FreeRADIUS + DHCP
Raja Peer
peermohd at gmail.com
Thu Jun 19 19:58:40 CEST 2008
Hi Alan,
Here are some information....also highlighted the relevant portions.
Thanks for your helps.
Raja
This message contains the following :
1) radiusd -X debug messages
2) tcpdump -i
3) dhcp configuration from sites-avaialble/dhcp
4) /etc/dhcpd.conf
------------------------------------------------------------------------------------------------
radiusd -X debug messages
------------------------------------------------------------------------------------------------
Script started on Thu Jun 19 10:21:20 2008
# radiusd -X
FreeRADIUS Version 2.0.5, for host i386-unknown-openbsd4.1, built on Jun 18
2008 at 07:27:36
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/sites-available/dhcp
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
}
client 192.168.176.2 {
require_message_authenticator = yes
secret = "mypassword"
shortname = "myhost"
nastype = "cisco"
login = "!root"
password = "mypassword"
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server dhcp {
modules {
Module: Checking dhcp DHCP-Discover {...} for more modules to load
Module: Checking dhcp DHCP-Request {...} for more modules to load
}
}
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "mypassword"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/usr/local/etc/raddb/users"
acctusersfile = "/usr/local/etc/raddb/acct_users"
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
}
}
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 192.168.176.1
port = 1645
}
listen {
type = "acct"
ipaddr = 192.168.176.1
port = 1646
}
listen {
type = "dhcp"
ipaddr = 192.168.176.1
port = 67
client any {
ipaddr = 0.0.0.0
netmask = 0
require_message_authenticator = no
}
}
Listening on authentication address 192.168.176.1 port 1645
Listening on accounting address 192.168.176.1 port 1646
Listening on dhcp address 192.168.176.1 port 67 as server dhcp
Listening on proxy address 192.168.176.1 port 1647
Ready to process requests.
rad_recv: Accounting-Request packet from host 192.168.176.2 port 1646,
id=65, length=325
Acct-Session-Id = "000000C9"
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Cisco-AVPair = "ssid=myhost"
Cisco-AVPair = "vlan-id=30"
Cisco-AVPair = "nas-location=unspecified"
Cisco-AVPair = "auth-algo-type=eap-peap"
User-Name = "bob"
Acct-Authentic = RADIUS
Cisco-AVPair = "connect-progress=Call Up"
Acct-Session-Time = 59968
Acct-Input-Octets = 1300807
Acct-Output-Octets = 2044
Acct-Input-Packets = 35609
Acct-Output-Packets = 76
Acct-Terminate-Cause = Lost-Carrier
Cisco-AVPair = "disc-cause-ext=No Reason"
Acct-Status-Type = Stop
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "429"
NAS-Port = 429
Service-Type = Framed-User
NAS-IP-Address = 192.168.176.2
Acct-Delay-Time = 0
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 429,Client-IP-Address =
192.168.176.2,NAS-IP-Address = 192.168.176.2,Acct-Session-Id =
"000000C9",User-Name = "bob"'
rlm_acct_unique: Acct-Unique-Session-ID = "26b0c52a483a0f91".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
expand: %t -> Thu Jun 19 10:32:23 2008
++[detail] returns ok
++[unix] returns ok
expand: /usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp
expand: %{User-Name} -> bob
++[radutmp] returns ok
expand: %{User-Name} -> bob
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 65 to 192.168.176.2 port 1646
Finished request 0.
Cleaning up request 0 ID 65 with timestamp +22
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=26,
length=128
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0xe6dae0096eeac37307545c1db22a2a4f
EAP-Message = 0x0202000801626f62
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry bob at line 76
expand: Hello, %{User-Name} -> Hello, bob
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 26 to 192.168.176.2 port 1645
Reply-Message = "Hello, bob"
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc19f2af98dd7fcd525d04823
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=27,
length=218
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0x068e895f503c72bf8212aa10b5f8a3a4
EAP-Message =
0x0203005019800000004616030100410100003d0301485a98416c13ba422355800db3cb6dc475559e338bfefeb87c2d951f2ce714cd00001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc19f2af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 27 to 192.168.176.2 port 1645
EAP-Message =
0x0104040019c0000008bb160301004a020000460301485a983865559bb984e52189e2c555468968ce38159cb0ead8762ab988066d3420a6326a728ec9c63c52f2b2b2c9ac69ca33404c22ab94171b127553d3a1b0ca71000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631373232333335385a170d3039303631373232333335385a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c3403d2d798fb6f194d86b12ff215e1afe7debef361c4aad17dc70a99632
EAP-Message =
0x704bd32a7a55fe1a655f1e561a34463799a8a52fc34b4244dcdc28f16969496d48f0fc031b68de62c18abf1943a3561f2c192364f7e5fd5e6ecfc56043dc726d65af142c207f92b9b7a0ef4826924fa84e9c57b1ea1136294b419a14a785ef03c50216df5f70759b47e0ae61c60419a81231bc82b26b3b550b13d52e9d02255f24c0dab1069759563dd3d27c86d0d873d6d56ad7b6abb4520edeb7989f7cfd2214ae73e7bb97b227354d7b4c370b90215fe11d397669dd871ab584e97469325d023afd3b1bb7dd7ae2939cb497b211788ec148e4a662247d29fe6b99ba7148e551b70203010001a317301530130603551d25040c300a06082b06010505
EAP-Message =
0x070301300d06092a864886f70d010104050003820101004c9b1df24b63e703347729b65cd37475a85ae1d611be6bcc8117306d2d29a912857f32981baa8186183e47fe58cc4c4b7641dd3a48bcca91060c9bb423b239324202bed2d900ad8cfd393329ecdb9352c6d62124853809e72134e85ebbab0278e738ca3ae871deee8cca525d6945dbb748c0770f75318b50b652ff66dc05ab1f7be4018f915accde010e0e5ef9cfe7c8a6466c45251f73985553c24fba1683c7e80078da9f30c7b83da6f70873130dad5c915b07e24c07390c72dc5661c94e12cafac1c31f8d1ccb8782466d9de7e1064d4bc3d347b4c9057aa892d32bd1d1e69762cf426c67
EAP-Message = 0xc3470ea88d07a75dbb3c844a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc0982af98dd7fcd525d04823
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=28,
length=144
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0x9c1004875803bae8f1b3744287ebd540
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc0982af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 28 to 192.168.176.2 port 1645
EAP-Message =
0x010503fc19400f8d1f539991634ee4da9958fc980004ab308204a73082038fa003020102020900b4d3408cb5b742e1300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631373232333330355a170d3038303731373232333330355a308193310b30090603
EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100adf9731579fccd42f3ae8bb15d05de971825d36965707d986a3dcb580f0df15f6a89c039a0339f42318982153d059414852664c055b13e1564335c016ebc63812d3f446762809629fc250cbf42ccb3
EAP-Message =
0xe38f53233d17c50cbd743c99f4ca7e09006df13be64d9a4714e0ddfa4f97aa545735fcd2d29168313dbcde2b3ee22d12b4bddbfbef59ddba4ba2b9e90a1a64570c3bf8b8e7dd434f8a138ad1d564f5b2aa83d87e7368f97f7e307ffcf51c69baa73872c72a56c8d28899c933297923e0b2954909945549f8ae93854ba661aa149cff6cbf3332e6c7de2638676f196213646e818a214adc4f40aba012550feeecf4d11bc2ed4d2f38ab0eada49b6975263d0203010001a381fb3081f8301d0603551d0e04160414a67218b90dacd79a6298636476224c2f8c7e572a3081c80603551d230481c03081bd8014a67218b90dacd79a6298636476224c2f8c7e
EAP-Message =
0x572aa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900b4d3408cb5b742e1300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010055b89baadf905b039ceb8014ff014dc67e8c08cd2242af10244f2693f3b07614d07a35231ba19b69dc5d66a0b04be0c7dc94
EAP-Message = 0xf3377e71e00a3942
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc3992af98dd7fcd525d04823
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=29,
length=144
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0x2c376a5079d0fa0cb0a43003f30de7fc
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc3992af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 29 to 192.168.176.2 port 1645
EAP-Message =
0x010600d5190005151baedaadd0453f1ed6d2e419265da42097ce6d1e9195f232addfd35f16baa84f086ca843e92ee39ac6c2f1ac78c556fe41196e03d607629bb4ffb59c4470a0deee9a710a2c79145029ef6e563a6e9cac0255ee1be47c0fbe040ebca66fa98355cb384d03453570e9931e27c4758fef55063853a0b5efc3503927685c5b657af09a0bdae8c2aa17bd919dd5c27b57d9954328cd30dbe6d55738a6a6dd8bf41f937a312e419052a760337a0ab15acee3bc29bfd7cc0c43efb73fa0dd46541f1a8e914cc1b316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc29a2af98dd7fcd525d04823
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=30,
length=460
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0xa005a382c6e3845b72c8d35008f69e6b
EAP-Message =
0x02060140198000000136160301010610000102010001e218993f17883f0774dba82f3954d4ac0c3f8ca3e641c898151a304866b2ed1100e84b32f2693df4c71eda82bf4af6e210cc07dfc4f986c4a7b7004781d1be7373091ff85224fc3f008d8623ae35c9f67d44ba61229e8df8acb86aa03f7836271a1ed9dea73e78c1151f183285214f673a18c19d25c4b5bfa11dd62153ab52cfb445b5f7267494aa9945e2c957e9080a5d5b0b6a4f1cce7f4a20c6bae489f1b7ae888d63547be90dcbbe2407966647b60c102351585e02c98359a708f4ba631d90d440df104de3545d175844b485b630477ba7537dc827b5f10a9aa083d7a22d8c01c2ad3d7c13
EAP-Message =
0x45d4df123f2d1a27dcafd695df60f0120917ce2d552fc04c1403010001011603010020badc11b88ab0e456aae78121b185ab241ca1b65af6946ad2771605508b756cc4
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc29a2af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 253
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 310
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 30 to 192.168.176.2 port 1645
EAP-Message =
0x01070031190014030100010116030100203844712871ce4a0bc00a3343b23596cd932deb928589365d2b9058442dc95aa5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc59b2af98dd7fcd525d04823
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=31,
length=144
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0x887a7ae4489755b88b3f1edd6b4fd34a
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc59b2af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 31 to 192.168.176.2 port 1645
EAP-Message =
0x01080020190017030100159bf9e453956ddc294cb3dc0b7f4fb1d4ac3d4351bb
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc4942af98dd7fcd525d04823
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=32,
length=169
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0x80e262321c7f4fbfaa731cf2593d711f
EAP-Message =
0x0208001f190017030100144823d86b20ffd3c304ef6b7101419fd1994336cd
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc4942af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 31
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - bob
PEAP: Got tunneled identity of bob
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to bob
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
users: Matched entry bob at line 76
expand: Hello, %{User-Name} -> Hello, bob
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 32 to 192.168.176.2 port 1645
EAP-Message =
0x0109003419001703010029c59e264e73065e8c1daa8997bd6b9848e5c8609396c2ebd479aacdd9d8065701ffea07b0905c375d80
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc7952af98dd7fcd525d04823
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=33,
length=223
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0x9c7ca73ae9f0e6d50740d8ea73aa9c87
EAP-Message =
0x020900551900170301004a8bb4104e740bf559db2e25fb89f0a7ff16a8a32be27c12a72fb4abbe4a9e743d51aef4ec66a001e241c487cb646103815bc9129dc522cd2f0c60bece92c10cc420032c983cfb1119b5ac
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc7952af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 85
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to bob
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 9 length 62
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
users: Matched entry bob at line 76
expand: Hello, %{User-Name} -> Hello, bob
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: Told to do MS-CHAPv2 for bob with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 33 to 192.168.176.2 port 1645
EAP-Message =
0x010a004a1900170301003fa7a977c5edba08371219f183d1e00e84350913cbff4afa19a4581dd8b1fe454f94393350571fa7fe4420be0f252cb581f96d8395180b298f603bc30de72321
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc6962af98dd7fcd525d04823
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=34,
length=167
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0x7c5100a122f45fbfbfc6f2968045cf11
EAP-Message =
0x020a001d19001703010012006776dfd5ada28ef90304ba8e6ddb22f1fe
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc6962af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 10 length 29
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to bob
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 10 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
users: Matched entry bob at line 76
expand: Hello, %{User-Name} -> Hello, bob
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [bob/<via Auth-Type = EAP>] (from client myhost port 430 cli
000d.8857.52cc via TLS tunnel)
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
Saving tunneled attributes for later
++[eap] returns handled
Sending Access-Challenge of id 34 to 192.168.176.2 port 1645
EAP-Message =
0x010b00261900170301001b02870e444c401b5d103121cd701bf6f9df20e27684342d6af607b1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc19c33efc9972af98dd7fcd525d04823
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=35,
length=176
User-Name = "bob"
Framed-MTU = 1400
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Service-Type = Login-User
Message-Authenticator = 0xbc7b47f3ac3d871eee9cccde10f9392f
EAP-Message =
0x020b00261900170301001bd764372928319221d6080a71abdf5c68ecd96638ed25b9ad2d41f8
NAS-Port-Type = Wireless-802.11
NAS-Port = 430
State = 0xc19c33efc9972af98dd7fcd525d04823
NAS-IP-Address = 192.168.176.2
NAS-Identifier = "myhost"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 11 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Success
Using saved attributes from the original Access-Accept
rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [bob/<via Auth-Type = EAP>] (from client myhost port 430 cli
000d.8857.52cc)
Sending Access-Accept of id 35 to 192.168.176.2 port 1645
Reply-Message = "Hello, bob"
User-Name = "bob"
MS-MPPE-Recv-Key =
0xe525d848ba1e94c6df6fc6d761f50bc438cbed784215665a11022c2eee94b643
MS-MPPE-Send-Key =
0xbdcd963282af82ec05d197137ed96bd0b75079c2adf84e7714f7bed776eeeb42
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 10.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Accounting-Request packet from host 192.168.176.2 port 1646,
id=66, length=226
Acct-Session-Id = "000000CB"
Called-Station-Id = "0019.aa76.b8e0"
Calling-Station-Id = "000d.8857.52cc"
Cisco-AVPair = "ssid=myhost"
Cisco-AVPair = "vlan-id=30"
Cisco-AVPair = "nas-location=unspecified"
User-Name = "bob"
Cisco-AVPair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "430"
NAS-Port = 430
Service-Type = Framed-User
NAS-IP-Address = 192.168.176.2
Acct-Delay-Time = 0
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 430,Client-IP-Address =
192.168.176.2,NAS-IP-Address = 192.168.176.2,Acct-Session-Id =
"000000CB",User-Name = "bob"'
rlm_acct_unique: Acct-Unique-Session-ID = "4a1bcbd772dbcc9f".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
expand: %t -> Thu Jun 19 10:32:40 2008
++[detail] returns ok
++[unix] returns ok
expand: /usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp
expand: %{User-Name} -> bob
++[radutmp] returns ok
expand: %{User-Name} -> bob
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 66 to 192.168.176.2 port 1646
Finished request 11.
Cleaning up request 11 ID 66 with timestamp +39
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 1 ID 26 with timestamp +39
Cleaning up request 2 ID 27 with timestamp +39
Cleaning up request 3 ID 28 with timestamp +39
Cleaning up request 4 ID 29 with timestamp +39
Cleaning up request 5 ID 30 with timestamp +39
Cleaning up request 6 ID 31 with timestamp +39
Cleaning up request 7 ID 32 with timestamp +39
Cleaning up request 8 ID 33 with timestamp +39
Cleaning up request 9 ID 34 with timestamp +39
Cleaning up request 10 ID 35 with timestamp +39
Ready to process requests.
^C
# ^D
Script done on Thu Jun 19 10:21:29 2008
------------------------------------------------------------------------------------------------
tcpdump -i
------------------------------------------------------------------------------------------------
10:32:55.433969 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:33:05.430685 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:33:10.244893 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x45438e43 secs:7168 [|bootp]
10:33:10.636101 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:33:15.427665 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
PuTTY 0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:33:25.424383 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
^R
10:33:35.421362 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:33:41.248885 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
169.254.220.241
10:33:42.152283 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
169.254.220.241
10:33:43.152178 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
169.254.220.241
10:33:44.177611 802.1Q vid 30 pri 0 169.254.220.241 > 224.0.0.22: igmp-2
[v2] [ttl 1]
10:33:44.179342 802.1Q vid 30 pri 0 169.254.220.241.3767 >
239.255.255.250.ssdp: udp 133 [ttl 1]
10:33:44.230829 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:44.981587 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:45.152296 802.1Q vid 30 pri 0 169.254.220.241 > 224.0.0.22: igmp-2
[v2] [ttl 1]
10:33:45.418072 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:33:45.730587 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:46.153350 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x8b980ba7 flags:0x8000 [|bootp]
10:33:46.480634 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:47.183894 802.1Q vid 30 pri 0 169.254.220.241.3767 >
239.255.255.250.ssdp: udp 133 [ttl 1]
10:33:47.230757 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:47.980923 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:48.731746 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:49.480571 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:50.153121 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x8b980ba7 secs:1024 flags:0x8000 [|bootp]
10:33:50.199398 802.1Q vid 30 pri 0 169.254.220.241.3767 >
239.255.255.250.ssdp: udp 133 [ttl 1]
10:33:50.230996 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:50.241650 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:50.980832 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:50.981245 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:51.730782 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:51.731878 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:52.480919 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:52.482054 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:33:53.231506 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 201
10:33:53.232865 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:33:54.731247 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:33:55.414930 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:33:56.231913 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:33:57.731233 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:33:58.153514 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x8b980ba7 secs:3072 flags:0x8000 [|bootp]
10:33:59.231359 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 188
10:34:00.231536 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 188
10:34:01.232096 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 188
10:34:02.234690 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 188
10:34:03.231419 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:03.981500 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:04.732762 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:05.411907 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:34:05.481329 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:06.231569 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:06.981411 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:07.731679 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:08.481573 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 68
10:34:09.231822 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:34:09.233034 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 176
10:34:09.233642 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 206
10:34:09.346612 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 50
10:34:10.091058 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 50
10:34:10.617194 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:34:10.841094 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
169.254.255.255.netbios-ns: udp 50
10:34:14.154005 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps:
xid:0x8b980ba7 secs:7168 flags:0x8000 [|bootp]
10:34:15.408759 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:34:25.405471 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:34:35.402456 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:34:38.625459 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 201
10:34:45.399304 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:34:55.396016 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:34:57.531165 00:19:aa:ab:65:7a > 01:40:96:ff:ff:ff sap aa ui/C len=47
10:34:57.531171 802.1Q vid 30 pri 0 01:40:96:ff:ff:ff > 00:19:aa:ab:65:7a
sap aa ui/C len=47
10:35:05.393001 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:35:09.235143 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 206
10:35:10.598427 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:35:15.389722 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:35:25.386699 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:35:35.383412 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:35:45.380398 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:35:55.377109 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:36:05.374102 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:36:09.238281 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
169.254.255.255.netbios-dgm: udp 206
10:36:10.579519 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:36:15.370816 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:36:25.367792 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:36:35.364522 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:36:45.361492 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:36:55.358211 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:37:05.355189 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:37:10.560476 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
10:37:15.352039 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:37:25.348748 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:37:35.345736 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:37:45.342447 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
10:37:55.339442 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
------------------------------------------------------------------------------------------------
dhcp configuration from sites-avaialble/dhcp
------------------------------------------------------------------------------------------------
server dhcp {
client any {
ipaddr = 0.0.0.0
netmask = 0
dhcp = yes
}
listen {
ipaddr = 192.168.176.1
port = 67
type = dhcp
# interface = fxp1
}
dhcp DHCP-Discover {
update reply {
DHCP-Message-Type = DHCP-Offer
}
update reply {
DHCP-Domain-Name-Server = 192.168.176.1
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 192.168.176.1
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 192.168.176.1
}
# ok
}
dhcp DHCP-Request {
update reply {
DHCP-Message-Type = DHCP-Ack
}
update reply {
DHCP-Domain-Name-Server = 192.168.176.1
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 192.168.176.1
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 192.168.176.1
# ok
}
}
#dhcp {
# send a DHCP NAK.
# reject
#}
}
------------------------------------------------------------------------------------------------
/etc/dhcpd.conf
------------------------------------------------------------------------------------------------
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
authoritative;
option domain-name "myhost.mydomain.net";
# Interface 0 - LAN Network
subnet 192.168.76.0 netmask 255.255.255.0 {
default-lease-time 86400;
max-lease-time 86400;
option routers 192.168.76.1;
option domain-name-servers 192.168.76.1;
range 192.168.76.50 192.168.76.249;
}
# Interface 1 - 802.11 Network
subnet 192.168.176.0 netmask 255.255.255.0 {
default-lease-time 86400;
max-lease-time 86400;
option routers 192.168.176.1;
option domain-name-servers 192.168.176.1;
range 192.168.176.50 192.168.176.249;
}
Alan DeKok-4 wrote:
>
> Raja wrote:
>> Can someone point me in the right direction to configure FreeRADIUS
>> with DHCP ?
>>
>> Tried editing sites-available/dhcp but still dhcp module does not get to
>> load.
>
> Perhaps you could post the error message you see. Or is it a secret?
>
>> Is there something need to be added to radiusd.conf ?
>
> No. But you have to ensure that dictionary.dhcp is loaded.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context: http://www.nabble.com/FreeRADIUS-%2B-DHCP-tp17991791p18014631.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list