Meraki Access Points Login incorrect for SHA-Password
danodemano
danodemano at gmail.com
Sat Dec 4 16:22:34 CET 2010
As requested, here is the debug output with one failed login from the Meraki
AP and one successful login from radtest, both using the same
username/password. Thanks!
FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu, built on Oct 19
2010 at 19:44:32
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/control-socket
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/raddb/modules/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
eap {
default_eap_type = "ttls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "[removed]"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/raddb/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb/modules/files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
Module: Linked to module rlm_sql
Module: Instantiating module "sql" from file /etc/raddb/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
port = ""
login = "radius"
password = "radius"
radius_db = "radius"
read_groups = yes
sqltrace = yes
sqltracefile = "/var/log/radius/sqltrace.sql"
readclients = yes
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id"
authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id"
accounting_onoff_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime =
unix_timestamp('%S') -
unix_timestamp(acctstarttime), acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
%{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND
nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <=
'%S'"
accounting_update_query = " UPDATE radacct SET
framedipaddress = '%{Framed-IP-Address}', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username = '%{SQL-User-Name}'
AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime,
acctsessiontime, acctauthentic, connectinfo_start,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, servicetype, framedprotocol,
framedipaddress, acctstartdelay, xascendsessionsvrkey)
VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',
INTERVAL (%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}'
<< 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay,
xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET
acctstarttime = '%S', acctstartdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_start =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}'
AND username = '%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}'
AND username = '%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0})
SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}'
<< 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress,
callingstationid, framedprotocol FROM radacct
WHERE username = '%{SQL-User-Name}' AND
acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius at localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
shortname, type, secret, server FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id, nasname, shortname, type, secret, server
FROM nas
rlm_sql (sql): Read entry
nasname=192.168.9.12,shortname=Laptop,secret=[removed]
rlm_sql (sql): Adding client 192.168.9.12 (Laptop, server=<none>) to clients
list
rlm_sql (sql): Read entry nasname=192.168.9.9,shortname=Netgear
Prosafe,secret=[removed]
rlm_sql (sql): Adding client 192.168.9.9 (Netgear Prosafe, server=<none>) to
clients list
rlm_sql (sql): Read entry
nasname=192.168.9.11,shortname=DD-WRT,secret=[removed]
rlm_sql (sql): Adding client 192.168.9.11 (DD-WRT, server=<none>) to clients
list
rlm_sql (sql): Read entry
nasname=192.168.9.2,shortname=Untangle,secret=[removed]
rlm_sql (sql): Adding client 192.168.9.2 (Untangle, server=<none>) to
clients list
rlm_sql (sql): Read entry
nasname=192.168.9.16,shortname=Meraki,secret=[removed]
rlm_sql (sql): Adding client 192.168.9.16 (Meraki, server=<none>) to clients
list
rlm_sql (sql): Released sql socket id: 4
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file
/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_detail
Module: Instantiating module "auth_log" from file
/etc/raddb/modules/detail.log
detail auth_log {
detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file /etc/raddb/modules/detail
detail {
detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.accounting_response" from file
/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "reply_log" from file
/etc/raddb/modules/detail.log
detail reply_log {
detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=0,
length=149
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000a017465737432
Message-Authenticator = 0xf47fdc4ebc8e552a0df6de5eb01e03e6
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> test2
[sql] sql_set_user escaped user --> 'test2'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'test2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'test2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'test2'
ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'test2' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.9.16 port 32913
EAP-Message = 0x010100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf06d1419b1d9490c16687f92
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=1,
length=163
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060319
State = 0xf06c015cf06d1419b1d9490c16687f92
Message-Authenticator = 0xb193a058a11e0ac9a7eccbce8d2039cb
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> test2
[sql] sql_set_user escaped user --> 'test2'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'test2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'test2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'test2'
ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'test2' ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.9.16 port 32913
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf16e1819b1d9490c16687f92
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=2,
length=255
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x02020062190016030100570100005303013878c091f5846f57aac2bc0865309e9efb1310d4bcc7e45194b22042220c471200002600390038003500160013000a00330032002f00050004001500120009001400110008000600030100000400230000
State = 0xf06c015cf16e1819b1d9490c16687f92
Message-Authenticator = 0xa8bad18ff8df93fc7dc21a30fca75e4e
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 98
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0057], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0c8c], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 030d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.9.16 port 32913
EAP-Message =
0x0103040019c000000fdb160301002a0200002603014cfa5be9ea68081efb83a301cca521d212a701eb4696165e96430a5be3f4f44d000039001603010c8c0b000c88000c850005b7308205b33082039ba003020102020101300d06092a864886f70d010104050030819c310b3009060355040613025553310d300b060355040813044f68696f311430120603550407130b57657374657276696c6c6531183016060355040a130f44616e6f64656d616e6f20496e632e3123302106092a864886f70d010901161464616e6f64656d616e6f40676d61696c2e636f6d312930270603550403132044616e6f64656d616e6f20436572746966696361746520
EAP-Message =
0x417574686f72697479301e170d3039313232333134343334345a170d3139313232313134343334345a308183310b3009060355040613025553310d300b060355040813044f68696f31183016060355040a130f44616e6f64656d616e6f20496e632e312630240603550403131d44616e6f64656d616e6f205365727665722043657274696669636174653123302106092a864886f70d010901161464616e6f64656d616e6f40676d61696c2e636f6d30820222300d06092a864886f70d01010105000382020f003082020a0282020100a9bc31da4996c9ea40c2516c0032ea6151545087d308690ae32050d0f946da6f06d16be28c2a6293a14292ff7e
EAP-Message =
0xe33c19af3bceda9d88b964a174f18e6f22d4803b54bc7f600bf74c658870a0a1e2665bcd10e0fefc3df2568e3651053fcd1c6c33ade79b1badd0da51cd0e7392f04310820c7b68824772570067740515f7672d6bc8f1f06d8e3861a46b5b558f5ed82c968b6de23400d41aa5be092c8b9413a8f619a042341be6cc84a9bc70077610abe06679a000bae17ec5f0f3906eaf055b7ff5dc67fd961d577325608cc0ef00a1f3c3332992e2a19ae0bdf7b5a74bd73775f7af6dfb0a4ef82de7c466fa0df1a6fa316a99cfece4511b179e205160361b6fabbcde9cf9a943d9b60aa4f6edbd8e4a3241715b233d0d086076969ae333f25af94db5f3e44396f70b
EAP-Message =
0xd391805af77e512192e2a1578dc6580c88ed6fad37620de6d1cf4dffc62dba7f723aa3de54efbff6b3c8efe59330e41bc35bee47d3a65abc8f1cd4b91af3ea267d921e319c50ea135dfbd9b8f04b464bc88cb241f1408c593ca8a2604050b440851d4360206acdcc0eadc2e22b850b75dd7b9a9b00431f08bb16de3126f43dde3ae6c1d1852fe550f759dc8cb43a84db0cdbe73f838d0322cafc6af578898892a511458da4c29d97f25eb28469b8ab422b676a67e8e423ce34092383ba7fb8ea64a67d4b5801fafb8b58e26ca9ab20af4b24af5143810203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f7
EAP-Message = 0x0d010104050003820201007c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf26f1819b1d9490c16687f92
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=3,
length=163
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0xf06c015cf26f1819b1d9490c16687f92
Message-Authenticator = 0x4366208b02ab967b3903c18fcc0912ed
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.9.16 port 32913
EAP-Message =
0x010403fc1940533eada144756fa01b725e328ad13cb87ddb7e7fe2b47d6b56b32640bba723481d31624d2371ea230fd86728f57c275c1b181156a1071c251df10971a7d406360b32668e76d504fa251af3c93bd17ec3fda167903bf5d17e9a9278c18421ffa4f234c5f8c48292d4cc528cbbdead6ceec25ef37cfa236022614504f483575f9e0f6f2758c05ddc86adad1a09b51e232cbbed1fff33551cc0535fe9fd7fb7310e80e4823cabf63d4078c5f92e1b21a0d5404ee5def28a8d173c4e43c56ddd33f1572ad4b92ced2bb94f6aa5e3bb07c5f157090cc25d837f338a1dd9a71cf06175893957ed12e27cbb61c4f5f4481a53b74d065f9f8d2a68
EAP-Message =
0x4133100449b4f9392b58d70257a2ddc31cde68d8247afd6a9d0750f27c584aa0ed8759b2ab893f4743ee2fb742ca484a7b61bf028ae48f012d9a9dd4e1a5f05f4ae44cffa847c9503f42dbdc3a50d118c8ae4ff888b523f678044fbe187aa73a799d23545d12dc6411a8df3fc9493b2b8a68594ad3c702cb56beb316efe5904d3bda4c644a5d6fe6c491483e3dfdf40f6d3fc8c50f47ed9a36d4133fd4f9f59fb7a347be350af30c4db8764b5cb18d505d97f9bdfa7df602d4f72e1c114b50ba90cc5f2707f229c5dfe81c618b4a54c1ae21a83e715b3e1c046c78d848444cf7a727386dd120afb53c90a4ac4bf3d39edbbe252edad9699bb8325b5079
EAP-Message =
0x1370b64bfa2ee799605fd30006c8308206c4308204aca0030201020209009544e99932aecf9c300d06092a864886f70d010105050030819c310b3009060355040613025553310d300b060355040813044f68696f311430120603550407130b57657374657276696c6c6531183016060355040a130f44616e6f64656d616e6f20496e632e3123302106092a864886f70d010901161464616e6f64656d616e6f40676d61696c2e636f6d312930270603550403132044616e6f64656d616e6f20436572746966696361746520417574686f72697479301e170d3039313232333134343334345a170d3139313232313134343334345a30819c310b30090603
EAP-Message =
0x55040613025553310d300b060355040813044f68696f311430120603550407130b57657374657276696c6c6531183016060355040a130f44616e6f64656d616e6f20496e632e3123302106092a864886f70d010901161464616e6f64656d616e6f40676d61696c2e636f6d312930270603550403132044616e6f64656d616e6f20436572746966696361746520417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a0282020100ae37d19589edc543a783ea46afb501f73fa1af691eceebbd2884085d066457b00b089f66aa729ddd7370a97efd6a7b5243c30991eb1115a15916f901fa984227c6b7f371c61a
EAP-Message = 0xca295df54e64ba60
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf3681819b1d9490c16687f92
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=4,
length=163
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061900
State = 0xf06c015cf3681819b1d9490c16687f92
Message-Authenticator = 0xb34f758491c7d7e2f0b5e12eeeb49281
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.9.16 port 32913
EAP-Message =
0x010503fc1940aa5ccb8bccea41e6f0eeec05329be9806e30c460dc996b1ca95566ef81e12883ff12a594017f951af8c7bc83c114d4f73ebd70d79b39a652e2cf4b611150edc22870964abb11fce6019b765d5dbcc9c978122408d779de91739a5d05a749bb836b0ee2788c82038029879637b3be309499f90dfb3888a3264bd2163ef1c7d41cd6e0ced07edc4e1c957e411d4f64da3ba867cfc093a2c8e4a796fd13eb7a0e7a45c55e91c080a98fcf2962ebe142712282903a6226b56df95ae4b0382bc81591546aab0a2d1b365a71d0a486a353c193a9d839675a63c794a0ff604c72413e66d2e72bcd417632d0fb6032df076e4ea3f2208ebf103258
EAP-Message =
0x286e34cc6c3c80cdb4cf7947eea0e68634f0469fca0a9ae16f0f528e786a1f2802bae06b54013b71bf0879b552c1345627c4f7fbe2b9dfa948ceed176d40cde39898e13b5ae961994afb2bb0b91e8acafac3a3432bd8d2ac05d6b590a9170640f611e41c1ef056b0a96d5b0054f32cba8c9f093168391166828271b37aebedc05c3ca1b46869fdde73e3a32cd22033c0dd8d3a5e45f8aaebbfef9623244fec5370f9eeb467ef52fb283291d0e3a0cd80c9c36805054b6fc81393e10203010001a382010530820101301d0603551d0e041604142e56325334a71fa7a213b135749ce1953fcc10203081d10603551d230481c93081c680142e56325334a7
EAP-Message =
0x1fa7a213b135749ce1953fcc1020a181a2a4819f30819c310b3009060355040613025553310d300b060355040813044f68696f311430120603550407130b57657374657276696c6c6531183016060355040a130f44616e6f64656d616e6f20496e632e3123302106092a864886f70d010901161464616e6f64656d616e6f40676d61696c2e636f6d312930270603550403132044616e6f64656d616e6f20436572746966696361746520417574686f726974798209009544e99932aecf9c300c0603551d13040530030101ff300d06092a864886f70d0101050500038202010087043b2dabf2672533c920d1cbc0dc3b4aa2f17917ece81f6fc5a217ea
EAP-Message =
0x8cd1a75c4845c29077f8d6c5ef6cb3fa143f1f3f5e77bf2e049982a1340f4a09f8f9964e3449527ff1a7bd46616f029b758cd615f3497a9a2c5ae68f56ed03d21f375d372bf8a73125bf1ddc37683cf8342272aba940e14582c625bbd5a6a0cde5c810eda79a715a15766425494d7a45566cd428e54eff030a8cc6fcbdbdfbcea50f7d358e5697dcd2d0be73ef8ef1d64d6b14e5ff2d2863fd7bb29367c9f0a980f5ce6d9cecf34623746dbe4a4a37d453362ec8fc52a51eeafc6c966e3f7f73e077f83afcb535187f54982576a361c09ac4eae4dbb45ed01166ca12820a0f35a4ab8f49ae1c21e8819abf7e29eb94871fc682baa86a11fc303df2a560
EAP-Message = 0x0116bcfee63ab721
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf4691819b1d9490c16687f92
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=5,
length=163
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0xf06c015cf4691819b1d9490c16687f92
Message-Authenticator = 0x05dafca3ac25181e18bf5ceb3d3af496
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.9.16 port 32913
EAP-Message =
0x010603fc1940fa9951423943e5f637f9c974f02a2f6429ff8a34e2a6b9c7aec86b9d7e5c171eda9ada85cbdf22e4d694612b81ef7ff09ce22888e46c3875406f9b6a80fd7e6048a27957567f82de5bb8a993b5b11ef068ed7eb9e93baa83454e3f55d745cb87587eea6afbcc03ec4d5a4b8a5601d8040331344041ca6fec58ab6e2563b35c9c14b101cbef7c95b18a2194c5884408ab9e82ca46d92eaa4f1c8c971090a133b9e1762585380e9fd05cd4275b4e2fe0ceeea49be43c5df7d97c43684d47369705e62af5db4701c7abb6862858a765c2cbcc527399e242096fff5e6908d19e160301030d0c00030900808f99e981ce0d1842f1da581f9ac3
EAP-Message =
0x295e063fdf5eab455a818579d626ee8d809337d7a96e18504ba50d03171a53876901280b2920aa2306a6d13bdf1bd53c449612da0f77328f91779b69560af6fc7f35deff98692416f0dfa4398be851180928025e9d473bf0eafb97de97cbf1e2d40119cebdb12e23d500e3d0bd072d5d65b3000102008024744848706165dbe65ef397dda05fa04a1f361f43b030ac382f5188e469725baf119bd88288066af0870f6f453693cb29b9aec839ab810257169023060a15d539be504dd376f3a637f2c7112b45cca6c93207c7eb38737a1cbdc588765fb5a9b4f26166afeb9e851b6fba405b8fdf453951b17e8d16c23127e143392ed36a90020050e943d2
EAP-Message =
0xfdaa7884dcd787b8bc2f63dd848fc31f128d6a482027538433bbcc6d5e6429d9ab226d85d615eb8848d8e82272d1e0a4bf32ea9b4cb6b82ef8047b5e5c58e6e4f21b4c273f8e717ba199c3e02729349282ca2368a19a6798239a58507ab4206514c5c62078287cb38def7ad1e2f95364478e66e32f4b782fc417c5c7be5288e696543a0373e885f9ff3bf6306d7c31eb42ed12497b9f3481bc66e1f4c507f6f341fc15da36d92b4d3877eadc5d99d6585db18f13773fbc613d35ce397eac3c4f1f00f83b9f4ed17df54c41fa9a3587dd5dbf761e6234105a1796e2b7427867470b4e7b2fe9ae53fa92940c6b3df54275d87b200750a2be2e9a3f70a24d
EAP-Message =
0xbac7ddf84cff448819588e7fc53e2d490b60cf76655e52b0626b34d04c2a0b491df19064afa48360a62ce8a5c1a8f4093dce719b9166db0a374669b9c4771cfb3bafa878f36cc6a2a4d69cf7fc860e8c01ca3a9f434ee264edc7641cd86ccf6a7e590967b58120ef7ef41f364ca4a58dc4a69fc12615c06ff17ee2018cfb9d6354c3c60dec90e3373c0485e4a55aafb47881e40fc6619e5bd6032cfba59d9dccff1140fa7a2f8f822c78e3bddc3e4ef15d9e08a4b66f03aa6f108a22beb1acf0f371860f97a7e011ba731510b9cb869488c65d65ed68c012e6d6828578e5aff214a516617711f3cb29657f790d5082d167f370e6b8d90c3872a0fdb18e
EAP-Message = 0xa4d716030100040e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf56a1819b1d9490c16687f92
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=6,
length=163
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600061900
State = 0xf06c015cf56a1819b1d9490c16687f92
Message-Authenticator = 0x08e19d1f8f9d43ea0f3cc3728b4cc5ae
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.9.16 port 32913
EAP-Message = 0x010700091900000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf66b1819b1d9490c16687f92
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=7,
length=361
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020700cc1900160301008610000082008004ebf90ac050fcbf7988f94966f1198669bde564ad17934955a7579f3d596bca67ee6a78fc64225e0c7e5ed970a6265443c7fea2f9dcf9fedcbee394bdb3497a65d0e55e1d4996a4ba85c2241d6dabc701bd51584e381c5cd8dfc3c39a8ab9f0a261b4a8bf50a01a2cfca02dd16280748b62601d74d32416a18d67fc1d8e767d14030100010116030100309f5869caa0adb11e66e1640413599e9ab3d639af5466d8cd77388cc618230928f77cbbdb2d725a0c5b094f75df61aa59
State = 0xf06c015cf66b1819b1d9490c16687f92
Message-Authenticator = 0xb7b1f52a1f60717183d0d1992408169d
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.9.16 port 32913
EAP-Message =
0x010800411900140301000101160301003010d81e27eaa97a3c31125465d032464b5aa0d3a744729212e91dc648d8251abee8220aac1303f3b06c6819a3be5e3fcf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf7641819b1d9490c16687f92
Finished request 7.
Going to the next request
Waking up in 4.1 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=8,
length=163
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020800061900
State = 0xf06c015cf7641819b1d9490c16687f92
Message-Authenticator = 0xf1cac69b002bdbbd3e273b143a616533
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 8 to 192.168.9.16 port 32913
EAP-Message =
0x0109002b190017030100206b203b0789aa0fa96115dbe0f0fa73bedf0a8d71e39c5739ed88f7ef10671fed
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf8651819b1d9490c16687f92
Finished request 8.
Going to the next request
Waking up in 4.1 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=9,
length=237
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020900501900170301002093193ce269c053176c7057a3c3335e4d16551ed2d4867ed80ae924c4020206ff170301002084c757c9a9ad29fceca05847489087b05d4ea17bd7b2365cf534c5d66f6a25f1
State = 0xf06c015cf8651819b1d9490c16687f92
Message-Authenticator = 0x78bec26d547b7827410ee4c94e3f4cb7
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - test2
[peap] Got inner identity 'test2'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0209000a017465737432
server {
PEAP: Setting User-Name to test2
Sending tunneled request
EAP-Message = 0x0209000a017465737432
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test2"
server inner-tunnel {
# Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> test2
[sql] sql_set_user escaped user --> 'test2'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'test2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'test2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'test2'
ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'test2' ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010a001f1a010a001a104440cd6787c741842eee831eaa9cd5fd7465737432
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x954f240295453e3ddfe61c88a1a425b3
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010a001f1a010a001a104440cd6787c741842eee831eaa9cd5fd7465737432
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x954f240295453e3ddfe61c88a1a425b3
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 9 to 192.168.9.16 port 32913
EAP-Message =
0x010a003b1900170301003059346fdedd9d6077620d484fb44bc15918f12b3c809b67ce893fafe3b481017543588da7a5951a0c6bf8321b77c5157d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cf9661819b1d9490c16687f92
Finished request 9.
Going to the next request
Waking up in 4.1 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=10,
length=301
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020a00901900170301002039d4504ff7082226063c001177573bea81db34fbbe5ac1e2a727e6ff026b752117030100609b1c439c54c42c4c5f053c19faf9fa5a572eaab25c3655946071a40eb54f1707e51142b5838abf3eede5427f1cfecab0e2b02c0bf7bd242c8e65dd67c581ab82cb012e85a00b8245c88acc50e43c4698d928a5fb9b030f9f433fb47294096239
State = 0xf06c015cf9661819b1d9490c16687f92
Message-Authenticator = 0x40ff736a0cd99441ae41046b7ab48107
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020a00401a020a003b315c0044932ca5f2088b3144cd27b6421600000000000000006e084abe017d940dc175c5a3664d3795c51736b55be5edad007465737432
server {
PEAP: Setting User-Name to test2
Sending tunneled request
EAP-Message =
0x020a00401a020a003b315c0044932ca5f2088b3144cd27b6421600000000000000006e084abe017d940dc175c5a3664d3795c51736b55be5edad007465737432
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test2"
State = 0x954f240295453e3ddfe61c88a1a425b3
server inner-tunnel {
# Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 10 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> test2
[sql] sql_set_user escaped user --> 'test2'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'test2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'test2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'test2'
ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'test2' ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: test2
[mschap] Told to do MS-CHAPv2 for test2 with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [test2] (from client Meraki port 0 via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\nE=691 R=1"
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\nE=691 R=1"
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 10 to 192.168.9.16 port 32913
EAP-Message =
0x010b002b19001703010020a4191cb762d5c0f539f713c133f935f0032860d8ec4563b6420d55ad6cec09ed
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c015cfa671819b1d9490c16687f92
Finished request 10.
Going to the next request
Waking up in 4.1 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=11,
length=237
User-Name = "test2"
NAS-IP-Address = 6.80.203.141
Calling-Station-Id = "00-00-00-00-00-02"
Called-Station-Id = "00-18-0A-50-CB-8D:DeV8 Radius"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020b0050190017030100206bacccccd22189d6a898e2826fd7f6a64117d865609b2c8abea924e24623ae991703010020aa41d4cdf84705286dcd9de24c613261a55c766cf23b3c1526829b6b7e3e3106
State = 0xf06c015cfa671819b1d9490c16687f92
Message-Authenticator = 0xff12fe49475cbc7741b7557f0e191b8a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.9.16/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:05 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug
output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell
you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [test2] (from client Meraki port 0 cli 00-00-00-00-00-02)
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> test2
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 11
Sending Access-Reject of id 11 to 192.168.9.16 port 32913
EAP-Message = 0x040b0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.1 seconds.
rad_recv: Access-Request packet from host 192.168.9.16 port 32913, id=11,
length=237
Sending duplicate reply to client Meraki port 32913 - ID: 11
Sending Access-Reject of id 11 to 192.168.9.16 port 32913
EAP-Message = 0x040b0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.1 seconds.
Cleaning up request 0 ID 0 with timestamp +8
Cleaning up request 1 ID 1 with timestamp +8
Cleaning up request 2 ID 2 with timestamp +8
Cleaning up request 3 ID 3 with timestamp +8
Cleaning up request 4 ID 4 with timestamp +8
Cleaning up request 5 ID 5 with timestamp +8
Cleaning up request 6 ID 6 with timestamp +8
Waking up in 0.7 seconds.
Cleaning up request 7 ID 7 with timestamp +8
Cleaning up request 8 ID 8 with timestamp +8
Cleaning up request 9 ID 9 with timestamp +8
Cleaning up request 10 ID 10 with timestamp +8
Waking up in 1.0 seconds.
Cleaning up request 11 ID 11 with timestamp +8
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 46020, id=164,
length=57
User-Name = "test2"
User-Password = "test2"
NAS-IP-Address = 127.0.0.1
NAS-Port = 10
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/127.0.0.1/auth-detail-20101204
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20101204
[auth_log] expand: %t -> Sat Dec 4 10:19:56 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> test2
[sql] sql_set_user escaped user --> 'test2'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'test2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'test2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'test2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'test2'
ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup
WHERE username = 'test2' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SHA-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "test2"
[pap] Using SHA1 encryption.
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [test2] (from client localhost port 10)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[reply_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d ->
/var/log/radius/radacct/127.0.0.1/reply-detail-20101204
[reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/reply-detail-20101204
[reply_log] expand: %t -> Sat Dec 4 10:19:56 2010
++[reply_log] returns ok
[sql] expand: %{User-Name} -> test2
[sql] sql_set_user escaped user --> 'test2'
[sql] expand: %{User-Password} -> test2
[sql] expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'test2', 'test2',
'Access-Accept', '2010-12-04 10:19:56')
[sql] expand: /var/log/radius/sqltrace.sql -> /var/log/radius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'test2', 'test2',
'Access-Accept', '2010-12-04 10:19:56')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'test2', 'test2',
'Access-Accept', '2010-12-04 10:19:56')
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 164 to 127.0.0.1 port 46020
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 12 ID 164 with timestamp +59
Ready to process requests.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Meraki-Access-Points-Login-incorrect-for-SHA-Password-tp3292174p3292217.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list