FreeRADIUS + DHCP

Raja Peer peermohd at gmail.com
Thu Jun 19 19:58:40 CEST 2008


Hi Alan,

Here are some information....also highlighted the relevant portions.

Thanks for your helps.

Raja

This message contains the following : 

1) radiusd -X debug messages
2) tcpdump -i
3) dhcp configuration from sites-avaialble/dhcp
4) /etc/dhcpd.conf

------------------------------------------------------------------------------------------------
radiusd -X debug messages
------------------------------------------------------------------------------------------------
Script started on Thu Jun 19 10:21:20 2008
# radiusd -X
FreeRADIUS Version 2.0.5, for host i386-unknown-openbsd4.1, built on Jun 18
2008 at 07:27:36
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf

including configuration file /usr/local/etc/raddb/sites-available/dhcp

including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including dictionary file /usr/local/etc/raddb/dictionary
main {
        prefix = "/usr/local"
        localstatedir = "/usr/local/var"
        logdir = "/usr/local/var/log/radius"
        libdir = "/usr/local/lib"
        radacctdir = "/usr/local/var/log/radius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        allow_core_dumps = no
        pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
        checkrad = "/usr/local/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 log {
        stripped_names = no
        auth = yes
        auth_badpass = yes
        auth_goodpass = yes
 }
}
 client 192.168.176.2 {
        require_message_authenticator = yes
        secret = "mypassword"
        shortname = "myhost"
        nastype = "cisco"
        login = "!root"
        password = "mypassword"
 }
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = "testing123"
        response_window = 20
        max_outstanding = 65536
        zombie_period = 40
        status_check = "status-server"
        ping_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 }
 home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
 }
 realm example.com {
        auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
        wait = yes
        input_pairs = "request"
        shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server dhcp {
 modules {
 Module: Checking dhcp DHCP-Discover {...} for more modules to load
 Module: Checking dhcp DHCP-Request {...} for more modules to load
 }
}
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
        use_mppe = yes
        require_encryption = yes
        require_strong = yes
        with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
        radwtmp = "/usr/local/var/log/radius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
        default_eap_type = "peap"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        pem_file_type = yes
        private_key_file = "/usr/local/etc/raddb/certs/server.pem"
        certificate_file = "/usr/local/etc/raddb/certs/server.pem"
        CA_file = "/usr/local/etc/raddb/certs/ca.pem"
        private_key_password = "mypassword"
        dh_file = "/usr/local/etc/raddb/certs/dh"
        random_file = "/usr/local/etc/raddb/certs/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
        make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
        default_eap_type = "md5"
        copy_request_to_tunnel = no
        use_tunneled_reply = no
        virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = yes
        use_tunneled_reply = yes
        proxy_tunneled_request_as_eap = yes
        virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
        usersfile = "/usr/local/etc/raddb/users"
        acctusersfile = "/usr/local/etc/raddb/acct_users"
        preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
        compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
        filename = "/usr/local/var/log/radius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
        attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
        key = "%{User-Name}"
  }
 }
 
 
 
}
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
        huntgroups = "/usr/local/etc/raddb/huntgroups"
        hints = "/usr/local/etc/raddb/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
        detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
        key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 }
}
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = 192.168.176.1
        port = 1645
}
listen {
        type = "acct"
        ipaddr = 192.168.176.1
        port = 1646
}

listen {
        type = "dhcp"
        ipaddr = 192.168.176.1
        port = 67
  client any {
        ipaddr = 0.0.0.0
        netmask = 0
        require_message_authenticator = no
  }
}

Listening on authentication address 192.168.176.1 port 1645
Listening on accounting address 192.168.176.1 port 1646

Listening on dhcp address 192.168.176.1 port 67 as server dhcp

Listening on proxy address 192.168.176.1 port 1647
Ready to process requests.
rad_recv: Accounting-Request packet from host 192.168.176.2 port 1646,
id=65, length=325
        Acct-Session-Id = "000000C9"
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Cisco-AVPair = "ssid=myhost"
        Cisco-AVPair = "vlan-id=30"
        Cisco-AVPair = "nas-location=unspecified"
        Cisco-AVPair = "auth-algo-type=eap-peap"
        User-Name = "bob"
        Acct-Authentic = RADIUS
        Cisco-AVPair = "connect-progress=Call Up"
        Acct-Session-Time = 59968
        Acct-Input-Octets = 1300807
        Acct-Output-Octets = 2044
        Acct-Input-Packets = 35609
        Acct-Output-Packets = 76
        Acct-Terminate-Cause = Lost-Carrier
        Cisco-AVPair = "disc-cause-ext=No Reason"
        Acct-Status-Type = Stop
        NAS-Port-Type = Wireless-802.11
        Cisco-NAS-Port = "429"
        NAS-Port = 429
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.176.2
        Acct-Delay-Time = 0
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 429,Client-IP-Address =
192.168.176.2,NAS-IP-Address = 192.168.176.2,Acct-Session-Id =
"000000C9",User-Name = "bob"'
rlm_acct_unique: Acct-Unique-Session-ID = "26b0c52a483a0f91".
++[acct_unique] returns ok
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
        expand: %t -> Thu Jun 19 10:32:23 2008
++[detail] returns ok
++[unix] returns ok
        expand: /usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp
        expand: %{User-Name} -> bob
++[radutmp] returns ok
        expand: %{User-Name} -> bob
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 65 to 192.168.176.2 port 1646
Finished request 0.
Cleaning up request 0 ID 65 with timestamp +22
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=26,
length=128
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0xe6dae0096eeac37307545c1db22a2a4f
        EAP-Message = 0x0202000801626f62
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 2 length 8
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry bob at line 76
        expand: Hello, %{User-Name} -> Hello, bob
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 26 to 192.168.176.2 port 1645
        Reply-Message = "Hello, bob"
        EAP-Message = 0x010300061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc19f2af98dd7fcd525d04823
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=27,
length=218
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0x068e895f503c72bf8212aa10b5f8a3a4
        EAP-Message =
0x0203005019800000004616030100410100003d0301485a98416c13ba422355800db3cb6dc475559e338bfefeb87c2d951f2ce714cd00001600040005000a000900640062000300060013001200630100
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc19f2af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 3 length 80
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  TLS Length 70
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
    (other): before/accept initialization 
    TLS_accept: before/accept initialization 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello  
    TLS_accept: SSLv3 read client hello A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello  
    TLS_accept: SSLv3 write server hello A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate  
    TLS_accept: SSLv3 write certificate A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
    TLS_accept: SSLv3 write server done A 
    TLS_accept: SSLv3 flush data 
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 27 to 192.168.176.2 port 1645
        EAP-Message =
0x0104040019c0000008bb160301004a020000460301485a983865559bb984e52189e2c555468968ce38159cb0ead8762ab988066d3420a6326a728ec9c63c52f2b2b2c9ac69ca33404c22ab94171b127553d3a1b0ca71000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
        EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631373232333335385a170d3039303631373232333335385a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c3403d2d798fb6f194d86b12ff215e1afe7debef361c4aad17dc70a99632
        EAP-Message =
0x704bd32a7a55fe1a655f1e561a34463799a8a52fc34b4244dcdc28f16969496d48f0fc031b68de62c18abf1943a3561f2c192364f7e5fd5e6ecfc56043dc726d65af142c207f92b9b7a0ef4826924fa84e9c57b1ea1136294b419a14a785ef03c50216df5f70759b47e0ae61c60419a81231bc82b26b3b550b13d52e9d02255f24c0dab1069759563dd3d27c86d0d873d6d56ad7b6abb4520edeb7989f7cfd2214ae73e7bb97b227354d7b4c370b90215fe11d397669dd871ab584e97469325d023afd3b1bb7dd7ae2939cb497b211788ec148e4a662247d29fe6b99ba7148e551b70203010001a317301530130603551d25040c300a06082b06010505
        EAP-Message =
0x070301300d06092a864886f70d010104050003820101004c9b1df24b63e703347729b65cd37475a85ae1d611be6bcc8117306d2d29a912857f32981baa8186183e47fe58cc4c4b7641dd3a48bcca91060c9bb423b239324202bed2d900ad8cfd393329ecdb9352c6d62124853809e72134e85ebbab0278e738ca3ae871deee8cca525d6945dbb748c0770f75318b50b652ff66dc05ab1f7be4018f915accde010e0e5ef9cfe7c8a6466c45251f73985553c24fba1683c7e80078da9f30c7b83da6f70873130dad5c915b07e24c07390c72dc5661c94e12cafac1c31f8d1ccb8782466d9de7e1064d4bc3d347b4c9057aa892d32bd1d1e69762cf426c67
        EAP-Message = 0xc3470ea88d07a75dbb3c844a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc0982af98dd7fcd525d04823
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=28,
length=144
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0x9c1004875803bae8f1b3744287ebd540
        EAP-Message = 0x020400061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc0982af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 28 to 192.168.176.2 port 1645
        EAP-Message =
0x010503fc19400f8d1f539991634ee4da9958fc980004ab308204a73082038fa003020102020900b4d3408cb5b742e1300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631373232333330355a170d3038303731373232333330355a308193310b30090603
        EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100adf9731579fccd42f3ae8bb15d05de971825d36965707d986a3dcb580f0df15f6a89c039a0339f42318982153d059414852664c055b13e1564335c016ebc63812d3f446762809629fc250cbf42ccb3
        EAP-Message =
0xe38f53233d17c50cbd743c99f4ca7e09006df13be64d9a4714e0ddfa4f97aa545735fcd2d29168313dbcde2b3ee22d12b4bddbfbef59ddba4ba2b9e90a1a64570c3bf8b8e7dd434f8a138ad1d564f5b2aa83d87e7368f97f7e307ffcf51c69baa73872c72a56c8d28899c933297923e0b2954909945549f8ae93854ba661aa149cff6cbf3332e6c7de2638676f196213646e818a214adc4f40aba012550feeecf4d11bc2ed4d2f38ab0eada49b6975263d0203010001a381fb3081f8301d0603551d0e04160414a67218b90dacd79a6298636476224c2f8c7e572a3081c80603551d230481c03081bd8014a67218b90dacd79a6298636476224c2f8c7e
        EAP-Message =
0x572aa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900b4d3408cb5b742e1300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010055b89baadf905b039ceb8014ff014dc67e8c08cd2242af10244f2693f3b07614d07a35231ba19b69dc5d66a0b04be0c7dc94
        EAP-Message = 0xf3377e71e00a3942
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc3992af98dd7fcd525d04823
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=29,
length=144
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0x2c376a5079d0fa0cb0a43003f30de7fc
        EAP-Message = 0x020500061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc3992af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 29 to 192.168.176.2 port 1645
        EAP-Message =
0x010600d5190005151baedaadd0453f1ed6d2e419265da42097ce6d1e9195f232addfd35f16baa84f086ca843e92ee39ac6c2f1ac78c556fe41196e03d607629bb4ffb59c4470a0deee9a710a2c79145029ef6e563a6e9cac0255ee1be47c0fbe040ebca66fa98355cb384d03453570e9931e27c4758fef55063853a0b5efc3503927685c5b657af09a0bdae8c2aa17bd919dd5c27b57d9954328cd30dbe6d55738a6a6dd8bf41f937a312e419052a760337a0ab15acee3bc29bfd7cc0c43efb73fa0dd46541f1a8e914cc1b316030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc29a2af98dd7fcd525d04823
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=30,
length=460
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0xa005a382c6e3845b72c8d35008f69e6b
        EAP-Message =
0x02060140198000000136160301010610000102010001e218993f17883f0774dba82f3954d4ac0c3f8ca3e641c898151a304866b2ed1100e84b32f2693df4c71eda82bf4af6e210cc07dfc4f986c4a7b7004781d1be7373091ff85224fc3f008d8623ae35c9f67d44ba61229e8df8acb86aa03f7836271a1ed9dea73e78c1151f183285214f673a18c19d25c4b5bfa11dd62153ab52cfb445b5f7267494aa9945e2c957e9080a5d5b0b6a4f1cce7f4a20c6bae489f1b7ae888d63547be90dcbbe2407966647b60c102351585e02c98359a708f4ba631d90d440df104de3545d175844b485b630477ba7537dc827b5f10a9aa083d7a22d8c01c2ad3d7c13
        EAP-Message =
0x45d4df123f2d1a27dcafd695df60f0120917ce2d552fc04c1403010001011603010020badc11b88ab0e456aae78121b185ab241ca1b65af6946ad2771605508b756cc4
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc29a2af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 6 length 253
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  TLS Length 310
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
    TLS_accept: SSLv3 read client key exchange A 
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]  
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 read finished A 
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]  
    TLS_accept: SSLv3 write change cipher spec A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 write finished A 
    TLS_accept: SSLv3 flush data 
    (other): SSL negotiation finished successfully 
SSL Connection Established 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 30 to 192.168.176.2 port 1645
        EAP-Message =
0x01070031190014030100010116030100203844712871ce4a0bc00a3343b23596cd932deb928589365d2b9058442dc95aa5
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc59b2af98dd7fcd525d04823
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=31,
length=144
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0x887a7ae4489755b88b3f1edd6b4fd34a
        EAP-Message = 0x020700061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc59b2af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 7 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3 
  eaptls_process returned 3 
  rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 31 to 192.168.176.2 port 1645
        EAP-Message =
0x01080020190017030100159bf9e453956ddc294cb3dc0b7f4fb1d4ac3d4351bb
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc4942af98dd7fcd525d04823
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=32,
length=169
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0x80e262321c7f4fbfaa731cf2593d711f
        EAP-Message =
0x0208001f190017030100144823d86b20ffd3c304ef6b7101419fd1994336cd
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc4942af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 8 length 31
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - bob
  PEAP: Got tunneled identity of bob
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to bob
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
  rlm_eap: EAP packet type response id 8 length 8
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
    users: Matched entry bob at line 76
        expand: Hello, %{User-Name} -> Hello, bob
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
  PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 32 to 192.168.176.2 port 1645
        EAP-Message =
0x0109003419001703010029c59e264e73065e8c1daa8997bd6b9848e5c8609396c2ebd479aacdd9d8065701ffea07b0905c375d80
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc7952af98dd7fcd525d04823
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=33,
length=223
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0x9c7ca73ae9f0e6d50740d8ea73aa9c87
        EAP-Message =
0x020900551900170301004a8bb4104e740bf559db2e25fb89f0a7ff16a8a32be27c12a72fb4abbe4a9e743d51aef4ec66a001e241c487cb646103815bc9129dc522cd2f0c60bece92c10cc420032c983cfb1119b5ac
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc7952af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 9 length 85
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  PEAP: Setting User-Name to bob
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
  rlm_eap: EAP packet type response id 9 length 62
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
    users: Matched entry bob at line 76
        expand: Hello, %{User-Name} -> Hello, bob
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
+- entering group MS-CHAP
  rlm_mschap: Told to do MS-CHAPv2 for bob with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success 
++[eap] returns handled
  PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 33 to 192.168.176.2 port 1645
        EAP-Message =
0x010a004a1900170301003fa7a977c5edba08371219f183d1e00e84350913cbff4afa19a4581dd8b1fe454f94393350571fa7fe4420be0f252cb581f96d8395180b298f603bc30de72321
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc6962af98dd7fcd525d04823
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=34,
length=167
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0x7c5100a122f45fbfbfc6f2968045cf11
        EAP-Message =
0x020a001d19001703010012006776dfd5ada28ef90304ba8e6ddb22f1fe
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc6962af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 10 length 29
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  PEAP: Setting User-Name to bob
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
  rlm_eap: EAP packet type response id 10 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
    users: Matched entry bob at line 76
        expand: Hello, %{User-Name} -> Hello, bob
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [bob/<via Auth-Type = EAP>] (from client myhost port 430 cli
000d.8857.52cc via TLS tunnel)
  PEAP: Tunneled authentication was successful.
  rlm_eap_peap: SUCCESS
  Saving tunneled attributes for later
++[eap] returns handled
Sending Access-Challenge of id 34 to 192.168.176.2 port 1645
        EAP-Message =
0x010b00261900170301001b02870e444c401b5d103121cd701bf6f9df20e27684342d6af607b1
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc19c33efc9972af98dd7fcd525d04823
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=35,
length=176
        User-Name = "bob"
        Framed-MTU = 1400
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Service-Type = Login-User
        Message-Authenticator = 0xbc7b47f3ac3d871eee9cccde10f9392f
        EAP-Message =
0x020b00261900170301001bd764372928319221d6080a71abdf5c68ecd96638ed25b9ad2d41f8
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 430
        State = 0xc19c33efc9972af98dd7fcd525d04823
        NAS-IP-Address = 192.168.176.2
        NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 11 length 38
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Success
 
  Using saved attributes from the original Access-Accept
  rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [bob/<via Auth-Type = EAP>] (from client myhost port 430 cli
000d.8857.52cc)
Sending Access-Accept of id 35 to 192.168.176.2 port 1645
        Reply-Message = "Hello, bob"
        User-Name = "bob"
        MS-MPPE-Recv-Key =
0xe525d848ba1e94c6df6fc6d761f50bc438cbed784215665a11022c2eee94b643
        MS-MPPE-Send-Key =
0xbdcd963282af82ec05d197137ed96bd0b75079c2adf84e7714f7bed776eeeb42
        EAP-Message = 0x030b0004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 10.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Accounting-Request packet from host 192.168.176.2 port 1646,
id=66, length=226
        Acct-Session-Id = "000000CB"
        Called-Station-Id = "0019.aa76.b8e0"
        Calling-Station-Id = "000d.8857.52cc"
        Cisco-AVPair = "ssid=myhost"
        Cisco-AVPair = "vlan-id=30"
        Cisco-AVPair = "nas-location=unspecified"
        User-Name = "bob"
        Cisco-AVPair = "connect-progress=Call Up"
        Acct-Authentic = RADIUS
        Acct-Status-Type = Start
        NAS-Port-Type = Wireless-802.11
        Cisco-NAS-Port = "430"
        NAS-Port = 430
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.176.2
        Acct-Delay-Time = 0
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 430,Client-IP-Address =
192.168.176.2,NAS-IP-Address = 192.168.176.2,Acct-Session-Id =
"000000CB",User-Name = "bob"'
rlm_acct_unique: Acct-Unique-Session-ID = "4a1bcbd772dbcc9f".
++[acct_unique] returns ok
    rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
        expand: %t -> Thu Jun 19 10:32:40 2008
++[detail] returns ok
++[unix] returns ok
        expand: /usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp
        expand: %{User-Name} -> bob
++[radutmp] returns ok
        expand: %{User-Name} -> bob
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 66 to 192.168.176.2 port 1646
Finished request 11.
Cleaning up request 11 ID 66 with timestamp +39
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 1 ID 26 with timestamp +39
Cleaning up request 2 ID 27 with timestamp +39
Cleaning up request 3 ID 28 with timestamp +39
Cleaning up request 4 ID 29 with timestamp +39
Cleaning up request 5 ID 30 with timestamp +39
Cleaning up request 6 ID 31 with timestamp +39
Cleaning up request 7 ID 32 with timestamp +39
Cleaning up request 8 ID 33 with timestamp +39
Cleaning up request 9 ID 34 with timestamp +39
Cleaning up request 10 ID 35 with timestamp +39
Ready to process requests.
^C
# ^D

Script done on Thu Jun 19 10:21:29 2008



------------------------------------------------------------------------------------------------
tcpdump -i
------------------------------------------------------------------------------------------------
10:32:55.433969 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:33:05.430685 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:33:10.244893 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x45438e43 secs:7168 [|bootp]
10:33:10.636101 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:33:15.427665 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
PuTTY                    0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:33:25.424383 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
^R
10:33:35.421362 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:33:41.248885 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
169.254.220.241
10:33:42.152283 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
169.254.220.241
10:33:43.152178 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
169.254.220.241
10:33:44.177611 802.1Q vid 30 pri 0 169.254.220.241 > 224.0.0.22: igmp-2
[v2] [ttl 1]
10:33:44.179342 802.1Q vid 30 pri 0 169.254.220.241.3767 >
239.255.255.250.ssdp: udp 133 [ttl 1]
10:33:44.230829 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:44.981587 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:45.152296 802.1Q vid 30 pri 0 169.254.220.241 > 224.0.0.22: igmp-2
[v2] [ttl 1]
10:33:45.418072 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:33:45.730587 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:46.153350 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x8b980ba7 flags:0x8000 [|bootp]
10:33:46.480634 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:47.183894 802.1Q vid 30 pri 0 169.254.220.241.3767 >
239.255.255.250.ssdp: udp 133 [ttl 1]
10:33:47.230757 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:47.980923 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:48.731746 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:49.480571 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:50.153121 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x8b980ba7 secs:1024 flags:0x8000 [|bootp]
10:33:50.199398 802.1Q vid 30 pri 0 169.254.220.241.3767 >
239.255.255.250.ssdp: udp 133 [ttl 1]
10:33:50.230996 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:50.241650 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:50.980832 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:50.981245 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:51.730782 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:51.731878 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:52.480919 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:52.482054 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:53.231506 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 201
10:33:53.232865 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:33:54.731247 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:33:55.414930 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:33:56.231913 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:33:57.731233 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:33:58.153514 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x8b980ba7 secs:3072 flags:0x8000 [|bootp]
10:33:59.231359 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 188
10:34:00.231536 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 188
10:34:01.232096 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 188
10:34:02.234690 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 188
10:34:03.231419 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:03.981500 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:04.732762 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:05.411907 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:34:05.481329 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:06.231569 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:06.981411 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:07.731679 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:08.481573 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:09.231822 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:34:09.233034 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:34:09.233642 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 206
10:34:09.346612 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 50
10:34:10.091058 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 50
10:34:10.617194 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:34:10.841094 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 50
10:34:14.154005 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x8b980ba7 secs:7168 flags:0x8000 [|bootp]
10:34:15.408759 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:34:25.405471 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:34:35.402456 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:34:38.625459 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 201
10:34:45.399304 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:34:55.396016 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:34:57.531165 00:19:aa:ab:65:7a > 01:40:96:ff:ff:ff sap aa ui/C len=47
10:34:57.531171 802.1Q vid 30 pri 0 01:40:96:ff:ff:ff > 00:19:aa:ab:65:7a
sap aa ui/C len=47
10:35:05.393001 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:35:09.235143 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 206
10:35:10.598427 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:35:15.389722 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:35:25.386699 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:35:35.383412 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:35:45.380398 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:35:55.377109 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:36:05.374102 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:36:09.238281 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 206
10:36:10.579519 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:36:15.370816 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:36:25.367792 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:36:35.364522 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:36:45.361492 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:36:55.358211 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:37:05.355189 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:37:10.560476 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:37:15.352039 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:37:25.348748 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:37:35.345736 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:37:45.342447 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
10:37:55.339442 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
                         0000 0100 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000
------------------------------------------------------------------------------------------------						 
dhcp configuration from sites-avaialble/dhcp	
------------------------------------------------------------------------------------------------					 
server dhcp {
client any {
        ipaddr = 0.0.0.0
        netmask = 0
        dhcp = yes
}
listen {
        ipaddr = 192.168.176.1
        port = 67
        type = dhcp
#       interface = fxp1
}

dhcp DHCP-Discover {
        update reply {
               DHCP-Message-Type = DHCP-Offer
        }
        update reply {
                DHCP-Domain-Name-Server = 192.168.176.1
                DHCP-Subnet-Mask = 255.255.255.0
                DHCP-Router-Address = 192.168.176.1
                DHCP-IP-Address-Lease-Time = 86400
                DHCP-DHCP-Server-Identifier = 192.168.176.1
        }
#       ok
}

dhcp DHCP-Request {
        update reply {
               DHCP-Message-Type = DHCP-Ack
        }
        update reply {
                DHCP-Domain-Name-Server = 192.168.176.1
                DHCP-Subnet-Mask = 255.255.255.0
                DHCP-Router-Address = 192.168.176.1
                DHCP-IP-Address-Lease-Time = 86400
                DHCP-DHCP-Server-Identifier = 192.168.176.1
#       ok
        }
}

#dhcp {
        # send a DHCP NAK.
#       reject
#}
}

------------------------------------------------------------------------------------------------
/etc/dhcpd.conf
------------------------------------------------------------------------------------------------
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.

authoritative;

option domain-name "myhost.mydomain.net";

# Interface 0 - LAN Network
subnet 192.168.76.0 netmask 255.255.255.0 {
        default-lease-time 86400;
        max-lease-time 86400;
        option routers 192.168.76.1;
        option domain-name-servers 192.168.76.1;
        range 192.168.76.50 192.168.76.249;
}

# Interface 1 - 802.11 Network
subnet 192.168.176.0 netmask 255.255.255.0 {
        default-lease-time 86400;
        max-lease-time 86400;
        option routers 192.168.176.1;
        option domain-name-servers 192.168.176.1;
        range 192.168.176.50 192.168.176.249;
}











Alan DeKok-4 wrote:
> 
> Raja wrote:
>> Can someone point me in the right direction to configure FreeRADIUS
>> with DHCP ?
>>  
>> Tried editing sites-available/dhcp but still dhcp module does not get to
>> load.
> 
>   Perhaps you could post the error message you see.  Or is it a secret?
> 
>> Is there something need to be added to radiusd.conf ?
> 
>   No.  But you have to ensure that dictionary.dhcp is loaded.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/FreeRADIUS-%2B-DHCP-tp17991791p18014631.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list