xp sp3 and freeradius 2.0.5
Oxiel
oxielc at yahoo.it
Mon Jul 7 14:42:58 CEST 2008
Hello Gurus.
Apologies if this mail arrives twice, the first time i did send it (05/Jul/08), nothing showed on the list nor the archive.
I'm new to freeradius 2.0.5, compiled it from sources and installed on CentOS v5.0, xp sp2 clients authenticate without problems with PEAP, but xp sp3 don't.
I've searched the entire list, but none reference to xp sp3.
Has anybody achieved to authenticate xp sp3 with default 802.1x client to freeradius ? Haven't yet tried Vista, but suspect will have the same problem.....
This is the log:
Best regards.
Oxiel
[root at radius ~]# radiusd -X
FreeRADIUS Version 2.0.5, for host x86_64-redhat-linux-gnu, built on Jul 5 2008 at 10:14:20
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including configuration file /etc/raddb/snmp.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 192.168.100.245 {
require_message_authenticator = no
secret = "secreto"
shortname = "192.168.100.245"
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --username=%{mschap:User-Name} --request-nt-key --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/cert-srv.pem"
certificate_file = "/etc/raddb/certs/cert-srv.pem"
CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
private_key_password = "*l4Pr0.14"
dh_file = "/etc/raddb/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
}
WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work!
WARNING: Fix this by running the OpenSSL command listed in eap.conf
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
}
}
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Accounting-Request packet from host 192.168.100.245 port 5001, id=218, length=286
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2"
User-Name = "COSMART\\jat"
NAS-Identifier = "001cc5363882"
NAS-Port = 268439554
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=2"
NAS-Port-Type = Ethernet
Calling-Station-Id = "0050-bac5-dfa5"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Acct-Session-Id = "110500010555d"
NAS-IP-Address = 192.168.100.245
Event-Timestamp = "Jan 1 2005 01:57:37 BOT"
Acct-Session-Time = 119
Acct-Delay-Time = 39
Acct-Input-Octets = 3232
Acct-Input-Packets = 43
Acct-Output-Octets = 8326
Acct-Output-Packets = 71
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Terminate-Cause = Lost-Carrier
3Com-Connect_Id = 81
3com-Attr-29 = 0x00000000
3Com-VLAN-Name = "\000\000\000\000"
3Com-Encryption-Type = "\000\000\000\000"
3Com-Time-Of-Day = "\000\000\000\000"
3com-Attr-22 = 0x00000000
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 268439554,Client-IP-Address = 192.168.100.245,NAS-IP-Address = 192.168.100.245,Acct-Session-Id = "110500010555d",User-Name = "COSMART\\jat"'
rlm_acct_unique: Acct-Unique-Session-ID = "ea36fd6add7d8838".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "COSMART\jat", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/192.168.100.245/detail-20080705
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.100.245/detail-20080705
expand: %t -> Sat Jul 5 14:30:23 2008
++[detail] returns ok
++[unix] returns ok
expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
expand: %{User-Name} -> COSMART\jat
++[radutmp] returns ok
expand: %{User-Name} -> COSMART\jat
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 218 to 192.168.100.245 port 5001
Finished request 0.
Cleaning up request 0 ID 218 with timestamp +2
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=0, length=240
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x0201001b01686f73742f63616a6130322e636f736d6172742e626f
Message-Authenticator = 0xf1acdc9cf04cb956900a1812f75fc8e0
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 27
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.100.245 port 5001
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5073b7a3e2254835034dd3ceef
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=1, length=311
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x0202005019800000004616030100410100003d0301486fbdd4eecfde254716f92a39b631a3684a00787d5d6b063ba9c81cd22e195300001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xbec7d6563e28ca88de7723c45425b6a4
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5073b7a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0666], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.100.245 port 5001
EAP-Message = 0x0103040019c0000006c3160301004a020000460301486fbdc4c5c76a2564aa4f526c944a51a1302a3c659a0b0961427630875f60f92028b6d005458c6b196869a0d631f1ce41013c4514747eeebbdd80e7b4bc5969af00040016030106660b00066200065f0002b9308202b53082021ea003020102020104300d06092a864886f70d0101050500308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f
EAP-Message = 0x72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d301e170d3038303730323231333833325a170d3138303633303231333833325a308195310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311a3018060355040313117261646975732e636f736d6172742e626f311b301906092a864886f70d010901160c6a6174406d61696c2e63736d30819f300d06092a864886f70d010101050003818d0030818902818100cbeb8d00c58afe573130
EAP-Message = 0x546535d403e375d6bd47f46e40c177715d4ecab36ec81bd674cf9e85001a18c8dff1f6a3c36157c4ae0b1081b6a09d177dd4e43da1feab1ad3611da0b973cc5e69d4ed7ddd58147c6ea6666c86d074dce2b4819153f104b1ce41c4c549231e386a04f5123ae40191488aaf93362f09b31eef336682470203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810035fdfe43e521364d5c730005b1307d1ed1fb9bbeb88cec2be4e362fe3779c4dd1196f0e5b0bb41cde48da1e7392549e989d1ea0e3af59191d05be8991ced0b557b2ea643c160b150e7c83ab667414bb8b670c1193c53
EAP-Message = 0xae386773f3124b7803f6ada10aa517a81bfa0cfe66d5a557da43773eafabe10cbd705a52e5303e0282c90003a03082039c30820305a003020102020900e224351ea6a8c75e300d06092a864886f70d0101050500308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d301e170d3038303730323231333435365a170d3138
EAP-Message = 0x303633303231333435365a30
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5072b6a3e2254835034dd3ceef
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=2, length=237
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020300061900
Message-Authenticator = 0x2690776a323a61b010a03df037aec344
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5072b6a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.245 port 5001
EAP-Message = 0x010402d319008191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d30819f300d06092a864886f70d010101050003818d0030818902818100a646305a573ba9462e50379658300d0d0d8af89c4c30d84d160cde108867f5008c5d5476b473d60cc52067227194c9d8cb838e251fad331103a0ef6b82d2fc1c775065420d91f1
EAP-Message = 0x69d61d23088d5d2fcaca82b78d432ae2e5a7bc2128ab1489512d0d5df2dc8057bcf5ecf9e5c1be94088977ffa69885442de5967c302cbb3a750203010001a381f93081f6301d0603551d0e0416041473a2a24959f00db826a07cf8489b046784765ead3081c60603551d230481be3081bb801473a2a24959f00db826a07cf8489b046784765eada18197a48194308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e69
EAP-Message = 0x73747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d820900e224351ea6a8c75e300c0603551d13040530030101ff300d06092a864886f70d010105050003818100012eb34d9f4d44275d7141f817f9754d61b51a1205fe9326b51df1985a69c664e5a572a408ac098247e82621c48c097c72230ef3d4d4607636e721213b3a6bcae16cb65033eb9793e4bad604c5f8a4bd25638163cd556f283862542654cbcae9b86573ac3668cfad36b8b643abedbeb7a1ffb440c3af91d1a3a76d67ac84a2f016030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5071b1a3e2254835034dd3ceef
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=3, length=423
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020400c01980000000b616030100861000008200800d05f33fc8ee7d6b891fd473b79cbd08c00029c400a4a8b4f66a043855312f1ae4c9ebc4d5935b3dd33a2f8c43a91f5268b8c6feeb2045eb683a038e92faad3c109b80d461449c916764451ae0ad1d9cc5adc79124b328a9e1240a83ffa8cef0833a8f218ce6cffe3c92e4a3a2e421e5d3e31c47deeafb370be2c2ae35840013140301000101160301002071ab2c4c5ef80026ece917f82faa9c4bf68ea263927572bcf2eff9dbc1b51e93
Message-Authenticator = 0x9d34a0ceab1dba8f46192d60879ce9e6
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5071b1a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 182
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.100.245 port 5001
EAP-Message = 0x01050031190014030100010116030100208af84b95006d4b91fba9d7169d916eb6809c68b34efddd8d7bb978243d04922e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5070b0a3e2254835034dd3ceef
Finished request 4.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=4, length=237
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020500061900
Message-Authenticator = 0xfb42b30cdfd2f35fc4e94d6b7b571349
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5070b0a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.100.245 port 5001
EAP-Message = 0x0106002019001703010015bc754e60e537bc8fb1c7d29c5758b542685f2a6b11
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5077b3a3e2254835034dd3ceef
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=5, length=281
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x02060032190017030100272290fc8604f7a51d1b40db4729ff215118019fc7cab898e7f7d59299b9ba138f63ad3698ff0d0d
Message-Authenticator = 0xdc1ac64c77e6220711e5b9da5a1483c7
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5077b3a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 50
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - host/caja02.cosmart.bo
PEAP: Got tunneled identity of host/caja02.cosmart.bo
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to host/caja02.cosmart.bo
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 6 length 27
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.100.245 port 5001
EAP-Message = 0x010700471900170301003c1e6805da43586305dd52fac9e77e5c0f59cf439f63276da038654693c461d78f2dff4238725874cbf4b94708899dcd5c661d56d09d4ef789e6c8d8ad
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5076b2a3e2254835034dd3ceef
Finished request 6.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=6, length=335
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020700681900170301005dd9e8df11c1c77181e304f5804625cc6d44f9ab95418534bff216737d94c26604aad2c35ddf65bccfedc9ee52b023fda66d370b6767fd533860ea5b75eb2cdaf251db63feb3991bc812f10e8b41a96942b928746d8e124cd3ff02208321
Message-Authenticator = 0x189158927107c3cc4dbfb70ddcec6879
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5076b2a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 104
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to host/caja02.cosmart.bo
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 7 length 81
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for host/caja02.cosmart.bo with NT-Password
expand: --username=%{mschap:User-Name} -> --username=caja02$
expand: --domain=%{mschap:NT-Domain} -> --domain=cosmart
mschap2: ca
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=2ee635f36876e135
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=3e2799722d4ae64a874fca7144dc868ba821b45ab8d3e5c9
Exec-Program output: NT_KEY: 2C5558B32AB95B9348365F364D596970
Exec-Program-Wait: plaintext: NT_KEY: 2C5558B32AB95B9348365F364D596970
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.100.245 port 5001
EAP-Message = 0x0108004a1900170301003f5b72a242149b0c849225ef274c8f16078a490d8b7017a19218015a39d51e11d4e4b5ec95727149d5d2d108ca87be5ac4572a1326c0be8912899588ed1dc79d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5075bda3e2254835034dd3ceef
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=7, length=260
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x0208001d19001703010012729a793115410148fb3e1894728ed9dd43a2
Message-Authenticator = 0xc0038ec1fb0e803e1447e0c672705c8c
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5075bda3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 29
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to host/caja02.cosmart.bo
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
++[eap] returns ok
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
Saving tunneled attributes for later
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.100.245 port 5001
EAP-Message = 0x010900261900170301001be69227ae08e478000a3caae737a96433d8bb3a4ff3a53f1fbb7c0c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5074bca3e2254835034dd3ceef
Finished request 8.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=8, length=269
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020900261900170301001b3916275431b7332459f3aaa1643e31720bc6ac34c224b51e2693c3
Message-Authenticator = 0x7093c15fac997292a12f6fc80059160c
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5074bca3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Success
Using saved attributes from the original Access-Accept
rlm_eap: Freeing handler
++[eap] returns ok
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 8 to 192.168.100.245 port 5001
User-Name = "host/caja02.cosmart.bo"
MS-MPPE-Recv-Key = 0xbc92e431af5c7ffb4d5b7995391751603d37b0f0ff4b90fbfecd1785d2d987b9
MS-MPPE-Send-Key = 0x298436d731ecef7178d901f10b1654124cb4b52e1e1ed23fd33b1ec32476b480
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Accounting-Request packet from host 192.168.100.245 port 5001, id=219, length=228
User-Name = "host/caja02.cosmart.bo"
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Calling-Station-Id = "0050-bac5-dfa5"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Session-Id = "110500010558e"
NAS-IP-Address = 192.168.100.245
Event-Timestamp = "Jan 1 2005 01:58:37 BOT"
3Com-Connect_Id = 83
3com-Attr-29 = 0x00000000
3Com-VLAN-Name = "\000\000\000\000"
3Com-Encryption-Type = "\000\000\000\000"
3Com-Time-Of-Day = "\000\000\000\000"
3com-Attr-22 = 0x00000000
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 268439553,Client-IP-Address = 192.168.100.245,NAS-IP-Address = 192.168.100.245,Acct-Session-Id = "110500010558e",User-Name = "host/caja02.cosmart.bo"'
rlm_acct_unique: Acct-Unique-Session-ID = "b9beac104c297af0".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/192.168.100.245/detail-20080705
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.100.245/detail-20080705
expand: %t -> Sat Jul 5 14:30:28 2008
++[detail] returns ok
++[unix] returns ok
expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
expand: %{User-Name} -> host/caja02.cosmart.bo
++[radutmp] returns ok
expand: %{User-Name} -> host/caja02.cosmart.bo
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 219 to 192.168.100.245 port 5001
Finished request 10.
Cleaning up request 10 ID 219 with timestamp +7
Going to the next request
Waking up in 4.2 seconds.
Cleaning up request 1 ID 0 with timestamp +6
Cleaning up request 2 ID 1 with timestamp +7
Cleaning up request 3 ID 2 with timestamp +7
Cleaning up request 4 ID 3 with timestamp +7
Cleaning up request 5 ID 4 with timestamp +7
Cleaning up request 6 ID 5 with timestamp +7
Waking up in 0.1 seconds.
Cleaning up request 7 ID 6 with timestamp +7
Cleaning up request 8 ID 7 with timestamp +7
Cleaning up request 9 ID 8 with timestamp +7
Ready to process requests.
______________________________________________
Enviado desde Correo Yahoo! La bandeja de entrada más inteligente.
More information about the Freeradius-Users
mailing list