Freeradius and winbind problem

Luis Azevedo labraceta at gmail.com
Thu Aug 6 00:48:42 CEST 2009


That happened to me also.

Still don't know the cause (if someone knows please let me know), but  
the problem it's on the client side that doesn't reply to the radius  
challenge.

I've tried several other Windows machines and no problem whatsoever.

The machine that was having problems had several supplicants installed  
and I believe it could be one of the others supplicants that was  
messing up with the default Windows supplicant.
I've reinstalled (the every windows problem solution) the machine just  
to see if wasn't the NIC or any other hardware issue, and guess what,  
no more problems. :)

Hope it helps,

Luis Azevedo
http://www.braceta.com



On Aug 3, 2009, at 13:35 , Jean-Hubert Monlord wrote:

> I have a problem with my freeradius installed on a Debian Lenny :
> I want to use PEAP with Active Directory. It works fine during a few  
> minutes.
> After that, freeradius don't send the Access-Accept, it seems it  
> waits for a response which never comes.
> I must restart winbind daemon and freeradius to succeed an  
> authentification.
>
> The client is Aruba, but I have tested with Netgear with the same  
> result.
>
> Here is the debug when it doesn't work and after when it works :
>
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=189, length=173
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 1
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0013CE8BE8A6"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message = 0x020100130141434d535c6a686d6f6e6c6f7264
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.3"
>       Message-Authenticator = 0x21e1615eabadbb261c919283b3f5c77c
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 11:32:20 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 1 length 19
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.   
> Authentication may fail because of this.
> ++[pap] returns noop
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> ++[eap] returns handled
> Sending Access-Challenge of id 189 to 10.254.0.32 port 32822
>       EAP-Message = 0x010200061920
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x67acae1867aeb710f826cb3d04781dae
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=190, length=252
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 1
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0013CE8BE8A6"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x0202005019800000004616030100410100003d03014a76aea459001bbf5e7c46d2faf33b74835c5f446843ed2fe97a84f4d5380fa300001600040005000a000900640062000300060013001200630100
>       State = 0x67acae1867aeb710f826cb3d04781dae
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.3"
>       Message-Authenticator = 0xebe44d56018b2078dc05fd10b49363ea
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 11:32:20 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 2 length 80
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> TLS Length 70
> rlm_eap_tls:  Length Included
> eaptls_verify returned 11
>   (other): before/accept initialization
>   TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
>   TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>   TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 06fa], Certificate
>   TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>   TLS_accept: SSLv3 write server done A
>   TLS_accept: SSLv3 flush data
>   TLS_accept: Need to read more data: SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 190 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x0103040019c000000757160301004a0200004603014a76aea439fe1adad0be15346fa9ddb8a2d4a2f98c906b8c279870926a73bd9e20684cafb03aa6b70221b0faa4f14e7a5ef2d5a7927a97cfdc560d0ac5b580b7b200040016030106fa0b0006f60006f30003243082032030820289a003020102020104300d06092a864886f70d010104050030819e310b3009060355040613024652310f300d060355040813064672616e63653111300f0603550407130853757265736e6573310d300b060355040a130441434d53310b3009060355040b13024449312730250603550403131e41434d53202d2043657274696669636174696f6e20417574686f72
>       EAP-Message =  
> 0x6974793126302406092a864886f70d0109011617706f73746d61737465724061636d732e6173736f2e6672301e170d3039303531323037303233315a170d3139303531303037303233315a3070310b3009060355040613024652310f300d060355040813064672616e6365310d300b060355040a130441434d5331193017060355040313106c2d726164697573312e48512e444f4d3126302406092a864886f70d0109011617706f73746d61737465724061636d732e6173736f2e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100b591a1d3adb4e4ea8041108e8b7858638f181e1b0c9439ae22b6dd85f754c9
>       EAP-Message =  
> 0x5a0cb03b3a5f5e44294598d31b1e69590452621253f761f2986999ef6e7814965bf0cbe10b16e0295fb88efc68979772f5053ba685d9af99b39994cbf17accde0831c26685960431dc4ac3696bf061ff0496a142ce2a576ad16c66c766cfe47038139a0584effb5bd1f63e502ae117e5286c79ad82192194bace81564e2c0ee5217b277a6969fd865a19152913cf50718ab09ccf01375bc1d5e7d501be14882cc1932693221a3274898e2d7387ced11b273c72d69a7719df1e43df7b6f54e7b70e9f3d91f216dcf1499e7ed37299fc3a982410737cde9ae04d76ab4053be800b0f0203010001a317301530130603551d25040c300a06082b0601050507
>       EAP-Message =  
> 0x0301300d06092a864886f70d010104050003818100628fd16c16c9ca25d9fd4bf42b45dd9d1bba1b64146625d572b86a97e6c3780315511194fcf2510c4ce99393e61a63af985e6eb48438e8ef10d1f56f0380f626d9290e6b30f3459aa1ee66ae0556c5f5971a603343af9472105cabfb70eb144cb043f5cfadcc3a536f44bf3cd98c2bbb63af699594956609f75af9c9cadfe4e40003c9308203c53082032ea003020102020900ad028a9e72fb0f0a300d06092a864886f70d010104050030819e310b3009060355040613024652310f300d060355040813064672616e63653111300f0603550407130853757265736e6573310d300b060355040a13
>       EAP-Message = 0x0441434d53310b3009060355
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x67acae1866afb710f826cb3d04781dae
> Finished request 4.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=191, length=178
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 1
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0013CE8BE8A6"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message = 0x020300061900
>       State = 0x67acae1866afb710f826cb3d04781dae
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.3"
>       Message-Authenticator = 0x69b0156bc0eb57e635cba7dbdc059fcf
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 11:32:20 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 3 length 6
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 191 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x010403671900040b13024449312730250603550403131e41434d53202d2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706f73746d61737465724061636d732e6173736f2e6672301e170d3036303232383134323835375a170d3236303232333134323835375a30819e310b3009060355040613024652310f300d060355040813064672616e63653111300f0603550407130853757265736e6573310d300b060355040a130441434d53310b3009060355040b13024449312730250603550403131e41434d53202d2043657274696669636174696f6e20417574686f726974793126302406092a
>       EAP-Message =  
> 0x864886f70d0109011617706f73746d61737465724061636d732e6173736f2e667230819f300d06092a864886f70d010101050003818d0030818902818100bc7d9f74ab64f276ac4c0059fbb63dd341d6e3f6938bbcc1d18614b5218a137322253da30d2c08e67d48425c192b3693766807b794f928a931adbe115181bc8f00941de778eb402079cce8298e0dd0fe6e80921db123209728442395c238c2902ac3dc5b9f23d239fadea85e62cabd30a3c6cdb162c46fd51e6d386ba868a3390203010001a382010730820103301d0603551d0e041604149cbb859d57389413b3def35ced857b46105dc5de3081d30603551d230481cb3081c880149cbb85
>       EAP-Message =  
> 0x9d57389413b3def35ced857b46105dc5dea181a4a481a130819e310b3009060355040613024652310f300d060355040813064672616e63653111300f0603550407130853757265736e6573310d300b060355040a130441434d53310b3009060355040b13024449312730250603550403131e41434d53202d2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706f73746d61737465724061636d732e6173736f2e6672820900ad028a9e72fb0f0a300c0603551d13040530030101ff300d06092a864886f70d0101040500038181001b0a6fb0e890320aadf9c0baa7f3ca810ad2c8e6f246bdeadc
>       EAP-Message =  
> 0xcda483532b27e5fb39164b2e3db6fb717f8534442e9efd065309d0e6c9d1a6e90c2fba2b7beb1e72f794bcccd2fc95190c65d9e97d1d37089610db9f6238adff67a1a2c818bd2e7ad5707603d6eb25e47681a57aceda1d2e2ea0e9ced9ba61c463f671a1b1d2f716030100040e000000
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x67acae1865a8b710f826cb3d04781dae
> Finished request 5.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=192, length=494
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 1
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0013CE8BE8A6"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x0204014019800000013616030101061000010201006246ea1f8687d388d33a330d27ac41af039202ed25cc671b6c3b8feb6c70e61b80b965c252763ae7ad471ddf2019e8350ee0ee2562198dfdcf9280f8d44be13abbd17c2cf3c54daa125da6def0eab93a83a47ffcd4f183d3b44784edbbfab51f8db3c18cfaae60c6e2d25e398a1b57aaad2b97279c9501bef114811f2a617268718db187b5989b1f584752479c2a645877ff7ce68781e79dec1ca2c436d35d6497e0618fd1608c5b9b884569a3178c0baeeabb32a14b5c1c134adb18058ed373874a666e31a6a0a46220b63c275732db13abba3450b09ec624a2bf920f7a82439104b46d7ec901d1
>       EAP-Message =  
> 0x40d0e6c361ac05a3d36a80be2c6097880ce35f69b19a5dbe1403010001011603010020c9efd83f8f0f46b740068191ae62591016a0d2039264d4e4dc79cc4377557e15
>       State = 0x67acae1865a8b710f826cb3d04781dae
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.3"
>       Message-Authenticator = 0xf3f7bf3ef7829cbf5076a085ad37306e
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 11:32:20 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 4 length 253
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> TLS Length 310
> rlm_eap_tls:  Length Included
> eaptls_verify returned 11
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
>   TLS_accept: SSLv3 read client key exchange A
> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
>   TLS_accept: SSLv3 read finished A
> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
>   TLS_accept: SSLv3 write change cipher spec A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
>   TLS_accept: SSLv3 write finished A
>   TLS_accept: SSLv3 flush data
>   (other): SSL negotiation finished successfully
> SSL Connection Established
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 192 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x01050031190014030100010116030100207740a100507477c1f718fb32124193de13aaead0837f5851882e8b7972a94c0c
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x67acae1864a9b710f826cb3d04781dae
> Finished request 6.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=193, length=178
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 1
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0013CE8BE8A6"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message = 0x020500061900
>       State = 0x67acae1864a9b710f826cb3d04781dae
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.3"
>       Message-Authenticator = 0x318ea52e0b08a88236c56460b2cd2297
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 11:32:21 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 5 length 6
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake is finished
> eaptls_verify returned 3
> eaptls_process returned 3
> rlm_eap_peap: EAPTLS_SUCCESS
> ++[eap] returns handled
> Sending Access-Challenge of id 193 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x0106002019001703010015e31d9132a53caf4685e485312527c05fc62af5b815
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x67acae1863aab710f826cb3d04781dae
> Finished request 7.
> Going to the next request
> Waking up in 4.7 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=194, length=214
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 1
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0013CE8BE8A6"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x0206002a1900170301001f9bdb3d417ff127d40066de4a25ba5d90e9743ec8ddd21e88b35661d661bd21
>       State = 0x67acae1863aab710f826cb3d04781dae
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.3"
>       Message-Authenticator = 0x2e4b14281e38b2f5c3a3d51bd8ae5247
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 11:32:21 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 6 length 42
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established.  Decoding tunneled attributes.
> rlm_eap_peap: Identity - ACMS\usertest
> PEAP: Got tunneled EAP-Message
>       EAP-Message = 0x020600130141434d535c6a686d6f6e6c6f7264
> PEAP: Got tunneled identity of ACMS\usertest
> PEAP: Setting default EAP type for tunneled EAP session.
> PEAP: Setting User-Name to ACMS\usertest
> PEAP: Sending tunneled request
>       EAP-Message = 0x020600130141434d535c6a686d6f6e6c6f7264
>       FreeRADIUS-Proxied-To = 127.0.0.1
>       User-Name = "ACMS\\usertest"
> server inner-tunnel {
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> rlm_eap: EAP packet type response id 6 length 19
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: EAP Identity
> rlm_eap: processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> ++[eap] returns handled
> } # server inner-tunnel
> PEAP: Got tunneled reply RADIUS code 11
>       EAP-Message =  
> 0x010700281a0107002310ba2fc1f10c107456492d749e4c51620041434d535c6a686d6f6e6c6f7264
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x410be7cb410cfdb5854c84f429fbe15f
> PEAP: Processing from tunneled session code 0x1448b50 11
>       EAP-Message =  
> 0x010700281a0107002310ba2fc1f10c107456492d749e4c51620041434d535c6a686d6f6e6c6f7264
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x410be7cb410cfdb5854c84f429fbe15f
> PEAP: Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 194 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x0107003f19001703010034382dac222a8cbe39aa7423d7009bbb6cc7b99e27c8055439a29cc831faa8ceaeba250bd480aac0fd08a0f6be91a630027b16f8ec
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x67acae1862abb710f826cb3d04781dae
> Finished request 8.
> Going to the next request
> Waking up in 4.6 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=195, length=268
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 1
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0013CE8BE8A6"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x020700601900170301005519e0c573c160d61825e0c1b4263659d02f871ee7d2b94b55e02b723733d2ac9b5f608539c59e517a7ba949007f888c19ee622fe8ae2a1886cf9977c98d49b80b2f6723b75097445c5f41cac1a738e381c73e56720b
>       State = 0x67acae1862abb710f826cb3d04781dae
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.3"
>       Message-Authenticator = 0xc298a38a0773ca5e6f26806e0750b6f7
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 11:32:21 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 7 length 96
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established.  Decoding tunneled attributes.
> rlm_eap_peap: EAP type mschapv2
> PEAP: Got tunneled EAP-Message
>       EAP-Message =  
> 0x020700491a02070044318960abe2a4d2e1fe66969c8a71bbcfaa0000000000000000767c9816c36b03b2b3d7ae686db05eb5319239da6548f01e0041434d535c6a686d6f6e6c6f7264
> PEAP: Setting User-Name to ACMS\usertest
> PEAP: Sending tunneled request
>       EAP-Message =  
> 0x020700491a02070044318960abe2a4d2e1fe66969c8a71bbcfaa0000000000000000767c9816c36b03b2b3d7ae686db05eb5319239da6548f01e0041434d535c6a686d6f6e6c6f7264
>       FreeRADIUS-Proxied-To = 127.0.0.1
>       User-Name = "ACMS\\usertest"
>       State = 0x410be7cb410cfdb5854c84f429fbe15f
> server inner-tunnel {
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> rlm_eap: EAP packet type response id 7 length 73
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> +- entering group MS-CHAP
> rlm_mschap: No Cleartext-Password configured.  Cannot create LM- 
> Password.
> rlm_mschap: No Cleartext-Password configured.  Cannot create NT- 
> Password.
> rlm_mschap: Told to do MS-CHAPv2 for usertest with NT-Password
>       expand: --domain=%{mschap:NT-Domain} -> --domain=ACMS
>       expand: --username=%{mschap:User-Name} -> --username=usertest
> mschap2: ba
>       expand: --challenge=%{mschap:Challenge:-00} -> -- 
> challenge=b3dfd0f2062ff185
>       expand: --nt-response=%{mschap:NT-Response:-00} -> --nt- 
> response=767c9816c36b03b2b3d7ae686db05eb5319239da6548f01e
> Exec-Program output: NT_KEY: 35E241131A9A3028B30C29496120AA85
> Exec-Program-Wait: plaintext: NT_KEY: 35E241131A9A3028B30C29496120AA85
> Exec-Program: returned: 0
> rlm_mschap: adding MS-CHAPv2 MPPE keys
> ++[mschap] returns ok
> MSCHAP Success
> ++[eap] returns handled
> } # server inner-tunnel
> PEAP: Got tunneled reply RADIUS code 11
>       EAP-Message =  
> 0x010800331a0307002e533d34413435444431363133373234353141303230454339443134413644423132313746334130364546
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x410be7cb4003fdb5854c84f429fbe15f
> PEAP: Processing from tunneled session code 0x1448d00 11
>       EAP-Message =  
> 0x010800331a0307002e533d34413435444431363133373234353141303230454339443134413644423132313746334130364546
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x410be7cb4003fdb5854c84f429fbe15f
> PEAP: Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 195 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x0108004a1900170301003f363cfc69b8eb543b309b5e3b0eeba4662d61f3f1ec8a55a0b4b401f987bcd6f1d8cf5f9e3cdc0c7d0afb0a22b49f6b0e67a301a591480f764cd0f5156c126f
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x67acae1861a4b710f826cb3d04781dae
> Finished request 9.
> Going to the next request
> Waking up in 4.6 seconds.
> Cleaning up request 3 ID 189 with timestamp +539
> Cleaning up request 4 ID 190 with timestamp +539
> Cleaning up request 5 ID 191 with timestamp +539
> Waking up in 0.1 seconds.
> Cleaning up request 6 ID 192 with timestamp +539
> Waking up in 0.1 seconds.
> Cleaning up request 7 ID 193 with timestamp +540
> Cleaning up request 8 ID 194 with timestamp +540
> Cleaning up request 9 ID 195 with timestamp +540
> Ready to process requests.
>
>
>
>
>
>
>
>
> Here, it works :
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=80, length=167
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message = 0x0201001001444f4d5c6361726c696f7a
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0x74ac90d2e39e6e057f970e06f8d308f6
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:35 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 1 length 16
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_pap: WARNING! No "known good" password found for the user.   
> Authentication may fail because of this.
> ++[pap] returns noop
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> ++[eap] returns handled
> Sending Access-Challenge of id 80 to 10.254.0.32 port 32822
>       EAP-Message = 0x010200061920
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0xb1d1cd33b1d3d4b9577b19a501eee06e
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=81, length=281
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x0202007019800000006616030100610100005d03014a76d2cb4fcdc3ecfcf18e4f349f62ca5dff023b687e8448aa20c99d8aaa1dc02052f6239bf116d56a2f94fc6106c098bb169d635312641c10d18e36178ea6e45c001600040005000a000900640062000300060013001200630100
>       State = 0xb1d1cd33b1d3d4b9577b19a501eee06e
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0x8a4f52d9a7d1030ca81375cb707dbbf9
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 2 length 112
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> TLS Length 102
> rlm_eap_tls:  Length Included
> eaptls_verify returned 11
>   (other): before/accept initialization
>   TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
>   TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>   TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 06fa], Certificate
>   TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>   TLS_accept: SSLv3 write server done A
>   TLS_accept: SSLv3 flush data
>   TLS_accept: Need to read more data: SSLv3 read client certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 81 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x0103040019c000000757160301004a0200004603014a76d2ccf7d4afc8a7cdbafc342ef1b377a655e92f5329cd0367ba8ef969447f20e37338d7a07f9ad5f0fb0999ed7e6af69a00fefe44d7c085de718cd53f61f04d00040016030106fa0b0006f60006f30003243082032030820289a003020102020104300d06092a864886f70d010104050030819e310b3009060355040613024652310f300d060355040813064672616e63653111300f0603550407130853757265736e6573310d300b060355040a130441434d53310b3009060355040b13024449312730250603550403131e41434d53202d2043657274696669636174696f6e20417574686f72
>       EAP-Message =  
> 0x6974793126302406092a864886f70d0109011617706f73746d61737465724061636d732e6173736f2e6672301e170d3039303531323037303233315a170d3139303531303037303233315a3070310b3009060355040613024652310f300d060355040813064672616e6365310d300b060355040a130441434d5331193017060355040313106c2d726164697573312e48512e444f4d3126302406092a864886f70d0109011617706f73746d61737465724061636d732e6173736f2e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100b591a1d3adb4e4ea8041108e8b7858638f181e1b0c9439ae22b6dd85f754c9
>       EAP-Message =  
> 0x5a0cb03b3a5f5e44294598d31b1e69590452621253f761f2986999ef6e7814965bf0cbe10b16e0295fb88efc68979772f5053ba685d9af99b39994cbf17accde0831c26685960431dc4ac3696bf061ff0496a142ce2a576ad16c66c766cfe47038139a0584effb5bd1f63e502ae117e5286c79ad82192194bace81564e2c0ee5217b277a6969fd865a19152913cf50718ab09ccf01375bc1d5e7d501be14882cc1932693221a3274898e2d7387ced11b273c72d69a7719df1e43df7b6f54e7b70e9f3d91f216dcf1499e7ed37299fc3a982410737cde9ae04d76ab4053be800b0f0203010001a317301530130603551d25040c300a06082b0601050507
>       EAP-Message =  
> 0x0301300d06092a864886f70d010104050003818100628fd16c16c9ca25d9fd4bf42b45dd9d1bba1b64146625d572b86a97e6c3780315511194fcf2510c4ce99393e61a63af985e6eb48438e8ef10d1f56f0380f626d9290e6b30f3459aa1ee66ae0556c5f5971a603343af9472105cabfb70eb144cb043f5cfadcc3a536f44bf3cd98c2bbb63af699594956609f75af9c9cadfe4e40003c9308203c53082032ea003020102020900ad028a9e72fb0f0a300d06092a864886f70d010104050030819e310b3009060355040613024652310f300d060355040813064672616e63653111300f0603550407130853757265736e6573310d300b060355040a13
>       EAP-Message = 0x0441434d53310b3009060355
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0xb1d1cd33b0d2d4b9577b19a501eee06e
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=82, length=175
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message = 0x020300061900
>       State = 0xb1d1cd33b0d2d4b9577b19a501eee06e
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0x6db7cf5ed3d73d831bb04492bc36e0a8
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 3 length 6
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 82 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x010403671900040b13024449312730250603550403131e41434d53202d2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706f73746d61737465724061636d732e6173736f2e6672301e170d3036303232383134323835375a170d3236303232333134323835375a30819e310b3009060355040613024652310f300d060355040813064672616e63653111300f0603550407130853757265736e6573310d300b060355040a130441434d53310b3009060355040b13024449312730250603550403131e41434d53202d2043657274696669636174696f6e20417574686f726974793126302406092a
>       EAP-Message =  
> 0x864886f70d0109011617706f73746d61737465724061636d732e6173736f2e667230819f300d06092a864886f70d010101050003818d0030818902818100bc7d9f74ab64f276ac4c0059fbb63dd341d6e3f6938bbcc1d18614b5218a137322253da30d2c08e67d48425c192b3693766807b794f928a931adbe115181bc8f00941de778eb402079cce8298e0dd0fe6e80921db123209728442395c238c2902ac3dc5b9f23d239fadea85e62cabd30a3c6cdb162c46fd51e6d386ba868a3390203010001a382010730820103301d0603551d0e041604149cbb859d57389413b3def35ced857b46105dc5de3081d30603551d230481cb3081c880149cbb85
>       EAP-Message =  
> 0x9d57389413b3def35ced857b46105dc5dea181a4a481a130819e310b3009060355040613024652310f300d060355040813064672616e63653111300f0603550407130853757265736e6573310d300b060355040a130441434d53310b3009060355040b13024449312730250603550403131e41434d53202d2043657274696669636174696f6e20417574686f726974793126302406092a864886f70d0109011617706f73746d61737465724061636d732e6173736f2e6672820900ad028a9e72fb0f0a300c0603551d13040530030101ff300d06092a864886f70d0101040500038181001b0a6fb0e890320aadf9c0baa7f3ca810ad2c8e6f246bdeadc
>       EAP-Message =  
> 0xcda483532b27e5fb39164b2e3db6fb717f8534442e9efd065309d0e6c9d1a6e90c2fba2b7beb1e72f794bcccd2fc95190c65d9e97d1d37089610db9f6238adff67a1a2c818bd2e7ad5707603d6eb25e47681a57aceda1d2e2ea0e9ced9ba61c463f671a1b1d2f716030100040e000000
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0xb1d1cd33b3d5d4b9577b19a501eee06e
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=83, length=491
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x020401401980000001361603010106100001020100621a6d6489a3b775a64ad3ee2f28e053794c50f912e68f4e67f03d70f8a0d1dd9dda173b2f6669f1b4c3bfdf17ae425ea3a2475b1191083540da42b1418efe2641b3a218326f60cf1b6eecd32d21409ea10079a2be923248253fd9a1c36db54260dc3562fb6c49245980d521d894763779662b0f70a32e0f48ae6b5767ea2c9e6c11409830b84f4bd3e553ee460afa486508d0e3e823fc251c6cd850cfbb1a43eecf83d5d03aed2e78f80f2e965ce7ceebf9259655c4c32d5efd88ed7a60ced5fcdaa5531be9bf7379597e25e7c37eca79eeca6ade118f9c7f904256e9f8b7d2563308f0480c8559
>       EAP-Message =  
> 0x8942ff0c70a8c3ce206f908d3d2b3ee44fadc13d9a9f1e68140301000101160301002060d7e7fc4d412ea50f03efecf0d0cd8d01267753af8a16ff3095758ca82c3b9e
>       State = 0xb1d1cd33b3d5d4b9577b19a501eee06e
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0x2c34b230bef2071b982d584fca5ec843
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 4 length 253
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> TLS Length 310
> rlm_eap_tls:  Length Included
> eaptls_verify returned 11
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
>   TLS_accept: SSLv3 read client key exchange A
> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
>   TLS_accept: SSLv3 read finished A
> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
>   TLS_accept: SSLv3 write change cipher spec A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
>   TLS_accept: SSLv3 write finished A
>   TLS_accept: SSLv3 flush data
>   (other): SSL negotiation finished successfully
> SSL Connection Established
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 83 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x0105003119001403010001011603010020c9602cd84aa7982ac74fdd03d1b658d1fb963f2d3b8ead12ea31c58209248c2b
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0xb1d1cd33b2d4d4b9577b19a501eee06e
> Finished request 3.
> Going to the next request
> Waking up in 4.7 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=85, length=175
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message = 0x020500061900
>       State = 0xb1d1cd33b2d4d4b9577b19a501eee06e
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0x51af73ed1ede861fc06ee69ee7362ddd
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 5 length 6
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake is finished
> eaptls_verify returned 3
> eaptls_process returned 3
> rlm_eap_peap: EAPTLS_SUCCESS
> ++[eap] returns handled
> Sending Access-Challenge of id 85 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x010600201900170301001514a38092da042a09a0d53f71c5db3c20253be3932a
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0xb1d1cd33b5d7d4b9577b19a501eee06e
> Finished request 4.
> Going to the next request
> Waking up in 4.6 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=84, length=208
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x020600271900170301001c377f4b5460aaaa3ed396b66c24a6e7da327d38ffc15fdbbfa5071b7e
>       State = 0xb1d1cd33b5d7d4b9577b19a501eee06e
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0x9458c933041125b9f6ca8610574f998f
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 6 length 39
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established.  Decoding tunneled attributes.
> rlm_eap_peap: Identity - ACMS\usertest
> PEAP: Got tunneled EAP-Message
>       EAP-Message = 0x0206001001444f4d5c6361726c696f7a
> PEAP: Got tunneled identity of ACMS\usertest
> PEAP: Setting default EAP type for tunneled EAP session.
> PEAP: Setting User-Name to ACMS\usertest
> PEAP: Sending tunneled request
>       EAP-Message = 0x0206001001444f4d5c6361726c696f7a
>       FreeRADIUS-Proxied-To = 127.0.0.1
>       User-Name = "ACMS\\usertest"
> server inner-tunnel {
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> rlm_eap: EAP packet type response id 6 length 16
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: EAP Identity
> rlm_eap: processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> ++[eap] returns handled
> } # server inner-tunnel
> PEAP: Got tunneled reply RADIUS code 11
>       EAP-Message =  
> 0x010700251a0107002010556e70ce846691aea2c042838cb465b6444f4d5c6361726c696f7a
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x5bbb7f125bbc65603c947384488c39d8
> PEAP: Processing from tunneled session code 0x1d6fa00 11
>       EAP-Message =  
> 0x010700251a0107002010556e70ce846691aea2c042838cb465b6444f4d5c6361726c696f7a
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x5bbb7f125bbc65603c947384488c39d8
> PEAP: Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 84 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x0107003c190017030100315d3c38589f24e052410d29c4316debb268b576d1491c91397a2c2c47ed82de8d07e25f85ddbca888ce5f2f52498b00a17a
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0xb1d1cd33b4d6d4b9577b19a501eee06e
> Finished request 5.
> Going to the next request
> Waking up in 4.6 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=86, length=262
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x0207005d19001703010052c5802a50a76626e911c84500e1b139ec0e448554c2539bfd8f2c422a750c6b46c2f45c07d81b631135434e59b0127081fbbb408133efa7d87546245dc74d5ea394ba4725db00c777e1db5649858339a6ff89
>       State = 0xb1d1cd33b4d6d4b9577b19a501eee06e
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0xaaba5a2f699aa217dc67dbd1ad2c1b8b
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 7 length 93
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established.  Decoding tunneled attributes.
> rlm_eap_peap: EAP type mschapv2
> PEAP: Got tunneled EAP-Message
>       EAP-Message =  
> 0x020700461a0207004131b8a86f74525f79287c685926df8506b30000000000000000937766f3b6118923d4a2833ba1d198e1b0c984525ac7d57000444f4d5c6361726c696f7a
> PEAP: Setting User-Name to ACMS\usertest
> PEAP: Sending tunneled request
>       EAP-Message =  
> 0x020700461a0207004131b8a86f74525f79287c685926df8506b30000000000000000937766f3b6118923d4a2833ba1d198e1b0c984525ac7d57000444f4d5c6361726c696f7a
>       FreeRADIUS-Proxied-To = 127.0.0.1
>       User-Name = "ACMS\\usertest"
>       State = 0x5bbb7f125bbc65603c947384488c39d8
> server inner-tunnel {
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> rlm_eap: EAP packet type response id 7 length 70
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> +- entering group MS-CHAP
> rlm_mschap: No Cleartext-Password configured.  Cannot create LM- 
> Password.
> rlm_mschap: No Cleartext-Password configured.  Cannot create NT- 
> Password.
> rlm_mschap: Told to do MS-CHAPv2 for usertest with NT-Password
>       expand: --ACMSain=%{mschap:NT-ACMSain} -> --ACMSain=ACMS
>       expand: --username=%{mschap:User-Name} -> --username=usertest
> mschap2: 55
>       expand: --challenge=%{mschap:Challenge:-00} -> -- 
> challenge=b4dbd917acb3d690
>       expand: --nt-response=%{mschap:NT-Response:-00} -> --nt- 
> response=937766f3b6118923d4a2833ba1d198e1b0c984525ac7d570
> Exec-Program output: NT_KEY: D139B35EDBE5A4E870E34920F2D63FEF
> Exec-Program-Wait: plaintext: NT_KEY: D139B35EDBE5A4E870E34920F2D63FEF
> Exec-Program: returned: 0
> rlm_mschap: adding MS-CHAPv2 MPPE keys
> ++[mschap] returns ok
> MSCHAP Success
> ++[eap] returns handled
> } # server inner-tunnel
> PEAP: Got tunneled reply RADIUS code 11
>       EAP-Message =  
> 0x010800331a0307002e533d36303743343137423644323646333643423935313230443135454133304346393743383145354232
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x5bbb7f125ab365603c947384488c39d8
> PEAP: Processing from tunneled session code 0x1d48ad0 11
>       EAP-Message =  
> 0x010800331a0307002e533d36303743343137423644323646333643423935313230443135454133304346393743383145354232
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0x5bbb7f125ab365603c947384488c39d8
> PEAP: Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 86 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x0108004a1900170301003f790d3c1318deb33bc9b0bffbdc62f89cb9ef00e48a4369d5176e082332ac0f3e1adeececf9133a24e2db88a48f131b24f96b470ad735d56aab1e398d8b1962
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0xb1d1cd33b7d9d4b9577b19a501eee06e
> Finished request 6.
> Going to the next request
> Waking up in 4.6 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=87, length=198
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x0208001d19001703010012c0833497cbb416bd4af4736ed09a77f33fcc
>       State = 0xb1d1cd33b7d9d4b9577b19a501eee06e
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0x11904e5ce88bdc7e4015519888a50038
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 8 length 29
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established.  Decoding tunneled attributes.
> rlm_eap_peap: EAP type mschapv2
> PEAP: Got tunneled EAP-Message
>       EAP-Message = 0x020800061a03
> PEAP: Setting User-Name to ACMS\usertest
> PEAP: Sending tunneled request
>       EAP-Message = 0x020800061a03
>       FreeRADIUS-Proxied-To = 127.0.0.1
>       User-Name = "ACMS\\usertest"
>       State = 0x5bbb7f125ab365603c947384488c39d8
> server inner-tunnel {
> +- entering group authorize
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> rlm_eap: EAP packet type response id 8 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> rlm_eap: Freeing handler
> ++[eap] returns ok
> Login OK: [ACMS\\usertest/<via Auth-Type = EAP>] (from client aruba1  
> port 0 via TLS tunnel)
> } # server inner-tunnel
> PEAP: Got tunneled reply RADIUS code 2
>       EAP-Message = 0x03080004
>       Message-Authenticator = 0x00000000000000000000000000000000
>       User-Name = "ACMS\\usertest"
> PEAP: Processing from tunneled session code 0x1d6d7f0 2
>       EAP-Message = 0x03080004
>       Message-Authenticator = 0x00000000000000000000000000000000
>       User-Name = "ACMS\\usertest"
> PEAP: Tunneled authentication was successful.
> rlm_eap_peap: SUCCESS
> ++[eap] returns handled
> Sending Access-Challenge of id 87 to 10.254.0.32 port 32822
>       EAP-Message =  
> 0x010900261900170301001b740c352358b879b666b2617fe8fa1cb29288f5b899546d41a5655a
>       Message-Authenticator = 0x00000000000000000000000000000000
>       State = 0xb1d1cd33b6d8d4b9577b19a501eee06e
> Finished request 7.
> Going to the next request
> Waking up in 4.6 seconds.
> rad_recv: Access-Request packet from host 10.254.0.32 port 32822,  
> id=88, length=207
>       User-Name = "ACMS\\usertest"
>       NAS-IP-Address = 10.254.0.30
>       NAS-Port = 2
>       NAS-Identifier = "10.254.0.32"
>       NAS-Port-Type = Wireless-802.11
>       Calling-Station-Id = "0018DECCECAA"
>       Called-Station-Id = "000B86613054"
>       Service-Type = Login-User
>       Framed-MTU = 1100
>       EAP-Message =  
> 0x020900261900170301001bd911f82a6b41a035a62496200168b13d84f72b9c8b9d86ed23c3c0
>       State = 0xb1d1cd33b6d8d4b9577b19a501eee06e
>       Aruba-Essid-Name = "ACMS"
>       Aruba-Location-Id = "254.1.2"
>       Message-Authenticator = 0xc65b393765c82022a70ba974c1df2966
> +- entering group authorize
> ++[preprocess] returns ok
>       expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d -> /var/log/freeradius/radacct/10.254.0.32/auth- 
> detail-20090803
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth- 
> detail-%Y%m%d expands to /var/log/freeradius/radacct/10.254.0.32/ 
> auth-detail-20090803
>       expand: %t -> Mon Aug  3 14:06:36 2009
> ++[auth_log] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
>   rlm_realm: No '@' in User-Name = "ACMS\usertest", looking up realm  
> NULL
>   rlm_realm: No such realm "NULL"
> ++[suffix] returns noop
> rlm_eap: EAP packet type response id 9 length 38
> rlm_eap: Continuing tunnel setup.
> ++[eap] returns ok
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established.  Decoding tunneled attributes.
> rlm_eap_peap: Received EAP-TLV response.
> rlm_eap_peap: Success
> rlm_eap: Freeing handler
> ++[eap] returns ok
> Login OK: [ACMS\\usertest/<via Auth-Type = EAP>] (from client aruba1  
> port 2 cli 0018DECCECAA)
> +- entering group post-auth
> ++[exec] returns noop
> Sending Access-Accept of id 88 to 10.254.0.32 port 32822
>       MS-MPPE-Recv-Key =  
> 0x695e9dd8253cf8ad3be2d108b81c7071284dce6533e98dfc3c776afd46f80a2a
>       MS-MPPE-Send-Key =  
> 0x48dea6a783506a6d57acd8d4ae74e9911463c666e58cd632b44cb3146c832d30
>       EAP-Message = 0x03090004
>       Message-Authenticator = 0x00000000000000000000000000000000
>       User-Name = "ACMS\\usertest"
> Finished request 8.
> Going to the next request
> Waking up in 4.6 seconds.
> Cleaning up request 0 ID 80 with timestamp +164
> Cleaning up request 1 ID 81 with timestamp +165
> Cleaning up request 2 ID 82 with timestamp +165
> Waking up in 0.2 seconds.
> Cleaning up request 3 ID 83 with timestamp +165
> Cleaning up request 4 ID 85 with timestamp +165
> Cleaning up request 5 ID 84 with timestamp +165
> Cleaning up request 6 ID 86 with timestamp +165
> Cleaning up request 7 ID 87 with timestamp +165
> Cleaning up request 8 ID 88 with timestamp +165
>
>
>
> Thanks
>
> Jean-Hubert Monlord
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2496 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090805/7929d636/attachment.bin>


More information about the Freeradius-Users mailing list