LDAP + TTLS PAP

jpablorp juanpablo.ramirez at foxconn.com
Wed Jul 15 16:37:29 CEST 2009



Ivan Kalik wrote:
> 
> 
>> You have deleted the interesting part of the debug.
> 
>>Ivan Kalik
>>Kalik Informatika ISP
> 
> 

Sorry 
Here is my all debug.
Ready to process requests.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2,
length=163
	User-Name = "user"
	Calling-Station-Id = "00-24-2C-83-AA-92"
	Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
	NAS-Port = 1
	NAS-IP-Address = 10.14.56.33
	NAS-Identifier = "test-gdl-wlc"
	Airespace-Wlan-Id = 1
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020800090175736572
	Message-Authenticator = 0xb86c778d5e5cbb982425e05ea5b4b6e8
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for user
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
[ldap] 	expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user)
[ldap] 	expand: ou=Wireless,dc=local,dc=test,dc=com ->
ou=Wireless,dc=local,dc=test,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Wireless,dc=local,dc=test,dc=com, with
filter (cn=user)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: userPassword -> Cleartext-Password == "Newuser01"
[ldap] looking for reply items in directory...
[ldap] user user authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 2 to 10.14.56.33 port 32768
	EAP-Message = 0x010900160410a1a022fc9a0dfa06c749cc18033a2a4a
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xeb2a1c90eb2318c7f00b52ffc2a1bc44
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2,
length=163
Sending duplicate reply to client 10.14.56.33 port 32768 - ID: 2
Sending Access-Challenge of id 2 to 10.14.56.33 port 32768
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=2,
length=163
Sending duplicate reply to client 10.14.56.33 port 32768 - ID: 2
Sending Access-Challenge of id 2 to 10.14.56.33 port 32768
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=3,
length=178
	User-Name = "user"
	Calling-Station-Id = "00-24-2C-83-AA-92"
	Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
	NAS-Port = 1
	NAS-IP-Address = 10.14.56.33
	NAS-Identifier = "test-gdl-wlc"
	Airespace-Wlan-Id = 1
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020900060315
	State = 0xeb2a1c90eb2318c7f00b52ffc2a1bc44
	Message-Authenticator = 0xbe3af8eada8201dbfd51322d12e53c40
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for user
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang" for
details
[ldap] 	expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=user)
[ldap] 	expand: ou=Wireless,dc=local,dc=test,dc=com ->
ou=Wireless,dc=local,dc=test,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Wireless,dc=local,dc=test,dc=com, with
filter (cn=user)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: userPassword -> Cleartext-Password == "Newuser01"
[ldap] looking for reply items in directory...
[ldap] user user authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 3 to 10.14.56.33 port 32768
	EAP-Message = 0x010a00061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xeb2a1c90ea2009c7f00b52ffc2a1bc44
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=4,
length=284
	User-Name = "user"
	Calling-Station-Id = "00-24-2C-83-AA-92"
	Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
	NAS-Port = 1
	NAS-IP-Address = 10.14.56.33
	NAS-Identifier = "test-gdl-wlc"
	Airespace-Wlan-Id = 1
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	EAP-Message =
0x020a007015800000006616030100610100005d03014a5ddd93e85b4d75bd7b9a21b884bdcf282a9f2494f57df9199e8563359795a900003600390038003500160013000a00330032002f0007006600050004006300620061001500120009006500640060001400110008000600030100
	State = 0xeb2a1c90ea2009c7f00b52ffc2a1bc44
	Message-Authenticator = 0xc86d9cf6e3039d68046a0530a18d6d46
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 102
[ttls] Length Included
[ttls] eaptls_verify returned 11 
[ttls]     (other): before/accept initialization 
[ttls]     TLS_accept: before/accept initialization 
[ttls] <<< TLS 1.0 Handshake [length 0061], ClientHello  
[ttls]     TLS_accept: SSLv3 read client hello A 
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello  
[ttls]     TLS_accept: SSLv3 write server hello A 
[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate  
[ttls]     TLS_accept: SSLv3 write certificate A 
[ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange  
[ttls]     TLS_accept: SSLv3 write key exchange A 
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[ttls]     TLS_accept: SSLv3 write server done A 
[ttls]     TLS_accept: SSLv3 flush data 
[ttls]     TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase 
In SSL Accept mode  
[ttls] eaptls_process returned 13 
++[eap] returns handled
Sending Access-Challenge of id 4 to 10.14.56.33 port 32768
	EAP-Message =
0x010b040015c000000aad160301002a0200002603014a5ddd86b41364db7476dd64005ce8e2585aa7e4e156d751c63d743b5933245d00003900160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
	EAP-Message =
0x301e170d3039303731303036333131335a170d3130303731303036333131335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c1fb46f3defa76fee58c225a6ee08eabd09fc256cdaa5510b7c129c70c5e64f157c9b9570b3662da82678a731247ec7f9496f5109cdf737793197ec692e4
	EAP-Message =
0x02c2a85c91c09c927fc2d7c66e47b187a37685f2e95888eb87cf372fab0501bbec194cb3c2284f1f5758907997ad1bd1f50326d2d871e852f4d8af11b569ececb0257108cf1db77759e1147505d78957913fb61f13d5ea6828aedb0d5c47c26b4541075eec10a589067bee31307ad01b3bc3797f0c576a7282d04ddb7127ac18c09590062b5407fd4460f685ea780fbc104944cc2de025af38103ac4bc5123393d449a30a1f87af9295ce6ae44c5080647857c8db359b809bb01768ba08ae008e84d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101002d88c882d98703865e
	EAP-Message =
0x56e1820a3593253cbd9c71c4a8c3493770c1f7039a17aca88779555807e379317276afb7ec62f1e95249ad567071bccfcf21bdbf6dbd7f618bd2d40a2053a56635dbd76ac3cd58fc825a91e0feed3c4f427d274fe2eb1e64ef3fc668120a6595c77ada95146cdcf368e58b75a4c08d8cea536f0bbd5ee94355a939ff9538fcdd20107da69646ca5ba3c44f54d75ab922acda4aa1931b1ba45b4dabe6fcda6ff9afc4f658689c1276ca4251922cb97d709069749ae05d4defb0e2c5f9a3b576b9f9b125298836309d99303bbb460d97ea81815552a9703357d9aaf823fff9275c44de6d23bc3d731bb132404580037ac981b244abf9cf450004ab308204
	EAP-Message = 0xa73082038fa0030201020209
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xeb2a1c90e92109c7f00b52ffc2a1bc44
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=5,
length=178
	User-Name = "user"
	Calling-Station-Id = "00-24-2C-83-AA-92"
	Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
	NAS-Port = 1
	NAS-IP-Address = 10.14.56.33
	NAS-Identifier = "test-gdl-wlc"
	Airespace-Wlan-Id = 1
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020b00061500
	State = 0xeb2a1c90e92109c7f00b52ffc2a1bc44
	Message-Authenticator = 0x53442257246b2aea062c0ad67ba0d8a6
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1 
[ttls] eaptls_process returned 13 
++[eap] returns handled
Sending Access-Challenge of id 5 to 10.14.56.33 port 32768
	EAP-Message =
0x010c040015c000000aad00c2732ade952a074d300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303731303036333131335a170d3130303731303036333131335a308193310b3009060355040613024652310f300d0603550408130652616469757331123010
	EAP-Message =
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bae3caea95e2a2b4103a026c52e2706768751828839c3bb2bc16549951a0be10bc6d43714a735af57557cacc9c4f5ee83db1f53c5e67bd898aba0c92db258f9b7deb342f7a84827c4155454223630a6f1becb8ca5f27d236af65ec813eca65cdbea3e58982011a58b12063
	EAP-Message =
0x488cbd8bf5d4ea65d8bb4d622cfb3231f4ee5646cf9784032694db2d17abc3f70bd5b67a1ff15d60c6e0e270683fbbad9cc3215d0fc9b914a62efd952c318525d4e2d0c88155bf5bf869aca8aaed078be3d5e099f5cdb36666e8d2754256e3f92e3bd54eb028b2add1971c397dab87f5daf36a280abf9ba92dacf3fd7df11b2e7c58b0a44eabc20ec7a4c70055cc5ca774eb8518270203010001a381fb3081f8301d0603551d0e04160414a4da443af928af9afc56f540c830fc4e3ab709e13081c80603551d230481c03081bd8014a4da443af928af9afc56f540c830fc4e3ab709e1a18199a48196308193310b3009060355040613024652310f300d
	EAP-Message =
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900c2732ade952a074d300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100570b6b8b63d22871a70c3365cb16220d8b98ae7d4301fce74b18e56569b67db0797263fb5f2feada7c3b243e0ee41f2251c65f0693ced03d4860efdeb1498620e673ba603b9e3c2418c73e801300
	EAP-Message = 0x68f730304b70c7cbad58b585
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xeb2a1c90e82609c7f00b52ffc2a1bc44
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=6,
length=178
	User-Name = "user"
	Calling-Station-Id = "00-24-2C-83-AA-92"
	Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
	NAS-Port = 1
	NAS-IP-Address = 10.14.56.33
	NAS-Identifier = "test-gdl-wlc"
	Airespace-Wlan-Id = 1
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020c00061500
	State = 0xeb2a1c90e82609c7f00b52ffc2a1bc44
	Message-Authenticator = 0xa5bccb3b79bc110d40bbdcc53be48060
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 12 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1 
[ttls] eaptls_process returned 13 
++[eap] returns handled
Sending Access-Challenge of id 6 to 10.14.56.33 port 32768
	EAP-Message =
0x010d02cb158000000aad055db266297bd53796fdc9c30b15caffd8ab544d9ca86907edb447468c3e56c450e02c396449c436c9f89b7089e6d04f27644506c547bdb03cc9b2cb3ea2d36babdd01faa77f9bca03f1799e119e2c3d982ad89323f97fddbc070796c8daf1be7e7bf2b52f03d27d5a3fb82719e9fd7bee5eaeff0eb6d329ac03e5622444aa928031de84253094f8343a8976a025fd8ca31e40bd69a13c0030ecbf21c05d62723b3d669fcaad160301020d0c0002090080daab1e5d7e0d99049e01b3dca62bd3ff257c2c394048d1ca05af77693021cf2d9725699ec9866a9c3f68fcdbb570be03065efaeeb42eab6d958ae2f3792aa4b7fdaa
	EAP-Message =
0xa455325075e2df460f601f514159d78bd7e788b5d0240dfffedaeab57505b2a0749becfad86b65d910981edf7d0990bf0db90fde230f757a5d053378adf30001020080359b0b3c822887ccbad46c5fc93547d2139a75956b072d39f1fd3ad09c949f7042e463d40e455c00fbb0a21bfcb4cc14816dab7183e1863c64ff04347343d1dd51beb35fefda9108c57f67a657296efa6d7053fe70737301a07023ca62eb7bb5e8edbe402e2d38ccd8f491f7810e4768ef3e6157b161ca4677f47b15831861ad01002a5344650f914fbf5501d97c27f14937376210a865b464c869c64d02da9ed750134fc7a49ba1c641f90b964e2e66252be6ea4c9eba001d88
	EAP-Message =
0x3170f4b6dfcc0bb1789b71e309a544455eb5ca9e06fa143c5d54eb15b561abf8f8c598b0e549717cb19773e4f1b811bbfc901a6ecc9b68976daf0e95a9fb1bdaeeaff7e4caa1bcd8951400323135c1a7bf0a2ea76c7e39076db0fae999eade384b93df1de6b059fd8acefd22e1ca4155676cf8f958542c6c0572dbbf8fe05671304328459ab80696a54197da3cffbf4b04366d4d8c32c133e9277d1281e4c919c0b0290b94d1a4477a3c5c676af363637fe0e8202b1d2a6d9e825cc3a0cdc5efcb69df8348c1f54516030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xeb2a1c90ef2709c7f00b52ffc2a1bc44
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=7,
length=380
	User-Name = "user"
	Calling-Station-Id = "00-24-2C-83-AA-92"
	Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
	NAS-Port = 1
	NAS-IP-Address = 10.14.56.33
	NAS-Identifier = "test-gdl-wlc"
	Airespace-Wlan-Id = 1
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	EAP-Message =
0x020d00d01580000000c61603010086100000820080adbd458783432417ab3288fc3e8b92c05c9fb681e840bfedf3e18ae254d45688a46ed9f645c63b95c96ac8d52bfbb427b2bfdcc994c319f0b9d0929268b100959c2a05b8becfe6e233c97b559eb2cc825d06d80ed15288e08cdf1f80484f4610295a54968350feccbd357fea95a18c22ed0c52173767ea5f3ce6279c58da53cc1403010001011603010030850c47eac970716e3be39d28f9987b5ba2d9d3ebef7a3513b20538af02bb0bb67e7d60af8811a78260a3a3cc4d1fe25d
	State = 0xeb2a1c90ef2709c7f00b52ffc2a1bc44
	Message-Authenticator = 0xec284ccbc43611a9c333221901d9f841
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 13 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 198
[ttls] Length Included
[ttls] eaptls_verify returned 11 
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange  
[ttls]     TLS_accept: SSLv3 read client key exchange A 
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished  
[ttls]     TLS_accept: SSLv3 read finished A 
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[ttls]     TLS_accept: SSLv3 write change cipher spec A 
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished  
[ttls]     TLS_accept: SSLv3 write finished A 
[ttls]     TLS_accept: SSLv3 flush data 
[ttls]     (other): SSL negotiation finished successfully 
SSL Connection Established 
[ttls] eaptls_process returned 13 
++[eap] returns handled
Sending Access-Challenge of id 7 to 10.14.56.33 port 32768
	EAP-Message =
0x010e004515800000003b14030100010116030100302f18c7e1b289876d19ce10585d73e61da41965a13f0d7d6ad161d562bc1b951c8f621e1e3d0a1bb3292086c67dc50162
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xeb2a1c90ee2409c7f00b52ffc2a1bc44
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 10.14.56.33 port 32768, id=8,
length=284
	User-Name = "user"
	Calling-Station-Id = "00-24-2C-83-AA-92"
	Called-Station-Id = "00-21-A1-9E-F9-30:testGDL"
	NAS-Port = 1
	NAS-IP-Address = 10.14.56.33
	NAS-Identifier = "test-gdl-wlc"
	Airespace-Wlan-Id = 1
	Service-Type = Framed-User
	Framed-MTU = 1300
	NAS-Port-Type = Wireless-802.11
	EAP-Message =
0x020e007015001703010020aae3ea9541a8b2df748caf875a30ba7b4919efe2cea2e773ddb610d4c47620911703010040f3df9e440c0b0db2135ee7011449b33538421727705920765c60b5f323809fac40e3bb846adcf8bec94ea6e231d4d74bb2318e6dc9cb9aac7187ad153eaecc16
	State = 0xeb2a1c90ee2409c7f00b52ffc2a1bc44
	Message-Authenticator = 0x600a4febdd89954911cbcea1c34a5d6e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 14 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7 
[ttls] Done initial handshake
[ttls] eaptls_process returned 7 
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
	User-Name = "user"
	User-Password = "Newuser01"
	FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
	User-Name = "user"
	User-Password = "Newuser01"
	FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> user
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 8 to 10.14.56.33 port 32768
	EAP-Message = 0x040e0004
	Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
Cleaning up request 1 ID 2 with timestamp +305
Cleaning up request 2 ID 3 with timestamp +310
Cleaning up request 3 ID 4 with timestamp +310
Cleaning up request 4 ID 5 with timestamp +310
Cleaning up request 5 ID 6 with timestamp +310
Waking up in 0.1 seconds.
Cleaning up request 6 ID 7 with timestamp +310
Waking up in 1.0 seconds.
Cleaning up request 7 ID 8 with timestamp +310

-- 
View this message in context: http://www.nabble.com/LDAP-%2B-TTLS-PAP-tp24498710p24499258.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list