FreeRadius 2.0.3 setup help
Brooks, Kyle
Kyle.Brooks at nrc-cnrc.gc.ca
Fri Jul 25 19:43:36 CEST 2008
Hello,
We have been trying to setup the new FreeRadius server, version 2.0.3 on Fedora 9. We are very close as during testing a user was able to authenticate to AD via LDAP. Radtest was ok, but there is no accept packet/acknowledgment sent back, so the network switch thinks the user hasn't been authenticated yet. Below is the radius log, sensitive information has been taken out. I'm hoping someone can help us figure out what we are doing wrong. The log below has been shorten.
Thanks,
Kyle
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 17 to 10.0.1.9 port 1645
EAP-Message = 0x010502d51900446f6d61696e253230417574656e7469636174696f6e2c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d6164732c44433d6e696e742c44433d6f72673f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f72697479306d06082b060105050730028661687474703a2f2f636e737261646975732e6164732e6e696e742e6f72672f43657274456e726f6c6c2f636e737261646975732e6164732e6e696e742e6f72675f4e494e5425323044
EAP-Message = 0x6f6d61696e253230417574656e7469636174696f6e2e637274300c0603551d130101ff04023000300b0603551d0f0404030205a0303d06092b06010401823715070430302e06262b060104018237150881bae62e8783f93e81e18d3483c9895b86a3bc175e86cef50084f0c57d020166020103301d0603551d250416301406082b0601050507030106082b06010505070302302706092b060104018237150a041a3018300a06082b06010505070301300a06082b06010505070302300d06092a864886f70d010105050003820101004a343f89b942c17c6da2ef12d595d6701f9472e09e7d33d437ff95f02178ac3a2e631b68331b07b40a593348ff47
EAP-Message = 0x0fcf80a89ea5cb645c2769973d97cccec41a95c14f1abf0988286c79d8db6b0aef25e3817ff272879a9ad89bcb01bbcbd6400d9f53d16d16c9d7b78857cdfa9647ad88df7a79d6c544f1a0f68019ef56c1cf79548b60711e896296467a3200be5881bb358827915491040126d5e642fe016c908827488887f7ff3807f3a99409edb0b82415d5f484357df9456b1b7b4a9f8f01a53d47d62642d7677315c944aa77610b947de933bf29b14db7ee28b0e9601fb9e9ac2a6bdba788f8380cdbf59333d2be1887f202cbc8b505fec54d2b2ba19516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x87d5a69b85d0bf58ea7c4f63c1b50a12
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.1.9 port 1645, id=18, length=351
User-Name = "XXXX\\<username>"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "<mac address>"
Calling-Station-Id = "<mac address>"
EAP-Message = 0x020500d01980000000c61603010086100000820080b2cfa1111edc9fb8469c48b5fab8b7b3ad52036f0030c1f02ce6d994ca3f4d7de0918bf718ee71a422cce5df2aac531d313793dad5127a79e509dd08f898a7c7ad3627f1a2fcfed774bfb8e901414e44627de44b3d40a738fe0580a15c514dd5e922fef25ecfe95de8ba80e98740727dc76ba5a7fa7b9325c29b7ad955742f4414030100010116030100307bd8da6c0510da3056427272fafb8890d885cf8f926fe5cbeadf95bd902f81128e9559dfc5d21ddc3c428a8292ff230d
Message-Authenticator = 0xa70f5aa988544c98139e0ac08e9300aa
NAS-Port-Type = Ethernet
NAS-Port = 50117
State = 0x87d5a69b85d0bf58ea7c4f63c1b50a12
NAS-IP-Address = 10.0.1.9
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "XXXX\<username>", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_realm: Looking up realm "XXXX" for User-Name = "XXXX\<username>"
rlm_realm: Found realm "XXXX"
rlm_realm: Adding Stripped-User-Name = "<username>"
rlm_realm: Proxying request from user <username> to realm XXXX
rlm_realm: Adding Realm = "XXXX"
rlm_realm: Authentication realm is LOCAL.
++[ntdomain] returns noop
rlm_eap: EAP packet type response id 5 length 208
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 198
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 18 to 10.0.1.9 port 1645
EAP-Message = 0x0106004119001403010001011603010030b5334958337959abd8ee1c69ce59d04b7d408af44109bb668b2dde9c69c2c19c31d59fe6308e986f95ba68e28e729810
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x87d5a69b84d3bf58ea7c4f63c1b50a12
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.1.9 port 1645, id=19, length=149
User-Name = "XXXX\\<username>"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "<mac address>"
Calling-Station-Id = "<mac address>"
EAP-Message = 0x020600061900
Message-Authenticator = 0x8ae0ce1dd64a77972c966f420912d7ca
NAS-Port-Type = Ethernet
NAS-Port = 50117
State = 0x87d5a69b84d3bf58ea7c4f63c1b50a12
NAS-IP-Address = 10.0.1.9
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "XXXX\<username>", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_realm: Looking up realm "XXXX" for User-Name = "XXXX\<username>"
rlm_realm: Found realm "XXXX"
rlm_realm: Adding Stripped-User-Name = "<username>"
rlm_realm: Proxying request from user <username> to realm XXXX
rlm_realm: Adding Realm = "XXXX"
rlm_realm: Authentication realm is LOCAL.
++[ntdomain] returns noop
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 19 to 10.0.1.9 port 1645
EAP-Message = 0x0107002b19001703010020fb69d7f8ea5ff2236c3d3f2024af829aa0c1308d48050be568e073018586f039
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x87d5a69b83d2bf58ea7c4f63c1b50a12
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.1.9 port 1645, id=20, length=202
User-Name = "XXXX\\<username>"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "<mac address>"
Calling-Station-Id = "<mac address>"
EAP-Message = 0x0207003b19001703010030c55fd862b91f5c191c4fb7c5ff098300eadda3a90a5fcca8448b8ce2f7743a0847595fb27698b8f44eb34d661d83a511
Message-Authenticator = 0xdf26170e6390e116aac0d3ca3a837ee6
NAS-Port-Type = Ethernet
NAS-Port = 50117
State = 0x87d5a69b83d2bf58ea7c4f63c1b50a12
NAS-IP-Address = 10.0.1.9
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "XXXX\<username>", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_realm: Looking up realm "XXXX" for User-Name = "XXXX\<username>"
rlm_realm: Found realm "XXXX"
rlm_realm: Adding Stripped-User-Name = "<username>"
rlm_realm: Proxying request from user <username> to realm XXXX
rlm_realm: Adding Realm = "XXXX"
rlm_realm: Authentication realm is LOCAL.
++[ntdomain] returns noop
rlm_eap: EAP packet type response id 7 length 59
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - XXXX\<username>
PEAP: Got tunneled EAP-Message
EAP-Message = 0x02070014014e494e545c4272616462726f6f6b43
PEAP: Got tunneled identity of XXXX\<username>
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to XXXX\<username>
PEAP: Sending tunneled request
EAP-Message = 0x02070014014e494e545c4272616462726f6f6b43
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXX\\<username>"
server inner-tunnel {
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "XXXX\<username>", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 7 length 20
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
expand: dc=XXX,dc=XXXX,dc=org -> dc=XXX,dc=XXXX,dc=org
expand: (&(samaccountName=%{mschap:User-Name})) -> (&(samaccountName=<username>))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=XXX,dc=XXXX,dc=org, with filter (&(samaccountName=<username>))
rlm_ldap: ldap_release_conn: Release Id: 0
expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=XXX,dc=XXXX,dc=org, with filter (&(cn=<groupname>)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in CN=<lastname>\, <firstname>OU=XXX,OU=SupportGrp,DC=XXX,DC=XXXX,DC=org, with filter (objectclass=*)
rlm_ldap: performing search in CN=<groupname>,OU=XXX,OU=SupportGrp,DC=XXX,DC=XXXX,DC=org, with filter (cn=<groupname>)
rlm_ldap::ldap_groupcmp: User found in group <groupname>
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 203
++[files] returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for XXXX\<username>
expand: (&(samaccountName=%{mschap:User-Name})) -> (&(samaccountName=<username>))
expand: dc=XXX,dc=XXXX,dc=org -> dc=XXX,dc=XXXX,dc=org
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=XXX,dc=XXXX,dc=org, with filter (&(samaccountName=<username>))
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
rlm_ldap: user XXXX\<username> authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
PEAP: Got tunneled reply RADIUS code 11
Auth-Type := LDAP
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "254"
EAP-Message = 0x010800291a0108002410909bca3a1ddf359aa29467c6ee5f3a4f4e494e545c4272616462726f6f6b43
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcfb49cd3cfbc861246fc3b9974c46d68
PEAP: Processing from tunneled session code 0x8429e98 11
Auth-Type := LDAP
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "254"
EAP-Message = 0x010800291a0108002410909bca3a1ddf359aa29467c6ee5f3a4f4e494e545c4272616462726f6f6b43
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcfb49cd3cfbc861246fc3b9974c46d68
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 20 to 10.0.1.9 port 1645
EAP-Message = 0x0108004b1900170301004002ef8b0533cf1129c2581465716039cc96393aba17750b5d9e2d8b7b3c8089bec9cb61fde85732f2cc1f2422023627a75ad6e48c27369bc1c8ecd66848cfed1b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x87d5a69b82ddbf58ea7c4f63c1b50a12
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.1.9 port 1645, id=21, length=250
User-Name = "XXXX\\<username>"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "<mac address>"
Calling-Station-Id = "<mac address>"
EAP-Message = 0x0208006b190017030100605880e9d9f1f726cdc4859cee7c6736df04551ffaf018caea3208975520b6618c84176ddec93e83d804a52e5b8e196f61a45b9aeccbbea37de546400d2cbc1f8258e2b87afbcba19a47b243a95b9dc210d869e4cc835dc7904de4f41fa0444b60
Message-Authenticator = 0xc3c19d23b0eaae1e99aceb9c6b9b67cb
NAS-Port-Type = Ethernet
NAS-Port = 50117
State = 0x87d5a69b82ddbf58ea7c4f63c1b50a12
NAS-IP-Address = 10.0.1.9
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "XXXX\<username>", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_realm: Looking up realm "XXXX" for User-Name = "XXXX\<username>"
rlm_realm: Found realm "XXXX"
rlm_realm: Adding Stripped-User-Name = "<username>"
rlm_realm: Proxying request from user <username> to realm XXXX
rlm_realm: Adding Realm = "XXXX"
rlm_realm: Authentication realm is LOCAL.
++[ntdomain] returns noop
rlm_eap: EAP packet type response id 8 length 107
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0208004a1a020800453111abc389151d4c11a8471471acc91213000000000000000038d132783b1dbbd9db142d7a5938ebe32cc165ed13bab4aa004e494e545c4272616462726f6f6b43
PEAP: Setting User-Name to XXXX\<username>
PEAP: Sending tunneled request
EAP-Message = 0x0208004a1a020800453111abc389151d4c11a8471471acc91213000000000000000038d132783b1dbbd9db142d7a5938ebe32cc165ed13bab4aa004e494e545c4272616462726f6f6b43
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXX\\<username>"
State = 0xcfb49cd3cfbc861246fc3b9974c46d68
server inner-tunnel {
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "XXXX\<username>", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 74
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_ldap: Entering ldap_groupcmp()
expand: dc=XXX,dc=XXXX,dc=org -> dc=XXX,dc=XXXX,dc=org
expand: (&(samaccountName=%{mschap:User-Name})) -> (&(samaccountName=<username>))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=XXX,dc=XXXX,dc=org, with filter (&(samaccountName=<username>))
rlm_ldap: ldap_release_conn: Release Id: 0
expand: (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=)))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=XXX,dc=XXXXxx,dc=org, with filter (&(cn=<groupname>)(|(&(objectClass=GroupOfNames)(member=))(&(objectClass=GroupOfUniqueNames)(uniquemember=))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in CN=<lastname>\, <firstname>,OU=CNS,OU=SupportGrp,DC=XXX,DC=XXXX,DC=org, with filter (objectclass=*)
rlm_ldap: performing search in CN=<groupname>,OU=CNS,OU=SupportGrp,DC=XXX,DC=XXXX,DC=org, with filter (cn=<groupname>)
rlm_ldap::ldap_groupcmp: User found in group <groupname>
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 203
++[files] returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for XXXX\<username>
expand: (&(samaccountName=%{mschap:User-Name})) -> (&(samaccountName=<username>))
expand: dc=XXX,dc=XXXX,dc=org -> dc=XXX,dc=XXXX,dc=org
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=XXX,dc=XXXX,dc=org, with filter (&(samaccountName=<username>))
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
rlm_ldap: user XXXX\<username> authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for <username> with NT-Password
expand: --username=%{mschap:User-Name} -> --username=<username>
mschap2: 90
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ae1b5e25b6575f38
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=38d132783b1dbbd9db142d7a5938ebe32cc165ed13bab4aa
Exec-Program output: NT_KEY: 537255BB863DD9024B7D2582198B9657
Exec-Program-Wait: plaintext: NT_KEY: 537255BB863DD9024B7D2582198B9657
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
PEAP: Got tunneled reply RADIUS code 11
Auth-Type := LDAP
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "254"
EAP-Message = 0x010900331a0308002e533d38393446463732323031443644373745323435324537334531373735394635324634344533354443
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcfb49cd3cebd861246fc3b9974c46d68
PEAP: Processing from tunneled session code 0x83fc7d0 11
Auth-Type := LDAP
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "254"
EAP-Message = 0x010900331a0308002e533d38393446463732323031443644373745323435324537334531373735394635324634344533354443
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcfb49cd3cebd861246fc3b9974c46d68
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 21 to 10.0.1.9 port 1645
EAP-Message = 0x0109005b19001703010050acf799d4d09f9221585544ed0d61e14e0eb13d4781dcbe9e6fe7423d1f1f6620939f16d7c7113f3c7be0735d0bcf4a463c760c12da2d85a850a3c22ed81efecdba83d919935cda81ca7bcc377b51825e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x87d5a69b81dcbf58ea7c4f63c1b50a12
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 15 with timestamp +20
Cleaning up request 1 ID 16 with timestamp +20
Cleaning up request 2 ID 17 with timestamp +20
Cleaning up request 3 ID 18 with timestamp +20
Cleaning up request 4 ID 19 with timestamp +20
Cleaning up request 5 ID 20 with timestamp +20
Cleaning up request 6 ID 21 with timestamp +20
Ready to process requests.
More information about the Freeradius-Users
mailing list