wierd problem with freeradius 2.1.1
Anatoli Logvinski
anatoli.logvinski at adelaide.edu.au
Wed Nov 12 06:59:38 CET 2008
Hi,
I have freeradius 2.1.1 configured to handle peap and ttls/mschap2
against AD. It accepts usernames in 3 formats "DOMAIN\username",
"username at domain" and "username". The problem is that one of the formats
doesn't work. It can be any one of the three and can change when I
reboot the machine where the server is running and doesn't change if I
only restart the server itself and it can be different for different
wireless clients. I have a similarly configured 1.1.7 and it's been
working perfectly.
2.1.1 runs on RHEL5 (REd Hat Enterprise Linux) 64-bit and I also tried
it on RHEL4 32-bit with the same results.
There is no reject from the server but looking at the packet trace I can
see that instead of a TLS encrypted handshake message the client gets a
PEAP request and replies with Deauthentication
This is a packet trace of a successful session:
228 11:45:27.797692 IntelCor_d6:da:d5 Cisco_89:9d:49
EAP Response, Identity [RFC3748]
230 11:45:27.802659 Cisco_89:9d:49 IntelCor_d6:da:d5
EAP Request, PEAP [Palekar]
232 11:45:27.804773 IntelCor_d6:da:d5 Cisco_89:9d:49
TLSv1 Client Hello
234 11:45:27.808900 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Server Hello, Certificate, Server Hello Done
236 11:45:27.811647 IntelCor_d6:da:d5 Cisco_89:9d:49
EAP Response, PEAP [Palekar]
238 11:45:27.814901 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Server Hello, Certificate, Server Hello Done
240 11:45:27.815646 IntelCor_d6:da:d5 Cisco_89:9d:49
EAP Response, PEAP [Palekar]
242 11:45:27.818397 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Server Hello, Certificate, Server Hello Done
244 11:45:27.820270 IntelCor_d6:da:d5 Cisco_89:9d:49
TLSv1 Client Key Exchange, Change Cipher Spec, Encrypted Handshake
Message
246 11:45:27.837270 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Change Cipher Spec, Encrypted Handshake Message
248 11:45:27.845145 IntelCor_d6:da:d5 Cisco_89:9d:49
EAP Response, PEAP [Palekar]
250 11:45:27.848520 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Application Data
252 11:45:27.849269 IntelCor_d6:da:d5 Cisco_89:9d:49
TLSv1 Application Data
254 11:45:27.852894 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Application Data
256 11:45:27.862774 IntelCor_d6:da:d5 Cisco_89:9d:49
TLSv1 Application Data
And this is unsuccessful session:
162 16:12:11.521443 Cisco_89:9d:49 IntelCor_d6:da:d5
EAP Request, Identity [RFC3748]
165 16:12:11.572735 IntelCor_d6:da:d5 Cisco_89:9d:49
EAPOL Start
167 16:12:11.573466 Cisco_89:9d:49 IntelCor_d6:da:d5
EAP Request, Identity [RFC3748]
283 16:12:22.521827 IntelCor_d6:da:d5 Cisco_89:9d:49 IEEE
802.11 QoS Null function (No data), SN=0, FN=0, Flags=.......TC
319 16:12:25.126804 IntelCor_d6:da:d5 Cisco_89:9d:49
EAP Response, Identity [RFC3748]
321 16:12:25.131179 Cisco_89:9d:49 IntelCor_d6:da:d5
EAP Request, PEAP [Palekar]
323 16:12:25.132286 IntelCor_d6:da:d5 Cisco_89:9d:49
SSL Client Hello
325 16:12:25.136419 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Server Hello, Certificate, Server Hello Done
327 16:12:25.140310 IntelCor_d6:da:d5 Cisco_89:9d:49
EAP Response, PEAP [Palekar]
329 16:12:25.143789 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Server Hello, Certificate, Server Hello Done
331 16:12:25.144547 IntelCor_d6:da:d5 Cisco_89:9d:49
EAP Response, PEAP [Palekar]
333 16:12:25.147047 Cisco_89:9d:49 IntelCor_d6:da:d5
TLSv1 Server Hello, Certificate, Server Hello Done
335 16:12:25.148670 IntelCor_d6:da:d5 Cisco_89:9d:49
EAP Response, PEAP [Palekar]
337 16:12:25.151045 Cisco_89:9d:49 IntelCor_d6:da:d5
EAP Request, PEAP [Palekar]
339 16:12:25.164296 IntelCor_d6:da:d5 Cisco_89:9d:49 IEEE
802.11 Deauthentication, SN=2842, FN=0, Flags=........C
Here is an example of a failed session from the server debug:
rad_recv: Access-Request packet from host 10.16.17.33 port 32770,
id=254, length=378
User-Name = "username at adelaide.edu.au"
Calling-Station-Id = "00-1F-3B-D6-DA-D5"
Called-Station-Id = "00-23-04-89-9D-40:dev-UofA"
NAS-Port = 29
NAS-IP-Address = 10.16.17.33
NAS-Identifier = "c4404-01-lg45-d3-nt"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "977"
EAP-Message =
0x020300a719800000009d1603010098010000940301491a294895f3db20fdb54221a9e3f3d6201c394835761953775233784549a7c320d5e5e5c9f84361b56c294e147e0ff1c8402384b74f32f27b9b9e93c46b1da6440018002f00350005000ac009c00ac013c0140032003800130004010000330000001d001b0100186131303032373538406164656c616964652e6564752e6175000a00080006001700180019000b00020100
State = 0x29bd479429be5e064d1acd012c09ab36
Message-Authenticator = 0xf3843f7b19a689f2590496657c26c1c0
Wed Nov 12 11:24:38 2008 : Info: +- entering group authorize {...}
Wed Nov 12 11:24:38 2008 : Info: ++[preprocess] returns ok
Wed Nov 12 11:24:38 2008 : Info: [auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.16.17.33/auth-detail-20081112
Wed Nov 12 11:24:38 2008 : Info: [auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/10.16.17.33/auth-detail-20081112
Wed Nov 12 11:24:38 2008 : Info: [auth_log] expand: %t -> Wed Nov 12
11:24:38 2008
Wed Nov 12 11:24:38 2008 : Info: ++[auth_log] returns ok
Wed Nov 12 11:24:38 2008 : Info: ++[mschap] returns noop
Wed Nov 12 11:24:38 2008 : Info: [suffix] Looking up realm
"adelaide.edu.au" for User-Name = "username at adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Found realm "adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Adding Stripped-User-Name =
"username"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Adding Realm = "adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Authentication realm is LOCAL.
Wed Nov 12 11:24:38 2008 : Info: ++[suffix] returns ok
Wed Nov 12 11:24:38 2008 : Info: [ntdomain] Request already proxied.
Ignoring.
Wed Nov 12 11:24:38 2008 : Info: ++[ntdomain] returns ok
Wed Nov 12 11:24:38 2008 : Info: [eap] EAP packet type response id 3
length 167
Wed Nov 12 11:24:38 2008 : Info: [eap] Continuing tunnel setup.
Wed Nov 12 11:24:38 2008 : Info: ++[eap] returns ok
Wed Nov 12 11:24:38 2008 : Info: Found Auth-Type = EAP
Wed Nov 12 11:24:38 2008 : Info: +- entering group authenticate {...}
Wed Nov 12 11:24:38 2008 : Info: [eap] Request found, released from the list
Wed Nov 12 11:24:38 2008 : Info: [eap] EAP/peap
Wed Nov 12 11:24:38 2008 : Info: [eap] processing type peap
Wed Nov 12 11:24:38 2008 : Info: [peap] processing EAP-TLS
Wed Nov 12 11:24:38 2008 : Debug: TLS Length 157
Wed Nov 12 11:24:38 2008 : Info: [peap] Length Included
Wed Nov 12 11:24:38 2008 : Info: [peap] eaptls_verify returned 11
Wed Nov 12 11:24:38 2008 : Info: [peap] (other): before/accept
initialization
Wed Nov 12 11:24:38 2008 : Info: [peap] TLS_accept: before/accept
initialization
Wed Nov 12 11:24:38 2008 : Info: [peap] <<< TLS 1.0 Handshake [length
0098], ClientHello
Wed Nov 12 11:24:38 2008 : Info: [peap] TLS_accept: SSLv3 read
client hello A
Wed Nov 12 11:24:38 2008 : Info: [peap] >>> TLS 1.0 Handshake [length
002a], ServerHello
Wed Nov 12 11:24:38 2008 : Info: [peap] TLS_accept: SSLv3 write
server hello A
Wed Nov 12 11:24:38 2008 : Info: [peap] >>> TLS 1.0 Handshake [length
090b], Certificate
Wed Nov 12 11:24:38 2008 : Info: [peap] TLS_accept: SSLv3 write
certificate A
Wed Nov 12 11:24:38 2008 : Info: [peap] >>> TLS 1.0 Handshake [length
0004], ServerHelloDone
Wed Nov 12 11:24:38 2008 : Info: [peap] TLS_accept: SSLv3 write
server done A
Wed Nov 12 11:24:38 2008 : Info: [peap] TLS_accept: SSLv3 flush data
Wed Nov 12 11:24:38 2008 : Info: [peap] TLS_accept: Need to read
more data: SSLv3 read client certificate A
Wed Nov 12 11:24:38 2008 : Debug: In SSL Handshake Phase
Wed Nov 12 11:24:38 2008 : Debug: In SSL Accept mode
Wed Nov 12 11:24:38 2008 : Info: [peap] eaptls_process returned 13
Wed Nov 12 11:24:38 2008 : Info: [peap] EAPTLS_HANDLED
Wed Nov 12 11:24:38 2008 : Info: ++[eap] returns handled
Sending Access-Challenge of id 254 to 10.16.17.33 port 32770
EAP-Message =
0x0104040019c000000948160301002a020000260301491a294e3f610fb297f401436df8548042ce957ae530c81f6d2915e3379992bb00002f00160301090b0b0009070009040004b9308204b53082041ea00302010202033f048e300d06092a864886f70d01010505003081ec310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3130302e060355040b1327687474703a2f2f7777772e737461726669656c64746563682e636f6d2f7265706f7369746f72793131302f
EAP-Message =
0x06035504031328537461726669656c64205365637572652043657274696669636174696f6e20417574686f72697479312a302806092a864886f70d010901161b70726163746963657340737461726669656c64746563682e636f6d301e170d3036313231333231333931365a170d3038313231333231333931365a3065311f301d060355040a13167261646975732e6164656c616964652e6564752e61753121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c696461746564311f301d060355040313167261646975732e6164656c616964652e6564752e617530819f300d06092a864886f70d010101050003818d003081890281
EAP-Message =
0x8100d7fbf50a4906fe53cda9cb3597730e36b640eaad16028c68cc317ec62b4c9d2351ba870cb637a42f51f30c29ba6ee783df929b0a430589c9e719ad6f35be2fa2ef652e78f202201aef69a218ff9c7a88abb3caf692912d3e3be9e97f2d027906627102787b3f4229a5fc0ce71daa1a5688b489b0590cf631297649b57e1021af0203010001a38201e9308201e530090603551d1304023000300b0603551d0f0404030205a0301d0603551d250416301406082b0601050507030106082b0601050507030230560603551d1f044f304d304ba049a0478645687474703a2f2f6365727469666963617465732e737461726669656c64746563682e636f
EAP-Message =
0x6d2f7265706f7369746f72792f737461726669656c6469737375696e672e63726c30520603551d20044b30493047060b6086480186fd6d010717013038303606082b06010505070201162a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f727930818006082b0601050507010104743072302906082b06010505073001861d687474703a2f2f6f6373702e737461726669656c64746563682e636f6d304506082b060105050730028639687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f73665f69737375696e672e637274301d060355
EAP-Message = 0x1d0e04160414fe709c5e71bf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x29bd479428b95e064d1acd012c09ab36
Wed Nov 12 11:24:38 2008 : Info: Finished request 45.
Wed Nov 12 11:24:38 2008 : Debug: Going to the next request
Wed Nov 12 11:24:38 2008 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.16.17.33 port 32770,
id=255, length=217
User-Name = "username at adelaide.edu.au"
Calling-Station-Id = "00-1F-3B-D6-DA-D5"
Called-Station-Id = "00-23-04-89-9D-40:dev-UofA"
NAS-Port = 29
NAS-IP-Address = 10.16.17.33
NAS-Identifier = "c4404-01-lg45-d3-nt"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "977"
EAP-Message = 0x020400061900
State = 0x29bd479428b95e064d1acd012c09ab36
Message-Authenticator = 0xf2794b5e43df427c07ab233e76e5ae0f
Wed Nov 12 11:24:38 2008 : Info: +- entering group authorize {...}
Wed Nov 12 11:24:38 2008 : Info: ++[preprocess] returns ok
Wed Nov 12 11:24:38 2008 : Info: [auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.16.17.33/auth-detail-20081112
Wed Nov 12 11:24:38 2008 : Info: [auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/10.16.17.33/auth-detail-20081112
Wed Nov 12 11:24:38 2008 : Info: [auth_log] expand: %t -> Wed Nov 12
11:24:38 2008
Wed Nov 12 11:24:38 2008 : Info: ++[auth_log] returns ok
Wed Nov 12 11:24:38 2008 : Info: ++[mschap] returns noop
Wed Nov 12 11:24:38 2008 : Info: [suffix] Looking up realm
"adelaide.edu.au" for User-Name = "username at adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Found realm "adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Adding Stripped-User-Name =
"username"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Adding Realm = "adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Authentication realm is LOCAL.
Wed Nov 12 11:24:38 2008 : Info: ++[suffix] returns ok
Wed Nov 12 11:24:38 2008 : Info: [ntdomain] Request already proxied.
Ignoring.
Wed Nov 12 11:24:38 2008 : Info: ++[ntdomain] returns ok
Wed Nov 12 11:24:38 2008 : Info: [eap] EAP packet type response id 4
length 6
Wed Nov 12 11:24:38 2008 : Info: [eap] Continuing tunnel setup.
Wed Nov 12 11:24:38 2008 : Info: ++[eap] returns ok
Wed Nov 12 11:24:38 2008 : Info: Found Auth-Type = EAP
Wed Nov 12 11:24:38 2008 : Info: +- entering group authenticate {...}
Wed Nov 12 11:24:38 2008 : Info: [eap] Request found, released from the list
Wed Nov 12 11:24:38 2008 : Info: [eap] EAP/peap
Wed Nov 12 11:24:38 2008 : Info: [eap] processing type peap
Wed Nov 12 11:24:38 2008 : Info: [peap] processing EAP-TLS
Wed Nov 12 11:24:38 2008 : Info: [peap] Received TLS ACK
Wed Nov 12 11:24:38 2008 : Info: [peap] ACK handshake fragment handler
Wed Nov 12 11:24:38 2008 : Info: [peap] eaptls_verify returned 1
Wed Nov 12 11:24:38 2008 : Info: [peap] eaptls_process returned 13
Wed Nov 12 11:24:38 2008 : Info: [peap] EAPTLS_HANDLED
Wed Nov 12 11:24:38 2008 : Info: ++[eap] returns handled
Sending Access-Challenge of id 255 to 10.16.17.33 port 32770
EAP-Message =
0x010503fc1940137b8a796c791f63339cc98f1d7e301f0603551d23041830168014ac55deb7ea13ebfc9868e253601ef1253e8ceee7303d0603551d110436303482167261646975732e6164656c616964652e6564752e6175821a7777772e7261646975732e6164656c616964652e6564752e6175300d06092a864886f70d010105050003818100029139d07b6cae175ece69c94e0e5c8d4505577787beb56df5b14c2086a078c1e8565a656b3165ad14078cde6ad2dfe34172b2b9d94296e8880e1639729ae30997b70330a191278675379c25005a767105d3bbf27c1d134dcff7a23ef8f5b8b39f724cf468b03a35964f97e3a97b40e1cbc6b8e177f9
EAP-Message =
0x992b30457d2fbaf4407e00044530820441308203aaa00302010202020104300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3034303131343231303532315a17
EAP-Message =
0x0d3234303130393231303532315a3081ec310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3130302e060355040b1327687474703a2f2f7777772e737461726669656c64746563682e636f6d2f7265706f7369746f72793131302f06035504031328537461726669656c64205365637572652043657274696669636174696f6e20417574686f72697479312a302806092a864886f70d010901161b70726163746963657340737461726669656c64746563682e636f6d
EAP-Message =
0x30819d300d06092a864886f70d010101050003818b0030818702818100db11436bdcd169785949e86e74140874116c7eb72aa822d8423c7acf9f50b246aea6671a2322be0fb334fbacac90aa5b28c270f6b68a802ae09b9c52e091a872a016e1c44e7d1109b39eb9d4f3b250c46d4808bdbc2a970c6da38a6a3c9acf4a34dc1edeea5a26c0a1a282a94afb862212903ab282d492919fa9459fc3a4dbfb020103a38201213082011d300c0603551d13040530030101ff300b0603551d0f040403020106304a0603551d1f04433041303fa03da03b8639687474703a2f2f6365727469666963617465732e737461726669656c64746563682e636f6d2f72
EAP-Message = 0x65706f7369746f72
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x29bd47942bb85e064d1acd012c09ab36
Wed Nov 12 11:24:38 2008 : Info: Finished request 46.
Wed Nov 12 11:24:38 2008 : Debug: Going to the next request
Wed Nov 12 11:24:38 2008 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.16.17.33 port 32770, id=0,
length=217
User-Name = "username at adelaide.edu.au"
Calling-Station-Id = "00-1F-3B-D6-DA-D5"
Called-Station-Id = "00-23-04-89-9D-40:dev-UofA"
NAS-Port = 29
NAS-IP-Address = 10.16.17.33
NAS-Identifier = "c4404-01-lg45-d3-nt"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "977"
EAP-Message = 0x020500061900
State = 0x29bd47942bb85e064d1acd012c09ab36
Message-Authenticator = 0x0d141b37c603c7d45fa85a8a89de8c6c
Wed Nov 12 11:24:38 2008 : Info: +- entering group authorize {...}
Wed Nov 12 11:24:38 2008 : Info: ++[preprocess] returns ok
Wed Nov 12 11:24:38 2008 : Info: [auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.16.17.33/auth-detail-20081112
Wed Nov 12 11:24:38 2008 : Info: [auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/10.16.17.33/auth-detail-20081112
Wed Nov 12 11:24:38 2008 : Info: [auth_log] expand: %t -> Wed Nov 12
11:24:38 2008
Wed Nov 12 11:24:38 2008 : Info: ++[auth_log] returns ok
Wed Nov 12 11:24:38 2008 : Info: ++[mschap] returns noop
Wed Nov 12 11:24:38 2008 : Info: [suffix] Looking up realm
"adelaide.edu.au" for User-Name = "username at adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Found realm "adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Adding Stripped-User-Name =
"username"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Adding Realm = "adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Authentication realm is LOCAL.
Wed Nov 12 11:24:38 2008 : Info: ++[suffix] returns ok
Wed Nov 12 11:24:38 2008 : Info: [ntdomain] Request already proxied.
Ignoring.
Wed Nov 12 11:24:38 2008 : Info: ++[ntdomain] returns ok
Wed Nov 12 11:24:38 2008 : Info: [eap] EAP packet type response id 5
length 6
Wed Nov 12 11:24:38 2008 : Info: [eap] Continuing tunnel setup.
Wed Nov 12 11:24:38 2008 : Info: ++[eap] returns ok
Wed Nov 12 11:24:38 2008 : Info: Found Auth-Type = EAP
Wed Nov 12 11:24:38 2008 : Info: +- entering group authenticate {...}
Wed Nov 12 11:24:38 2008 : Info: [eap] Request found, released from the list
Wed Nov 12 11:24:38 2008 : Info: [eap] EAP/peap
Wed Nov 12 11:24:38 2008 : Info: [eap] processing type peap
Wed Nov 12 11:24:38 2008 : Info: [peap] processing EAP-TLS
Wed Nov 12 11:24:38 2008 : Info: [peap] Received TLS ACK
Wed Nov 12 11:24:38 2008 : Info: [peap] ACK handshake fragment handler
Wed Nov 12 11:24:38 2008 : Info: [peap] eaptls_verify returned 1
Wed Nov 12 11:24:38 2008 : Info: [peap] eaptls_process returned 13
Wed Nov 12 11:24:38 2008 : Info: [peap] EAPTLS_HANDLED
Wed Nov 12 11:24:38 2008 : Info: ++[eap] returns handled
Sending Access-Challenge of id 0 to 10.16.17.33 port 32770
EAP-Message =
0x010601621900792f726f6f742e63726c304f0603551d20044830463044060b6086480186f845010717033035303306082b060105050702011627687474703a2f2f7777772e737461726669656c64746563682e636f6d2f7265706f7369746f7279303906082b06010505070101042d302b302906082b06010505073001861d687474703a2f2f6f6373702e737461726669656c64746563682e636f6d301d0603551d0e04160414ac55deb7ea13ebfc9868e253601ef1253e8ceee730090603551d2304023000300d06092a864886f70d0101050500038181007e1c98bead038d2585ee7c9088222bfe27f442b2ec7fb5fc726805a47d91ef28d17d2039
EAP-Message =
0x3b790837681852d58f03d2894f1e11d1e9a5744bfc5f67658471847859b7d6c9d7d79335e613ab943c8e9340898cc0d7f2e70752d1708f988ceba06dd1365390a08f16301edec3bf7f46a5952af9c8de3bdb77f4f232b13361a2303516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x29bd47942abb5e064d1acd012c09ab36
Wed Nov 12 11:24:38 2008 : Info: Finished request 47.
Wed Nov 12 11:24:38 2008 : Debug: Going to the next request
Wed Nov 12 11:24:38 2008 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.16.17.33 port 32770, id=1,
length=217
User-Name = "username at adelaide.edu.au"
Calling-Station-Id = "00-1F-3B-D6-DA-D5"
Called-Station-Id = "00-23-04-89-9D-40:dev-UofA"
NAS-Port = 29
NAS-IP-Address = 10.16.17.33
NAS-Identifier = "c4404-01-lg45-d3-nt"
Airespace-Wlan-Id = 7
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "977"
EAP-Message = 0x020600061900
State = 0x29bd47942abb5e064d1acd012c09ab36
Message-Authenticator = 0x17ceb443a291e862980fc4971fdc4a91
Wed Nov 12 11:24:38 2008 : Info: +- entering group authorize {...}
Wed Nov 12 11:24:38 2008 : Info: ++[preprocess] returns ok
Wed Nov 12 11:24:38 2008 : Info: [auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.16.17.33/auth-detail-20081112
Wed Nov 12 11:24:38 2008 : Info: [auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/10.16.17.33/auth-detail-20081112
Wed Nov 12 11:24:38 2008 : Info: [auth_log] expand: %t -> Wed Nov 12
11:24:38 2008
Wed Nov 12 11:24:38 2008 : Info: ++[auth_log] returns ok
Wed Nov 12 11:24:38 2008 : Info: ++[mschap] returns noop
Wed Nov 12 11:24:38 2008 : Info: [suffix] Looking up realm
"adelaide.edu.au" for User-Name = "username at adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Found realm "adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Adding Stripped-User-Name =
"username"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Adding Realm = "adelaide.edu.au"
Wed Nov 12 11:24:38 2008 : Info: [suffix] Authentication realm is LOCAL.
Wed Nov 12 11:24:38 2008 : Info: ++[suffix] returns ok
Wed Nov 12 11:24:38 2008 : Info: [ntdomain] Request already proxied.
Ignoring.
Wed Nov 12 11:24:38 2008 : Info: ++[ntdomain] returns ok
Wed Nov 12 11:24:38 2008 : Info: [eap] EAP packet type response id 6
length 6
Wed Nov 12 11:24:38 2008 : Info: [eap] Continuing tunnel setup.
Wed Nov 12 11:24:38 2008 : Info: ++[eap] returns ok
Wed Nov 12 11:24:38 2008 : Info: Found Auth-Type = EAP
Wed Nov 12 11:24:38 2008 : Info: +- entering group authenticate {...}
Wed Nov 12 11:24:38 2008 : Info: [eap] Request found, released from the list
Wed Nov 12 11:24:38 2008 : Info: [eap] EAP/peap
Wed Nov 12 11:24:38 2008 : Info: [eap] processing type peap
Wed Nov 12 11:24:38 2008 : Info: [peap] processing EAP-TLS
Wed Nov 12 11:24:38 2008 : Info: [peap] Received TLS ACK
Wed Nov 12 11:24:38 2008 : Info: [peap] ACK handshake fragment handler
Wed Nov 12 11:24:38 2008 : Info: [peap] eaptls_verify returned 1
Wed Nov 12 11:24:38 2008 : Info: [peap] eaptls_process returned 13
Wed Nov 12 11:24:38 2008 : Info: [peap] EAPTLS_HANDLED
Wed Nov 12 11:24:38 2008 : Info: ++[eap] returns handled
Sending Access-Challenge of id 1 to 10.16.17.33 port 32770
EAP-Message = 0x010700061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x29bd47942dba5e064d1acd012c09ab36
Wed Nov 12 11:24:38 2008 : Info: Finished request 48.
Wed Nov 12 11:24:38 2008 : Debug: Going to the next request
Wed Nov 12 11:24:38 2008 : Debug: Waking up in 4.9 seconds.
Wed Nov 12 11:24:43 2008 : Info: Cleaning up request 44 ID 253 with
timestamp +1137
Wed Nov 12 11:24:43 2008 : Info: Cleaning up request 45 ID 254 with
timestamp +1137
Wed Nov 12 11:24:43 2008 : Info: Cleaning up request 46 ID 255 with
timestamp +1137
Wed Nov 12 11:24:43 2008 : Info: Cleaning up request 47 ID 0 with
timestamp +1137
Wed Nov 12 11:24:43 2008 : Info: Cleaning up request 48 ID 1 with
timestamp +1137
Wed Nov 12 11:24:43 2008 : Debug: Ready to process requests.
Any help would be appreciated
--
Anatoli
More information about the Freeradius-Users
mailing list