Autz-type LDAP, Auth-Type MSCHAP possible ? (for vlan assignment)
LEOSI
radius at pronetis.fr
Wed Feb 18 16:25:56 CET 2009
Remove that Autz-Type := Ldap
> Done.
preprocess
Autz-Type LDAP {
ldap
}
> Removed too.
And the debug (a little bit long...) :
Wed Feb 18 16:19:31 2009 : Debug: Listening on authentication address * port
1812
Wed Feb 18 16:19:31 2009 : Debug: Listening on accounting address * port
1813
Wed Feb 18 16:19:31 2009 : Debug: Listening on proxy address * port 1814
Wed Feb 18 16:19:31 2009 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=199,
length=204
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
EAP-Message = 0x0201000e0175736572766c616e31
Message-Authenticator = 0xef16e42d1166597b57ffbf6e49dba74b
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 1 length
14
Wed Feb 18 16:19:43 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns updated
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Wed Feb 18 16:19:43 2009 : Info: [files] expand: cn=vlan1,dc=test,dc=fr ->
cn=vlan1,dc=test,dc=fr
Wed Feb 18 16:19:43 2009 : Info: [files] expand:
(samaccountname=%{User-Name}) -> (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: attempting LDAP reconnection
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: (re)connect to test.fr:389,
authentication 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: bind as
cn=bindradius,cn=Users,dc=test,dc=fr/bindradius to test.fr:389
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: waiting for bind result ...
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Bind was successful
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Feb 18 16:19:43 2009 : Info: ++[files] returns noop
Wed Feb 18 16:19:43 2009 : Info: [ldap] performing user authorization for
uservlan1
Wed Feb 18 16:19:43 2009 : Info: [ldap] expand:
(samaccountname=%{User-Name}) -> (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: cn=vlan1,dc=test,dc=fr ->
cn=vlan1,dc=test,dc=fr
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Info: [ldap] search failed
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Feb 18 16:19:43 2009 : Info: ++[ldap] returns notfound
Wed Feb 18 16:19:43 2009 : Info: ++[expiration] returns noop
Wed Feb 18 16:19:43 2009 : Info: ++[logintime] returns noop
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP Identity
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type tls
Wed Feb 18 16:19:43 2009 : Info: [tls] Initiate
Wed Feb 18 16:19:43 2009 : Info: [tls] Start returned 1
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 199 to 192.168.1.1 port 1024
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7a38d5c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 0.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=200,
length=288
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7a38d5c9dc391a3e151ac2bef
EAP-Message =
0x0202005019800000004616030100410100003d0301499c274083cf1683279acd57f63bebce33cba9b063135b2b3ae374d7132bfee400001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x8257675be6f80dde0fe81eb7fb712afd
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 2 length
80
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Debug: TLS Length 70
Wed Feb 18 16:19:43 2009 : Info: [peap] Length Included
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 11
Wed Feb 18 16:19:43 2009 : Info: [peap] (other): before/accept
initialization
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: before/accept
initialization
Wed Feb 18 16:19:43 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0041],
ClientHello
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 read client
hello A
Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 002a],
ServerHello
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write server
hello A
Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 085e],
Certificate
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write
certificate A
Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 0004],
ServerHelloDone
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write server
done A
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 flush data
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: Need to read more
data: SSLv3 read client certificate A
Wed Feb 18 16:19:43 2009 : Debug: In SSL Handshake Phase
Wed Feb 18 16:19:43 2009 : Debug: In SSL Accept mode
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 13
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_HANDLED
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 200 to 192.168.1.1 port 1024
EAP-Message =
0x0103040019c00000089b160301002a020000260301499c270fad1673a41a01708536fdae67a8aff4f1c422aa06a8bc60a7e27e81eb00000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message =
0x301e170d3039303231373130353330395a170d3130303231373130353330395a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009680cb81a09c5c552336f4df5885de12bd2987b434e65b615af302fbfa6d742fe641a113db5d71aaa094c79e0bcf5642e0eb42a847f4cbb30cc9f8e18fe2
EAP-Message =
0xf84213607bf5b318120faeea122e84582ae10435590ccdea588e510feb290030fad45af119c03f39bbc4d268f144996bc8714c74725ff081c11b76130cbc79a50e6c92311274493ef5bbd583c5005e898d644b772320d15fa2a48906a08d6b65a5a90359d4cefda9ae05a2b67b2d136df1403f99fec9e855d2afcb22545e10719210700d7f77cb90b688f4035797e0bf53ba74ee10276049edf0e46dec501cc0ef50b0c578d9269fbd02e23e03106ddbd2ad7fe3008ab9ce24b9dc443f36aa8f0a1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101001124395bad18c9bfa0
EAP-Message =
0x1cdb4a454cde4769686ffd2631e4cd40e2302e007b77f9e7c89ca62ee013aceaf40ca79f9450b5561012f365d449833211ef34c85bbdd3ce3359ac722477f5bf959d6b34a08ce56c10a3433b7132d3ade98c4ef3a591c8c53d6772d2c53438c32dd162703a41bf4829275ace3a017ff356ca455761091c2f7e5af85c1c185d2b5e590b05c98bbcf50716aa195f68831dadfe1f2976273def1d547949785616a40dad4ec42b8d784d1a896e4cda4d4825755a432340d4de450a6b7bad7de5b07320b93c3447f7872c8453fa57ebeaa60c76ed88fccf58f0da0556f81e2c05b43c5fce647cdae74a835a9d0b226c3876eed35523e0f1714a0004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7a28c5c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 1.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=201,
length=214
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7a28c5c9dc391a3e151ac2bef
EAP-Message = 0x020300061900
Message-Authenticator = 0x4625cc197322be2f7f9a1de33a2ed834
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 3 length
6
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Info: [peap] Received TLS ACK
Wed Feb 18 16:19:43 2009 : Info: [peap] ACK handshake fragment handler
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 1
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 13
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_HANDLED
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 201 to 192.168.1.1 port 1024
EAP-Message =
0x010403fc194000d1d0c0e69475b495300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303231373130353330395a170d3130303231373130353330395a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message =
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b6317f685a743685eeef06f9f0173739e645ba97ffd6066394868db0f1cdc9beee8a708cebca964a18ae2f4408322d819253731ab6c3ead89ddf5d4d8e9bbdd7f0a4ee25b323b981567323202650572eab7bab83846231bdf9e0ef2f4983356c7d227ae9ed50cbec7a74a7c630f0de
EAP-Message =
0xafca733d969b3e920e2b7b16794748694ff85737531057b4bf00ed1c633c97c1983643413c9abd4ec8fc48ca30020d7caa2a55dac410e5f7784181e42856422e6b857f7f9fed08dae344d1308abae719274c9a19b0b57fca8377e7544588ead6c334b7c6ca18a4f46d8aabcb03af95a47004a876e41cd07d1d98528d9c523b1b49a9cef9ea50b5ac303db537d3a5a935a70203010001a381fb3081f8301d0603551d0e041604148f0f7be8c4a3d1c006fd2abfdfe9eb27952f0a293081c80603551d230481c03081bd80148f0f7be8c4a3d1c006fd2abfdfe9eb27952f0a29a18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message =
0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d1d0c0e69475b495300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100919a1970050171452336b8b75de726a75ce5bf054acc92d74f5665f94eb09087e61ef5065adf13661fb11c608732057684d5b0d15490dd720bc240b8451fdf5b6d29719fa239115436527871b049daf829f9
EAP-Message = 0x77cc6c09edad3f38
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7a18b5c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 2.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=202,
length=214
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7a18b5c9dc391a3e151ac2bef
EAP-Message = 0x020400061900
Message-Authenticator = 0x7466c45cc1d04e38e135346a965be0cd
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 4 length
6
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Info: [peap] Received TLS ACK
Wed Feb 18 16:19:43 2009 : Info: [peap] ACK handshake fragment handler
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 1
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 13
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_HANDLED
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 202 to 192.168.1.1 port 1024
EAP-Message =
0x010500b5190008a7f853ef5f52f1929d1279e979b9d7659c7a2ca990ddb7206039a444525afdbc26e668dcfd38eb66a759784d8347d2d6c94497fb49be8e963ab05e8f7cd0d906c8b3bad021e205664a1bedf7d0ac94eb633081fa68ab07427972557901e47806ed4548b7059d6993db248f8a2aade34579d9f68ee25703a81d692a77ac3437886a895ccbcc1be5c15d43810386fcfa48e50ce3ae55dd9031f70d3f6f5a0ebd83275a2cf7f116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7a08a5c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 3.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=203,
length=530
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7a08a5c9dc391a3e151ac2bef
EAP-Message =
0x02050140198000000136160301010610000102010095b0d9e25d47bb6e17253370563de4a52634dd741cd9155c64ab24b07f41f24b6d5715d6462bf0cf77bc8bce837a1691f5604bc19390f0495cd363348d8ebe1b1e6fc0cfd77d581109b69b33692f29a2db5bf60c72eeb9566bc8c3d22b019919cdc78695c80977b38ee6c556564326b5b05b65be22ba536304438f5ca6e84f3cc980263c47b94d891e0e7c0ac5161342030860e6446a379c5adf3e88d67b91b6544fdaba626861ca98cbf4de6c7fe9760d0557f875851d8908f637eeeeecc1af9709acd3aac9771cd15a2554fd40f92ca2a55bde45e3b6c4c2dc38acebc06a7f4cdeaf5f14817390
EAP-Message =
0xde555eca6f76f3dbd000bb19fb05b10f15d45ad95bfa79bb140301000101160301002045a2d52d3c33390c5e43d08b2bbf4169f8f351f6f4ba28b783d1e3ff964d1b05
Message-Authenticator = 0xf294591e2fb17221e60051f0fa035d35
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 5 length
253
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Debug: TLS Length 310
Wed Feb 18 16:19:43 2009 : Info: [peap] Length Included
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 11
Wed Feb 18 16:19:43 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0106],
ClientKeyExchange
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 read client
key exchange A
Wed Feb 18 16:19:43 2009 : Info: [peap] <<< TLS 1.0 ChangeCipherSpec [length
0001]
Wed Feb 18 16:19:43 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0010],
Finished
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 read finished
A
Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 ChangeCipherSpec [length
0001]
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write change
cipher spec A
Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 0010],
Finished
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write finished
A
Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 flush data
Wed Feb 18 16:19:43 2009 : Info: [peap] (other): SSL negotiation
finished successfully
Wed Feb 18 16:19:43 2009 : Debug: SSL Connection Established
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 13
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_HANDLED
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 203 to 192.168.1.1 port 1024
EAP-Message =
0x0106003119001403010001011603010020d5b843971b6f0c8cd695bf77908a1b0bb4ed477884831e9bda66d428ce463fe2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7a7895c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 4.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=204,
length=214
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7a7895c9dc391a3e151ac2bef
EAP-Message = 0x020600061900
Message-Authenticator = 0xcfe5f30b147257bfaa8a9ba54522c380
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 6 length
6
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Info: [peap] Received TLS ACK
Wed Feb 18 16:19:43 2009 : Info: [peap] ACK handshake is finished
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 3
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 3
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_SUCCESS
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 204 to 192.168.1.1 port 1024
EAP-Message =
0x0107002019001703010015f729f10822c74bd30aaf113975132008e81a896084
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7a6885c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 5.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=205,
length=245
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7a6885c9dc391a3e151ac2bef
EAP-Message =
0x020700251900170301001aee9b6cee76ffdda7d6b82c1f0f8d4715dcd462f9c61c937f0c69
Message-Authenticator = 0x9d4ea225d8a59c28e9785df917a5fd4d
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 7 length
37
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 7
Wed Feb 18 16:19:43 2009 : Info: [peap] Done initial handshake
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 7
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_OK
Wed Feb 18 16:19:43 2009 : Info: [peap] Session established. Decoding
tunneled attributes.
Wed Feb 18 16:19:43 2009 : Info: [peap] Identity - uservlan1
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled request
EAP-Message = 0x0207000e0175736572766c616e31
server {
Wed Feb 18 16:19:43 2009 : Debug: PEAP: Got tunneled identity of uservlan1
Wed Feb 18 16:19:43 2009 : Debug: PEAP: Setting default EAP type for
tunneled EAP session.
Wed Feb 18 16:19:43 2009 : Debug: PEAP: Setting User-Name to uservlan1
Sending tunneled request
EAP-Message = 0x0207000e0175736572766c616e31
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "uservlan1"
server inner-tunnel {
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 7 length
14
Wed Feb 18 16:19:43 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns updated
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Wed Feb 18 16:19:43 2009 : Info: [files] expand: cn=vlan1,dc=test,dc=fr ->
cn=vlan1,dc=test,dc=fr
Wed Feb 18 16:19:43 2009 : Info: [files] expand:
(samaccountname=%{User-Name}) -> (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Feb 18 16:19:43 2009 : Info: ++[files] returns noop
Wed Feb 18 16:19:43 2009 : Info: [ldap] performing user authorization for
uservlan1
Wed Feb 18 16:19:43 2009 : Info: [ldap] expand:
(samaccountname=%{User-Name}) -> (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: cn=vlan1,dc=test,dc=fr ->
cn=vlan1,dc=test,dc=fr
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Info: [ldap] search failed
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Feb 18 16:19:43 2009 : Info: ++[ldap] returns notfound
Wed Feb 18 16:19:43 2009 : Info: ++[expiration] returns noop
Wed Feb 18 16:19:43 2009 : Info: ++[logintime] returns noop
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP Identity
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type mschapv2
Wed Feb 18 16:19:43 2009 : Debug: rlm_eap_mschapv2: Issuing Challenge
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
} # server inner-tunnel
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply code 11
EAP-Message =
0x010800231a0108001e102171c036e762cf4365cf1cf921e398e675736572766c616e31
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc658eb46c650f13d7cba690c18bc218e
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010800231a0108001e102171c036e762cf4365cf1cf921e398e675736572766c616e31
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc658eb46c650f13d7cba690c18bc218e
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled Access-Challenge
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 205 to 192.168.1.1 port 1024
EAP-Message =
0x0108003a1900170301002fbc1f584cf2690f38683acf5aee7b304bab443f69a137f9fb694a3a8bb91c5075275e8c6bdb7f45e7241a12a6d10595
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7a5875c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 6.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=206,
length=299
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7a5875c9dc391a3e151ac2bef
EAP-Message =
0x0208005b1900170301005065a84b4f81afaa9aeb2c5bd3cd57b929e77f8c347e0a16782df441a0368bc0b526cb3c1c1847af34f0c75a0d09672f4c6f77d1690b0e8df753ccbe88fa987534e5633e67d6eafd9f92d8f6f6a6f8a5a5
Message-Authenticator = 0xe73ae52a6990c5b814d0254587db95c9
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 8 length
91
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 7
Wed Feb 18 16:19:43 2009 : Info: [peap] Done initial handshake
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 7
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_OK
Wed Feb 18 16:19:43 2009 : Info: [peap] Session established. Decoding
tunneled attributes.
Wed Feb 18 16:19:43 2009 : Info: [peap] EAP type mschapv2
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled request
EAP-Message =
0x020800441a0208003f3110adba86965ca02f4231afba3a37de2c0000000000000000be8ca46582f827e5087d9646e1e0dcc9f361b9d100001cbf0075736572766c616e31
server {
Wed Feb 18 16:19:43 2009 : Debug: PEAP: Setting User-Name to uservlan1
Sending tunneled request
EAP-Message =
0x020800441a0208003f3110adba86965ca02f4231afba3a37de2c0000000000000000be8ca46582f827e5087d9646e1e0dcc9f361b9d100001cbf0075736572766c616e31
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "uservlan1"
State = 0xc658eb46c650f13d7cba690c18bc218e
server inner-tunnel {
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 8 length
68
Wed Feb 18 16:19:43 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns updated
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Wed Feb 18 16:19:43 2009 : Info: [files] expand: cn=vlan1,dc=test,dc=fr ->
cn=vlan1,dc=test,dc=fr
Wed Feb 18 16:19:43 2009 : Info: [files] expand:
(samaccountname=%{User-Name}) -> (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Feb 18 16:19:43 2009 : Info: ++[files] returns noop
Wed Feb 18 16:19:43 2009 : Info: [ldap] performing user authorization for
uservlan1
Wed Feb 18 16:19:43 2009 : Info: [ldap] expand:
(samaccountname=%{User-Name}) -> (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: cn=vlan1,dc=test,dc=fr ->
cn=vlan1,dc=test,dc=fr
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Info: [ldap] search failed
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Feb 18 16:19:43 2009 : Info: ++[ldap] returns notfound
Wed Feb 18 16:19:43 2009 : Info: ++[expiration] returns noop
Wed Feb 18 16:19:43 2009 : Info: ++[logintime] returns noop
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/mschapv2
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type mschapv2
Wed Feb 18 16:19:43 2009 : Info: [mschapv2] +- entering group MS-CHAP {...}
Wed Feb 18 16:19:43 2009 : Info: [mschap] No Cleartext-Password configured.
Cannot create LM-Password.
Wed Feb 18 16:19:43 2009 : Info: [mschap] No Cleartext-Password configured.
Cannot create NT-Password.
Wed Feb 18 16:19:43 2009 : Info: [mschap] Told to do MS-CHAPv2 for uservlan1
with NT-Password
Wed Feb 18 16:19:43 2009 : Info: [mschap] expand:
--username=%{mschap:User-Name:-None} -> --username=uservlan1
Wed Feb 18 16:19:43 2009 : Info: [mschap] No NT-Domain was found in the
User-Name.
Wed Feb 18 16:19:43 2009 : Info: [mschap] expand:
--domain=%{mschap:NT-Domain:-TEST} -> --domain=TEST
Wed Feb 18 16:19:43 2009 : Info: [mschap] mschap2: 21
Wed Feb 18 16:19:43 2009 : Info: [mschap] expand:
--challenge=%{mschap:Challenge:-00} -> --challenge=2e64abb777d66ca5
Wed Feb 18 16:19:43 2009 : Info: [mschap] expand:
--nt-response=%{mschap:NT-Response:-00} ->
--nt-response=be8ca46582f827e5087d9646e1e0dcc9f361b9d100001cbf
Wed Feb 18 16:19:43 2009 : Debug: Exec-Program output: NT_KEY:
D521CC14F4615B7C8346E1E22F5D4741
Wed Feb 18 16:19:43 2009 : Debug: Exec-Program-Wait: plaintext: NT_KEY:
D521CC14F4615B7C8346E1E22F5D4741
Wed Feb 18 16:19:43 2009 : Debug: Exec-Program: returned: 0
Wed Feb 18 16:19:43 2009 : Info: [mschap] adding MS-CHAPv2 MPPE keys
Wed Feb 18 16:19:43 2009 : Info: ++[mschap] returns ok
Wed Feb 18 16:19:43 2009 : Debug: MSCHAP Success
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
} # server inner-tunnel
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply code 11
EAP-Message =
0x010900331a0308002e533d38453634313639313438344532323436453444303043394432353631413536324646324636463837
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc658eb46c751f13d7cba690c18bc218e
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010900331a0308002e533d38453634313639313438344532323436453444303043394432353631413536324646324636463837
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc658eb46c751f13d7cba690c18bc218e
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled Access-Challenge
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 206 to 192.168.1.1 port 1024
EAP-Message =
0x0109004a1900170301003fbceaf369bb49f5c39efb50fbffc1ce2afc2a8e3832a97e9609b2eda98e57b82e2a5826a854b250c8b86fb397aa690ce64668343fa202aa544b96397ae5a5da
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7a4865c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 7.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=207,
length=237
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7a4865c9dc391a3e151ac2bef
EAP-Message = 0x0209001d1900170301001202000acfa50129244ab599c1e6bc6276bbd4
Message-Authenticator = 0xbb95163fd7b7d4283108252c338271ce
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 9 length
29
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 7
Wed Feb 18 16:19:43 2009 : Info: [peap] Done initial handshake
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 7
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_OK
Wed Feb 18 16:19:43 2009 : Info: [peap] Session established. Decoding
tunneled attributes.
Wed Feb 18 16:19:43 2009 : Info: [peap] EAP type mschapv2
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled request
EAP-Message = 0x020900061a03
server {
Wed Feb 18 16:19:43 2009 : Debug: PEAP: Setting User-Name to uservlan1
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "uservlan1"
State = 0xc658eb46c751f13d7cba690c18bc218e
server inner-tunnel {
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 9 length
6
Wed Feb 18 16:19:43 2009 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns updated
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Entering ldap_groupcmp()
Wed Feb 18 16:19:43 2009 : Info: [files] expand: cn=vlan1,dc=test,dc=fr ->
cn=vlan1,dc=test,dc=fr
Wed Feb 18 16:19:43 2009 : Info: [files] expand:
(samaccountname=%{User-Name}) -> (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Feb 18 16:19:43 2009 : Info: ++[files] returns noop
Wed Feb 18 16:19:43 2009 : Info: [ldap] performing user authorization for
uservlan1
Wed Feb 18 16:19:43 2009 : Info: [ldap] expand:
(samaccountname=%{User-Name}) -> (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: cn=vlan1,dc=test,dc=fr ->
cn=vlan1,dc=test,dc=fr
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Info: [ldap] search failed
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Wed Feb 18 16:19:43 2009 : Info: ++[ldap] returns notfound
Wed Feb 18 16:19:43 2009 : Info: ++[expiration] returns noop
Wed Feb 18 16:19:43 2009 : Info: ++[logintime] returns noop
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/mschapv2
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type mschapv2
Wed Feb 18 16:19:43 2009 : Info: [eap] Freeing handler
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
} # server inner-tunnel
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply code 2
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "uservlan1"
Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply RADIUS code 2
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "uservlan1"
Wed Feb 18 16:19:43 2009 : Info: [peap] Tunneled authentication was
successful.
Wed Feb 18 16:19:43 2009 : Info: [peap] SUCCESS
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled
Sending Access-Challenge of id 207 to 192.168.1.1 port 1024
EAP-Message =
0x010a00261900170301001b505392e77d7cd9892b292fefb960dca3641275e476910dc51b9a28
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa38f45a7ab855c9dc391a3e151ac2bef
Wed Feb 18 16:19:43 2009 : Info: Finished request 8.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=208,
length=246
Framed-MTU = 1480
NAS-IP-Address = 192.168.1.1
NAS-Identifier = "SWiTCH"
User-Name = "uservlan1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 17
NAS-Port-Type = Ethernet
NAS-Port-Id = "17"
Called-Station-Id = "00-13-21-a8-24-40"
Calling-Station-Id = "00-15-c5-06-84-d8"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "4"
State = 0xa38f45a7ab855c9dc391a3e151ac2bef
EAP-Message =
0x020a00261900170301001bd23d3370fb242bc3d50bba95804df93e0f54276a55b2709b53a2ee
Message-Authenticator = 0x1fd2ae2da8674b69c17a770a1ad92c10
Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 10 length
38
Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup.
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP
Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...}
Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list
Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap
Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap
Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 7
Wed Feb 18 16:19:43 2009 : Info: [peap] Done initial handshake
Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 7
Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_OK
Wed Feb 18 16:19:43 2009 : Info: [peap] Session established. Decoding
tunneled attributes.
Wed Feb 18 16:19:43 2009 : Info: [peap] Received EAP-TLV response.
Wed Feb 18 16:19:43 2009 : Info: [peap] Success
Wed Feb 18 16:19:43 2009 : Info: [eap] Freeing handler
Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok
Wed Feb 18 16:19:43 2009 : Info: +- entering group post-auth {...}
Wed Feb 18 16:19:43 2009 : Info: ++[exec] returns noop
Sending Access-Accept of id 208 to 192.168.1.1 port 1024
MS-MPPE-Recv-Key =
0xbecd3757b9655fbcd7b1e88118a13049acb65959fdb551e568fa471c83b88167
MS-MPPE-Send-Key =
0xce92c37585cd98e72fc690552e0980df64b1134b38ca2f213e3c4b95bfa98162
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "uservlan1"
Wed Feb 18 16:19:43 2009 : Info: Finished request 9.
Wed Feb 18 16:19:43 2009 : Debug: Going to the next request
Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds.
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 0 ID 199 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 1 ID 200 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 2 ID 201 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 3 ID 202 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 4 ID 203 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 5 ID 204 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 6 ID 205 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 7 ID 206 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 8 ID 207 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 9 ID 208 with timestamp
+12
Wed Feb 18 16:19:48 2009 : Debug: Ready to process requests.
--
View this message in context: http://www.nabble.com/Autz-type-LDAP%2C-Auth-Type-MSCHAP-possible---%28for-vlan-assignment%29-tp22076072p22081058.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list