Lotus Notes Encryption
Stefan Winter
stefan.winter at restena.lu
Thu Aug 19 08:24:11 CEST 2010
Hi,
> But then again, when I tested it out, it only works locally with linux
> platforms but when I tried to test it with the wifi router and windows
> clients, it didn't.
That's because your Windows clients use PEAP. PEAP encrypts the user's
password, while Notes encrypts it in a different, and incompatible way.
Due to that, PEAP and Notes *will not work*. You could possibly remedy
this with a windows client that speaks TTLS-PAP instead. But that's
extra software to install and may or may not be practical for you.
Greetings,
Stefan Winter
> Here is my debug:
>
> rad_recv: Access-Request packet from host 10.96.100.205 port 1400, id=0,
> length=143
> User-Name = "kim.almarez"
> NAS-IP-Address = 10.96.100.205
> Called-Station-Id = "0014bf8abbc5"
> Calling-Station-Id = "002682a0ed7d"
> NAS-Identifier = "0014bf8abbc5"
> NAS-Port = 48
> Framed-MTU = 1400
> State = 0x12d80ee013da174ed007cbe32dab339b
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x020200061900
> Message-Authenticator = 0xed627311a6a1881b5ccc49e9a637dbb5
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 2 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake fragment handler
> [peap] eaptls_verify returned 1
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 0 to 10.96.100.205 port 1400
> EAP-Message =
> 0x010303fc1940a5300d06092a864886f70d010105050030818e310b3009060355040613025048310f300d060355040813064d616e696c61310e300c0603550407130550617361793111300f060355040a1308534d205072696d653123302106092a864886f70d0109011614706572657a2e32726f6e40676d61696c2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130303830353231343433315a170d3131303830353231343433315a30818e310b3009060355040613025048310f300d060355040813064d616e696c61310e300c0603550407130550617361793111300f06
> EAP-Message =
> 0x0355040a1308534d205072696d653123302106092a864886f70d0109011614706572657a2e32726f6e40676d61696c2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c377b277cfce89da192b6975f0e2c6f2860fd64da3fd80309a1ea8bb2ef91fa0d004899dfb920f5bd5bba909cc537b86d0ac729985a36c6c7bb562a02aeb6cbbadbd25c73240631e24c7bc66d8bcc423848426c6094bebdca51e781a251f99361eb4885aaa88541eabb41ccf08250ccfa82eb3f18b3ba6025f53e1994f0e9a5f81
> EAP-Message =
> 0x96ab436778d1b5b28ffa1d177836b9584f8228ae3f38eb1b255e5ecc9ffdb5fd5f41ed8f88d07fb1865be3b978d27fd8f5de8a5f66814c415f2f81948713e5475d61ff81076a6c12afd11a2b4efb8114e2dee083866a63775065a83aecaa60f96d32d41db2651e6523d1dda4968768503b77957ed302e70148af04bea6b33d0203010001a381f63081f3301d0603551d0e04160414eb114a719ea71a316c157f42cb959cbe3d7ad1453081c30603551d230481bb3081b88014eb114a719ea71a316c157f42cb959cbe3d7ad145a18194a4819130818e310b3009060355040613025048310f300d060355040813064d616e696c61310e300c0603550407
> EAP-Message =
> 0x130550617361793111300f060355040a1308534d205072696d653123302106092a864886f70d0109011614706572657a2e32726f6e40676d61696c2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900e6d6f0b5c23c70a5300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100560f8590dfda5419fd715a32a3c02c7dfea64b4f7ab3f1d76173a6206a9919d372f97837051eba6b10fa29e2f813863875f2f260ce5e7935ddc4267fb7b6230d9c2b4cdaaf825e25b4910d895ed0355c1860eb0cb62961ee54228efe26aa5315820139132002a30d07
> EAP-Message = 0xbd4b27e772945483
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x12d80ee010db174ed007cbe32dab339b
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.96.100.205 port 1402, id=0,
> length=143
> User-Name = "kim.almarez"
> NAS-IP-Address = 10.96.100.205
> Called-Station-Id = "0014bf8abbc5"
> Calling-Station-Id = "002682a0ed7d"
> NAS-Identifier = "0014bf8abbc5"
> NAS-Port = 48
> Framed-MTU = 1400
> State = 0x12d80ee010db174ed007cbe32dab339b
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x020300061900
> Message-Authenticator = 0xdd9bb4604cc491e52d93993ef5295629
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 3 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake fragment handler
> [peap] eaptls_verify returned 1
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 0 to 10.96.100.205 port 1402
> EAP-Message =
> 0x0104009e19006f0fd8a5dc5276fa83706f679780f3e60b36f5b3489d5551b7dc0590f2ddf6959d4ba9550b38329c20dce0ab3182205608a19b3d2964953695b467af4cd29ade6a679b18dfa5492a4286fe5b2a13c12d8305450e32b2441a68b97f9701655d60ad7d399f3b693b9562b3353d3bd5d730cab42857c0e5edb72fde0d9b70eeb03dd0afd787e1ceede01810d2c9e83bdc16030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x12d80ee011dc174ed007cbe32dab339b
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.96.100.205 port 1404, id=0,
> length=475
> User-Name = "kim.almarez"
> NAS-IP-Address = 10.96.100.205
> Called-Station-Id = "0014bf8abbc5"
> Calling-Station-Id = "002682a0ed7d"
> NAS-Identifier = "0014bf8abbc5"
> NAS-Port = 48
> Framed-MTU = 1400
> State = 0x12d80ee011dc174ed007cbe32dab339b
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x02040150198000000146160301010610000102010072ae88400938d0083fb0c12f09a139a709419f40b8e6e8ee460d4f27084a0dd29e3bd409b6c0ced511e697bf480c470c3610300cc2afb8b6497786541b2d2a0c2ae85b52ded272301ae94bcb6afff2486b216641263acb4e8a84c8bf344b4b11c79e32e69006ff4f7bfdfc0c718bd7432dbdd9a211766d2a88d6d97970d9e96556978300cd185226dde14cd250be748c24f91aa6b64c518248d317ca782879c14db4457507c36f2b283fd7889ec44b7077e4c36ddcb14764bc526453823ef563e726b99fa57b75cfc3df5abceae234481030dbd9b720e37340e45ed41c9b364e731a3f4a129ced89
> EAP-Message =
> 0x01a5d935cf98912a36e4be9e65cbf0cf5ac5463cc4e1628114030100010116030100308f36fda82b7cda0759ab0ee21afa5591d781fce8b1588d36f6ad3c8cf411d7fd2896ed5cf1031dd31ade315efd50fdf0
> Message-Authenticator = 0xf19bbe506fd86435dea00fe97bd3d5f7
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 4 length 253
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 326
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap]<<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
> [peap] TLS_accept: SSLv3 read client key exchange A
> [peap]<<< TLS 1.0 ChangeCipherSpec [length 0001]
> [peap]<<< TLS 1.0 Handshake [length 0010], Finished
> [peap] TLS_accept: SSLv3 read finished A
> [peap]>>> TLS 1.0 ChangeCipherSpec [length 0001]
> [peap] TLS_accept: SSLv3 write change cipher spec A
> [peap]>>> TLS 1.0 Handshake [length 0010], Finished
> [peap] TLS_accept: SSLv3 write finished A
> [peap] TLS_accept: SSLv3 flush data
> [peap] (other): SSL negotiation finished successfully
> SSL Connection Established
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 0 to 10.96.100.205 port 1404
> EAP-Message =
> 0x0105004119001403010001011603010030b2753b377ba0009e0080331ffad6cc2487b5f2964bec77e42cf81df39a55d2390cf58ae71eee164d33308963dff57f80
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x12d80ee016dd174ed007cbe32dab339b
> Finished request 4.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.96.100.205 port 1406, id=0,
> length=143
> User-Name = "kim.almarez"
> NAS-IP-Address = 10.96.100.205
> Called-Station-Id = "0014bf8abbc5"
> Calling-Station-Id = "002682a0ed7d"
> NAS-Identifier = "0014bf8abbc5"
> NAS-Port = 48
> Framed-MTU = 1400
> State = 0x12d80ee016dd174ed007cbe32dab339b
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x020500061900
> Message-Authenticator = 0x01fd398985e73333d344efbb9e9f6397
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 5 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake is finished
> [peap] eaptls_verify returned 3
> [peap] eaptls_process returned 3
> [peap] EAPTLS_SUCCESS
> ++[eap] returns handled
> Sending Access-Challenge of id 0 to 10.96.100.205 port 1406
> EAP-Message =
> 0x0106002b19001703010020ef046be0ff90417c0226190d61886f677aa0ba56c643c01435e9e1e7a16c550d
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x12d80ee017de174ed007cbe32dab339b
> Finished request 5.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 10.96.100.205 port 1408, id=0,
> length=196
> User-Name = "kim.almarez"
> NAS-IP-Address = 10.96.100.205
> Called-Station-Id = "0014bf8abbc5"
> Calling-Station-Id = "002682a0ed7d"
> NAS-Identifier = "0014bf8abbc5"
> NAS-Port = 48
> Framed-MTU = 1400
> State = 0x12d80ee017de174ed007cbe32dab339b
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x0206003b190017030100307190bd67cb930b02c0335ee671382000c7ba0ae8e918a20772fdfbf2029c11ac948f85d5ac1db3ec8404869db9d7363d
> Message-Authenticator = 0x752100cc4f0dcddef59bc1cb270c4b6d
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 6 length 59
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established. Decoding tunneled attributes.
> [peap] Identity - kim.almarez
> [peap] Got tunneled request
> EAP-Message = 0x02060010016b696d2e616c6d6172657a
> server {
> PEAP: Got tunneled identity of kim.almarez
> PEAP: Setting default EAP type for tunneled EAP session.
> PEAP: Setting User-Name to kim.almarez
> Sending tunneled request
> EAP-Message = 0x02060010016b696d2e616c6d6172657a
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "kim.almarez"
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[unix] returns notfound
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] EAP packet type response id 6 length 16
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> [ldap] performing user authorization for kim.almarez
> [ldap] expand: %{Stripped-User-Name} ->
> [ldap] expand: %{User-Name} -> kim.almarez
> [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
> (uid=kim.almarez)
> [ldap] expand: O=SMPRIME -> O=SMPRIME
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in O=SMPRIME, with filter (uid=kim.almarez)
> [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the
> user is configured correctly?
> [ldap] user kim.almarez authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> ++[eap] returns handled
> } # server inner-tunnel
> [peap] Got tunneled reply code 11
> EAP-Message =
> 0x010700251a0107002010661c04d831bfa95bcef52c9c9387ef836b696d2e616c6d6172657a
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x3a9f4a7c3a985093651140f65e1dbc5b
> [peap] Got tunneled reply RADIUS code 11
> EAP-Message =
> 0x010700251a0107002010661c04d831bfa95bcef52c9c9387ef836b696d2e616c6d6172657a
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x3a9f4a7c3a985093651140f65e1dbc5b
> [peap] Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 0 to 10.96.100.205 port 1408
> EAP-Message =
> 0x0107004b1900170301004029c7eee1f15e70ef2533d6b5a35d36168624b40f86f1a8004e6794d90be7d45c45319480d61db02f01a3854247418ee133e1707761857dff56a546518c17916f
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x12d80ee014df174ed007cbe32dab339b
> Finished request 6.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 10.96.100.205 port 1410, id=0,
> length=244
> User-Name = "kim.almarez"
> NAS-IP-Address = 10.96.100.205
> Called-Station-Id = "0014bf8abbc5"
> Calling-Station-Id = "002682a0ed7d"
> NAS-Identifier = "0014bf8abbc5"
> NAS-Port = 48
> Framed-MTU = 1400
> State = 0x12d80ee014df174ed007cbe32dab339b
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x0207006b190017030100606483cdd3ba73bce3c05308c3796c8c70d7479ec7922b1f03240faca33cfa11e64eb753d28d135e4a9a9425236ce6ba32547ad5c3d0420e0f0037413f159124de15166d366801e63e15c9de1bac2ff63e4edf0f11be92452bbb47fa60148ee26a
> Message-Authenticator = 0xf617ac11a29c2f13dad2ef64e2b03526
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 7 length 107
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established. Decoding tunneled attributes.
> [peap] EAP type mschapv2
> [peap] Got tunneled request
> EAP-Message =
> 0x020700461a02070041315dc57ae46932cd1054bd09e0436fd1fe000000000000000075cc54e270c430cf5e13c4703b5bada0537b38a1aaf0d700006b696d2e616c6d6172657a
> server {
> PEAP: Setting User-Name to kim.almarez
> Sending tunneled request
> EAP-Message =
> 0x020700461a02070041315dc57ae46932cd1054bd09e0436fd1fe000000000000000075cc54e270c430cf5e13c4703b5bada0537b38a1aaf0d700006b696d2e616c6d6172657a
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "kim.almarez"
> State = 0x3a9f4a7c3a985093651140f65e1dbc5b
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[unix] returns notfound
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] EAP packet type response id 7 length 70
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[files] returns noop
> [ldap] performing user authorization for kim.almarez
> [ldap] expand: %{Stripped-User-Name} ->
> [ldap] expand: %{User-Name} -> kim.almarez
> [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
> (uid=kim.almarez)
> [ldap] expand: O=SMPRIME -> O=SMPRIME
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in O=SMPRIME, with filter (uid=kim.almarez)
> [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the
> user is configured correctly?
> [ldap] user kim.almarez authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> ++[ldap] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/mschapv2
> [eap] processing type mschapv2
> [mschapv2] WARNING: Unknown value specified for Auth-Type. Cannot perform
> requested action.
> [eap] Freeing handler
> ++[eap] returns reject
> Failed to authenticate the user.
> } # server inner-tunnel
> [peap] Got tunneled reply code 3
> EAP-Message = 0x04070004
> Message-Authenticator = 0x00000000000000000000000000000000
> [peap] Got tunneled reply RADIUS code 3
> EAP-Message = 0x04070004
> Message-Authenticator = 0x00000000000000000000000000000000
> [peap] Tunneled authentication was rejected.
> [peap] FAILURE
> ++[eap] returns handled
> Sending Access-Challenge of id 0 to 10.96.100.205 port 1410
> EAP-Message =
> 0x0108002b1900170301002079260559645c9857376d741abe65d55cc54f1a2aa52afabbe7f7ffac0a4c92ee
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x12d80ee015d0174ed007cbe32dab339b
> Finished request 7.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 10.96.100.205 port 1412, id=0,
> length=180
> User-Name = "kim.almarez"
> NAS-IP-Address = 10.96.100.205
> Called-Station-Id = "0014bf8abbc5"
> Calling-Station-Id = "002682a0ed7d"
> NAS-Identifier = "0014bf8abbc5"
> NAS-Port = 48
> Framed-MTU = 1400
> State = 0x12d80ee015d0174ed007cbe32dab339b
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x0208002b1900170301002098690ec5e9147f0af3b0e762ad2031c2406ea7bfc98262f36fbd12a2b813e5a9
> Message-Authenticator = 0x106af60537eb38932efe628a03dea9b3
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 8 length 43
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established. Decoding tunneled attributes.
> [peap] Received EAP-TLV response.
> [peap] Had sent TLV failure. User was rejected earlier in this session.
> [eap] Handler failed in EAP/peap
> [eap] Failed in EAP select
> ++[eap] returns invalid
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> kim.almarez
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 8 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 8
> Sending Access-Reject of id 0 to 10.96.100.205 port 1412
> EAP-Message = 0x04080004
> Message-Authenticator = 0x00000000000000000000000000000000
> Waking up in 3.7 seconds.
> Cleaning up request 0 ID 0 with timestamp +14
> Cleaning up request 1 ID 0 with timestamp +15
> Cleaning up request 2 ID 0 with timestamp +15
> Cleaning up request 3 ID 0 with timestamp +15
> Cleaning up request 4 ID 0 with timestamp +15
> Cleaning up request 5 ID 0 with timestamp +15
> Cleaning up request 6 ID 0 with timestamp +15
> Cleaning up request 7 ID 0 with timestamp +15
> Waking up in 1.0 seconds.
> Cleaning up request 8 ID 0 with timestamp +15
> Ready to process requests.
>
>
> The only error I found in this debug was with the mschapv2, I don't know
> what might be the problem?
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
More information about the Freeradius-Users
mailing list