170301002e5a2ea886360afe6df6b573e2443e91c54801f93fef698c7f055c07bb71659b50cae786d192f486e08e6171a3f194
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b5046234bf1d0c0bb076d000b26f5e
Finished request 7.
Going to the next request
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=245, length=277
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x020a005a1900170301004ff3f3ffb30ade8e919779e051585950a06e2804f6701ef53ec010c6e9e9ab369e103c6eb784d0575bd6a06d7da2e44c2d0af174ba5741c599759522c130c3311fe02969c6e4d9b52dc0d6888ec199c7
State = 0x33b5046234bf1d0c0bb076d000b26f5e
Message-Authenticator = 0xaabb7129311a55137500d443e6743e86
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 10 length 90
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to testuser
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 10 length 67
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_))
expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_))
rlm_ldap: Added User-Password = testpwd in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599"
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap1] returns ok
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 245 to 10.110.101.4 port 32770
EAP-Message = 0x010b004a1900170301003fb978ce95576c24b8c9c4ed486e94f68a05ce98749d9a5b454e45f6874163e0542fe11ba1c72ccf25ddf99cf584609da7b5def8fe14a02036064d577dc835c8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b504623bbe1d0c0bb076d000b26f5e
Finished request 8.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=246, length=216
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x020b001d190017030100128029c36ca067214c72016b581f2a833e6f76
State = 0x33b504623bbe1d0c0bb076d000b26f5e
Message-Authenticator = 0x3dfe36504d966fcdd7abcfcd39772580
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 11 length 29
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to testuser
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 11 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_))
expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_))
rlm_ldap: Added User-Password = testpwd in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599"
rlm_ldap: user testuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap1] returns ok
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [testuser/<via Auth-Type = EAP>] (from client wism port 0)
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 246 to 10.110.101.4 port 32770
EAP-Message = 0x010c00261900170301001b0b0e7060107185be702bb1b626fafe2809eaed7d3ce4e32dc4d269
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33b504623ab91d0c0bb076d000b26f5e
Finished request 9.
Going to the next request
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=247, length=225
User-Name = "testuser"
Calling-Station-Id = "00-0E-35-AE-DB-DF"
Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test"
NAS-Port = 29
NAS-IP-Address = 10.110.101.4
NAS-Identifier = "WiSM-2"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "995"
EAP-Message = 0x020c00261900170301001bdeb9ab7c06db2649499c19ad9bce23935a0b22d50b8e76768c84fe
State = 0x33b504623ab91d0c0bb076d000b26f5e
Message-Authenticator = 0xec5e5f7d3cd9c702aaf2a92a72d0dd0d
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 12 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Success
rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [testuser/<via Auth-Type = EAP>] (from client wism port 29 cli 00-0E-35-AE-DB-DF)
Sending Access-Accept of id 247 to 10.110.101.4 port 32770
MS-MPPE-Recv-Key = 0x86dbea1332577adf8f730aefa33ae6fb35895997395317210fd146031f39ee43
MS-MPPE-Send-Key = 0xb4be9f7f22a1911de9c1faf3ab43ab54bda9efa245a749ef7e3ab155979f268b
EAP-Message = 0x030c0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "testuser"
Finished request 10.
Going to the next request
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
Waking up in 0.1 seconds.
Waking up in 1.2 seconds.
Cleaning up request 0 ID 237 with timestamp +34
Cleaning up request 1 ID 238 with timestamp +34
Waking up in 0.3 seconds.
Cleaning up request 2 ID 239 with timestamp +34
Waking up in 0.1 seconds.
Cleaning up request 3 ID 240 with timestamp +34
Waking up in 0.2 seconds.
Cleaning up request 4 ID 241 with timestamp +35
Waking up in 0.9 seconds.
Cleaning up request 5 ID 242 with timestamp +36
Waking up in 0.1 seconds.
Cleaning up request 6 ID 243 with timestamp +36
Waking up in 0.1 seconds.
Cleaning up request 7 ID 244 with timestamp +36
Waking up in 0.2 seconds.
Cleaning up request 8 ID 245 with timestamp +36
Waking up in 0.1 seconds.
Cleaning up request 9 ID 246 with timestamp +36
Waking up in 0.2 seconds.
Cleaning up request 10 ID 247 with timestamp +36
Ready to process requests.
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
More information about the Freeradius-Users
mailing list