problems with dynamic vlan assignment
Eric Doutreleau
Eric.Doutreleau at it-sudparis.eu
Wed Sep 15 23:43:46 CEST 2010
Hi
i m using freeradius 2.1.9 and i have some problems with making dynamic
vlan assignment based on vlan.
here what i have in my users file
DEFAULT User-Category == "student"
Reply-Message = "Your a member of the student Group",
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 902,
Fall-Through = No
DEFAULT User-Category == "employee"
Reply-Message = "Your a member of the employee Group",
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 903,
Fall-Through = No
But as you can see in the following debug file my user is authenticated
his radius item User-Category is employee but he never get the
attributes of vlan in the request
i should have miss somzthing in the config but i really don't know what
it would
if someone could help it would be nice of him
thanks in advance
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=0, length=156
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001d01616e6f6e796d6f75734069742d73756470617269732e6575
Message-Authenticator = 0x655a4cf276129e501708baa724ba2f45
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 29
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 157.159.21.100 port 54360
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad2c248cad3dbc77d62ac2477a6a4d7
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=1, length=267
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0201007a198000000070160301006b0100006703014c913a474dd515c94c7a11b6c82fb05b485f0fb7ad9e99eea7d57dae2727462b00003a00390038008800870035008400160013000a00330032009a009900450044002f00960041000500040015001200090014001100080006000300ff0100000400230000
State = 0xcad2c248cad3dbc77d62ac2477a6a4d7
Message-Authenticator = 0x82417f0f4dca6902ac81a953b6b49945
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 122
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 112
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 006b], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0501], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 1 to 157.159.21.100 port 54360
EAP-Message =
0x0102040019c0000006d716030100310200002d03014c913a24c6bdba8fbaf1358e676eb8e8cd31103d42e65fcd42b43890a0cf78b9000039000005ff0100010016030105010b0004fd0004fa0004f7308204f3308203dba003020102021100e03d6494c48a6582b19e99ddbf443528300d06092a864886f70d01010505003036310b3009060355040613024e4c310f300d060355040a1306544552454e41311630140603550403130d544552454e412053534c204341301e170d3130303930393030303030305a170d3133303930383233353935395a3075310b3009060355040613024652310d300b060355040713044576727931283026060355040a
EAP-Message =
0x0c1f54c3a96cc3a9636f6d2026204d616e6167656d656e74205375645061726973310d300b060355040b130444495349311e301c060355040313157261646975732e69742d73756470617269732e657530819f300d06092a864886f70d010101050003818d0030818902818100c55737ea4c14a7e16b93f65f6b9f672078e843bdbf1359e41f1a9dc14830eb2c1aeba9e90baa84a10ec41ccd24344f0b27d7ca8ca9580b7d0a41bcecf32b09ed5396b60c3fcbd9d0f386adee4d528bedeca7e5e5f497937966dcbbb0baeb703f9ca1e165c0cd713c8394eeac27108fa1d7d5abad255d50c7f886e56e067c4c2b0203010001a382023f3082023b301f06
EAP-Message =
0x03551d230418301680140cbd93680cf3deaba3496b2b375747ea90e3b9ed301d0603551d0e041604147380c4ebd5a0c9efd8be000147723c859656176b300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b0601050507030230180603551d200411300f300d060b2b06010401b2310102021d303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e7463732e746572656e612e6f72672f544552454e4153534c43412e63726c306d06082b060105050701010461305f303506082b060105050730028629687474703a2f2f6372742e7463732e
EAP-Message =
0x746572656e612e6f72672f544552454e4153534c43412e637274302606082b06010505073001861a687474703a2f2f6f6373702e7463732e746572656e612e6f72673081f60603551d110481ee3081eb82157261646975732e69742d73756470617269732e65758213617574682e69742d73756470617269732e65758212617574682e74656c65636f6d2d656d2e65758218617574682e74656c65636f6d2d73756470617269732e65758216656475726f616d2e69742d73756470617269732e65758215656475726f616d2e74656c65636f6d2d656d2e6575821b656475726f616d2e74656c65636f6d2d73756470617269732e657582157261646669
EAP-Message = 0x6c7475782e696e742d657672
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad2c248cbd0dbc77d62ac2477a6a4d7
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=2, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061900
State = 0xcad2c248cbd0dbc77d62ac2477a6a4d7
Message-Authenticator = 0xe739f49b077f5fe66833b1c06c6aa246
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 157.159.21.100 port 54360
EAP-Message =
0x010302e71900792e6672821872616466696c7475782e69742d73756470617269732e657582127261646975732e696e742d657672792e6672300d06092a864886f70d01010505000382010100981110a5a967ab5239ad83c6cc8a052e076b549711efbfd8a1849832633cc3c1d320e78b73df288e2be7e1db2849caea0d08447cb4d6a5c861a2e8f2c522388795b9e0c0a67cf23e28e6ede9ab76d61030fe4d4728ca4a2aa009f027ee71029f0ed72a124e4b0d6d5780eedeb7366b66a944f399d040652561bb82898163a273c8cc84f00c5ff323f3eeaefbf0901d889f88250f40ec69738d14807c44a0bcc1188849cd50ca19ab2b68f9b0a20b5f9e1d
EAP-Message =
0xb494542aa9f68a6458324fe737befaad83e80dfe79accb5468b7a16add16b138ce64eca73c7b8bdc6ac7e509623dd1416e58e2e66b0eb20f581c69f8ab66daeb745ba875d98c2e9e5b4c9227cad3d7160301018d0c0001890080e65ec2fd868598b9e50b7a44362e8377790373dd047b7e26e1aee4c5fc8ec05662adb9fdef3963c5829b6d126c3f8c55e633e870b773163b4308aa305e3dc6cabcdc3e0133addd332b35b98f57e201174f1217e27ea2d3dad122897d90ae8df27cfee20a17880976f4bfda7aa37f97d80e3048d766a7c314e2d25611836b698300010200809d4a3e7def72f63446bc291600b35fd7866651354389b6dcbf96c787a6a4
EAP-Message =
0x66ecbe55ed6ba388aa4899548001a777f0a2faf056dafd96c46f2cec581c53c34dea87dc6dc8b2b67c871891044e2a8ab8e88e58b4126c59bb62f1085c1c332fbb3750970f7dd208c76cd69cf7a2fcd413fa55b091960d5c14d91f9dbd046353a4bc00804f3b061d2054dd3a82a28085b92cb1815b48323acdd863da4d6bd13014d7013e044a5a88feaa98d886d6d9619054c15f7e8b3d3dbc7d556f259b17993cc9834875223555107d0e3292f6b21a8e3f0072fadda38d5b644eba9a34e942b81a036e747875f369a9de4dad45b5c86a212ff6b8b11ba553c6317b17bc74c807a8635a16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad2c248c8d1dbc77d62ac2477a6a4d7
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=3, length=353
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020300d01980000000c616030100861000008200801514cc8cef421b9251bf1f6f7c646d816d5b2254643002e1daba2843c2d9dbe6bebf083ab05ffbfc72928ad595a9ac8bba8e8265abfb5dcd92cadbcad419ada21df214eebc010828408f5000258dd841343c4f056d0135b7f4155368a7a71ee4a5d4f7ef974084404ccce579a2d04a6c59c5dc0944eedce2f45279c6739a927514030100010116030100304fcfcb5a0aaa9d0205a9a8a007488ffd1ca740968a757ec27fe5f91290ac662df2628e3545cdc6f8b91978a18c58799b
State = 0xcad2c248c8d1dbc77d62ac2477a6a4d7
Message-Authenticator = 0x1cc3c284b278964dbab9cd7ad5709711
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 157.159.21.100 port 54360
EAP-Message =
0x0104004119001403010001011603010030482e3d1d05e8d58e4731a13bd683be33e5acb5d9407e5c200cdb7ee466c7d7a97a798b9ff29acef48814300adfc28d76
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad2c248c9d6dbc77d62ac2477a6a4d7
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=4, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061900
State = 0xcad2c248c9d6dbc77d62ac2477a6a4d7
Message-Authenticator = 0xab8b466de748a32884881aedd0cf14ef
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 4 to 157.159.21.100 port 54360
EAP-Message =
0x0105002b19001703010020b2fd227a527903cc82e50d617a832244f7311b1458336ee185e9d8ee80aa6253
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad2c248ced7dbc77d62ac2477a6a4d7
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=5, length=225
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020500501900170301002002602c7db9a8fef22b9476f78b9034f00ec1aa4a84ffd12bb66b175278593b6f1703010020da03a9cf77e5f9050a0ef374989e7dcd54d8a8b3f7e8df59f2d13889f7397836
State = 0xcad2c248ced7dbc77d62ac2477a6a4d7
Message-Authenticator = 0x7d1bb565a68021a8e14e1b76d6e05d4e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - doutrele
[peap] Got tunneled request
EAP-Message = 0x0205000d01646f757472656c65
server {
PEAP: Got tunneled identity of doutrele
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to doutrele
Sending tunneled request
EAP-Message = 0x0205000d01646f757472656c65
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "doutrele"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "doutrele", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "doutrele"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] EAP packet type response id 5 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for doutrele
[ldap] expand: %{Stripped-User-Name} -> doutrele
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=doutrele)
[ldap] expand: dc=int-evry,dc=fr -> dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to ldapdev.int-evry.fr:389, authentication 0
[ldap] bind as cn=admin,dc=int-evry,dc=fr/admldap to
ldapdev.int-evry.fr:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=int-evry,dc=fr, with filter (uid=doutrele)
[ldap] looking for check items in directory...
[ldap] sambaNtPassword -> NT-Password ==
0x3846343134354531463530334232353337443430363846343942363633434143
[ldap] sambaLmPassword -> LM-Password ==
0x4434413632394242394536303843323438423045413541374446313335423033
[ldap] looking for reply items in directory...
[ldap] eduPersonPrimaryAffiliation -> User-Category = "employee"
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
[ldap] user doutrele authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
User-Category = "employee"
EAP-Message =
0x010600221a0106001d10772702eafa9c1ba832502c45eff3eb34646f757472656c65
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbd5ae7b1bd5cfd560e8d64f9174929bb
[peap] Got tunneled reply RADIUS code 11
User-Category = "employee"
EAP-Message =
0x010600221a0106001d10772702eafa9c1ba832502c45eff3eb34646f757472656c65
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbd5ae7b1bd5cfd560e8d64f9174929bb
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 5 to 157.159.21.100 port 54360
EAP-Message =
0x0106004b190017030100400c86e6dc207e2cc7603991c7a1ca4e9e4c93e74004010a6fb62efdaec1e55783fef484c83973c964c31d5ee8d31d773625345fab5aa74c4f53c6becd0f1dcbcf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad2c248cfd4dbc77d62ac2477a6a4d7
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=6, length=289
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0206009019001703010020c49c71ba6a0ad62564b8a94ee33c3233374ee4e20affb6377e64d687bbc939b11703010060248cc1e2e0c15c8f8cc4500d3de900956d807d60cf18be6450c81a1998f59938229ed4130b8b70b590d382f72420941d775beb2d95db65aeb961c0e5b936fc801a7d6aa5ed180878c2f6f34cc69538fe90c72b9f40085fdcf23881d2201c2112
State = 0xcad2c248cfd4dbc77d62ac2477a6a4d7
Message-Authenticator = 0x748598f4105e6fd40ff0f2d220aa3eb9
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020600431a0206003e31ad80725308b05eb4b1a1c08cf773d7600000000000000000e09cf3637ec00ccc4fb3fc2ed07bdd7e96e434c654ebaf3a00646f757472656c65
server {
PEAP: Setting User-Name to doutrele
Sending tunneled request
EAP-Message =
0x020600431a0206003e31ad80725308b05eb4b1a1c08cf773d7600000000000000000e09cf3637ec00ccc4fb3fc2ed07bdd7e96e434c654ebaf3a00646f757472656c65
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "doutrele"
State = 0xbd5ae7b1bd5cfd560e8d64f9174929bb
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "doutrele", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "doutrele"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] EAP packet type response id 6 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for doutrele
[ldap] expand: %{Stripped-User-Name} -> doutrele
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=doutrele)
[ldap] expand: dc=int-evry,dc=fr -> dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=int-evry,dc=fr, with filter (uid=doutrele)
[ldap] looking for check items in directory...
[ldap] sambaNtPassword -> NT-Password ==
0x3846343134354531463530334232353337443430363846343942363633434143
[ldap] sambaLmPassword -> LM-Password ==
0x4434413632394242394536303843323438423045413541374446313335423033
[ldap] looking for reply items in directory...
[ldap] eduPersonPrimaryAffiliation -> User-Category = "employee"
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
[ldap] user doutrele authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap] Told to do MS-CHAPv2 for doutrele with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
User-Category = "employee"
EAP-Message =
0x010700331a0306002e533d37424233333344414638344334353234373345434636363634343638453932333837444536463846
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbd5ae7b1bc5dfd560e8d64f9174929bb
[peap] Got tunneled reply RADIUS code 11
User-Category = "employee"
EAP-Message =
0x010700331a0306002e533d37424233333344414638344334353234373345434636363634343638453932333837444536463846
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbd5ae7b1bc5dfd560e8d64f9174929bb
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 6 to 157.159.21.100 port 54360
EAP-Message =
0x0107005b19001703010050ec249a0c4d32e6def6e9aeb3357a17a1d09b28cc525ab8723d6a2ae20fd7066a17d11f6659d0806edeea86ed0f931d84abdc0b63571700eada94ce21112c405cdbf3505898e13ac6648737fe3a98faf4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad2c248ccd5dbc77d62ac2477a6a4d7
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=7, length=225
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0207005019001703010020dd3585a2fd072451d06cbff7c672598a7828eeb3ca9906009627abdd66e07bee170301002065a6b4951d3a3c4bf66102b8d2cded42880a5980ccbc9f6876b82f9d4b5f4c57
State = 0xcad2c248ccd5dbc77d62ac2477a6a4d7
Message-Authenticator = 0x0198edb8c100054204965aff380de732
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700061a03
server {
PEAP: Setting User-Name to doutrele
Sending tunneled request
EAP-Message = 0x020700061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "doutrele"
State = 0xbd5ae7b1bc5dfd560e8d64f9174929bb
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "doutrele", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "doutrele"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] EAP packet type response id 7 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for doutrele
[ldap] expand: %{Stripped-User-Name} -> doutrele
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=doutrele)
[ldap] expand: dc=int-evry,dc=fr -> dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=int-evry,dc=fr, with filter (uid=doutrele)
[ldap] looking for check items in directory...
[ldap] sambaNtPassword -> NT-Password ==
0x3846343134354531463530334232353337443430363846343942363633434143
[ldap] sambaLmPassword -> LM-Password ==
0x4434413632394242394536303843323438423045413541374446313335423033
[ldap] looking for reply items in directory...
[ldap] eduPersonPrimaryAffiliation -> User-Category = "employee"
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
[ldap] user doutrele authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[files] returns noop
} # server inner-tunnel
[peap] Got tunneled reply code 2
User-Category = "employee"
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "doutrele"
[peap] Got tunneled reply RADIUS code 2
User-Category = "employee"
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "doutrele"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 7 to 157.159.21.100 port 54360
EAP-Message =
0x0108002b19001703010020929b1abc3e1705cbf933e7e801a5354ae3a6f3399037480a464f2a2550b98f7f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcad2c248cddadbc77d62ac2477a6a4d7
Finished request 7.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=8, length=225
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x02080050190017030100207ec1199edf4cf1834a3e8e7a858fff1a28c3ce3cf2b04ac072813cc2f3c90f67170301002030bcc0f7c0addcc364b1dbef6349769ec9e4200c23e3092502c65ec6c64f3ab4
State = 0xcad2c248cddadbc77d62ac2477a6a4d7
Message-Authenticator = 0x356e2d5f5a5a58689d1111a18270f65a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 8 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 8 to 157.159.21.100 port 54360
MS-MPPE-Recv-Key =
0x22d62fec650e593576a03a40cbcad77e540cdd3ba53b4a757d5c469cb40d1d15
MS-MPPE-Send-Key =
0xc1d6f7b5504b2595ce899f1cb2e0abfb68fe5224695c9d3b7157cdd5727ed058
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "anonymous"
Finished request 8.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=9, length=156
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001d01616e6f6e796d6f75734069742d73756470617269732e6575
Message-Authenticator = 0x209c9f1654d33cc3294474a7f994cfb7
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 29
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 9 to 157.159.21.100 port 54360
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268659fd268740823ac0ee159d033676
Finished request 9.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=10, length=267
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0201007a198000000070160301006b0100006703014c913a477d4a75e0cddafcb5987734716c23a52fbbbcb4ba3c65ede4ef78fee800003a00390038008800870035008400160013000a00330032009a009900450044002f00960041000500040015001200090014001100080006000300ff0100000400230000
State = 0x268659fd268740823ac0ee159d033676
Message-Authenticator = 0x1a5b6f8f646acb964649c60dd57e8503
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 122
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 112
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 006b], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0501], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 10 to 157.159.21.100 port 54360
EAP-Message =
0x0102040019c0000006d716030100310200002d03014c913a248cf8b802e852566db88e91550ceb93e3316b48d3f714169b2b013d83000039000005ff0100010016030105010b0004fd0004fa0004f7308204f3308203dba003020102021100e03d6494c48a6582b19e99ddbf443528300d06092a864886f70d01010505003036310b3009060355040613024e4c310f300d060355040a1306544552454e41311630140603550403130d544552454e412053534c204341301e170d3130303930393030303030305a170d3133303930383233353935395a3075310b3009060355040613024652310d300b060355040713044576727931283026060355040a
EAP-Message =
0x0c1f54c3a96cc3a9636f6d2026204d616e6167656d656e74205375645061726973310d300b060355040b130444495349311e301c060355040313157261646975732e69742d73756470617269732e657530819f300d06092a864886f70d010101050003818d0030818902818100c55737ea4c14a7e16b93f65f6b9f672078e843bdbf1359e41f1a9dc14830eb2c1aeba9e90baa84a10ec41ccd24344f0b27d7ca8ca9580b7d0a41bcecf32b09ed5396b60c3fcbd9d0f386adee4d528bedeca7e5e5f497937966dcbbb0baeb703f9ca1e165c0cd713c8394eeac27108fa1d7d5abad255d50c7f886e56e067c4c2b0203010001a382023f3082023b301f06
EAP-Message =
0x03551d230418301680140cbd93680cf3deaba3496b2b375747ea90e3b9ed301d0603551d0e041604147380c4ebd5a0c9efd8be000147723c859656176b300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b0601050507030230180603551d200411300f300d060b2b06010401b2310102021d303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e7463732e746572656e612e6f72672f544552454e4153534c43412e63726c306d06082b060105050701010461305f303506082b060105050730028629687474703a2f2f6372742e7463732e
EAP-Message =
0x746572656e612e6f72672f544552454e4153534c43412e637274302606082b06010505073001861a687474703a2f2f6f6373702e7463732e746572656e612e6f72673081f60603551d110481ee3081eb82157261646975732e69742d73756470617269732e65758213617574682e69742d73756470617269732e65758212617574682e74656c65636f6d2d656d2e65758218617574682e74656c65636f6d2d73756470617269732e65758216656475726f616d2e69742d73756470617269732e65758215656475726f616d2e74656c65636f6d2d656d2e6575821b656475726f616d2e74656c65636f6d2d73756470617269732e657582157261646669
EAP-Message = 0x6c7475782e696e742d657672
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268659fd278440823ac0ee159d033676
Finished request 10.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=11, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061900
State = 0x268659fd278440823ac0ee159d033676
Message-Authenticator = 0x67328520e6fdbf6163942511315364f2
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 11 to 157.159.21.100 port 54360
EAP-Message =
0x010302e71900792e6672821872616466696c7475782e69742d73756470617269732e657582127261646975732e696e742d657672792e6672300d06092a864886f70d01010505000382010100981110a5a967ab5239ad83c6cc8a052e076b549711efbfd8a1849832633cc3c1d320e78b73df288e2be7e1db2849caea0d08447cb4d6a5c861a2e8f2c522388795b9e0c0a67cf23e28e6ede9ab76d61030fe4d4728ca4a2aa009f027ee71029f0ed72a124e4b0d6d5780eedeb7366b66a944f399d040652561bb82898163a273c8cc84f00c5ff323f3eeaefbf0901d889f88250f40ec69738d14807c44a0bcc1188849cd50ca19ab2b68f9b0a20b5f9e1d
EAP-Message =
0xb494542aa9f68a6458324fe737befaad83e80dfe79accb5468b7a16add16b138ce64eca73c7b8bdc6ac7e509623dd1416e58e2e66b0eb20f581c69f8ab66daeb745ba875d98c2e9e5b4c9227cad3d7160301018d0c0001890080e65ec2fd868598b9e50b7a44362e8377790373dd047b7e26e1aee4c5fc8ec05662adb9fdef3963c5829b6d126c3f8c55e633e870b773163b4308aa305e3dc6cabcdc3e0133addd332b35b98f57e201174f1217e27ea2d3dad122897d90ae8df27cfee20a17880976f4bfda7aa37f97d80e3048d766a7c314e2d25611836b698300010200806312b064d432faa984ffa915f8cb2088a7285974a96135d68dce37a85701
EAP-Message =
0x357443dafae946cb8583e130e0352ebc0209678bd9615b4ea9b19c9f3300d86087c38a2e32f9ace7053804c11b9639ee62a32642357df913fad79ee9f8767d3101f039c272436c0d9fd6f0127a36bfa3f15c1f7c05e5964dc49edccbc07e430fdc86008096ff6f76a0017fcdcd2b9f49571f9329f5e2646407cd5ca2ad5a107f40fce50309a4bfd7f301bd26da8e7a287862684c06a5c5d91bf179a6652676f55f51d8303361a3b5c06acc228f0c1a88b5c8d85e159d9c769c5fe3db2c365d26ddfbe63acca015129d6d4f3441ca010c5f48e6f626e3456fd5ee90231cfd9eeb46c2996f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268659fd248540823ac0ee159d033676
Finished request 11.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=12, length=353
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020300d01980000000c61603010086100000820080a532d539c23b716fd99967cca03ca383b4a9964c07b863f5fecfc9cb854a72e079b4d045665f5675f4dc03d8565282bad8fef82e912a5b031f148cf90234bbc92e5ffcacbbfc4d7e91477bae66bd95e22f465b530fbb0017da53cfb69b8c95da7114ad1900cab4e19e4cbcad18209735266a33114bf75efc04082f5d23239a55140301000101160301003098dc3a9750d9b3e46edeabed8465d9f021a3de531ebd757475c7720e075e003bdb6601a68070fdd3a9d24a01210a255c
State = 0x268659fd248540823ac0ee159d033676
Message-Authenticator = 0xe7361cb0dcb8744cd2e3c79a1e3397e3
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 12 to 157.159.21.100 port 54360
EAP-Message =
0x01040041190014030100010116030100305434b4505f9e38783bce6ccd9077ed706c6136fb44420c636820a7462bdce7ea959c6ea9c4fb093604e78cb213722a2c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268659fd258240823ac0ee159d033676
Finished request 12.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=13, length=151
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061900
State = 0x268659fd258240823ac0ee159d033676
Message-Authenticator = 0x71d88f3eff06b67f64686e7dd6fb475b
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 13 to 157.159.21.100 port 54360
EAP-Message =
0x0105002b19001703010020c27c36e26c7a210558ff69f8b13b888aef215bbf2ce97d69f4cb0521433b0a6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268659fd228340823ac0ee159d033676
Finished request 13.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=14, length=225
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020500501900170301002068a3b06ae07eae4e0dc0a06ed9af4fc0cdebf4128489b7e45bab1c7f20cf79691703010020ab74a837a52917a8caafedeae7a26271f80d3d9c97e539eddc779d2c7b0ab546
State = 0x268659fd228340823ac0ee159d033676
Message-Authenticator = 0xbc0903a9455d85bc3717e62e28cc713a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - doutrele
[peap] Got tunneled request
EAP-Message = 0x0205000d01646f757472656c65
server {
PEAP: Got tunneled identity of doutrele
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to doutrele
Sending tunneled request
EAP-Message = 0x0205000d01646f757472656c65
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "doutrele"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "doutrele", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "doutrele"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] EAP packet type response id 5 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for doutrele
[ldap] expand: %{Stripped-User-Name} -> doutrele
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=doutrele)
[ldap] expand: dc=int-evry,dc=fr -> dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=int-evry,dc=fr, with filter (uid=doutrele)
[ldap] looking for check items in directory...
[ldap] sambaNtPassword -> NT-Password ==
0x3846343134354531463530334232353337443430363846343942363633434143
[ldap] sambaLmPassword -> LM-Password ==
0x4434413632394242394536303843323438423045413541374446313335423033
[ldap] looking for reply items in directory...
[ldap] eduPersonPrimaryAffiliation -> User-Category = "employee"
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
[ldap] user doutrele authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
User-Category = "employee"
EAP-Message =
0x010600221a0106001d10a246c3c6516b9d77ea1d3015a7a84abb646f757472656c65
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb69c907bb69a8aaa3577bd2d0d1d3df6
[peap] Got tunneled reply RADIUS code 11
User-Category = "employee"
EAP-Message =
0x010600221a0106001d10a246c3c6516b9d77ea1d3015a7a84abb646f757472656c65
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb69c907bb69a8aaa3577bd2d0d1d3df6
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 14 to 157.159.21.100 port 54360
EAP-Message =
0x0106004b19001703010040c9ce0f68b431ebd559ed9175c87b80c001d5c5c4269aa5a0da2615fa72da470cf0641e9f5505789cd55c146b11b90bc11cae625a450a5b5cadc16e3540b1e52c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268659fd238040823ac0ee159d033676
Finished request 14.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=15, length=289
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0206009019001703010020597cb64242f127a633edf6d83d9f753ad475e95f379a7a1efdc0d7dd62776011170301006090b9ad6ba6fa6c3042576000705030c6afed7e1d1dec688985936692dedd820826a1ceb87fa6867d05c7b7bc67f49c73338f2309f538172daddaf15656cef2172c77db8da21d259b53e7e8f9dbbab4282754f556c079b04defe4c92ce4374818
State = 0x268659fd238040823ac0ee159d033676
Message-Authenticator = 0x7d1093b42b7c313f5eb3aaad4e29921e
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020600431a0206003e310cc550d72183ae211d145eb7177df37000000000000000002fcfa8c1e0adf00cb92ed7a9aa47cc7b5f28dc099c500ad500646f757472656c65
server {
PEAP: Setting User-Name to doutrele
Sending tunneled request
EAP-Message =
0x020600431a0206003e310cc550d72183ae211d145eb7177df37000000000000000002fcfa8c1e0adf00cb92ed7a9aa47cc7b5f28dc099c500ad500646f757472656c65
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "doutrele"
State = 0xb69c907bb69a8aaa3577bd2d0d1d3df6
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "doutrele", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "doutrele"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] EAP packet type response id 6 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for doutrele
[ldap] expand: %{Stripped-User-Name} -> doutrele
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=doutrele)
[ldap] expand: dc=int-evry,dc=fr -> dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=int-evry,dc=fr, with filter (uid=doutrele)
[ldap] looking for check items in directory...
[ldap] sambaNtPassword -> NT-Password ==
0x3846343134354531463530334232353337443430363846343942363633434143
[ldap] sambaLmPassword -> LM-Password ==
0x4434413632394242394536303843323438423045413541374446313335423033
[ldap] looking for reply items in directory...
[ldap] eduPersonPrimaryAffiliation -> User-Category = "employee"
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
[ldap] user doutrele authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap] Told to do MS-CHAPv2 for doutrele with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
User-Category = "employee"
EAP-Message =
0x010700331a0306002e533d33303532464242454231393239443232383846343545353937433343453944383146344642363543
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb69c907bb79b8aaa3577bd2d0d1d3df6
[peap] Got tunneled reply RADIUS code 11
User-Category = "employee"
EAP-Message =
0x010700331a0306002e533d33303532464242454231393239443232383846343545353937433343453944383146344642363543
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb69c907bb79b8aaa3577bd2d0d1d3df6
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 15 to 157.159.21.100 port 54360
EAP-Message =
0x0107005b19001703010050e632c5330ad9f069d55ce38adf081de60ffff8938c3878638e7f5099feb365b46747f065e913f9aa378b80d67149abad23532bc66a0b54fb9cdfb6c1d55deb1315b640f0bff8492abc792a5f3e6c36a1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268659fd208140823ac0ee159d033676
Finished request 15.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=16, length=225
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x02070050190017030100205537c71649b782859d409fc6d9470580de6ea4ff25c7d8f29b7b3474d87f4e9a17030100203bc3e97a5dab221d36cfef355c2e12f1397b296ca95c9eca15bdf19251ff5f2a
State = 0x268659fd208140823ac0ee159d033676
Message-Authenticator = 0xb76c598918241bc7970283f80dae8b9f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700061a03
server {
PEAP: Setting User-Name to doutrele
Sending tunneled request
EAP-Message = 0x020700061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "doutrele"
State = 0xb69c907bb79b8aaa3577bd2d0d1d3df6
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "doutrele", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "doutrele"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] EAP packet type response id 7 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for doutrele
[ldap] expand: %{Stripped-User-Name} -> doutrele
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=doutrele)
[ldap] expand: dc=int-evry,dc=fr -> dc=int-evry,dc=fr
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=int-evry,dc=fr, with filter (uid=doutrele)
[ldap] looking for check items in directory...
[ldap] sambaNtPassword -> NT-Password ==
0x3846343134354531463530334232353337443430363846343942363633434143
[ldap] sambaLmPassword -> LM-Password ==
0x4434413632394242394536303843323438423045413541374446313335423033
[ldap] looking for reply items in directory...
[ldap] eduPersonPrimaryAffiliation -> User-Category = "employee"
WARNING: No "known good" password was found in LDAP. Are you sure that
the user is configured correctly?
[ldap] user doutrele authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[files] returns noop
} # server inner-tunnel
[peap] Got tunneled reply code 2
User-Category = "employee"
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "doutrele"
[peap] Got tunneled reply RADIUS code 2
User-Category = "employee"
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "doutrele"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 16 to 157.159.21.100 port 54360
EAP-Message =
0x0108002b190017030100201bc2994f26ea599852815a48852b623a8a708485dfd96258e03a85adf942b362
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268659fd218e40823ac0ee159d033676
Finished request 16.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 157.159.21.100 port 54360,
id=17, length=225
User-Name = "anonymous at it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x02080050190017030100201b6bb71d045bbd397aab6948baac2fb2b76c4195d9654d7f29ff68628e26524b1703010020090ab9ed9dcd6032948f868e18f79c4e4befd935c4bf295f70ad0370772a986e
State = 0x268659fd218e40823ac0ee159d033676
Message-Authenticator = 0x77d82030e53af4f2c9b848972bae2188
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonymous at it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 8 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 17 to 157.159.21.100 port 54360
MS-MPPE-Recv-Key =
0x4dd99a0dc82263a2c33055682f321f5c8f87b27b19da448cf0854ded5f242689
MS-MPPE-Send-Key =
0x996340b45c88e53f2dd54aff5270ad77d58d66b608cfb312c7c824dfe0dcef65
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "anonymous"
Finished request 17.
Going to the next request
Waking up in 4.2 seconds.
More information about the Freeradius-Users
mailing list