attribute would not pass using PEAP, but work using MD5
Ryan Setiawan H
ryan.setiawan at banknisp.com
Wed Sep 24 06:56:16 CEST 2008
Hi,
I'm using wired 802.1x to authenticate user using eap md5 and eap
peap. the problem rise when using peap, the radius attribute (tunnel
private group id) didn't pass to the switch. but if we use md5, the
server will pass the attribute. I suspect something missing on inner
tunnel config (I only change 1 line at authorization section that's
adding ldap module ), btw i'm using 2.0.5
debug for peap :
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
EAP-Message = 0x0201000c0174657374696e67
Message-Authenticator = 0x24f65e66f58f3fbc5672fd7460764248
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 183
++[files] returns ok
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.11.17:389, authentication 0
rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to
192.168.11.17:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x3139373530313942423345344631324146413133423832443930424146414137
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x3244353534353037374437423744324136443341363237433832344630323946
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance10] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4
++[checkval] returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 24660
++[logintime] returns ok
rlm_pap: Normalizing NT-Password from hex encoding
rlm_pap: Normalizing LM-Password from hex encoding
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
} # server nispdot1x
Framed-Compression = Van-Jacobson-TCP-IP
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Framed-Protocol = PPP
Service-Type = Framed-User
Session-Timeout = 24660
EAP-Message = 0x010200160410e96bf812655451b6768f118f21ef9029
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4e4a91db94bbd886b68148382
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4e4a91db94bbd886b68148382
EAP-Message = 0x020200060319
Message-Authenticator = 0x806329359874bbd8dcb131e84b38b7d6
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 183
++[files] returns ok
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x3139373530313942423345344631324146413133423832443930424146414137
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x3244353534353037374437423744324136443341363237433832344630323946
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance10] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4
++[checkval] returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 24660
++[logintime] returns ok
rlm_pap: Normalizing NT-Password from hex encoding
rlm_pap: Normalizing LM-Password from hex encoding
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
} # server nispdot1x
Framed-Compression = Van-Jacobson-TCP-IP
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Framed-Protocol = PPP
Service-Type = Framed-User
Session-Timeout = 24660
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4e5a800b94bbd886b68148382
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4e5a800b94bbd886b68148382
EAP-Message =
0x0203007019800000006616030100610100005d030148d9c58504ef46c7c0ea8846dbf430d896a57cc815c53b96972e059ee0c25651207b55a441f92d8ea3558445e855084f1d372c56698115bd5dc74e785ad9871477001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xf5e446a5e8c75debe89851f5ef2843b4
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 112
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 102
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0104040019c0000008bb160301004a02000046030148d9bdb7cf42fd2747c4221c297d920e53beed1bdd169094cf9b1cbee333d9292098c607b7822074809468e5468b37f41ce631f3049febb4bdd736f6562e551c34000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303932333032323830315a170d3039303932333032323830315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bb4d71d2658b0d25a73ab5088d756295694af641f6c21023e605d3a966c5
EAP-Message =
0xfd9ba8cd33a5994667e4487dbe9655de4e40fa64bdb675f581a468551ecdf20006c65e3887eeb5b97285986f51ab1a417eb3d105d8f58187c744ecf01e872954e5ffe3fe000d360f992720fb05ea0e7613e85488f7a6d845004d5215854da36b921de03da9af87ac7127ec6c9b8296b715389e9f91afe299b7dba0cb8bef4ebbcaa5b2ed5642cee44221047b8df41299abfa3f6ba76bceb1a76df83b0c92339eb8a53b871958f3d8c14247bca091e1d5082d804c0ebaf4dcf0abdf16d4b46a41313774cca8fce707f87ec5ed8043e448b7ca14901982cb2728490911e838fad49f110203010001a317301530130603551d25040c300a06082b06010505
EAP-Message =
0x070301300d06092a864886f70d01010405000382010100599dabd0359906c50973d89c69acebab69a08a1d31dc126991fcf1f2f20f48c2c670ccf5ef0c25b7f68bba8de65b2032b271bcd4c84b96393f70f09d39842aaa0a63297afe7eac38a5c5fd272e8bbb3595ebc16cb0f65376367b121be971bb42ce5b02861cf4fa150c7cd0df33221b07bcb8c0e8ffdc464c9295d680f41b37f749b5c6922aef7754db8b9807a2a2cbc700adec17d1a678e9823063eefc4995d1bf5952026f33087d26bb18a5bea5ad1032daef61d0180c118638ee79c9589805c5955bafb8a44aefa0e183d7ca5e328ac440de0f59d2c44c0968f24e70a024f6cb5d1e8e8960
EAP-Message = 0x68dd5b148e29b68483206f80
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4e6af00b94bbd886b68148382
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4e6af00b94bbd886b68148382
EAP-Message = 0x020400061900
Message-Authenticator = 0x7b0da6b9fc76c244a8c8d1a70016cbc9
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010503fc1940300baf24e5c4eba6f96513588ade0004ab308204a73082038fa003020102020900e3c36cfa4ccb18d0300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303932333032323830305a170d3038313032333032323830305a308193310b30090603
EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd6abfc98d9a939b42be54807ddc6eead85f3b5f9bbe698a0ded98853b45e912e2ac64378b77265d5fe25925b634ec730249067c267b3a9347fb823275ae8b2e05ec872d1514bb08b9fc680a0febd0
EAP-Message =
0xfe871aad33a314866a9509b4f712a96b02157e81644b73eb3264dc63325536c0e3bfc113839e1215b7b0429660eb123c79ed36575d2c011565c88317c47bd946240eefacff19d8a9e6fcf7e003850a54ab7772c238641ca3a22f52f0714e143ab2d935a3a75fff7c8bdfee0aea01c3c6207c8bde420ff23405faee8ecb2a775b3498a2c5959342bc2538f8cf74f937db78d19f54382528f108587a900c283ea25fcfd9f1ee41e9aeea9a98a6ed3619d1ff0203010001a381fb3081f8301d0603551d0e0416041457dd187fddf75d3491c7be2688ee9ca295afa52d3081c80603551d230481c03081bd801457dd187fddf75d3491c7be2688ee9ca295af
EAP-Message =
0xa52da18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900e3c36cfa4ccb18d0300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008d5ed930ef6f2a603fe7f664336f49f4ca3136e834029838931a78679090789ab7b63a851ac342db30a2c4d4ed0fc81d19e3
EAP-Message = 0xc7c419213d898c9b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4e7ae00b94bbd886b68148382
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4e7ae00b94bbd886b68148382
EAP-Message = 0x020500061900
Message-Authenticator = 0xd08f6c9e4be935a3256057fc4ef60caa
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010600d519003930329a01d4ea1bb98d1698ec01cbfd0cb4d0b225ca864f310db36878d08936a7175459bebffe7d19bba5b6784fcdbad5e8f7be8cb72f7b04cb39fb2c98161d840dfcb1db80bcef3648d30816e1cd61cbe155d7ee13f86a0c8b3c4cfc10b74628959be11d7391ca123475672d8a8dc4b890de0dc23c30edef8894eb5b1c8651763dd19c64d23101fb1f14b07860da6cb64c556145eaa5ca4bea3e95dc9ec711b75c0ea334a403d8a5ae7cde859b3e257bf1fa26e0ef5d51a276aeb258570f3c365b57ff06ac16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4e0ad00b94bbd886b68148382
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4e0ad00b94bbd886b68148382
EAP-Message =
0x0206014019800000013616030101061000010201000e12fe66799110767d0706638cbff823c3613182b00e038c1419dfca6b06a97f8d1d919c55a3ef35e25faa63784b8f609c769191ff156ac2c772a31aa466c3869e3b86201830900a2c5ca2c448248570896538712e0047efbfcd5e0fd6b6a272911af3c41876eb0e4ec45ab9eab77d275b5d48039cc32d95c403c313d9eb82fb1e51bebd656c3d5c8c31009d28107daaa0b7d8941a315c83b6adbc293852094c20575b90cdf4508b388247c7f1cd72139a2cd32f80ce58dec6680251ef3e38f3ab971f54b9600db8d2f12efa5cbef83308906ef502248f08dd9ba4c6c4736cf8b08c7717cb2ae20b
EAP-Message =
0x8e60e7f72586dbc0ab65eb9847eb0b513e890d2d3eb6a036140301000101160301002091558d454a3096437983262407edce4036714ee7172ef541256764302876cbf2
Message-Authenticator = 0x21ed51932410124f3ccd9ede9aa9e4de
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 253
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 310
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010700311900140301000101160301002029d09c92b37f6a05e9d96326f6d04c3a6a019993838f751e28191b864a43169c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4e1ac00b94bbd886b68148382
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4e1ac00b94bbd886b68148382
EAP-Message = 0x020700061900
Message-Authenticator = 0xbbdec6ac12226eded3a5cadad499e474
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010800201900170301001591d77f88e7cf0c3523624f183268286d93d237ecf1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4e2a300b94bbd886b68148382
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4e2a300b94bbd886b68148382
EAP-Message =
0x0208002319001703010018950530e097ad90ba88c2bca19d4f2061d112d2b531b8b108
Message-Authenticator = 0x72e2e8c518ea0a5415ef3f12d2671f67
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 35
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - testing
PEAP: Got tunneled identity of testing
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.11.7:389, authentication 0
rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to
192.168.11.7:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x3139373530313942423345344631324146413133423832443930424146414137
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x3244353534353037374437423744324136443341363237433832344630323946
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance100] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 24660
++[logintime] returns ok
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010900381900170301002d8bfccd9c700d8c5f7f689a2276a39d7df69e62fe75e37e8ed378a4ee305b1cbca2a50e591f80e7ee735de373a0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4e3a200b94bbd886b68148382
Finished request 7.
Going to the next request
Waking up in 4.7 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4e3a200b94bbd886b68148382
EAP-Message =
0x020900591900170301004e7de02f3479cc10cadb25ca8c44ff6dddf456ec29960248228f3c61741ae3565958ad66c8479aea997e3442b7673a3308468cb31cf7966bcc18ac80061cd8d3fc6ab9e2750dca327193e854d86043
Message-Authenticator = 0x9f808479ce5a1c866c96fabc4b2d256e
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 89
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 9 length 66
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x3139373530313942423345344631324146413133423832443930424146414137
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x3244353534353037374437423744324136443341363237433832344630323946
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance100] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 24660
++[logintime] returns ok
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: Found LM-Password
rlm_mschap: Found NT-Password
rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010a004a1900170301003fe2edcf9c431f5b9f455e40ac276f04c64ae6ef42f14198fcc92589e54655a4de788331275beedd23e7d1cd6ed110eaaab6dc8f6cceae33ac5b907674491a73
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4eca100b94bbd886b68148382
Finished request 8.
Going to the next request
Waking up in 4.7 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4eca100b94bbd886b68148382
EAP-Message =
0x020a001d19001703010012d7763477ae6558c7f305070412a2df50d75a
Message-Authenticator = 0x92a3213a7c4e39f6015aeff93fb6a177
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 10 length 29
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 10 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x3139373530313942423345344631324146413133423832443930424146414137
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x3244353534353037374437423744324136443341363237433832344630323946
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance100] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 24660
++[logintime] returns ok
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [testing/<via Auth-Type = EAP>] (from client dotix port 0)
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010b00261900170301001b2047b07fe1372dc5996fc764424ef372360a52a14c5f2b40a656f8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4ab19e4eda000b94bbd886b68148382
Finished request 9.
Going to the next request
Waking up in 4.6 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "100"
State = 0xe4ab19e4eda000b94bbd886b68148382
EAP-Message =
0x020b00261900170301001b1cdb638dc4720a0a9d44268ad8b573e02916ba4ea3f39fad3022f7
Message-Authenticator = 0x5c37edb602afabf04e729664be222ed7
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 11 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Success
rlm_eap: Freeing handler
++[eap] returns ok
Login OK: [testing/<via Auth-Type = EAP>] (from client dotix port 1 cli
00-16-36-5a-f1-e4)
} # server nispdot1x
MS-MPPE-Recv-Key =
0x8690f9087827a079d861e1afb895a72d9ea45343cb6910c50c0927583dd428c9
MS-MPPE-Send-Key =
0x45e05accddfbdfe3da040cac0ffc0e52265dcc433c31c93a6d90753822e83ca3
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "testing"
Finished request 10.
Going to the next request
Waking up in 4.6 seconds.
Acct-Session-Id = "00A900000020"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-Port = 1
Calling-Station-Id = "00-16-36-5A-F1-E4"
Service-Type = Framed-User
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
server nispdot1x {
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
192.168.12.130,NAS-IP-Address = 192.168.12.130,Acct-Session-Id =
"00A900000020",User-Name = "testing"'
rlm_acct_unique: Acct-Unique-Session-ID = "2daecbe921fc1679".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radacct/192.168.12.130/detail-20080924
rlm_detail: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radacct/192.168.12.130/detail-20080924
expand: %t -> Wed Sep 24 11:10:31 2008
++[detail] returns ok
++[unix] returns ok
expand: /var/log/radutmp -> /var/log/radutmp
expand: %{User-Name} -> testing
++[radutmp] returns ok
expand: %{User-Name} -> testing
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
} # server nispdot1x
Finished request 11.
Cleaning up request 11 ID 126 with timestamp +10
Going to the next request
Waking up in 4.6 seconds.
Cleaning up request 0 ID 115 with timestamp +10
Cleaning up request 1 ID 116 with timestamp +10
Cleaning up request 2 ID 117 with timestamp +10
Cleaning up request 3 ID 118 with timestamp +10
Cleaning up request 4 ID 119 with timestamp +10
Cleaning up request 5 ID 120 with timestamp +10
Cleaning up request 6 ID 121 with timestamp +10
Cleaning up request 7 ID 122 with timestamp +10
Cleaning up request 8 ID 123 with timestamp +10
Cleaning up request 9 ID 124 with timestamp +10
Cleaning up request 10 ID 125 with timestamp +10
Ready to process requests.
any suggestion what should I do?
Thank You
--
DISCLAIMER:
The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.
More information about the Freeradius-Users
mailing list