FreeRADIUS + DHCP

Raja Peer peermohd at gmail.com
Thu Jun 19 20:15:21 CEST 2008


Hi Alan,

Also when I tried to uncomment "ok" in sites-available/dhcp -> DHCP-Request 
portion,
got the following error. Am I missing any files ?

radiusd: #### Loading Virtual Servers ####
server dhcp {
 modules {
 Module: Checking dhcp DHCP-Discover {...} for more modules to load
 Module: Linked to module rlm_always
 Module: Instantiating ok
  always ok {
        rcode = "ok"
        simulcount = 0
        mpp = no
  }
 Module: Checking dhcp DHCP-Request {...} for more modules to load
/usr/local/etc/raddb/sites-available/dhcp[38]: ERROR: No value given for 
attribute ok
/usr/local/etc/raddb/sites-available/dhcp[32]: Failed to parse "update" 
subsection.
}

Thanks

Raja

> ------------------------------------------------------------------------------------------------
> dhcp configuration from sites-avaialble/dhcp
> ------------------------------------------------------------------------------------------------
> server dhcp {
> client any {
>        ipaddr = 0.0.0.0
>        netmask = 0
>        dhcp = yes
> }
> listen {
>        ipaddr = 192.168.176.1
>        port = 67
>        type = dhcp
> #       interface = fxp1
> }
>
> dhcp DHCP-Discover {
>        update reply {
>               DHCP-Message-Type = DHCP-Offer
>        }
>        update reply {
>                DHCP-Domain-Name-Server = 192.168.176.1
>                DHCP-Subnet-Mask = 255.255.255.0
>                DHCP-Router-Address = 192.168.176.1
>                DHCP-IP-Address-Lease-Time = 86400
>                DHCP-DHCP-Server-Identifier = 192.168.176.1
>        }
>       ok
> }
>
> dhcp DHCP-Request {
>        update reply {
>               DHCP-Message-Type = DHCP-Ack
>        }
>        update reply {
>                DHCP-Domain-Name-Server = 192.168.176.1
>                DHCP-Subnet-Mask = 255.255.255.0
>                DHCP-Router-Address = 192.168.176.1
>                DHCP-IP-Address-Lease-Time = 86400
>                DHCP-DHCP-Server-Identifier = 192.168.176.1
>       ok
>        }
> }
>
> dhcp {
>        # send a DHCP NAK.
>       reject
>}
> }


Raja Peer wrote:
> 
> Hi Alan,
> 
> Here are some information....also highlighted the relevant portions.
> 
> Thanks for your helps.
> 
> Raja
> 
> This message contains the following : 
> 
> 1) radiusd -X debug messages
> 2) tcpdump -i
> 3) dhcp configuration from sites-avaialble/dhcp
> 4) /etc/dhcpd.conf
> 
> ------------------------------------------------------------------------------------------------
> radiusd -X debug messages
> ------------------------------------------------------------------------------------------------
> Script started on Thu Jun 19 10:21:20 2008
> # radiusd -X
> FreeRADIUS Version 2.0.5, for host i386-unknown-openbsd4.1, built on Jun
> 18 2008 at 07:27:36
> Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. 
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
> PARTICULAR PURPOSE. 
> You may redistribute copies of FreeRADIUS under the terms of the 
> GNU General Public License v2. 
> Starting - reading configuration files ...
> including configuration file /usr/local/etc/raddb/radiusd.conf
> including configuration file /usr/local/etc/raddb/proxy.conf
> 
> including configuration file /usr/local/etc/raddb/sites-available/dhcp
> 
> including configuration file /usr/local/etc/raddb/clients.conf
> including configuration file /usr/local/etc/raddb/snmp.conf
> including configuration file /usr/local/etc/raddb/eap.conf
> including configuration file /usr/local/etc/raddb/sql.conf
> including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
> including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
> including configuration file /usr/local/etc/raddb/policy.conf
> including files in directory /usr/local/etc/raddb/sites-enabled/
> including configuration file /usr/local/etc/raddb/sites-enabled/default
> including configuration file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> including dictionary file /usr/local/etc/raddb/dictionary
> main {
>         prefix = "/usr/local"
>         localstatedir = "/usr/local/var"
>         logdir = "/usr/local/var/log/radius"
>         libdir = "/usr/local/lib"
>         radacctdir = "/usr/local/var/log/radius/radacct"
>         hostname_lookups = no
>         max_request_time = 30
>         cleanup_delay = 5
>         max_requests = 1024
>         allow_core_dumps = no
>         pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
>         checkrad = "/usr/local/sbin/checkrad"
>         debug_level = 0
>         proxy_requests = yes
>  log {
>         stripped_names = no
>         auth = yes
>         auth_badpass = yes
>         auth_goodpass = yes
>  }
> }
>  client 192.168.176.2 {
>         require_message_authenticator = yes
>         secret = "mypassword"
>         shortname = "myhost"
>         nastype = "cisco"
>         login = "!root"
>         password = "mypassword"
>  }
> radiusd: #### Loading Realms and Home Servers ####
>  proxy server {
>         retry_delay = 5
>         retry_count = 3
>         default_fallback = no
>         dead_time = 120
>         wake_all_if_all_dead = no
>  }
>  home_server localhost {
>         ipaddr = 127.0.0.1
>         port = 1812
>         type = "auth"
>         secret = "testing123"
>         response_window = 20
>         max_outstanding = 65536
>         zombie_period = 40
>         status_check = "status-server"
>         ping_check = "none"
>         ping_interval = 30
>         check_interval = 30
>         num_answers_to_alive = 3
>         num_pings_to_alive = 3
>         revive_interval = 120
>         status_check_timeout = 4
>  }
>  home_server_pool my_auth_failover {
>         type = fail-over
>         home_server = localhost
>  }
>  realm example.com {
>         auth_pool = my_auth_failover
>  }
>  realm LOCAL {
>  }
> radiusd: #### Instantiating modules ####
>  instantiate {
>  Module: Linked to module rlm_exec
>  Module: Instantiating exec
>   exec {
>         wait = yes
>         input_pairs = "request"
>         shell_escape = yes
>   }
>  Module: Linked to module rlm_expr
>  Module: Instantiating expr
>  Module: Linked to module rlm_expiration
>  Module: Instantiating expiration
>   expiration {
>         reply-message = "Password Has Expired  "
>   }
>  Module: Linked to module rlm_logintime
>  Module: Instantiating logintime
>   logintime {
>         reply-message = "You are calling outside your allowed timespan  "
>         minimum-timeout = 60
>   }
>  }
> radiusd: #### Loading Virtual Servers ####
> server dhcp {
>  modules {
>  Module: Checking dhcp DHCP-Discover {...} for more modules to load
>  Module: Checking dhcp DHCP-Request {...} for more modules to load
>  }
> }
> server inner-tunnel {
>  modules {
>  Module: Checking authenticate {...} for more modules to load
>  Module: Linked to module rlm_pap
>  Module: Instantiating pap
>   pap {
>         encryption_scheme = "auto"
>         auto_header = no
>   }
>  Module: Linked to module rlm_chap
>  Module: Instantiating chap
>  Module: Linked to module rlm_mschap
>  Module: Instantiating mschap
>   mschap {
>         use_mppe = yes
>         require_encryption = yes
>         require_strong = yes
>         with_ntdomain_hack = no
>   }
>  Module: Linked to module rlm_unix
>  Module: Instantiating unix
>   unix {
>         radwtmp = "/usr/local/var/log/radius/radwtmp"
>   }
>  Module: Linked to module rlm_eap
>  Module: Instantiating eap
>   eap {
>         default_eap_type = "peap"
>         timer_expire = 60
>         ignore_unknown_eap_types = no
>         cisco_accounting_username_bug = no
>   }
>  Module: Linked to sub-module rlm_eap_md5
>  Module: Instantiating eap-md5
>  Module: Linked to sub-module rlm_eap_leap
>  Module: Instantiating eap-leap
>  Module: Linked to sub-module rlm_eap_gtc
>  Module: Instantiating eap-gtc
>    gtc {
>         challenge = "Password: "
>         auth_type = "PAP"
>    }
>  Module: Linked to sub-module rlm_eap_tls
>  Module: Instantiating eap-tls
>    tls {
>         rsa_key_exchange = no
>         dh_key_exchange = yes
>         rsa_key_length = 512
>         dh_key_length = 512
>         verify_depth = 0
>         pem_file_type = yes
>         private_key_file = "/usr/local/etc/raddb/certs/server.pem"
>         certificate_file = "/usr/local/etc/raddb/certs/server.pem"
>         CA_file = "/usr/local/etc/raddb/certs/ca.pem"
>         private_key_password = "mypassword"
>         dh_file = "/usr/local/etc/raddb/certs/dh"
>         random_file = "/usr/local/etc/raddb/certs/random"
>         fragment_size = 1024
>         include_length = yes
>         check_crl = no
>         cipher_list = "DEFAULT"
>         make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
>    }
>  Module: Linked to sub-module rlm_eap_ttls
>  Module: Instantiating eap-ttls
>    ttls {
>         default_eap_type = "md5"
>         copy_request_to_tunnel = no
>         use_tunneled_reply = no
>         virtual_server = "inner-tunnel"
>    }
>  Module: Linked to sub-module rlm_eap_peap
>  Module: Instantiating eap-peap
>    peap {
>         default_eap_type = "mschapv2"
>         copy_request_to_tunnel = yes
>         use_tunneled_reply = yes
>         proxy_tunneled_request_as_eap = yes
>         virtual_server = "inner-tunnel"
>    }
>  Module: Linked to sub-module rlm_eap_mschapv2
>  Module: Instantiating eap-mschapv2
>    mschapv2 {
>         with_ntdomain_hack = no
>    }
>  Module: Checking authorize {...} for more modules to load
>  Module: Linked to module rlm_realm
>  Module: Instantiating suffix
>   realm suffix {
>         format = "suffix"
>         delimiter = "@"
>         ignore_default = no
>         ignore_null = no
>   }
>  Module: Linked to module rlm_files
>  Module: Instantiating files
>   files {
>         usersfile = "/usr/local/etc/raddb/users"
>         acctusersfile = "/usr/local/etc/raddb/acct_users"
>         preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
>         compat = "no"
>   }
>  Module: Checking session {...} for more modules to load
>  Module: Linked to module rlm_radutmp
>  Module: Instantiating radutmp
>   radutmp {
>         filename = "/usr/local/var/log/radius/radutmp"
>         username = "%{User-Name}"
>         case_sensitive = yes
>         check_with_nas = yes
>         perm = 384
>         callerid = yes
>   }
>  Module: Checking post-proxy {...} for more modules to load
>  Module: Checking post-auth {...} for more modules to load
>  Module: Linked to module rlm_attr_filter
>  Module: Instantiating attr_filter.access_reject
>   attr_filter attr_filter.access_reject {
>         attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
>         key = "%{User-Name}"
>   }
>  }
>  
>  
>  
> }
> server {
>  modules {
>  Module: Checking authenticate {...} for more modules to load
>  Module: Checking authorize {...} for more modules to load
>  Module: Linked to module rlm_preprocess
>  Module: Instantiating preprocess
>   preprocess {
>         huntgroups = "/usr/local/etc/raddb/huntgroups"
>         hints = "/usr/local/etc/raddb/hints"
>         with_ascend_hack = no
>         ascend_channels_per_line = 23
>         with_ntdomain_hack = no
>         with_specialix_jetstream_hack = no
>         with_cisco_vsa_hack = no
>         with_alvarion_vsa_hack = no
>   }
>  Module: Checking preacct {...} for more modules to load
>  Module: Linked to module rlm_acct_unique
>  Module: Instantiating acct_unique
>   acct_unique {
>         key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port"
>   }
>  Module: Checking accounting {...} for more modules to load
>  Module: Linked to module rlm_detail
>  Module: Instantiating detail
>   detail {
>         detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>         header = "%t"
>         detailperm = 384
>         dirperm = 493
>         locking = no
>         log_packet_header = no
>   }
>  Module: Instantiating attr_filter.accounting_response
>   attr_filter attr_filter.accounting_response {
>         attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
>         key = "%{User-Name}"
>   }
>  Module: Checking session {...} for more modules to load
>  Module: Checking post-proxy {...} for more modules to load
>  Module: Checking post-auth {...} for more modules to load
>  }
> }
> radiusd: #### Opening IP addresses and Ports ####
> listen {
>         type = "auth"
>         ipaddr = 192.168.176.1
>         port = 1645
> }
> listen {
>         type = "acct"
>         ipaddr = 192.168.176.1
>         port = 1646
> }
> 
> listen {
>         type = "dhcp"
>         ipaddr = 192.168.176.1
>         port = 67
>   client any {
>         ipaddr = 0.0.0.0
>         netmask = 0
>         require_message_authenticator = no
>   }
> }
> 
> Listening on authentication address 192.168.176.1 port 1645
> Listening on accounting address 192.168.176.1 port 1646
> 
> Listening on dhcp address 192.168.176.1 port 67 as server dhcp
> 
> Listening on proxy address 192.168.176.1 port 1647
> Ready to process requests.
> rad_recv: Accounting-Request packet from host 192.168.176.2 port 1646,
> id=65, length=325
>         Acct-Session-Id = "000000C9"
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Cisco-AVPair = "ssid=myhost"
>         Cisco-AVPair = "vlan-id=30"
>         Cisco-AVPair = "nas-location=unspecified"
>         Cisco-AVPair = "auth-algo-type=eap-peap"
>         User-Name = "bob"
>         Acct-Authentic = RADIUS
>         Cisco-AVPair = "connect-progress=Call Up"
>         Acct-Session-Time = 59968
>         Acct-Input-Octets = 1300807
>         Acct-Output-Octets = 2044
>         Acct-Input-Packets = 35609
>         Acct-Output-Packets = 76
>         Acct-Terminate-Cause = Lost-Carrier
>         Cisco-AVPair = "disc-cause-ext=No Reason"
>         Acct-Status-Type = Stop
>         NAS-Port-Type = Wireless-802.11
>         Cisco-NAS-Port = "429"
>         NAS-Port = 429
>         Service-Type = Framed-User
>         NAS-IP-Address = 192.168.176.2
>         Acct-Delay-Time = 0
> +- entering group preacct
> ++[preprocess] returns ok
> rlm_acct_unique: Hashing 'NAS-Port = 429,Client-IP-Address =
> 192.168.176.2,NAS-IP-Address = 192.168.176.2,Acct-Session-Id =
> "000000C9",User-Name = "bob"'
> rlm_acct_unique: Acct-Unique-Session-ID = "26b0c52a483a0f91".
> ++[acct_unique] returns ok
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[files] returns noop
> +- entering group accounting
>         expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
> /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
> rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
> expands to /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
>         expand: %t -> Thu Jun 19 10:32:23 2008
> ++[detail] returns ok
> ++[unix] returns ok
>         expand: /usr/local/var/log/radius/radutmp ->
> /usr/local/var/log/radius/radutmp
>         expand: %{User-Name} -> bob
> ++[radutmp] returns ok
>         expand: %{User-Name} -> bob
>  attr_filter: Matched entry DEFAULT at line 12
> ++[attr_filter.accounting_response] returns updated
> Sending Accounting-Response of id 65 to 192.168.176.2 port 1646
> Finished request 0.
> Cleaning up request 0 ID 65 with timestamp +22
> Going to the next request
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=26,
> length=128
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0xe6dae0096eeac37307545c1db22a2a4f
>         EAP-Message = 0x0202000801626f62
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 2 length 8
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
>     users: Matched entry bob at line 76
>         expand: Hello, %{User-Name} -> Hello, bob
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: Found existing Auth-Type, not changing it.
> ++[pap] returns noop
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: EAP Identity
>   rlm_eap: processing type tls
>   rlm_eap_tls: Initiate
>   rlm_eap_tls: Start returned 1
> ++[eap] returns handled
> Sending Access-Challenge of id 26 to 192.168.176.2 port 1645
>         Reply-Message = "Hello, bob"
>         EAP-Message = 0x010300061920
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc19f2af98dd7fcd525d04823
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=27,
> length=218
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0x068e895f503c72bf8212aa10b5f8a3a4
>         EAP-Message =
> 0x0203005019800000004616030100410100003d0301485a98416c13ba422355800db3cb6dc475559e338bfefeb87c2d951f2ce714cd00001600040005000a000900640062000300060013001200630100
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc19f2af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 3 length 80
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
>   TLS Length 70
> rlm_eap_tls:  Length Included
>   eaptls_verify returned 11 
>     (other): before/accept initialization 
>     TLS_accept: before/accept initialization 
>   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello  
>     TLS_accept: SSLv3 read client hello A 
>   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello  
>     TLS_accept: SSLv3 write server hello A 
>   rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate  
>     TLS_accept: SSLv3 write certificate A 
>   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
>     TLS_accept: SSLv3 write server done A 
>     TLS_accept: SSLv3 flush data 
>     TLS_accept: Need to read more data: SSLv3 read client certificate A
> In SSL Handshake Phase 
> In SSL Accept mode  
>   eaptls_process returned 13 
>   rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 27 to 192.168.176.2 port 1645
>         EAP-Message =
> 0x0104040019c0000008bb160301004a020000460301485a983865559bb984e52189e2c555468968ce38159cb0ead8762ab988066d3420a6326a728ec9c63c52f2b2b2c9ac69ca33404c22ab94171b127553d3a1b0ca71000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
>         EAP-Message =
> 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631373232333335385a170d3039303631373232333335385a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c3403d2d798fb6f194d86b12ff215e1afe7debef361c4aad17dc70a99632
>         EAP-Message =
> 0x704bd32a7a55fe1a655f1e561a34463799a8a52fc34b4244dcdc28f16969496d48f0fc031b68de62c18abf1943a3561f2c192364f7e5fd5e6ecfc56043dc726d65af142c207f92b9b7a0ef4826924fa84e9c57b1ea1136294b419a14a785ef03c50216df5f70759b47e0ae61c60419a81231bc82b26b3b550b13d52e9d02255f24c0dab1069759563dd3d27c86d0d873d6d56ad7b6abb4520edeb7989f7cfd2214ae73e7bb97b227354d7b4c370b90215fe11d397669dd871ab584e97469325d023afd3b1bb7dd7ae2939cb497b211788ec148e4a662247d29fe6b99ba7148e551b70203010001a317301530130603551d25040c300a06082b06010505
>         EAP-Message =
> 0x070301300d06092a864886f70d010104050003820101004c9b1df24b63e703347729b65cd37475a85ae1d611be6bcc8117306d2d29a912857f32981baa8186183e47fe58cc4c4b7641dd3a48bcca91060c9bb423b239324202bed2d900ad8cfd393329ecdb9352c6d62124853809e72134e85ebbab0278e738ca3ae871deee8cca525d6945dbb748c0770f75318b50b652ff66dc05ab1f7be4018f915accde010e0e5ef9cfe7c8a6466c45251f73985553c24fba1683c7e80078da9f30c7b83da6f70873130dad5c915b07e24c07390c72dc5661c94e12cafac1c31f8d1ccb8782466d9de7e1064d4bc3d347b4c9057aa892d32bd1d1e69762cf426c67
>         EAP-Message = 0xc3470ea88d07a75dbb3c844a
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc0982af98dd7fcd525d04823
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=28,
> length=144
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0x9c1004875803bae8f1b3744287ebd540
>         EAP-Message = 0x020400061900
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc0982af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 4 length 6
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
>   rlm_eap_tls: ack handshake fragment handler
>   eaptls_verify returned 1 
>   eaptls_process returned 13 
>   rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 28 to 192.168.176.2 port 1645
>         EAP-Message =
> 0x010503fc19400f8d1f539991634ee4da9958fc980004ab308204a73082038fa003020102020900b4d3408cb5b742e1300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631373232333330355a170d3038303731373232333330355a308193310b30090603
>         EAP-Message =
> 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100adf9731579fccd42f3ae8bb15d05de971825d36965707d986a3dcb580f0df15f6a89c039a0339f42318982153d059414852664c055b13e1564335c016ebc63812d3f446762809629fc250cbf42ccb3
>         EAP-Message =
> 0xe38f53233d17c50cbd743c99f4ca7e09006df13be64d9a4714e0ddfa4f97aa545735fcd2d29168313dbcde2b3ee22d12b4bddbfbef59ddba4ba2b9e90a1a64570c3bf8b8e7dd434f8a138ad1d564f5b2aa83d87e7368f97f7e307ffcf51c69baa73872c72a56c8d28899c933297923e0b2954909945549f8ae93854ba661aa149cff6cbf3332e6c7de2638676f196213646e818a214adc4f40aba012550feeecf4d11bc2ed4d2f38ab0eada49b6975263d0203010001a381fb3081f8301d0603551d0e04160414a67218b90dacd79a6298636476224c2f8c7e572a3081c80603551d230481c03081bd8014a67218b90dacd79a6298636476224c2f8c7e
>         EAP-Message =
> 0x572aa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900b4d3408cb5b742e1300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010055b89baadf905b039ceb8014ff014dc67e8c08cd2242af10244f2693f3b07614d07a35231ba19b69dc5d66a0b04be0c7dc94
>         EAP-Message = 0xf3377e71e00a3942
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc3992af98dd7fcd525d04823
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=29,
> length=144
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0x2c376a5079d0fa0cb0a43003f30de7fc
>         EAP-Message = 0x020500061900
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc3992af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 5 length 6
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
>   rlm_eap_tls: ack handshake fragment handler
>   eaptls_verify returned 1 
>   eaptls_process returned 13 
>   rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 29 to 192.168.176.2 port 1645
>         EAP-Message =
> 0x010600d5190005151baedaadd0453f1ed6d2e419265da42097ce6d1e9195f232addfd35f16baa84f086ca843e92ee39ac6c2f1ac78c556fe41196e03d607629bb4ffb59c4470a0deee9a710a2c79145029ef6e563a6e9cac0255ee1be47c0fbe040ebca66fa98355cb384d03453570e9931e27c4758fef55063853a0b5efc3503927685c5b657af09a0bdae8c2aa17bd919dd5c27b57d9954328cd30dbe6d55738a6a6dd8bf41f937a312e419052a760337a0ab15acee3bc29bfd7cc0c43efb73fa0dd46541f1a8e914cc1b316030100040e000000
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc29a2af98dd7fcd525d04823
> Finished request 4.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=30,
> length=460
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0xa005a382c6e3845b72c8d35008f69e6b
>         EAP-Message =
> 0x02060140198000000136160301010610000102010001e218993f17883f0774dba82f3954d4ac0c3f8ca3e641c898151a304866b2ed1100e84b32f2693df4c71eda82bf4af6e210cc07dfc4f986c4a7b7004781d1be7373091ff85224fc3f008d8623ae35c9f67d44ba61229e8df8acb86aa03f7836271a1ed9dea73e78c1151f183285214f673a18c19d25c4b5bfa11dd62153ab52cfb445b5f7267494aa9945e2c957e9080a5d5b0b6a4f1cce7f4a20c6bae489f1b7ae888d63547be90dcbbe2407966647b60c102351585e02c98359a708f4ba631d90d440df104de3545d175844b485b630477ba7537dc827b5f10a9aa083d7a22d8c01c2ad3d7c13
>         EAP-Message =
> 0x45d4df123f2d1a27dcafd695df60f0120917ce2d552fc04c1403010001011603010020badc11b88ab0e456aae78121b185ab241ca1b65af6946ad2771605508b756cc4
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc29a2af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 6 length 253
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
>   TLS Length 310
> rlm_eap_tls:  Length Included
>   eaptls_verify returned 11 
>   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
>     TLS_accept: SSLv3 read client key exchange A 
>   rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]  
>   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished  
>     TLS_accept: SSLv3 read finished A 
>   rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]  
>     TLS_accept: SSLv3 write change cipher spec A 
>   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished  
>     TLS_accept: SSLv3 write finished A 
>     TLS_accept: SSLv3 flush data 
>     (other): SSL negotiation finished successfully 
> SSL Connection Established 
>   eaptls_process returned 13 
>   rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 30 to 192.168.176.2 port 1645
>         EAP-Message =
> 0x01070031190014030100010116030100203844712871ce4a0bc00a3343b23596cd932deb928589365d2b9058442dc95aa5
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc59b2af98dd7fcd525d04823
> Finished request 5.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=31,
> length=144
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0x887a7ae4489755b88b3f1edd6b4fd34a
>         EAP-Message = 0x020700061900
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc59b2af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 7 length 6
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
>   rlm_eap_tls: ack handshake is finished
>   eaptls_verify returned 3 
>   eaptls_process returned 3 
>   rlm_eap_peap: EAPTLS_SUCCESS
> ++[eap] returns handled
> Sending Access-Challenge of id 31 to 192.168.176.2 port 1645
>         EAP-Message =
> 0x01080020190017030100159bf9e453956ddc294cb3dc0b7f4fb1d4ac3d4351bb
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc4942af98dd7fcd525d04823
> Finished request 6.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=32,
> length=169
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0x80e262321c7f4fbfaa731cf2593d711f
>         EAP-Message =
> 0x0208001f190017030100144823d86b20ffd3c304ef6b7101419fd1994336cd
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc4942af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 8 length 31
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
>   eaptls_verify returned 7 
>   rlm_eap_tls: Done initial handshake
>   eaptls_process returned 7 
>   rlm_eap_peap: EAPTLS_OK
>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>   rlm_eap_peap: Identity - bob
>   PEAP: Got tunneled identity of bob
>   PEAP: Setting default EAP type for tunneled EAP session.
>   PEAP: Setting User-Name to bob
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
>   rlm_eap: EAP packet type response id 8 length 8
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
>     users: Matched entry bob at line 76
>         expand: Hello, %{User-Name} -> Hello, bob
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: Found existing Auth-Type, not changing it.
> ++[pap] returns noop
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: EAP Identity
>   rlm_eap: processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> ++[eap] returns handled
>   PEAP: Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 32 to 192.168.176.2 port 1645
>         EAP-Message =
> 0x0109003419001703010029c59e264e73065e8c1daa8997bd6b9848e5c8609396c2ebd479aacdd9d8065701ffea07b0905c375d80
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc7952af98dd7fcd525d04823
> Finished request 7.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=33,
> length=223
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0x9c7ca73ae9f0e6d50740d8ea73aa9c87
>         EAP-Message =
> 0x020900551900170301004a8bb4104e740bf559db2e25fb89f0a7ff16a8a32be27c12a72fb4abbe4a9e743d51aef4ec66a001e241c487cb646103815bc9129dc522cd2f0c60bece92c10cc420032c983cfb1119b5ac
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc7952af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 9 length 85
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
>   eaptls_verify returned 7 
>   rlm_eap_tls: Done initial handshake
>   eaptls_process returned 7 
>   rlm_eap_peap: EAPTLS_OK
>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>   rlm_eap_peap: EAP type mschapv2
>   PEAP: Setting User-Name to bob
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
>   rlm_eap: EAP packet type response id 9 length 62
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
>     users: Matched entry bob at line 76
>         expand: Hello, %{User-Name} -> Hello, bob
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: Found existing Auth-Type, not changing it.
> ++[pap] returns noop
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/mschapv2
>   rlm_eap: processing type mschapv2
> +- entering group MS-CHAP
>   rlm_mschap: Told to do MS-CHAPv2 for bob with NT-Password
> rlm_mschap: adding MS-CHAPv2 MPPE keys
> ++[mschap] returns ok
> MSCHAP Success 
> ++[eap] returns handled
>   PEAP: Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 33 to 192.168.176.2 port 1645
>         EAP-Message =
> 0x010a004a1900170301003fa7a977c5edba08371219f183d1e00e84350913cbff4afa19a4581dd8b1fe454f94393350571fa7fe4420be0f252cb581f96d8395180b298f603bc30de72321
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc6962af98dd7fcd525d04823
> Finished request 8.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=34,
> length=167
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0x7c5100a122f45fbfbfc6f2968045cf11
>         EAP-Message =
> 0x020a001d19001703010012006776dfd5ada28ef90304ba8e6ddb22f1fe
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc6962af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 10 length 29
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
>   eaptls_verify returned 7 
>   rlm_eap_tls: Done initial handshake
>   eaptls_process returned 7 
>   rlm_eap_peap: EAPTLS_OK
>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>   rlm_eap_peap: EAP type mschapv2
>   PEAP: Setting User-Name to bob
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
>   rlm_eap: EAP packet type response id 10 length 6
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
>     users: Matched entry bob at line 76
>         expand: Hello, %{User-Name} -> Hello, bob
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: Found existing Auth-Type, not changing it.
> ++[pap] returns noop
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/mschapv2
>   rlm_eap: processing type mschapv2
>   rlm_eap: Freeing handler
> ++[eap] returns ok
> Login OK: [bob/<via Auth-Type = EAP>] (from client myhost port 430 cli
> 000d.8857.52cc via TLS tunnel)
>   PEAP: Tunneled authentication was successful.
>   rlm_eap_peap: SUCCESS
>   Saving tunneled attributes for later
> ++[eap] returns handled
> Sending Access-Challenge of id 34 to 192.168.176.2 port 1645
>         EAP-Message =
> 0x010b00261900170301001b02870e444c401b5d103121cd701bf6f9df20e27684342d6af607b1
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0xc19c33efc9972af98dd7fcd525d04823
> Finished request 9.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=35,
> length=176
>         User-Name = "bob"
>         Framed-MTU = 1400
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Service-Type = Login-User
>         Message-Authenticator = 0xbc7b47f3ac3d871eee9cccde10f9392f
>         EAP-Message =
> 0x020b00261900170301001bd764372928319221d6080a71abdf5c68ecd96638ed25b9ad2d41f8
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 430
>         State = 0xc19c33efc9972af98dd7fcd525d04823
>         NAS-IP-Address = 192.168.176.2
>         NAS-Identifier = "myhost"
> +- entering group authorize
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
>   rlm_eap: EAP packet type response id 11 length 38
>   rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP/peap
>   rlm_eap: processing type peap
>   rlm_eap_peap: Authenticate
>   rlm_eap_tls: processing TLS
>   eaptls_verify returned 7 
>   rlm_eap_tls: Done initial handshake
>   eaptls_process returned 7 
>  
>   rlm_eap_peap: EAPTLS_OK
>   rlm_eap_peap: Session established.  Decoding tunneled attributes.
>   rlm_eap_peap: Received EAP-TLV response.
>   rlm_eap_peap: Success
>  
>   Using saved attributes from the original Access-Accept
>   rlm_eap: Freeing handler
> ++[eap] returns ok
> Login OK: [bob/<via Auth-Type = EAP>] (from client myhost port 430 cli
> 000d.8857.52cc)
> Sending Access-Accept of id 35 to 192.168.176.2 port 1645
>         Reply-Message = "Hello, bob"
>         User-Name = "bob"
>         MS-MPPE-Recv-Key =
> 0xe525d848ba1e94c6df6fc6d761f50bc438cbed784215665a11022c2eee94b643
>         MS-MPPE-Send-Key =
> 0xbdcd963282af82ec05d197137ed96bd0b75079c2adf84e7714f7bed776eeeb42
>         EAP-Message = 0x030b0004
>         Message-Authenticator = 0x00000000000000000000000000000000
> Finished request 10.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Accounting-Request packet from host 192.168.176.2 port 1646,
> id=66, length=226
>         Acct-Session-Id = "000000CB"
>         Called-Station-Id = "0019.aa76.b8e0"
>         Calling-Station-Id = "000d.8857.52cc"
>         Cisco-AVPair = "ssid=myhost"
>         Cisco-AVPair = "vlan-id=30"
>         Cisco-AVPair = "nas-location=unspecified"
>         User-Name = "bob"
>         Cisco-AVPair = "connect-progress=Call Up"
>         Acct-Authentic = RADIUS
>         Acct-Status-Type = Start
>         NAS-Port-Type = Wireless-802.11
>         Cisco-NAS-Port = "430"
>         NAS-Port = 430
>         Service-Type = Framed-User
>         NAS-IP-Address = 192.168.176.2
>         Acct-Delay-Time = 0
> +- entering group preacct
> ++[preprocess] returns ok
> rlm_acct_unique: Hashing 'NAS-Port = 430,Client-IP-Address =
> 192.168.176.2,NAS-IP-Address = 192.168.176.2,Acct-Session-Id =
> "000000CB",User-Name = "bob"'
> rlm_acct_unique: Acct-Unique-Session-ID = "4a1bcbd772dbcc9f".
> ++[acct_unique] returns ok
>     rlm_realm: No '@' in User-Name = "bob", looking up realm NULL
>     rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[files] returns noop
> +- entering group accounting
>         expand:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
> /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
> rlm_detail:
> /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
> expands to /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619
>         expand: %t -> Thu Jun 19 10:32:40 2008
> ++[detail] returns ok
> ++[unix] returns ok
>         expand: /usr/local/var/log/radius/radutmp ->
> /usr/local/var/log/radius/radutmp
>         expand: %{User-Name} -> bob
> ++[radutmp] returns ok
>         expand: %{User-Name} -> bob
>  attr_filter: Matched entry DEFAULT at line 12
> ++[attr_filter.accounting_response] returns updated
> Sending Accounting-Response of id 66 to 192.168.176.2 port 1646
> Finished request 11.
> Cleaning up request 11 ID 66 with timestamp +39
> Going to the next request
> Waking up in 4.8 seconds.
> Cleaning up request 1 ID 26 with timestamp +39
> Cleaning up request 2 ID 27 with timestamp +39
> Cleaning up request 3 ID 28 with timestamp +39
> Cleaning up request 4 ID 29 with timestamp +39
> Cleaning up request 5 ID 30 with timestamp +39
> Cleaning up request 6 ID 31 with timestamp +39
> Cleaning up request 7 ID 32 with timestamp +39
> Cleaning up request 8 ID 33 with timestamp +39
> Cleaning up request 9 ID 34 with timestamp +39
> Cleaning up request 10 ID 35 with timestamp +39
> Ready to process requests.
> ^C
> # ^D
> 
> Script done on Thu Jun 19 10:21:29 2008
> 
> 
> 
> ------------------------------------------------------------------------------------------------
> tcpdump -i
> ------------------------------------------------------------------------------------------------
> 10:32:55.433969 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:33:05.430685 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:33:10.244893 802.1Q vid 30 pri 0 0.0.0.0.bootpc >
> 255.255.255.255.bootps: xid:0x45438e43 secs:7168 [|bootp]
> 10:33:10.636101 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
> 10:33:15.427665 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
> PuTTY                    0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:33:25.424383 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> ^R
> 10:33:35.421362 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:33:41.248885 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
> 169.254.220.241
> 10:33:42.152283 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
> 169.254.220.241
> 10:33:43.152178 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell
> 169.254.220.241
> 10:33:44.177611 802.1Q vid 30 pri 0 169.254.220.241 > 224.0.0.22: igmp-2
> [v2] [ttl 1]
> 10:33:44.179342 802.1Q vid 30 pri 0 169.254.220.241.3767 >
> 239.255.255.250.ssdp: udp 133 [ttl 1]
> 10:33:44.230829 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:44.981587 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:45.152296 802.1Q vid 30 pri 0 169.254.220.241 > 224.0.0.22: igmp-2
> [v2] [ttl 1]
> 10:33:45.418072 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:33:45.730587 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:46.153350 802.1Q vid 30 pri 0 0.0.0.0.bootpc >
> 255.255.255.255.bootps: xid:0x8b980ba7 flags:0x8000 [|bootp]
> 10:33:46.480634 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:47.183894 802.1Q vid 30 pri 0 169.254.220.241.3767 >
> 239.255.255.250.ssdp: udp 133 [ttl 1]
> 10:33:47.230757 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:47.980923 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:48.731746 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:49.480571 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:50.153121 802.1Q vid 30 pri 0 0.0.0.0.bootpc >
> 255.255.255.255.bootps: xid:0x8b980ba7 secs:1024 flags:0x8000 [|bootp]
> 10:33:50.199398 802.1Q vid 30 pri 0 169.254.220.241.3767 >
> 239.255.255.250.ssdp: udp 133 [ttl 1]
> 10:33:50.230996 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:50.241650 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:50.980832 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:50.981245 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:51.730782 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:51.731878 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:52.480919 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:52.482054 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:33:53.231506 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 201
> 10:33:53.232865 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 176
> 10:33:54.731247 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 176
> 10:33:55.414930 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:33:56.231913 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 176
> 10:33:57.731233 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 176
> 10:33:58.153514 802.1Q vid 30 pri 0 0.0.0.0.bootpc >
> 255.255.255.255.bootps: xid:0x8b980ba7 secs:3072 flags:0x8000 [|bootp]
> 10:33:59.231359 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 188
> 10:34:00.231536 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 188
> 10:34:01.232096 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 188
> 10:34:02.234690 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 188
> 10:34:03.231419 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:34:03.981500 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:34:04.732762 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:34:05.411907 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:34:05.481329 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:34:06.231569 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:34:06.981411 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:34:07.731679 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:34:08.481573 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 68
> 10:34:09.231822 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 176
> 10:34:09.233034 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 176
> 10:34:09.233642 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 206
> 10:34:09.346612 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 50
> 10:34:10.091058 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 50
> 10:34:10.617194 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
> 10:34:10.841094 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns >
> 169.254.255.255.netbios-ns: udp 50
> 10:34:14.154005 802.1Q vid 30 pri 0 0.0.0.0.bootpc >
> 255.255.255.255.bootps: xid:0x8b980ba7 secs:7168 flags:0x8000 [|bootp]
> 10:34:15.408759 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:34:25.405471 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:34:35.402456 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:34:38.625459 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 201
> 10:34:45.399304 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:34:55.396016 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:34:57.531165 00:19:aa:ab:65:7a > 01:40:96:ff:ff:ff sap aa ui/C len=47
> 10:34:57.531171 802.1Q vid 30 pri 0 01:40:96:ff:ff:ff > 00:19:aa:ab:65:7a
> sap aa ui/C len=47
> 10:35:05.393001 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:35:09.235143 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 206
> 10:35:10.598427 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
> 10:35:15.389722 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:35:25.386699 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:35:35.383412 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:35:45.380398 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:35:55.377109 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:36:05.374102 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:36:09.238281 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm >
> 169.254.255.255.netbios-dgm: udp 206
> 10:36:10.579519 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
> 10:36:15.370816 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:36:25.367792 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:36:35.364522 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:36:45.361492 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:36:55.358211 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:37:05.355189 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:37:10.560476 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp]
> 10:37:15.352039 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:37:25.348748 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:37:35.345736 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:37:45.342447 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> 10:37:55.339442 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60:
>                          0000 0100 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000
> ------------------------------------------------------------------------------------------------						 
> dhcp configuration from sites-avaialble/dhcp	
> ------------------------------------------------------------------------------------------------					 
> server dhcp {
> client any {
>         ipaddr = 0.0.0.0
>         netmask = 0
>         dhcp = yes
> }
> listen {
>         ipaddr = 192.168.176.1
>         port = 67
>         type = dhcp
> #       interface = fxp1
> }
> 
> dhcp DHCP-Discover {
>         update reply {
>                DHCP-Message-Type = DHCP-Offer
>         }
>         update reply {
>                 DHCP-Domain-Name-Server = 192.168.176.1
>                 DHCP-Subnet-Mask = 255.255.255.0
>                 DHCP-Router-Address = 192.168.176.1
>                 DHCP-IP-Address-Lease-Time = 86400
>                 DHCP-DHCP-Server-Identifier = 192.168.176.1
>         }
> #       ok
> }
> 
> dhcp DHCP-Request {
>         update reply {
>                DHCP-Message-Type = DHCP-Ack
>         }
>         update reply {
>                 DHCP-Domain-Name-Server = 192.168.176.1
>                 DHCP-Subnet-Mask = 255.255.255.0
>                 DHCP-Router-Address = 192.168.176.1
>                 DHCP-IP-Address-Lease-Time = 86400
>                 DHCP-DHCP-Server-Identifier = 192.168.176.1
> #       ok
>         }
> }
> 
> #dhcp {
>         # send a DHCP NAK.
> #       reject
> #}
> }
> 
> ------------------------------------------------------------------------------------------------
> /etc/dhcpd.conf
> ------------------------------------------------------------------------------------------------
> # DHCP server options.
> # See dhcpd.conf(5) and dhcpd(8) for more information.
> 
> authoritative;
> 
> option domain-name "myhost.mydomain.net";
> 
> # Interface 0 - LAN Network
> subnet 192.168.76.0 netmask 255.255.255.0 {
>         default-lease-time 86400;
>         max-lease-time 86400;
>         option routers 192.168.76.1;
>         option domain-name-servers 192.168.76.1;
>         range 192.168.76.50 192.168.76.249;
> }
> 
> # Interface 1 - 802.11 Network
> subnet 192.168.176.0 netmask 255.255.255.0 {
>         default-lease-time 86400;
>         max-lease-time 86400;
>         option routers 192.168.176.1;
>         option domain-name-servers 192.168.176.1;
>         range 192.168.176.50 192.168.176.249;
> }
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Alan DeKok-4 wrote:
>> 
>> Raja wrote:
>>> Can someone point me in the right direction to configure FreeRADIUS
>>> with DHCP ?
>>>  
>>> Tried editing sites-available/dhcp but still dhcp module does not get to
>>> load.
>> 
>>   Perhaps you could post the error message you see.  Or is it a secret?
>> 
>>> Is there something need to be added to radiusd.conf ?
>> 
>>   No.  But you have to ensure that dictionary.dhcp is loaded.
>> 
>>   Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/FreeRADIUS-%2B-DHCP-tp17991791p18014928.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list