Cannot authenticate using PEAPv0 and Windows XP SP3 native supplicant
Mateusz Pagacz
matpg at poczta.onet.pl
Tue Mar 17 11:29:59 CET 2009
Hi
I spent 3 weeks trying to make FreeRadius work with PEAPv0 and WinXP SP3
native supplicant. I can authenticate using local flat file or ntlm_auth but
authentication from WinXP doesn't work.
Here's the log:
FreeRADIUS Version 2.1.5, for host i486-pc-linux-gnu, built on Mar 13 2009
at 19:44:44
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/radutmp
including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/control-socket
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
group = freerad
user = freerad
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 10.112.250.66 {
require_message_authenticator = no
secret = "XXXXXXXX"
shortname = "XXXXXXXX"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth =
"/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.pem"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "XXXXXXXX"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/etc/freeradius/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
}
}
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/freeradius/freeradius.sock"
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/freeradius/freeradius.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=153,
length=249
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x5baffb9dd034cd9aa3cb29a45831918b
EAP-Message = 0x0201000f015456505c703734303038
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 153 to 10.112.250.68 port 1645
Session-Timeout = 3600
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065cdfc3973f250f474980ad2ad
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=154,
length=332
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x722d94e3ceca44322ee60ba3bc0e13df
EAP-Message =
0x0202005019800000004616030100410100003d030149bf736722dcce9632a19c40c8caac0b9ac85b77726a8e2a55e2fef92ab5db2200001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065cdfc3973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 154 to 10.112.250.68 port 1645
EAP-Message =
0x0103040019c00000092e160301002a02000026030149bf736738a1795e83e117ee5d27d262d6f7af42b18f18a9925a94c6d2d1d3000000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
EAP-Message =
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
EAP-Message =
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
EAP-Message =
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
EAP-Message = 0x28079b2e590993d13d8ea1c9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065ccfd3973f250f474980ad2ad
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=155,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xd0131129f48c7f344a6d29179fc4adba
EAP-Message = 0x020300061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065ccfd3973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 155 to 10.112.250.68 port 1645
EAP-Message =
0x010403fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
EAP-Message =
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
EAP-Message =
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
EAP-Message =
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
EAP-Message = 0x6572746966696361
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065cffa3973f250f474980ad2ad
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=156,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x7a6f3b1b53834e2106f048f4218e8fdc
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065cffa3973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 156 to 10.112.250.68 port 1645
EAP-Message =
0x010501481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
EAP-Message =
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065cefb3973f250f474980ad2ad
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=157,
length=574
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xab5bdc9d3518e5ff8322121b07cd24f1
EAP-Message =
0x0205014019800000013616030101061000010201001e7cd090ff71bf192b8cdc4b91cd2b54c0934456f9e035acc7374c09873d855badaf066e3c9aac495ca867532f2bc0b14b291b2b518497991f12cdc908b2a6f18f23f636c2be3fea94c876feca9534fcb0279764c69b050d11e1963a8d93e64e83802927a7bb646fc2aa7126dbdb0903f2e400a1843921e97db7f31813a1504e79b2c1081c1faba8fa6fab41e426a2059ee10f14e75d991a00ea67d47c5bfc047d585b239c90a7548b3258b88c1e5aa38073ec9c957c01e379d0178001a4f251eac068b24ddf5cefa362116e0b68aa518da2d9cb214da11796cf49337fc6c5581e44c11173f10d79
EAP-Message =
0x5ba4e12506fad7fb811e6786855ef98f9f9fbd8c3f8140ac14030100010116030100208c79d5a0fe46df96051e904c0b9980fc6fb0ff0e4b181cec34f6d74da4f4a16f
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065cefb3973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 157 to 10.112.250.68 port 1645
EAP-Message =
0x0106003119001403010001011603010020b6916cdea4d91c27b28b16722d40ca38b7e83bc89a7936c95fdafc48c86d8883
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065c9f83973f250f474980ad2ad
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=158,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x44325309820ffa12b30c214d2694708d
EAP-Message = 0x020600061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065c9f83973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 158 to 10.112.250.68 port 1645
EAP-Message =
0x010700201900170301001535401f02148f70a1bda51fa3b69abb7dc556d20673
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065c8f93973f250f474980ad2ad
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=159,
length=290
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x3b372e42aa519786123f192e486d2982
EAP-Message =
0x020700261900170301001bab7b003deb0b93e4d5ce89d15660b21eefa1929c675a008d180777
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065c8f93973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
EAP-Message = 0x0207000f015456505c703734303038
server {
PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message = 0x0207000f015456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010800241a0108001f10335a4805c94f167ffc24ceaae6a242d45456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8514698c851c73de6383db5f8319a5b1
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010800241a0108001f10335a4805c94f167ffc24ceaae6a242d45456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8514698c851c73de6383db5f8319a5b1
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 159 to 10.112.250.68 port 1645
EAP-Message =
0x0108003b19001703010030bef0b99fb4258235bc8654c2dae2d201c3530fd9ebaa29893a52f6ab129eb45585066c663582c6e0bc7b3f3be28205f8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065cbf63973f250f474980ad2ad
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=160,
length=344
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xfd2b892111c1f12c1e60fb4820524b78
EAP-Message =
0x0208005c1900170301005161f7025ea840d7f5823c98e467db708e6fbdfa2ce84fc8dddfdef59c419b2c1734b908b114fee270d140e76d2fdd604b262cf5018e4b3286cff5c09f0f50790b51047b0e94e5957bca3eda76c63f882238
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065cbf63973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020800451a02080040318c57226b5d6ea2d975f66b2a193e898800000000000000005fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a005456505c703734303038
server {
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message =
0x020800451a02080040318c57226b5d6ea2d975f66b2a193e898800000000000000005fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a005456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
State = 0x8514698c851c73de6383db5f8319a5b1
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap] mschap2: 33
[mschap]
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=665a186a2744c21d
[mschap]
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=5fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8514698c841d73de6383db5f8319a5b1
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8514698c841d73de6383db5f8319a5b1
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 160 to 10.112.250.68 port 1645
EAP-Message =
0x0109004a1900170301003f6145ec30002debef77be6fabe99fbe76b3510591ae8dfd4bb27523dbefd8970ce673f9bcd55ac41603f5163ef61aaba69c074a5cb60d0c7b9c23856fe47a96
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065caf73973f250f474980ad2ad
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 153 with timestamp +11
Cleaning up request 1 ID 154 with timestamp +11
Cleaning up request 2 ID 155 with timestamp +11
Cleaning up request 3 ID 156 with timestamp +11
Cleaning up request 4 ID 157 with timestamp +11
Cleaning up request 5 ID 158 with timestamp +11
Cleaning up request 6 ID 159 with timestamp +12
Cleaning up request 7 ID 160 with timestamp +12
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=161,
length=249
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xe228fa4baf34109d516a99e37534a781
EAP-Message = 0x0202000f015456505c703734303038
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 161 to 10.112.250.68 port 1645
Session-Timeout = 3600
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a576992b17b71cf6b836ab72
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=162,
length=332
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xa4c8094461a7f9af463251323caf79f6
EAP-Message =
0x0203005019800000004616030100410100003d030149bf7385ae4924e8192fd3dfa74c41b19ad157988c44e52d14e99da996adc3b400001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a576992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 162 to 10.112.250.68 port 1645
EAP-Message =
0x0104040019c00000092e160301002a02000026030149bf738605a363453e465ca291b4794959af9290b7601d1a37417a2b497a03ce0000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
EAP-Message =
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
EAP-Message =
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
EAP-Message =
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
EAP-Message = 0x28079b2e590993d13d8ea1c9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a471992b17b71cf6b836ab72
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=163,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xb6ff7161df8db2ae677dcebd84a53b85
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a471992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 163 to 10.112.250.68 port 1645
EAP-Message =
0x010503fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
EAP-Message =
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
EAP-Message =
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
EAP-Message =
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
EAP-Message = 0x6572746966696361
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a770992b17b71cf6b836ab72
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=164,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xdfe51030a315137a4132e7287254ce08
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a770992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 164 to 10.112.250.68 port 1645
EAP-Message =
0x010601481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
EAP-Message =
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a673992b17b71cf6b836ab72
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=165,
length=574
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xb4de6a4ff4348463155fd850059775a1
EAP-Message =
0x0206014019800000013616030101061000010201004f4ae73fe1be7d30acfd1cb5a4389a1f9de8785911af2ca4fdb8ac00d7945565c11a43c810a30f76a3b167c95717b0639300061a901da1ce8b6485c461c3ddd413b691826bd1a9ab56a73fc38e61a1f518098a6ee597295239cb068fb70703755917e1b67fa3e66c52e8833ba3becb330065fefe7ed93bf5f653033cdaa015d1d9746f839c7e39e23b050406a51e6ea5f0e391fe57e0e4d8358aec30dd9a908155cc500ea2bc3d16da296bf140206575d391fea4c6380e799cd5f7fb51bf6c5c5bfa34c9eaac8be334db2c36fc30e59d5b9ebf0d0bfa358e6336d72762f47e063298fe22ce1d23bf
EAP-Message =
0xfaad05baf0aa757cc3496a509087ec213d36bcdec3745d601403010001011603010020f1de6fa684e1822b016ea76bf478b7332fb9d7178ba963452ee3a0d0ef1c2170
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a673992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 165 to 10.112.250.68 port 1645
EAP-Message =
0x010700311900140301000101160301002007a07f19ed77680ef286f39db5f72d84904e2ce4f18605a26a891c830f788118
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a172992b17b71cf6b836ab72
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=166,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xba106d6ac81c2ab2d2af33203af59dfb
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a172992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 166 to 10.112.250.68 port 1645
EAP-Message =
0x0108002019001703010015d29cdc6fce0a9cafb6f20924de3208174b6df7b2f1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a07d992b17b71cf6b836ab72
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=167,
length=290
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x2705336f241836f6b24f00b588e13b73
EAP-Message =
0x020800261900170301001b1ad7c2bfa6dd0cf866701399664bc207fa635e0dda7be377e9f3e9
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a07d992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
EAP-Message = 0x0208000f015456505c703734303038
server {
PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message = 0x0208000f015456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010900241a0109001f10fb8f03dc689de41ef22260b1da587a7d5456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x52cdb58652c4af523153f09f4bdf6cdf
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010900241a0109001f10fb8f03dc689de41ef22260b1da587a7d5456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x52cdb58652c4af523153f09f4bdf6cdf
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 167 to 10.112.250.68 port 1645
EAP-Message =
0x0109003b19001703010030567f55f1c932102a7393dd1788f03f0c56caa83abba0a9dea8ae9efd076672556c04f662912c3a591557a46d00dc0bb9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a37c992b17b71cf6b836ab72
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=168,
length=344
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x51f11715a3fd4e4b3f4f60e94f2ec217
EAP-Message =
0x0209005c190017030100516108e772ad1a8697bd98eb78aa5a6ddd1ce48bbd3f5806b8976c07e1d8075fbf2b446ac911cf3d9c32dc87a9fbbb74fc4e78f278669f21845f60bb2396bc4a9fbb911b08264853bb1eb7692701c52caa07
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a37c992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020900451a020900403129739db92821f571fdc45b2527a4a8710000000000000000a3a3783202886260550809a31b871ef23053c43001e5ac32005456505c703734303038
server {
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message =
0x020900451a020900403129739db92821f571fdc45b2527a4a8710000000000000000a3a3783202886260550809a31b871ef23053c43001e5ac32005456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
State = 0x52cdb58652c4af523153f09f4bdf6cdf
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap] mschap2: fb
[mschap]
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=3fd187592f201e30
[mschap]
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=a3a3783202886260550809a31b871ef23053c43001e5ac32
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010a00331a0309002e533d42394142373544343636363846334341393643424445424444414632363045373245414244463433
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x52cdb58653c7af523153f09f4bdf6cdf
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010a00331a0309002e533d42394142373544343636363846334341393643424445424444414632363045373245414244463433
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x52cdb58653c7af523153f09f4bdf6cdf
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 168 to 10.112.250.68 port 1645
EAP-Message =
0x010a004a1900170301003f7cf22b3d3b98defde4a8507f1d8a31afc97dcbeb2dbfee786dfafacde6932185a0d25b034e2adea0a020d3893597c210a797cc4a9ebc8cd55def9c36429564
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a27f992b17b71cf6b836ab72
Finished request 15.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 8 ID 161 with timestamp +42
Cleaning up request 9 ID 162 with timestamp +42
Cleaning up request 10 ID 163 with timestamp +42
Cleaning up request 11 ID 164 with timestamp +42
Cleaning up request 12 ID 165 with timestamp +42
Cleaning up request 13 ID 166 with timestamp +42
Cleaning up request 14 ID 167 with timestamp +42
Cleaning up request 15 ID 168 with timestamp +42
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=169,
length=249
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x3be0e1f7c4bdcd75667064f66e9619ce
EAP-Message = 0x0202000f015456505c703734303038
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 169 to 10.112.250.68 port 1645
Session-Timeout = 3600
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e0dcdd5bdcf2e1539bf5f4d5
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=170,
length=332
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xbf6cb6e421103d910c3c82c82f88bd5f
EAP-Message =
0x0203005019800000004616030100410100003d030149bf739e913e31e053095a9e843be3c58f034a298848371dd1c09614cd391e4f00001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e0dcdd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 170 to 10.112.250.68 port 1645
EAP-Message =
0x0104040019c00000092e160301002a02000026030149bf739fccc26f0bff62d4adf8845c4e97faa5044de6a40cbc6a3d141df295460000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
EAP-Message =
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
EAP-Message =
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
EAP-Message =
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
EAP-Message = 0x28079b2e590993d13d8ea1c9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e1dbdd5bdcf2e1539bf5f4d5
Finished request 17.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=171,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x5bd29e753b5b6c6911fe48ea4d2bfa97
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e1dbdd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 171 to 10.112.250.68 port 1645
EAP-Message =
0x010503fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
EAP-Message =
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
EAP-Message =
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
EAP-Message =
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
EAP-Message = 0x6572746966696361
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e2dadd5bdcf2e1539bf5f4d5
Finished request 18.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=172,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x899989aaeffc2cf16fbb292d1c60c2d1
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e2dadd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 172 to 10.112.250.68 port 1645
EAP-Message =
0x010601481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
EAP-Message =
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e3d9dd5bdcf2e1539bf5f4d5
Finished request 19.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=173,
length=574
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x8cfa2e92c1c9550959ecb56811542921
EAP-Message =
0x02060140198000000136160301010610000102010057de7fce03ef2b8da4e5b4a105a4938396646061d6bf4486715999c867fc99da6069907e919d977bfac45d0d866bed53b3c13df4acc7dbcf1f7de7e8e57c93656969653b30d7e96f85a8e4122e1997a86e43cfd9039e445be035d2434f9ad1f44261415ccd9c125d686ba6de81672a600dae2d4a067bc8198ea5e9a5055e0fc2f2e605e29c39af8e97ee074e666b9bdc52166efbc09204d164498d78ae57083eed44122760b6eb502fc7d24ea6184b9cf0d7a61b180116f437ce830d8df884ac7f2cda98c7ba4f234a5f160935eed729268888b8c83c23b360886bcfe0653fb9ced420787dd421ea
EAP-Message =
0x841df0bb7038200cdf994122a71503bf9e1794d4f88ea851140301000101160301002040d928941d205e02f0ac96dd252e0e9e806618aff68a50fd862e43bed90802a6
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e3d9dd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 173 to 10.112.250.68 port 1645
EAP-Message =
0x0107003119001403010001011603010020acaa165528e5d93a321a708cf754e35cca549e7643dfef26ac19d55ccbeb412c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e4d8dd5bdcf2e1539bf5f4d5
Finished request 20.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=174,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xa7fab4ed557ac954fe15e673b18d8597
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e4d8dd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 174 to 10.112.250.68 port 1645
EAP-Message =
0x010800201900170301001566c7f1fc2634b5b865e8288393a6cbc7af0a1d9880
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e5d7dd5bdcf2e1539bf5f4d5
Finished request 21.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=175,
length=290
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x87b7cd805492d90012ee6fe3840fbe74
EAP-Message =
0x020800261900170301001b8c1f3e834415347b60d0401abab425d2419ebc2ca5a39c71617b70
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e5d7dd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
EAP-Message = 0x0208000f015456505c703734303038
server {
PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message = 0x0208000f015456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010900241a0109001f10ebc5d28109e59877ad0eb6e5ed998a3a5456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x070b039c0702199a3e8b7d3fe7983ece
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010900241a0109001f10ebc5d28109e59877ad0eb6e5ed998a3a5456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x070b039c0702199a3e8b7d3fe7983ece
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 175 to 10.112.250.68 port 1645
EAP-Message =
0x0109003b19001703010030d6bbeeb624eae82978780dceba30ccf11d56eb19b12b72bef613865766c35f15dfe3a9861a6227996556d195699cfb17
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e6d6dd5bdcf2e1539bf5f4d5
Finished request 22.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=176,
length=344
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x34211457b4aa30443e0504e440f2edaf
EAP-Message =
0x0209005c1900170301005119ca998b681a059cc2e26e22eb36b08ee9a8122b45113dc28fac5da0ff4cabccdfa8310120f9c7e9f836c48018cabcf1ac6a50aa7080793c5cd352ea5939b1ce08ba92b090626e199f46b847df9c026bfd
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e6d6dd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020900451a0209004031d57addd65a1fd2c4f3ca6a5cb544c0270000000000000000c6bf5111c616439e7175f41b9924336435d4d9446152b20c005456505c703734303038
server {
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message =
0x020900451a0209004031d57addd65a1fd2c4f3ca6a5cb544c0270000000000000000c6bf5111c616439e7175f41b9924336435d4d9446152b20c005456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
State = 0x070b039c0702199a3e8b7d3fe7983ece
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap] mschap2: eb
[mschap]
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ba92db7b369561bd
[mschap]
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=c6bf5111c616439e7175f41b9924336435d4d9446152b20c
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010a00331a0309002e533d35363744444133313030464533303236383636343737433830413935373733304642353544303938
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x070b039c0601199a3e8b7d3fe7983ece
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010a00331a0309002e533d35363744444133313030464533303236383636343737433830413935373733304642353544303938
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x070b039c0601199a3e8b7d3fe7983ece
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 176 to 10.112.250.68 port 1645
EAP-Message =
0x010a004a1900170301003f01156130446ebb52b406e3df036bca41381aa01ab7af3b1de37099bc1e1e348cf7745608f1e03fd226d5e92f44622ca20a02c09289e4fb9aa04f9211b285cc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e7d5dd5bdcf2e1539bf5f4d5
Finished request 23.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 16 ID 169 with timestamp +67
Cleaning up request 17 ID 170 with timestamp +67
Cleaning up request 18 ID 171 with timestamp +67
Cleaning up request 19 ID 172 with timestamp +67
Cleaning up request 20 ID 173 with timestamp +67
Cleaning up request 21 ID 174 with timestamp +67
Cleaning up request 22 ID 175 with timestamp +67
Cleaning up request 23 ID 176 with timestamp +67
Ready to process requests.
Any ideas?
Thanks in advance,
Mateusz
More information about the Freeradius-Users
mailing list