Freeradius-Users Digest, Vol 57, Issue 58
TAKANASHI, Hitoshi
takanashi at nttmcl.com
Mon Jan 18 21:11:20 CET 2010
freeradius-users-request at lists.freeradius.org wrote:
>Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
>or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
>You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Freeradius-Users digest..."
>
>
>Today's Topics:
>
> 1. Re: Escaped . does match any character (Matthias Cramer)
> 2. EAP-FAST (Stefan Winter)
> 3. Re: Can't start radiusd -X ? (Fernando)
> 4. Help with Freeradius + MySQL Problem.... (Ale Luna)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 18 Jan 2010 13:50:39 +0100
>From: Matthias Cramer <matthias.cramer at iway.ch>
>Subject: Re: Escaped . does match any character
>To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
>Message-ID: <4B54591F.2040800 at iway.ch>
>Content-Type: text/plain; charset=UTF-8
>
>Hi Alan
>
>Alan DeKok wrote:
>> Matthias Cramer wrote:
>>> I have the following in my users file:
>>>
>>>
>>> DEFAULT User-Name =~ ".+\.xy at example.com", Auth-Type := Accept,
>>> Proxy-To-Realm := "DONOTREALM"
>>>
>>> This Regexp macthes not only user.xy at example.com but also
>>> useraxy at example.com.
>>>
>>> Is this a bug, or do I have to escape the . in a different way ?
>>
>> You may need two \\
>
>Thanks, this solved the problem.
>
>Regards
>
> Matthias
>
>--
>Matthias Cramer / mc322-ripe Senior Network & Security Engineer
>iway AG Phone +41 43 500 1111
>Josefstrasse 225 Fax +41 44 271 3535
>CH-8005 Z?rich http://www.iway.ch/
>GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
>
>
>
>
>------------------------------
>
>Message: 2
>Date: Mon, 18 Jan 2010 14:05:04 +0100
>From: Stefan Winter <stefan.winter at restena.lu>
>Subject: EAP-FAST
>To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
>Message-ID: <4B545C80.5010703 at restena.lu>
>Content-Type: text/plain; charset="iso-8859-15"
>
>Hello,
>
>every now and then there's a mild interest on this list about enabling
>EAP-FAST. In our eduroam R&D group, we are currently looking into
>EAP-FAST, which naturally includes FreeRADIUS support. Is it worthwhile
>posting our results here, for others "play with it" as well? Or has
>everybody already run away from the somwhat complicated installation of
>EAP-FAST support in FreeRADIUS [we certainly had our difficulties...]
>
>Greetings,
>
>Stefan Winter
>
>--
>Stefan WINTER
>Ingenieur de Recherche
>Fondation RESTENA - R?seau T?l?informatique de l'Education Nationale et de la Recherche
>6, rue Richard Coudenhove-Kalergi
>L-1359 Luxembourg
>
>Tel: +352 424409 1
>Fax: +352 422473
>
>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: signature.asc
>Type: application/pgp-signature
>Size: 262 bytes
>Desc: OpenPGP digital signature
>Url : <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20100118/6f89fcce/attachment.bin>
>
>------------------------------
>
>Message: 3
>Date: Mon, 18 Jan 2010 15:52:14 +0100
>From: Fernando <fbernal at um.es>
>Subject: Re: Can't start radiusd -X ?
>To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
>Message-ID: <4B54759E.30000 at um.es>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Zhang Shukun escribi?:
>> hi, when i want to start radius in debug mode. error happened.
>>
>> Failed binding to authentication address * port 1812: Address already
>> in use
>> /usr/local/etc/raddb/radiusd.conf[240]: Error binding to port for
>> 0.0.0.0 port 1812
>>
>> Could you tell me what's wrong?
>kill your radiusd instance before run another one
>
>>
>> Thanks!
>>
>> --
>> Regards,
>> Sucan
>> ------------------------------------------------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>------------------------------
>
>Message: 4
>Date: Mon, 18 Jan 2010 12:43:54 -0300
>From: Ale Luna <ale-luna at argentina.com>
>Subject: Help with Freeradius + MySQL Problem....
>To: freeradius-users at lists.freeradius.org
>Cc: ale-luna at mail.com
>Message-ID: <fc8cc3e22114199d4ad3ea77df9d4a23 at wmx1.argentina.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Hi to all
>I have the following problem with my FreeRADIUS 2.1.8 + MySQL 5.0.75-0ubuntu10.2
>I configure my Freeradius in the most basic configuration like You recommend in your SQL HOWTO and I can Authenticate an
>user whit the users file and everithing runs very well with all my users ....
>Now I configure It with MySQL and My Freeradius is talking with MySQL but I Can't get an Access-Accept to my users
>If I run a radtest, I can have an Access-Accept but when I run with my Laptop using Windows XP SP3 I only have an
>Access-Reject...
>
>This is my radiusd -X output, when I run my radtest and I can get an Access-Accept
>
>root at servidor1-desktop:/usr/local/etc/raddb# radtest alexmoon prueba 127.0.0.1 1812 testing123
>?
>
>rad_recv: Access-Request packet from host 127.0.0.1 port 32878, id=165, length=60
>User-Name = "alexmoon"
>User-Password = "prueba"
>NAS-IP-Address = 127.0.1.1
>NAS-Port = 1812
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] No EAP-Message, not doing EAP
>++[eap] returns noop
>++[unix] returns notfound
>++[files] returns noop
>[sql] expand: %{User-Name} -> alexmoon
>[sql] sql_set_user escaped user --> 'alexmoon'
>rlm_sql (sql): Reserving sql socket id: 4
>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id
>[sql] User found in radcheck table
>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id
>[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority
>[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id
>[sql] User found in group dynamic
>[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
>rlm_sql (sql): Released sql socket id: 4
>++[sql] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>++[pap] returns updated
>Found Auth-Type = PAP
>+- entering group PAP {...}
>[pap] login attempt with password "prueba"
>[pap] Using clear text password "prueba"
>[pap] User authenticated successfully
>++[pap] returns ok
>+- entering group post-auth {...}
>++[exec] returns noop
>Sending Access-Accept of id 165 to 127.0.0.1 port 32878
>Service-Type := Framed-User
>Framed-Protocol := PPP
>Framed-Compression := Van-Jacobson-TCP-IP
>Framed-MTU := 1500
>Finished request 0.
>Going to the next request
>Waking up in 4.9 seconds.
>Cleaning up request 0 ID 165 with timestamp +129
>Ready to process requests.
>?
>################################################################################################
>And this is my radiusd -X Output with the same user when I try to authenticate my laptop, is a very large output
>and I can see it is doing more than 1, 2, 3,.... request and only in the first I can see the sql interaction...
>?
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=0, length=178
>Message-Authenticator = 0x98fe26e9ef295e0939b045b3c3883ba9
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x0200000d01616c65786d6f6f6e
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 0 length 13
>[eap] No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[unix] returns notfound
>++[files] returns noop
>[sql] expand: %{User-Name} -> alexmoon
>[sql] sql_set_user escaped user --> 'alexmoon'
>rlm_sql (sql): Reserving sql socket id: 2
>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id
>[sql] User found in radcheck table
>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id
>[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority
>[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id
>[sql] User found in group dynamic
>[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
>rlm_sql (sql): Released sql socket id: 2
>++[sql] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>[pap] Found existing Auth-Type, not changing it.
>++[pap] returns noop
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] EAP Identity
>[eap] processing type md5
>rlm_eap_md5: Issuing Challenge
>++[eap] returns handled
>Sending Access-Challenge of id 0 to 192.168.1.10 port 1060
>Service-Type := Framed-User
>Framed-Protocol := PPP
>Framed-Compression := Van-Jacobson-TCP-IP
>Framed-MTU := 1500
>EAP-Message = 0x010100160410739d9907d0f007e8a5b9bf9e6ceedeb2
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0x043a00db043b04154cf77263c06ef160
>Finished request 10.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=1, length=189
>Message-Authenticator = 0x90c2a53ea79f5b5fcff2ff4effa6c9c9
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0x043a00db043b04154cf77263c06ef160
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x020100060319
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 1 length 6
>[eap] No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[unix] returns notfound
>++[files] returns noop
>[sql] expand: %{User-Name} -> alexmoon
>[sql] sql_set_user escaped user --> 'alexmoon'
>rlm_sql (sql): Reserving sql socket id: 1
>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id
>[sql] User found in radcheck table
>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id
>[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority
>[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id
>[sql] User found in group dynamic
>[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id
>rlm_sql (sql): Released sql socket id: 1
>++[sql] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>[pap] Found existing Auth-Type, not changing it.
>++[pap] returns noop
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP NAK
>[eap] EAP-NAK asked for EAP-Type/peap
>[eap] processing type tls
>[tls] Initiate
>[tls] Start returned 1
>++[eap] returns handled
>Sending Access-Challenge of id 1 to 192.168.1.10 port 1060
>Service-Type := Framed-User
>Framed-Protocol := PPP
>Framed-Compression := Van-Jacobson-TCP-IP
>Framed-MTU := 1500
>EAP-Message = 0x010200061920
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0x043a00db053819154cf77263c06ef160
>Finished request 11.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=2, length=263
>Message-Authenticator = 0xeeb28ab0ada1ad4ba26125a9d6c10d0c
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0x043a00db053819154cf77263c06ef160
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x0202005019800000004616030100410100003d03014b4fad659a9ce2fbeb4f5ffea969ffa643916fb5fe5947f16116d57cdbd2507a00001600040005000a000900640062000300060013001200630100
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 2 length 80
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>TLS Length 70
>[peap] Length Included
>[peap] eaptls_verify returned 11
>[peap] (other): before/accept initialization
>[peap] TLS_accept: before/accept initialization
>[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
>[peap] TLS_accept: SSLv3 read client hello A
>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
>[peap] TLS_accept: SSLv3 write server hello A
>[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
>[peap] TLS_accept: SSLv3 write certificate A
>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>[peap] TLS_accept: SSLv3 write server done A
>[peap] TLS_accept: SSLv3 flush data
>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>[peap] eaptls_process returned 13
>[peap] EAPTLS_HANDLED
>++[eap] returns handled
>Sending Access-Challenge of id 2 to 192.168.1.10 port 1060
>EAP-Message = 0x0103040019c00000089b160301002a0200002603014b4fad608e1611c18dd5080c12aa082cfa8dbab65a830ff3d7f424f6a876d40700000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
>EAP-Message = 0x301e170d3039313232343138323330365a170d3130313232343138323330365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cf4dc6ad3d327155612f45f3a965c735dd65532ed0d3b9abb36a4e8a15c7650f375fc676baddfbafd21fba35dad2819fa96aa3dbee1849eb8f945049b6bb
>EAP-Message = 0x6ab5cd9a58a1a4f661dce9a69e81422473bed1c7a47f708abdc60fd13b1c29fdef726b675346e590013ea3cae14bbb57c8b1582d0e5c6c02a4c4dec2a24dbfcc984f04f0cef38473118b210722e07d7c28b1f6d4520b85dcd4bf36744920f63535dbf5a4700464fb667b30ac94afa0c407905ea03d5977095f804fffdda7834cbb5ac049d498465f24b71be83d8ae93d015530b760a5080dbe28c2456797b34e1dc478a32906cadfb203d8b11a4fb4b1e90538f20fe427d0e34f047c3ca198543bf30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010003c62e5e0d0244b6f5
>EAP-Message = 0x9925e951afecbeb0abf6f3a3e953bdfc1c85048b10d067ed86802d4dcd24ce16f5f6432e202dd5e91ce09a405e5f4f218406ca5e4172f15d392905f70a4d3a4512140c307fd68abac0255be7e3b551b3b4a6c63ae85bbb451dc136fc5f937d8789bdd5a5f9167ed5e75a50e4f847becb0e87c52e45cfc59f0363036d4a198e6b972c0d759e9f457c2d34946b5c220e3f7d49f01eb6f507333d3295720a1fc945b35c372a99974c54b72f5436739626328fec5ce6d4e5ca5e2149a3b92369400777cce709b3cde7af38a12d1b2b26d8de204a049257ecb700f901e156bede5e82ab6cdbf4428a9ef5bbf80f0b55ab5e9144e6f074407e350004ab308204
>EAP-Message = 0xa73082038fa0030201020209
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0x043a00db063919154cf77263c06ef160
>Finished request 12.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=3, length=189
>Message-Authenticator = 0xb6576d7ee5e01e197c632fe7d20f45a1
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0x043a00db063919154cf77263c06ef160
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x020300061900
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 3 length 6
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>[peap] Received TLS ACK
>[peap] ACK handshake fragment handler
>[peap] eaptls_verify returned 1
>[peap] eaptls_process returned 13
>[peap] EAPTLS_HANDLED
>++[eap] returns handled
>Sending Access-Challenge of id 3 to 192.168.1.10 port 1060
>EAP-Message = 0x010403fc194000b526c63ec2860c41300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313232343138323330365a170d3130313232343138323330365a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
>EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100af53216f4070226b6621456467b8083ec8228e3c839fccd9b8133d19a065df275fea1450334ce0bb9942a863872efe551ed4f1a1adfd541eb5d1e918be984db37964a4c137153f3db595dd7d0dccddbc5a5104df68e170a6eda0d63f2bb866451c254e3a49c4f4f3e1f6071e7e65d1
>EAP-Message = 0x489f4144e709bfe07d05d66fc198985555dd7f1c03216c5d71a074ac4bddadec93aadba95434368ccea897fb5ad0e16ebe9a7e2813961563f7b282f63ad653dfe16fca332e5cf93c9c47b3bc6a5af350d74676d425f0d47865ad0999ce9491ef5fe1f2d1c9b8d9b78e9b6f92b0d14d663c61f26261d65e41450b7cad7d729d2c1e5215081bb4ae3dab3e09532ad597f13f0203010001a381fb3081f8301d0603551d0e041604141254e57464a345c8860b1e1368ce66bf1a2de5423081c80603551d230481c03081bd80141254e57464a345c8860b1e1368ce66bf1a2de542a18199a48196308193310b3009060355040613024652310f300d06035504
>EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900b526c63ec2860c41300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010085166fde34033935062c9a1f91962eb3a64d55a9d0766ac75d9cc485c761eb793c76264323c8a5b665d12f821cc685509791ef32bc042d6f45380ce11393384b634483d3386b856654560cfb3758ccc63b30
>EAP-Message = 0x71fc430f72b2c81d
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0x043a00db073e19154cf77263c06ef160
>Finished request 13.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=4, length=189
>Message-Authenticator = 0xb377f7d0c4cb51758726ca050fd7146f
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0x043a00db073e19154cf77263c06ef160
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x020400061900
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 4 length 6
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>[peap] Received TLS ACK
>[peap] ACK handshake fragment handler
>[peap] eaptls_verify returned 1
>[peap] eaptls_process returned 13
>[peap] EAPTLS_HANDLED
>++[eap] returns handled
>Sending Access-Challenge of id 4 to 192.168.1.10 port 1060
>EAP-Message = 0x010500b51900794b79ea841348662131dd8b2859030e05ae6e25eb94aeeb47189dfcad0ac73fbe13bc40052ea36862e34b18ae12dd66466c5db8690b7e915696e287191d756618c6690ab8a82b0e9e63070a5beb6de3ce93a78f31894b85c798381dc69e976b052b80b01ecc3d3acb7bf8141aa124094d24b808a32a304ab9174e2e484918c7f5067e9b9126c4e14a479c915bbef300845ad0674216abb7b198b2ff6531d2f59f6c5bdc625216030100040e000000
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0x043a00db003f19154cf77263c06ef160
>Finished request 14.
>Going to the next request
>Waking up in 4.8 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=5, length=505
>Message-Authenticator = 0x1027e3e1828740fbe58c5a21c7b36a7f
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0x043a00db003f19154cf77263c06ef160
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x0205014019800000013616030101061000010201001d150b43732d1df67a2c9954e40dbd0d4b1a3942a1bf6105668d17322943422740a559b73ddb1ea538586ee1e22620c4d3cd7ce369f1cd14d6eba6d31a190ffb8d6fce52fb9f4693e44343b7d989754d8a7a6e5ee16b4b5a3ebb2937a589cab9bff4332f49ef53da68507b8bd5a96ba94d8060ec0f044c49f4759ff41d0032b1a4b34dc6c757900387e066af1ad174439e715b01a23eb989691755772e8f377fc99f4c4d7e66c82e77cf4eadc5041adcd97210283b9155398c3af6465e84b299fd0140c9ef4e0a70438af3f60e0a7a083b360ba8caef281fc5dec4df0ab765c9ac14e0299ff96b9e
>EAP-Message = 0xb195517d78c1fb27bacce08d8595e6d0a735e11b894c3d5e14030100010116030100205c494488b295571f372cddd27008921d743a867ac158300c73d88eb53cdcd6c0
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 5 length 253
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>TLS Length 310
>[peap] Length Included
>[peap] eaptls_verify returned 11
>[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
>[peap] TLS_accept: SSLv3 read client key exchange A
>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
>[peap] <<< TLS 1.0 Handshake [length 0010], Finished
>[peap] TLS_accept: SSLv3 read finished A
>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
>[peap] TLS_accept: SSLv3 write change cipher spec A
>[peap] >>> TLS 1.0 Handshake [length 0010], Finished
>[peap] TLS_accept: SSLv3 write finished A
>[peap] TLS_accept: SSLv3 flush data
>[peap] (other): SSL negotiation finished successfully
>SSL Connection Established
>[peap] eaptls_process returned 13
>[peap] EAPTLS_HANDLED
>++[eap] returns handled
>Sending Access-Challenge of id 5 to 192.168.1.10 port 1060
>EAP-Message = 0x010600311900140301000101160301002067fe1793f016565d10b02851ee1a7248c50e5406b4074453e24b318bb0989a20
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0x043a00db013c19154cf77263c06ef160
>Finished request 15.
>Going to the next request
>Waking up in 4.7 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=6, length=505
>Message-Authenticator = 0x728299ab490caf6af3905238fb92df7a
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0xd59750e4d191490045b22f12f1b8e43e
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x020601401980000001361603010106100001020100abda5c21ed9ff50be717e2d776b293bc884bbd72c165f9493208a21442db65d253bcd44a2756a1106d21af9d68b4f242185e9b96a2f63de4fbb3999acfccb21124ca1f7d3d9586b0e3d0993f08d0d1971c6a20b653efee63056ef7cbb2e5d43e922aff8ec8c99ebe3f11fe3f1c87521b7d82f58a8dfea2f0719a87118c13122a7036fa65acc6dfcd79d244dd8b7fe6298eba29ddabf42ef10efb449328499585a9eeab013a42da816cd0dce04745a1c595f9d8c9169957c87a7fef626825a0254db8c2ab08ea84c61bf57d8991f98cb56978e10f5ffae23d025080a755dd1b162fe2643f66ff92c3
>EAP-Message = 0xcdef94ee28aaa02fdae268614bf4dcd5f1492f1d4dc40ad51403010001011603010020edefeea82fcb88158e3b7734a649469f8942ca0f600b945360e10ff5f1b237ab
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 6 length 253
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>TLS Length 310
>[peap] Length Included
>[peap] eaptls_verify returned 11
>[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
>[peap] TLS_accept: SSLv3 read client key exchange A
>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
>[peap] <<< TLS 1.0 Handshake [length 0010], Finished
>[peap] TLS_accept: SSLv3 read finished A
>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
>[peap] TLS_accept: SSLv3 write change cipher spec A
>[peap] >>> TLS 1.0 Handshake [length 0010], Finished
>[peap] TLS_accept: SSLv3 write finished A
>[peap] TLS_accept: SSLv3 flush data
>[peap] (other): SSL negotiation finished successfully
>SSL Connection Established
>[peap] eaptls_process returned 13
>[peap] EAPTLS_HANDLED
>++[eap] returns handled
>Sending Access-Challenge of id 6 to 192.168.1.10 port 1060
>EAP-Message = 0x01070031190014030100010116030100200ce6d1a797311fb8320943f625858c9ed525457cf7b530143b24685f2d00ce32
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0xd59750e4d090490045b22f12f1b8e43e
>Finished request 16.
>Going to the next request
>Waking up in 3.7 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=7, length=189
>Message-Authenticator = 0xf6156e7f878a80e329008af8da8b1d67
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0xd59750e4d090490045b22f12f1b8e43e
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x020700061900
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 7 length 6
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>[peap] Received TLS ACK
>[peap] ACK handshake is finished
>[peap] eaptls_verify returned 3
>[peap] eaptls_process returned 3
>[peap] EAPTLS_SUCCESS
>++[eap] returns handled
>Sending Access-Challenge of id 7 to 192.168.1.10 port 1060
>EAP-Message = 0x0108002019001703010015bd2ca6dc31201cbac2765c94ad5303ba4129260bf8
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0xd59750e4d39f490045b22f12f1b8e43e
>Finished request 17.
>Going to the next request
>Waking up in 2.7 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=8, length=219
>Message-Authenticator = 0xd4d619972ac59c3378c8cbbfa0c8b0aa
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0xd59750e4d39f490045b22f12f1b8e43e
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x0208002419001703010019b852857840f2598aa6f763c8cf37968914ee607f6b8d338b5a
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 8 length 36
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>[peap] eaptls_verify returned 7
>[peap] Done initial handshake
>[peap] eaptls_process returned 7
>[peap] EAPTLS_OK
>[peap] Session established. Decoding tunneled attributes.
>[peap] Identity - alexmoon
>[peap] Got tunneled request
>EAP-Message = 0x0208000d01616c65786d6f6f6e
>server {
>PEAP: Got tunneled identity of alexmoon
>PEAP: Setting default EAP type for tunneled EAP session.
>PEAP: Setting User-Name to alexmoon
>Sending tunneled request
>EAP-Message = 0x0208000d01616c65786d6f6f6e
>FreeRADIUS-Proxied-To = 127.0.0.1
>User-Name = "alexmoon"
>Service-Type = Framed-User
>Framed-MTU = 1488
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>server inner-tunnel {
>+- entering group authorize {...}
>++[chap] returns noop
>++[mschap] returns noop
>++[unix] returns notfound
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>++[control] returns noop
>[eap] EAP packet type response id 8 length 13
>[eap] No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[files] returns noop
>++[expiration] returns noop
>++[logintime] returns noop
>++[pap] returns noop
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] EAP Identity
>[eap] processing type mschapv2
>rlm_eap_mschapv2: Issuing Challenge
>++[eap] returns handled
>} # server inner-tunnel
>[peap] Got tunneled reply code 11
>EAP-Message = 0x010900221a0109001d10df7423b52603b13210d2ab29758122cd616c65786d6f6f6e
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0x236e171123670dd05b80bcbd90b4450f
>[peap] Got tunneled reply RADIUS code 11
>EAP-Message = 0x010900221a0109001d10df7423b52603b13210d2ab29758122cd616c65786d6f6f6e
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0x236e171123670dd05b80bcbd90b4450f
>[peap] Got tunneled Access-Challenge
>++[eap] returns handled
>Sending Access-Challenge of id 8 to 192.168.1.10 port 1060
>EAP-Message = 0x010900391900170301002e34b8040eee73493cdbab2165d4af7b7b846dc28272752c8c870a55590c2961a1467130f4273c935663d362439ebf
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0xd59750e4d29e490045b22f12f1b8e43e
>Finished request 18.
>Going to the next request
>Waking up in 2.6 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=9, length=273
>Message-Authenticator = 0xe240978f209e4bbe0dc03c770b583d4e
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0xd59750e4d29e490045b22f12f1b8e43e
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x0209005a1900170301004f0a8979df9593c6ea1ae7efbd97b57e6c69ce5269a3191f1cee64f80be2e37da7808f7867320332f9f5234c4e1b9efc74068bcef6c9a838994b8067c79dba9d4cdf8070b7a72e47759ac67e977924a9
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 9 length 90
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>[peap] eaptls_verify returned 7
>[peap] Done initial handshake
>[peap] eaptls_process returned 7
>[peap] EAPTLS_OK
>[peap] Session established. Decoding tunneled attributes.
>[peap] EAP type mschapv2
>[peap] Got tunneled request
>EAP-Message = 0x020900431a0209003e314bb8a0e4a2fed3fb7f36852ae21d2c6f0000000000000000ad31edb3c40dd7c7b3479ebdea4885e099f63702c6eb18f800616c65786d6f6f6e
>server {
>PEAP: Setting User-Name to alexmoon
>Sending tunneled request
>EAP-Message = 0x020900431a0209003e314bb8a0e4a2fed3fb7f36852ae21d2c6f0000000000000000ad31edb3c40dd7c7b3479ebdea4885e099f63702c6eb18f800616c65786d6f6f6e
>FreeRADIUS-Proxied-To = 127.0.0.1
>User-Name = "alexmoon"
>State = 0x236e171123670dd05b80bcbd90b4450f
>Service-Type = Framed-User
>Framed-MTU = 1488
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>server inner-tunnel {
>+- entering group authorize {...}
>++[chap] returns noop
>++[mschap] returns noop
>++[unix] returns notfound
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>++[control] returns noop
>[eap] EAP packet type response id 9 length 67
>[eap] No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[files] returns noop
>++[expiration] returns noop
>++[logintime] returns noop
>++[pap] returns noop
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/mschapv2
>[eap] processing type mschapv2
>[mschapv2] +- entering group MS-CHAP {...}
>[mschap] No Cleartext-Password configured. Cannot create LM-Password.
>[mschap] No Cleartext-Password configured. Cannot create NT-Password.
>[mschap] Told to do MS-CHAPv2 for alexmoon with NT-Password
>[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
>[mschap] FAILED: MS-CHAP2-Response is incorrect
>++[mschap] returns reject
>[eap] Freeing handler
>++[eap] returns reject
>Failed to authenticate the user.
>} # server inner-tunnel
>[peap] Got tunneled reply code 3
>MS-CHAP-Error = "\tE=691 R=1"
>EAP-Message = 0x04090004
>Message-Authenticator = 0x00000000000000000000000000000000
>[peap] Got tunneled reply RADIUS code 3
>MS-CHAP-Error = "\tE=691 R=1"
>EAP-Message = 0x04090004
>Message-Authenticator = 0x00000000000000000000000000000000
>[peap] Tunneled authentication was rejected.
>[peap] FAILURE
>++[eap] returns handled
>Sending Access-Challenge of id 9 to 192.168.1.10 port 1060
>EAP-Message = 0x010a00261900170301001bcb26c0900b6c7334a11d90d38d3eae1d4bed0508ec5dcafbe5cf9e
>Message-Authenticator = 0x00000000000000000000000000000000
>State = 0xd59750e4dd9d490045b22f12f1b8e43e
>Finished request 19.
>Going to the next request
>Waking up in 2.6 seconds.
>rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=10, length=221
>Message-Authenticator = 0x30bd3c98fa2126beff67293312dd4d54
>Service-Type = Framed-User
>User-Name = "alexmoon"
>Framed-MTU = 1488
>State = 0xd59750e4dd9d490045b22f12f1b8e43e
>Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK"
>Calling-Station-Id = "00-22-68-B7-EE-D7"
>NAS-Port-Type = Wireless-802.11
>Connect-Info = "CONNECT 54Mbps 802.11g"
>EAP-Message = 0x020a00261900170301001b1cee016d3d76e97133abb3fb9e621ac14d14ed95a56470c731c8c7
>NAS-IP-Address = 192.168.1.5
>NAS-Port = 1
>NAS-Port-Id = "STA port # 1"
>+- entering group authorize {...}
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "alexmoon", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 10 length 38
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/peap
>[eap] processing type peap
>[peap] processing EAP-TLS
>[peap] eaptls_verify returned 7
>[peap] Done initial handshake
>[peap] eaptls_process returned 7
>[peap] EAPTLS_OK
>[peap] Session established. Decoding tunneled attributes.
>[peap] Received EAP-TLV response.
>[peap] Had sent TLV failure. User was rejected earlier in this session.
>[eap] Handler failed in EAP/peap
>[eap] Failed in EAP select
>++[eap] returns invalid
>Failed to authenticate the user.
>Using Post-Auth-Type Reject
>+- entering group REJECT {...}
>[attr_filter.access_reject] expand: %{User-Name} -> alexmoon
>attr_filter: Matched entry DEFAULT at line 11
>++[attr_filter.access_reject] returns updated
>Delaying reject of request 20 for 1 seconds
>Going to the next request
>Waking up in 0.9 seconds.
>Sending delayed reject for request 20
>Sending Access-Reject of id 10 to 192.168.1.10 port 1060
>EAP-Message = 0x040a0004
>Message-Authenticator = 0x00000000000000000000000000000000
>Waking up in 1.6 seconds.
>Cleaning up request 10 ID 0 with timestamp +53
>Cleaning up request 11 ID 1 with timestamp +53
>Cleaning up request 12 ID 2 with timestamp +53
>Cleaning up request 13 ID 3 with timestamp +53
>Cleaning up request 14 ID 4 with timestamp +53
>Cleaning up request 15 ID 5 with timestamp +53
>Waking up in 1.1 seconds.
>Cleaning up request 16 ID 6 with timestamp +54
>Waking up in 1.0 seconds.
>Cleaning up request 17 ID 7 with timestamp +55
>Cleaning up request 18 ID 8 with timestamp +55
>Cleaning up request 19 ID 9 with timestamp +55
>Waking up in 1.0 seconds.
>Cleaning up request 20 ID 10 with timestamp +55
>Ready to process requests.
>
>##############################################################################################################
>If You have any sugestion I really appreciate, Thanks for your time to help me and all the people in this mailing list....
>Thank you in advance...
>All
>?
>
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20100118/48301be7/attachment.html>
>
>------------------------------
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>End of Freeradius-Users Digest, Vol 57, Issue 58
>************************************************
More information about the Freeradius-Users
mailing list