Odd authentication behavior
Damion Alexander
daalexander at vassar.edu
Mon May 24 17:53:06 CEST 2010
Greetings,
Short version: Could someone look through the debug logs below and verify that freeradius (2.1.8 lenny backport) is NOT authenticating the user? We believe the issues we are facing (random successful authentication with invalid passwords) are with our Cisco devices, but I want to gather as much info as possible so that we don't get caught in a finger-pointing battle with support.
Long version: We are trying to setup freeradius to authenticate our users to our CISCO 4404 Wireless LAN controllers using PEAP/MSCHAPv2+LDAP. When we configured it a few weeks ago everything was working fine. We could authenticate successfully and invalid passwords were rejected. After trying to get a custom perl module to work for Authorization I noticed that occasionally the Controller would grant access with a bad password. Sometimes it would take 6-7 attempts with the same bad password before we gained access, other times it was on the first attempt. I have since taken out all of my custom code (rlm_perl) and reverted back to the original working configuration for freeradius and I still have random successful authentication with a bad password.
Below is a -X log of freeradius while doing the following. On my Mac OS X 10.5.8 client I turned on the Wireless adapter, and selected the SSID that uses freeradius to authenticate, which prompted me for a password. I entered a bad password which gave me another password prompt. Before I could try the second time, the wireless adapter acquired an IP address and was allowed to pass traffic on the network. I gained full network connectivity while the Authentication dialog was still on screen.
Thanks in advance.
Damion
FreeRadius: 2.1.8 (debian lenny backport)
FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 3 2010 at 15:51:52
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/perlmod.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 256000
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 172.29.96.12 {
require_message_authenticator = no
secret = "testing123"
shortname = "vassarwireless"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.crt"
CA_file = "/etc/freeradius/certs/ca.pem"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/etc/freeradius/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_ldap
Module: Instantiating ldap
ldap {
server = "localhost"
port = 389
password = "xxxxx"
identity = "cn=xxxxx,ou=adminaccounts,dc=vassar,dc=edu"
net_timeout = 1
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
require_cert = "allow"
}
basedn = "dc=vassar,dc=edu"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=eduPerson)"
auto_header = no
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
edir_account_policy_check = no
set_auth_type = no
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 0x8174740
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=136, length=181
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x02010010016461616c6578616e646572
Message-Authenticator = 0xbc6625a1d7d500b2a82ce9486e99f087
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 16
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 136 to 172.29.96.12 port 32770
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9d49c2f73274aff712b2f00b6
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=137, length=295
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x0202007019800000006616030100610100005d03014bf57712787683ab2b67376b6083dd886b0bf1b78cc850d1974c94383f58dd0c000036002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a0017001900010100
State = 0xd49e36c9d49c2f73274aff712b2f00b6
Message-Authenticator = 0xa14a9ef2b10acfc536833092e6f99122
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 102
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0061], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 1238], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 137 to 172.29.96.12 port 32770
EAP-Message = 0x0103040019c000001275160301002a0200002603014bf57712881bb049892cdf36fb951cc3e3e588570bae1be6d19ff04f62cdc78d00002f0016030112380b001234001231000559308205553082043da0030201020207041647b4b67f0f300d06092a864886f70d01010505003081ca310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e31333031060355040b132a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72793130302e06035504
EAP-Message = 0x031327476f204461646479205365637572652043657274696669636174696f6e20417574686f726974793111300f060355040513083037393639323837301e170d3130303331323135333131375a170d3135303331323135333131375a305131153013060355040a130c2a2e7661737361722e6564753121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c696461746564311530130603550403130c2a2e7661737361722e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100d6f2eab4b574c7dacdbb0462a5d399d14320f54c908a66c22b243d658d02e011f006637c6ffb1ddbd4176d57
EAP-Message = 0xc1ac0668bed1ea372e4d1a767a81c06de4020a69d52aa43fbe12c001c2b4fed6b0b8109cd44e410b8b6a715a089be612a10c2b5baf9f20b1287d0aef96254f377bdb6857a5a409fd038657098f6f089c7542c83500c4999b4538dfd6901878412879b547818508e2c12a45459541fd8fdf35dc15c20d716ed7e005333b9d0b3504efa7a155decadffee26c59f1d9dc6896865c1fe094fae39296912a97f9dceb2beaf916040175aec52c3e8882f5ec42c8385bc7ea616daa8a180c9d5d1bf555815cc67d23a03a52d5720635fb12a4fb5a32d28b0203010001a38201b6308201b2300f0603551d130101ff04053003010100301d0603551d2504163014
EAP-Message = 0x06082b0601050507030106082b06010505070302300e0603551d0f0101ff0404030205a030330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e676f64616464792e636f6d2f676473312d31352e63726c30530603551d20044c304a3048060b6086480186fd6d010717013039303706082b06010505070201162b687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f30818006082b0601050507010104743072302406082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f304a06082b06010505073002863e687474703a2f2f636572
EAP-Message = 0x7469666963617465732e676f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9d59d2f73274aff712b2f00b6
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=138, length=189
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x020300061900
State = 0xd49e36c9d59d2f73274aff712b2f00b6
Message-Authenticator = 0xe9edda90b91a31d610d8d5a70bc3586e
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 138 to 172.29.96.12 port 32770
EAP-Message = 0x010403fc194064616464792e636f6d2f7265706f7369746f72792f67645f696e7465726d6564696174652e637274301f0603551d23041830168014fdac6132936c45d6e2ee855f9abae7769968cce730230603551d11041c301a820c2a2e7661737361722e656475820a7661737361722e656475301d0603551d0e041604144916999ed6dfd19b01694665898db770b4d52493300d06092a864886f70d01010505000382010100984403ed745598507ca638ca728506b839605eb411e0aedc68b4c0a2c2cb2c2d4d4a65d0adbb6d662d4fce0078bccfff65f85f4836a9c076c9fa2a648786d625953253c9029f901b2f4ccbadb688b85a10cf5aedc30e
EAP-Message = 0x7f1a41bbda8e0051ef9c84abe2410f20a16716e5c59b1ebf8bad2a544a2a96e3424ffb57596ad2724413b65f403e47c3ee75838d13d356ca811fb3a04016f9ac6d7c76e9aff562b95fb8f9d177c0fa390590ab7f277dc7d7fbbe8970b6a3ab0056f61501ee0e1e6a3b7d34192ef15044001d59177a74fe452a7413fb6458c6eca32a3ad2d899b49a7f2e342d283a81cb5e79fc594374ae5e5b60ef87ab95efdf12e013d471c15f51bb8f0004e2308204de308203c6a00302010202020301300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e
EAP-Message = 0x632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3036313131363031353433375a170d3236313131363031353433375a3081ca310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e31333031060355040b132a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72793130302e06035504031327476f20446164647920536563757265204365727469
EAP-Message = 0x6669636174696f6e20417574686f726974793111300f06035504051308303739363932383730820122300d06092a864886f70d01010105000382010f003082010a0282010100c42dd5158c9c264cec3235eb5fb859015aa66181593b7063abe3dc3dc72ab8c933d379e43aed3c3023848eb33014b6b287c33d9554049edf99dd0b251e21de65297e35a8a954ebf6f73239d4265595adeffbfe5886d79ef4008d8c2a0cbd4204cea73f04f6ee80f2aaef52a16966dabe1aad5dda2c66ea1a6bbbe51a514a002f48c79875d8b929c8eef8666d0a9cb3f3fc787ca2f8a3f2b5c3f3b97a91c1a7e6252e9ca8ed12656e6af6124453703095c39c2b582b3d08
EAP-Message = 0x744af2be51b0bf87
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9d69a2f73274aff712b2f00b6
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=139, length=189
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x020400061900
State = 0xd49e36c9d69a2f73274aff712b2f00b6
Message-Authenticator = 0xfd28dc6aeb79092b2ccd16cd80b13184
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 139 to 172.29.96.12 port 32770
EAP-Message = 0x010503fc1940d04c27586bb535c59daf1731f80b8feead813605890898cf3aaf2587c049eaa7fd67f7458e97cc1439e23685b57e1a37fd16f671119a743016fe1394a33f840d4f0203010001a38201323082012e301d0603551d0e04160414fdac6132936c45d6e2ee855f9abae7769968cce7301f0603551d23041830168014d2c4b0d291d44c1171b361cb3da1fedda86ad4e330120603551d130101ff040830060101ff020100303306082b0601050507010104273025302306082b060105050730018617687474703a2f2f6f6373702e676f64616464792e636f6d30460603551d1f043f303d303ba039a0378635687474703a2f2f636572746966
EAP-Message = 0x6963617465732e676f64616464792e636f6d2f7265706f7369746f72792f6764726f6f742e63726c304b0603551d200444304230400604551d20003038303606082b06010505070201162a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f7279300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100d286c0ecbdf9a1b667ee660ba2063a04508e1572ac4a749553cb37cb4449ef07906b33d996f09456a51330053c8532217bc9c70aa824a490de46d32523140367c210d66f0f5d7b7acc9fc5582ac1c49e21a85af3aca446f39ee463cb2f90a4292901d972
EAP-Message = 0x2c29df370127bc4fee68d3218fc0b3e4f509edd210aa53b4bef0cc590bd63b961c952449dfceecfda7489114450e3a366fda45b345a241c9d4d7444e3eb97476d5a213552cc687a3b599ac0684877f7506fcbf144c0ecc6ec4df3db71271f4e8f15140222849e01d4b87a834cc06a2dd125ad186366403356f6f776eebf28550985eab0353ad9123631f169ccdb9b205633ae1f4681b1705359553ee0004ff308204fb30820464a0030201020202010d300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20
EAP-Message = 0x496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3034303632393137303632305a170d3234303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e2041
EAP-Message = 0x7574686f72697479
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9d79b2f73274aff712b2f00b6
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=140, length=189
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x020500061900
State = 0xd49e36c9d79b2f73274aff712b2f00b6
Message-Authenticator = 0x9ec74e0c00607db2edacb61d1b700cc1
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 140 to 172.29.96.12 port 32770
EAP-Message = 0x010603fc194030820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af679
EAP-Message = 0x98bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a38201e1308201dd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e33081d20603551d230481ca3081c7a181c1a481be3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c696365
EAP-Message = 0x72742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d820101300f0603551d130101ff040530030101ff303306082b0601050507010104273025302306082b060105050730018617687474703a2f2f6f6373702e676f64616464792e636f6d30440603551d1f043d303b3039a037a0358633687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f726f6f742e63726c304b0603551d200444304230400604551d20003038303606082b06010505070201162a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265
EAP-Message = 0x706f7369746f7279300e0603551d0f0101ff040403020106300d06092a864886f70d010105050003818100b540f9a71df6eafea41a425a44f715d4854689c0be9ee3e3ebc5e358898f929f57a8712c48d181b2791fac063519b04e0e581b14b39881d1041ec807c9839f78440a180b98dc767a650d0d6d80c40b011ccbad473e71be774bcc0677d0f4566b1f4b139a148a8823a851f0834cab35bf467e39dc75a4aee829fbef398f4f55670002eb308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56
EAP-Message = 0x616c69436572742c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9d0982f73274aff712b2f00b6
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=141, length=189
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x020600061900
State = 0xd49e36c9d0982f73274aff712b2f00b6
Message-Authenticator = 0xe05eeee2303af026be7fad920f5ffef9
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 141 to 172.29.96.12 port 32770
EAP-Message = 0x010702a3190020496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420
EAP-Message = 0x436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b3
EAP-Message = 0x43bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9d1992f73274aff712b2f00b6
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=142, length=521
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x0207015019800000014616030101061000010201005b432b8755a040a3d850bd1cf64d409dfa9f571f25d0a8b2736a87497a4b889864e58d9acbe0ae60725f93a894d3f3a16df24499c6b4371579968bc4e1ca9230ff642952a6f9800595e5a0b4433b9bbf7df66a72abcc514e54da2a439f92125ee4bf92c98f708db14829169662802fc169edb214edb084da107b5fd7efafe30106f4557f4124517512e98b69e16141a79ce1b1cd7affc6c8399e1696e1a0b25f8a8cdaf88b5bd8c82ad7f8bb31e7d1797c5e9fa6a6941c5b0fc21ad31fb2b5621044a251f204b9cb4eb1f6447ebf892619dff3306471b68201519262aa201e23f34be88dfe98b588
EAP-Message = 0xa57caf30ff614ada53d2237231b118b6bbe688b8c8ed8a7c14030100010116030100308e9037e7306cfa08b8caedf6b6429bd09816f1ad9a2441c4e818125328f11f6a57fdadbccb441db5d7a2bb81e420d813
State = 0xd49e36c9d1992f73274aff712b2f00b6
Message-Authenticator = 0xcb68aa406d823249421f53ff9e0390f4
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 142 to 172.29.96.12 port 32770
EAP-Message = 0x0108004119001403010001011603010030473d636167fd83d5dc5a3a2e40dcb302e40fa367f1797b2594927ac721534ceb7e508047a879058822fe071a5e22338e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9d2962f73274aff712b2f00b6
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=143, length=189
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x020800061900
State = 0xd49e36c9d2962f73274aff712b2f00b6
Message-Authenticator = 0xa50dd8c7b7903bb92adae1d69f79050c
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 143 to 172.29.96.12 port 32770
EAP-Message = 0x0109002b19001703010020cd1e78092927b4855607aacea86ad8367180057727f480740fe3ea16c6349367
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9d3972f73274aff712b2f00b6
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.29.96.12 port 32770, id=144, length=242
User-Name = "daalexander"
Calling-Station-Id = "00-1B-63-01-05-EC"
Called-Station-Id = "00-26-99-99-04-00:SecTest"
NAS-Port = 29
NAS-IP-Address = 172.29.96.12
NAS-Identifier = "WLC07"
Airespace-Wlan-Id = 3
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "168"
EAP-Message = 0x0209003b190017030100303f944108b58e1687f549ee0a6634c971a60262d758410d0c32c2ef098c783d014dbef36e60e853494600e2dbec196690
State = 0xd49e36c9d3972f73274aff712b2f00b6
Message-Authenticator = 0x00f52d23893812a143d007ea7aa0f377
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - daalexander
[peap] Got tunneled request
EAP-Message = 0x02090010016461616c6578616e646572
server {
PEAP: Got tunneled identity of daalexander
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to daalexander
Sending tunneled request
EAP-Message = 0x02090010016461616c6578616e646572
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "daalexander"
server inner-tunnel {
+- entering group authorize {...}
++[mschap] returns noop
[suffix] No '@' in User-Name = "daalexander", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 16
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[ldap] performing user authorization for daalexander
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> daalexander
[ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=daalexander)
[ldap] expand: dc=vassar,dc=edu -> dc=vassar,dc=edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to localhost:389, authentication 0
[ldap] bind as cn=xxxxxxx,ou=adminaccounts,dc=vassar,dc=edu/xxxxx to localhost:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=vassar,dc=edu, with filter (uid=daalexander)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] ntPassword -> NT-Password == 0x3036364444464434454630453943443743323536464537373139314546343343
[ldap] lmPassword -> LM-Password == 0x4644413935464245434132383844343441414433423433354235313430344545
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user daalexander authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x010a00251a010a002010aab39a9fb2cb8ef3a895e8037f3052b86461616c6578616e646572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x392811c839220b45ab2a5ab19406d4bd
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010a00251a010a002010aab39a9fb2cb8ef3a895e8037f3052b86461616c6578616e646572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x392811c839220b45ab2a5ab19406d4bd
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 144 to 172.29.96.12 port 32770
EAP-Message = 0x010a004b190017030100407e9385d27c1208e7fdd8ce923709d05a312b7909503b539531836ff3efd5b21efc1af7cd1c82e6ea57c1b487c6d902fcf3a8d2d228cb7623fd005977b8aaef14
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd49e36c9dc942f73274aff712b2f00b6
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 136 with timestamp +44
Cleaning up request 1 ID 137 with timestamp +44
Cleaning up request 2 ID 138 with timestamp +44
Cleaning up request 3 ID 139 with timestamp +44
Cleaning up request 4 ID 140 with timestamp +44
Cleaning up request 5 ID 141 with timestamp +44
Cleaning up request 6 ID 142 with timestamp +44
Cleaning up request 7 ID 143 with timestamp +44
Cleaning up request 8 ID 144 with timestamp +44
Ready to process requests.
More information about the Freeradius-Users
mailing list