The last piece of the puzzle - XP host authentication
East, Bill
eastb at pffcu.org
Mon Apr 18 21:39:30 CEST 2011
After my first install of FR (2.1.10) I quickly got into a twisty maze of config files, all different. I resolved, after quite a bit of research and poking around, to wipe the install clean and start over. Which I did.
So now I've got, by carefully following the help pages on the site, the ability to login and enable on my switches using our Active Directory credentials, and the ability to do port authorization using the same credentials - provided that the user information is cached on the workstation of course. I generated the certificates and installed the root cert on the clients and they appear to be working correctly. I'm really quite happy with the results so far. What I'm looking for now is the last step, authenticating the hosts so that AD users whose credentials haven't been cached can still log in and then port authorize.
Like the man says, other people are doing it so I know it's not impossible. What seems to be happening from reading the debug is that domain/user requests are coming in using EAP, doing the TLS interchange, then using MSCHAPv2 to verify the credentials. The host requests, on the other hand, do the TLS side but never seem to progress to the mschap portion. I've gone mildly crosseyed reading the debugs but I don't see where it is that I've gone wrong. I'm very new to RADIUS but I've been doing Linux and Windows for a while so I know that this *should* work.
The configuration is: AD 2008 with a Slackware Linux server running the lastest Samba and Kerberos as well as obviously FR. The client is a Windows XP box with the latest service pack. Below is a mildly sanitized copy of radiusd -X with both failed machine logins (LP-0010 is the host) and a successful user (myuser) login.
Thanks for having a look at this.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.04.18 15:25:43 =~=~=~=~=~=~=~=~=~=~=~=
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=190, length=237
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
EAP-Message = 0x0201001b01686f73742f4c502d303031302e70666663752e6f7267
Message-Authenticator = 0x9b19fa15e960a41e27e211d8f1b33a10
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 176
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 190 to 192.168.999.7 port 4815
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4f47b7a34f45aeed84d0f0a572607961
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=191, length=315
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x4f47b7a34f45aeed84d0f0a572607961
EAP-Message = 0x0202005719800000004d16030100480100004403014dac90982dabda3d66a5f26d5da94e79cd801480e05dc321acbf9a30f85fe45000001600040005000a0009006400620003000600130012006301000005ff01000100
Message-Authenticator = 0xc430c8a708ade14f4e3e71aefbaba831
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0883], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 191 to 192.168.999.7 port 4815
EAP-Message = 0x0103040019c0000008c0160301002a0200002603014dac906e63451b67f59266bd8f3c0b11c93f0e91e1379a7c5fef9506ed97dcf30000040016030108830b00087f00087c0003b5308203b130820299a003020102020102300d06092a864886f70d010104050030819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e7066
EAP-Message = 0x6663752e6f7267301e170d3131303431383136313132345a170d3132303431373136313132345a308183310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311c301a060355040a1313506f6c69636520616e64204669726520464355311a3018060355040313116d6966666c696e2e70666663752e6f72673123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ad3cc6d602bac5213757cd07b59881ae01cfb16ce8f0affd755a2e2ea0dbcd1a60fb5142fe4288b48b96c07498e569
EAP-Message = 0xab2601b42a73a161b0e171d2957d082cabffde39e5e6e9058e958f7b32349efb8765425bc3822ad39287bef9cb5b67369f886d1439c1876e15f057c6a329a52d2f9e23625678497d6945485768447b5903a84a9b2c6c6287291b1b60366ae4e3f0809c8d38f24ea9c040692c2bbd117eeda78fac45695a9e3b8b4a85b3b7fa9f8c7a19d7ad77fe40dbf573c6c573866f926d1a9ca4391ad47d1489526504ea76893c1a39b033ec72a59cad35f9a8e749a0259e787c03cec0df7d7c7763565afeafd06f450afdc881115dcb2f77f3fdb5cb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405
EAP-Message = 0x000382010100cd1bcf97d2ab9635403f1732591d98606e95cc939882656b198bf7b7bf585e159f950e7db747b25720ea1e4b05d91fa6a8bc7b367ed21d749731a803f726438a4942d49bb298322f278163435b6ec5ef9f810f5195ab021dd0aac53cc53494cccf30e6ed6186e9d32cd9cd41c2953173a01e7a7c82998ac7bf0f30451887dd5c0b8750d8bd6afac032a70eab0ea2704f277a0067f102b9e5ad68f9723a3ad65e439f90b782e5cdf2c2a21e5e1ac9ebf1e0d4fdeb370dec3538bd91f4cb925c2b52639e4fcd260462a10b54dc5e04e4110a94bd9fe6a3fe16b28abfb3370aa23b378d60f6fbf461f0e22ce4d988603f88b160210ed7a1e8
EAP-Message = 0xcdc08eb134ef355d3f0004c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4f47b7a34e44aeed84d0f0a572607961
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=192, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x4f47b7a34e44aeed84d0f0a572607961
EAP-Message = 0x020300061900
Message-Authenticator = 0x68ae528241948aee7a09919d712b4b26
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 192 to 192.168.999.7 port 4815
EAP-Message = 0x010403fc1940308204bd308203a5a003020102020900ad8d39f4fcae271a300d06092a864886f70d010105050030819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f7267301e170d3131303431383136313132345a170d3132303431373136313132345a30819a310b3009060355040613025553311530
EAP-Message = 0x130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100e43cf5fcf5abf3d6beec6062d1709cd3ccf6bd5d6ba2f54c0f9ec9fa708defdaec3974d3315737519d86b114191dcda2811b89e9b8d2d7ca7ea04002c8c934cde3d550d3bf018f1583026bab19a4a38c5ae5
EAP-Message = 0xa53548a0a1652dc0908a9e06f58d9c473ec7ec55fcefa9c443311684ad6e9dd09ea14cb3d9fcb04a2429f9d1995c062f5b215658143eafdd0116334b0f1849cfef9a24579ea1d6ca31421f52b70d9d00a961408f747f2f2066231124d83c63c3c8b1d69b6f4b5ea50588b2f33b8a40ba8781455db36472bd9b4e85f81f1b82ebf326cd3ac504eb2dea1c5a9e7496f485a62d63d11bead3a4b79ce85453d6617c8b8fca4e1d3e5bb0c68c041c948f0203010001a38201023081ff301d0603551d0e041604146fb361c7649ba640bdf6ea8870cac051daeb9a9e3081cf0603551d230481c73081c480146fb361c7649ba640bdf6ea8870cac051daeb9a9e
EAP-Message = 0xa181a0a4819d30819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f7267820900ad8d39f4fcae271a300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008584a10eba26e3bac7f3a37b0250a525185f77e4cbe920d0d0e3a617dfe22e62954eb79a73d781e27f55c5e1b7
EAP-Message = 0x3c6900c0e5fd63fc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4f47b7a34d43aeed84d0f0a572607961
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=193, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x4f47b7a34d43aeed84d0f0a572607961
EAP-Message = 0x020400061900
Message-Authenticator = 0x8eb6e8c023218ae06d7e860ea6207ee4
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 193 to 192.168.999.7 port 4815
EAP-Message = 0x010500da190000e668530fe5cdedf1fff694c02a985e9dbdaaaaf9915bb3b297c4ddf1ee0601670f0ad3a6b34f9b5959d25b8624147171fc575436a01288e78f2d4344841dd5307a83e6c1d553dbc0731016c4bb35ef324e49b727ccfe896f56ef9603188886b9cf2c7423c77fd441bfa16636772db885276f42a39801d6a334fc20074352933ff6cecfa79ed4b11493ed5a2db327e4b421c3c7fac2f636766698ba79a0cef62a2413ad01d9c31ff9599414e30b6d9d974f2d5430117e202bda0b60bbd6c920c65f7ed6bd1e87e7513d9f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4f47b7a34c42aeed84d0f0a572607961
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=194, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x4f47b7a34c42aeed84d0f0a572607961
EAP-Message = 0x020500061900
Message-Authenticator = 0xc3110d80e879e2d17c0e27c3579b7ffa
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 194 to 192.168.999.7 port 4815
EAP-Message = 0x010600061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4f47b7a34b41aeed84d0f0a572607961
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=195, length=221
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
EAP-Message = 0x020100130150464643555c69732d61646d696e
Message-Authenticator = 0x499c467deab737e75c9aeb71373291f0
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 19
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 176
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 195 to 192.168.999.7 port 4815
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3d90dd76a0f8adddfc0e8388
Finished request 11.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=196, length=307
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3d90dd76a0f8adddfc0e8388
EAP-Message = 0x0202005719800000004d16030100480100004403014dac9098bb5794a6b42e6acdac8cc80598817ec40f55e96ca15c25849e70539f00001600040005000a0009006400620003000600130012006301000005ff01000100
Message-Authenticator = 0x432a5b1dba6a2d810a407f4446ec9607
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0883], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 196 to 192.168.999.7 port 4815
EAP-Message = 0x0103040019c0000008c0160301002a0200002603014dac906ee7a8c363c834c5e2a9317a2844710cf666f003ae6244e933862998960000040016030108830b00087f00087c0003b5308203b130820299a003020102020102300d06092a864886f70d010104050030819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e7066
EAP-Message = 0x6663752e6f7267301e170d3131303431383136313132345a170d3132303431373136313132345a308183310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311c301a060355040a1313506f6c69636520616e64204669726520464355311a3018060355040313116d6966666c696e2e70666663752e6f72673123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ad3cc6d602bac5213757cd07b59881ae01cfb16ce8f0affd755a2e2ea0dbcd1a60fb5142fe4288b48b96c07498e569
EAP-Message = 0xab2601b42a73a161b0e171d2957d082cabffde39e5e6e9058e958f7b32349efb8765425bc3822ad39287bef9cb5b67369f886d1439c1876e15f057c6a329a52d2f9e23625678497d6945485768447b5903a84a9b2c6c6287291b1b60366ae4e3f0809c8d38f24ea9c040692c2bbd117eeda78fac45695a9e3b8b4a85b3b7fa9f8c7a19d7ad77fe40dbf573c6c573866f926d1a9ca4391ad47d1489526504ea76893c1a39b033ec72a59cad35f9a8e749a0259e787c03cec0df7d7c7763565afeafd06f450afdc881115dcb2f77f3fdb5cb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405
EAP-Message = 0x000382010100cd1bcf97d2ab9635403f1732591d98606e95cc939882656b198bf7b7bf585e159f950e7db747b25720ea1e4b05d91fa6a8bc7b367ed21d749731a803f726438a4942d49bb298322f278163435b6ec5ef9f810f5195ab021dd0aac53cc53494cccf30e6ed6186e9d32cd9cd41c2953173a01e7a7c82998ac7bf0f30451887dd5c0b8750d8bd6afac032a70eab0ea2704f277a0067f102b9e5ad68f9723a3ad65e439f90b782e5cdf2c2a21e5e1ac9ebf1e0d4fdeb370dec3538bd91f4cb925c2b52639e4fcd260462a10b54dc5e04e4110a94bd9fe6a3fe16b28abfb3370aa23b378d60f6fbf461f0e22ce4d988603f88b160210ed7a1e8
EAP-Message = 0xcdc08eb134ef355d3f0004c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3c91dd76a0f8adddfc0e8388
Finished request 12.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=197, length=226
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3c91dd76a0f8adddfc0e8388
EAP-Message = 0x020300061900
Message-Authenticator = 0x62380d61685d98ab29fbcaf67d069608
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 197 to 192.168.999.7 port 4815
EAP-Message = 0x010403fc1940308204bd308203a5a003020102020900ad8d39f4fcae271a300d06092a864886f70d010105050030819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f7267301e170d3131303431383136313132345a170d3132303431373136313132345a30819a310b3009060355040613025553311530
EAP-Message = 0x130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100e43cf5fcf5abf3d6beec6062d1709cd3ccf6bd5d6ba2f54c0f9ec9fa708defdaec3974d3315737519d86b114191dcda2811b89e9b8d2d7ca7ea04002c8c934cde3d550d3bf018f1583026bab19a4a38c5ae5
EAP-Message = 0xa53548a0a1652dc0908a9e06f58d9c473ec7ec55fcefa9c443311684ad6e9dd09ea14cb3d9fcb04a2429f9d1995c062f5b215658143eafdd0116334b0f1849cfef9a24579ea1d6ca31421f52b70d9d00a961408f747f2f2066231124d83c63c3c8b1d69b6f4b5ea50588b2f33b8a40ba8781455db36472bd9b4e85f81f1b82ebf326cd3ac504eb2dea1c5a9e7496f485a62d63d11bead3a4b79ce85453d6617c8b8fca4e1d3e5bb0c68c041c948f0203010001a38201023081ff301d0603551d0e041604146fb361c7649ba640bdf6ea8870cac051daeb9a9e3081cf0603551d230481c73081c480146fb361c7649ba640bdf6ea8870cac051daeb9a9e
EAP-Message = 0xa181a0a4819d30819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f7267820900ad8d39f4fcae271a300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008584a10eba26e3bac7f3a37b0250a525185f77e4cbe920d0d0e3a617dfe22e62954eb79a73d781e27f55c5e1b7
EAP-Message = 0x3c6900c0e5fd63fc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3f96dd76a0f8adddfc0e8388
Finished request 13.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=198, length=226
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3f96dd76a0f8adddfc0e8388
EAP-Message = 0x020400061900
Message-Authenticator = 0xbe92f79b327d12d9b52860a6da585020
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 198 to 192.168.999.7 port 4815
EAP-Message = 0x010500da190000e668530fe5cdedf1fff694c02a985e9dbdaaaaf9915bb3b297c4ddf1ee0601670f0ad3a6b34f9b5959d25b8624147171fc575436a01288e78f2d4344841dd5307a83e6c1d553dbc0731016c4bb35ef324e49b727ccfe896f56ef9603188886b9cf2c7423c77fd441bfa16636772db885276f42a39801d6a334fc20074352933ff6cecfa79ed4b11493ed5a2db327e4b421c3c7fac2f636766698ba79a0cef62a2413ad01d9c31ff9599414e30b6d9d974f2d5430117e202bda0b60bbd6c920c65f7ed6bd1e87e7513d9f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3e97dd76a0f8adddfc0e8388
Finished request 14.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=199, length=542
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3e97dd76a0f8adddfc0e8388
EAP-Message = 0x0205014019800000013616030101061000010201006f3085720008d8d84e3e49acdfdb2edec1b2139b24961fe1b740b3dfa7dd3876317b31dc7d7dcf506c896db4e566f7b6f55a1a825b3008c0c636394b3632598f21c2007deeae355a9dd4620a77497b690af33e80ceee1858d0c7e22c4127351a232ebf2945cb67c1453d7821c0fbe4c43ab16dd9ee4548b47b88543d6446c937607906643e5e493cdf71cf314ce118067defa2699f3f526d434fd35738d7ceea27c5c81dbe467121ae4c0211b01125ae5cd69c1fa072b55555cc88ba5ef88d36b5dffd61f3910d33d03ae34a98f6cdf8464450246091f0476ba2f23fa508cbb5fd6d8af78bcb8340
EAP-Message = 0xb20cc9d052c17e90a85a712c54bbccc60db4d3b1143c0def1403010001011603010020c2a4b53b6f7ae074212b6efafa58fca2e7159d0ec9ad7fb722fd656cee822266
Message-Authenticator = 0xc4d2b44c19f412c19124768f90452aeb
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 199 to 192.168.999.7 port 4815
EAP-Message = 0x010600311900140301000101160301002011bb05ad7601c21b044169fdeaeb8b742d8c77b1f3a0e1d6aa0ca99275d8e4fd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3994dd76a0f8adddfc0e8388
Finished request 15.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=200, length=226
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3994dd76a0f8adddfc0e8388
EAP-Message = 0x020600061900
Message-Authenticator = 0x1441f574c8d8fe4deb67ac4c93b1c97b
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 200 to 192.168.999.7 port 4815
EAP-Message = 0x0107002019001703010015438cdf4b76ee410201b7404f9201ba2ab57b21c23e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3895dd76a0f8adddfc0e8388
Finished request 16.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=201, length=262
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3895dd76a0f8adddfc0e8388
EAP-Message = 0x0207002a1900170301001ffd2903eef345b285a1ea830ae034d81b0c82d07536e6d1910d73f6ca91ae35
Message-Authenticator = 0xfc42b5e789ca1adf1799d547666a52df
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 7 length 42
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - myorg\myuser
[peap] Got inner identity 'myorg\myuser'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x020700130150464643555c69732d61646d696e
server {
PEAP: Setting User-Name to myorg\myuser
Sending tunneled request
EAP-Message = 0x020700130150464643555c69732d61646d696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "myorg\\myuser"
server inner-tunnel {
# Executing section authorize from file /etc//raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 7 length 19
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x010800281a01080023104f51f22477b092be11ff22d4cd5c6abd50464643555c69732d61646d696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x151e107415160ab1898b0ca5f8a4a93e
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010800281a01080023104f51f22477b092be11ff22d4cd5c6abd50464643555c69732d61646d696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x151e107415160ab1898b0ca5f8a4a93e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 201 to 192.168.999.7 port 4815
EAP-Message = 0x0108003f19001703010034c0b213ed0ee5b7a85bc3b1a2795bbd8fa105c03e75258645b4842b0e0a65cdec603d3a4db1b16449aad6f7fde592a34c05cb2746
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3b9add76a0f8adddfc0e8388
Finished request 17.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=202, length=316
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3b9add76a0f8adddfc0e8388
EAP-Message = 0x0208006019001703010055e80d55e2567140412faecb44f85ce51c49c6ce3e2c3e8b73ba60ed0b7cf182f53da766607dfe9d409a74fb5275d5bb81ed88c916b8fa6afb2e28282a9c177cc338508dcc51ddb71938d39fd37e23e8e43ecf831f15
Message-Authenticator = 0x89540286b863857c3664ed55104b225d
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 8 length 96
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020800491a0208004431eae3cd7d62cb47eca74974d095ae9da70000000000000000dfeddce5e49617ac7128b51bef69ce9e271abaa6ac3b7dae0050464643555c69732d61646d696e
server {
PEAP: Setting User-Name to myorg\myuser
Sending tunneled request
EAP-Message = 0x020800491a0208004431eae3cd7d62cb47eca74974d095ae9da70000000000000000dfeddce5e49617ac7128b51bef69ce9e271abaa6ac3b7dae0050464643555c69732d61646d696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "myorg\\myuser"
State = 0x151e107415160ab1898b0ca5f8a4a93e
server inner-tunnel {
# Executing section authorize from file /etc//raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 8 length 73
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc//raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: myuser
[mschap] Told to do MS-CHAPv2 for myuser with NT-Password
[mschap] expand: %{Stripped-User-Name} -> myorg\myuser
[mschap] expand: --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} -> --username=myorg\myuser
[mschap] mschap2: 4f
[mschap] Creating challenge hash with username: myuser
[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=82b995da529436e0
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=dfeddce5e49617ac7128b51bef69ce9e271abaa6ac3b7dae
Exec-Program output: NT_KEY: 1BAAAFEF1E3822F616E15241938525DC
Exec-Program-Wait: plaintext: NT_KEY: 1BAAAFEF1E3822F616E15241938525DC
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x010900331a0308002e533d36443436343830433435353933413732323439383332373641363141323339374233313539413132
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x151e107414170ab1898b0ca5f8a4a93e
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010900331a0308002e533d36443436343830433435353933413732323439383332373641363141323339374233313539413132
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x151e107414170ab1898b0ca5f8a4a93e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 202 to 192.168.999.7 port 4815
EAP-Message = 0x0109004a1900170301003f4f528fe339896d23fe771e1f9f7fe77d6b4d695277a8f1585ff0cf3e256516785532dc7dfd9aaa3c8c7b940757cb6ecbe2d743c5e381501f2ba957eb8ee213
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3a9bdd76a0f8adddfc0e8388
Finished request 18.
Going to the next request
Waking up in 4.2 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=203, length=249
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3a9bdd76a0f8adddfc0e8388
EAP-Message = 0x0209001d19001703010012c68330f131d90e4af9f81e2a224a8c358e08
Message-Authenticator = 0x3a7b6a277e150a15ef3f5951c1b9c313
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 9 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900061a03
server {
PEAP: Setting User-Name to myorg\myuser
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "myorg\\myuser"
State = 0x151e107414170ab1898b0ca5f8a4a93e
server inner-tunnel {
# Executing section authorize from file /etc//raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file /etc//raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x9e6cb700b77e844276069b269d3c1b37
MS-MPPE-Recv-Key = 0xc82905aec792709a3642047a3d62838d
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "myorg\\myuser"
[peap] Got tunneled reply RADIUS code 2
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x9e6cb700b77e844276069b269d3c1b37
MS-MPPE-Recv-Key = 0xc82905aec792709a3642047a3d62838d
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "myorg\\myuser"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 203 to 192.168.999.7 port 4815
EAP-Message = 0x010a00261900170301001b207b604ded7004ba0319fd90d80c86b17cdf338926b80d306d8521
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d92c46b3598dd76a0f8adddfc0e8388
Finished request 19.
Going to the next request
Waking up in 4.2 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=204, length=258
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "myorg\\myuser"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x3d92c46b3598dd76a0f8adddfc0e8388
EAP-Message = 0x020a00261900170301001b989382337853c33578978735c0d8632c85d97f0a686d6f3a70597b
Message-Authenticator = 0xe244ae36d26ee73331bd16e5a793bd0a
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:26:38 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "myorg\myuser", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "myorg\myuser"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 10 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc//raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 204 to 192.168.999.7 port 4815
MS-MPPE-Recv-Key = 0xb5a4c3987e6371edff7724448002a092d5ad569107fbabc158e48b9b1fb43373
MS-MPPE-Send-Key = 0xef43cb62397ba7304927b0679072f3289ff3bf10e1ec22b8789fea4d2c608490
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "myorg\\myuser"
Finished request 20.
Going to the next request
Waking up in 4.2 seconds.
Cleaning up request 6 ID 190 with timestamp +439
Cleaning up request 7 ID 191 with timestamp +439
Cleaning up request 8 ID 192 with timestamp +439
Cleaning up request 9 ID 193 with timestamp +439
Cleaning up request 10 ID 194 with timestamp +439
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x4f47b7a34b41aeed did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Waking up in 0.2 seconds.
Cleaning up request 11 ID 195 with timestamp +439
Cleaning up request 12 ID 196 with timestamp +439
Cleaning up request 13 ID 197 with timestamp +439
Cleaning up request 14 ID 198 with timestamp +439
Waking up in 0.1 seconds.
Cleaning up request 15 ID 199 with timestamp +439
Waking up in 0.1 seconds.
Cleaning up request 16 ID 200 with timestamp +439
Cleaning up request 17 ID 201 with timestamp +439
Cleaning up request 18 ID 202 with timestamp +439
Cleaning up request 19 ID 203 with timestamp +439
Cleaning up request 20 ID 204 with timestamp +439
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=205, length=237
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
EAP-Message = 0x020b001b01686f73742f4c502d303031302e70666663752e6f7267
Message-Authenticator = 0x3f05cfc6636623f2cfe8900c91dd38b5
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:27:04 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 11 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 176
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 205 to 192.168.999.7 port 4815
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010c00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaab75260aabb4bbc8e4a8681cc46cd51
Finished request 21.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=206, length=315
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0xaab75260aabb4bbc8e4a8681cc46cd51
EAP-Message = 0x020c005719800000004d16030100480100004403014dac90b3dbf3a100e9cc156249c13486d33b8d5f8cd231a33e07d153b72fb80200001600040005000a0009006400620003000600130012006301000005ff01000100
Message-Authenticator = 0xf19c20fbafcc270b34c45415b946fd6b
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:27:04 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 12 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0883], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 206 to 192.168.999.7 port 4815
EAP-Message = 0x010d040019c0000008c0160301002a0200002603014dac9088e0ca376ad4cff92b3b099dccd4c9469795ef1a8703b5201389c5771c0000040016030108830b00087f00087c0003b5308203b130820299a003020102020102300d06092a864886f70d010104050030819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e7066
EAP-Message = 0x6663752e6f7267301e170d3131303431383136313132345a170d3132303431373136313132345a308183310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311c301a060355040a1313506f6c69636520616e64204669726520464355311a3018060355040313116d6966666c696e2e70666663752e6f72673123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ad3cc6d602bac5213757cd07b59881ae01cfb16ce8f0affd755a2e2ea0dbcd1a60fb5142fe4288b48b96c07498e569
EAP-Message = 0xab2601b42a73a161b0e171d2957d082cabffde39e5e6e9058e958f7b32349efb8765425bc3822ad39287bef9cb5b67369f886d1439c1876e15f057c6a329a52d2f9e23625678497d6945485768447b5903a84a9b2c6c6287291b1b60366ae4e3f0809c8d38f24ea9c040692c2bbd117eeda78fac45695a9e3b8b4a85b3b7fa9f8c7a19d7ad77fe40dbf573c6c573866f926d1a9ca4391ad47d1489526504ea76893c1a39b033ec72a59cad35f9a8e749a0259e787c03cec0df7d7c7763565afeafd06f450afdc881115dcb2f77f3fdb5cb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405
EAP-Message = 0x000382010100cd1bcf97d2ab9635403f1732591d98606e95cc939882656b198bf7b7bf585e159f950e7db747b25720ea1e4b05d91fa6a8bc7b367ed21d749731a803f726438a4942d49bb298322f278163435b6ec5ef9f810f5195ab021dd0aac53cc53494cccf30e6ed6186e9d32cd9cd41c2953173a01e7a7c82998ac7bf0f30451887dd5c0b8750d8bd6afac032a70eab0ea2704f277a0067f102b9e5ad68f9723a3ad65e439f90b782e5cdf2c2a21e5e1ac9ebf1e0d4fdeb370dec3538bd91f4cb925c2b52639e4fcd260462a10b54dc5e04e4110a94bd9fe6a3fe16b28abfb3370aa23b378d60f6fbf461f0e22ce4d988603f88b160210ed7a1e8
EAP-Message = 0xcdc08eb134ef355d3f0004c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaab75260abba4bbc8e4a8681cc46cd51
Finished request 22.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=207, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0xaab75260abba4bbc8e4a8681cc46cd51
EAP-Message = 0x020d00061900
Message-Authenticator = 0x7ba4454596896d7ff8ba0314a9c3d05e
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:27:04 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 13 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 207 to 192.168.999.7 port 4815
EAP-Message = 0x010e03fc1940308204bd308203a5a003020102020900ad8d39f4fcae271a300d06092a864886f70d010105050030819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f7267301e170d3131303431383136313132345a170d3132303431373136313132345a30819a310b3009060355040613025553311530
EAP-Message = 0x130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100e43cf5fcf5abf3d6beec6062d1709cd3ccf6bd5d6ba2f54c0f9ec9fa708defdaec3974d3315737519d86b114191dcda2811b89e9b8d2d7ca7ea04002c8c934cde3d550d3bf018f1583026bab19a4a38c5ae5
EAP-Message = 0xa53548a0a1652dc0908a9e06f58d9c473ec7ec55fcefa9c443311684ad6e9dd09ea14cb3d9fcb04a2429f9d1995c062f5b215658143eafdd0116334b0f1849cfef9a24579ea1d6ca31421f52b70d9d00a961408f747f2f2066231124d83c63c3c8b1d69b6f4b5ea50588b2f33b8a40ba8781455db36472bd9b4e85f81f1b82ebf326cd3ac504eb2dea1c5a9e7496f485a62d63d11bead3a4b79ce85453d6617c8b8fca4e1d3e5bb0c68c041c948f0203010001a38201023081ff301d0603551d0e041604146fb361c7649ba640bdf6ea8870cac051daeb9a9e3081cf0603551d230481c73081c480146fb361c7649ba640bdf6ea8870cac051daeb9a9e
EAP-Message = 0xa181a0a4819d30819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f7267820900ad8d39f4fcae271a300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008584a10eba26e3bac7f3a37b0250a525185f77e4cbe920d0d0e3a617dfe22e62954eb79a73d781e27f55c5e1b7
EAP-Message = 0x3c6900c0e5fd63fc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaab75260a8b94bbc8e4a8681cc46cd51
Finished request 23.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=208, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0xaab75260a8b94bbc8e4a8681cc46cd51
EAP-Message = 0x020e00061900
Message-Authenticator = 0xc294987d5f65ce57c6fb1a37ba5b158d
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:27:04 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 14 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 208 to 192.168.999.7 port 4815
EAP-Message = 0x010f00da190000e668530fe5cdedf1fff694c02a985e9dbdaaaaf9915bb3b297c4ddf1ee0601670f0ad3a6b34f9b5959d25b8624147171fc575436a01288e78f2d4344841dd5307a83e6c1d553dbc0731016c4bb35ef324e49b727ccfe896f56ef9603188886b9cf2c7423c77fd441bfa16636772db885276f42a39801d6a334fc20074352933ff6cecfa79ed4b11493ed5a2db327e4b421c3c7fac2f636766698ba79a0cef62a2413ad01d9c31ff9599414e30b6d9d974f2d5430117e202bda0b60bbd6c920c65f7ed6bd1e87e7513d9f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaab75260a9b84bbc8e4a8681cc46cd51
Finished request 24.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=209, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0xaab75260a9b84bbc8e4a8681cc46cd51
EAP-Message = 0x020f00061900
Message-Authenticator = 0x22fb3754a0bb3845bde16f0734b7ff6a
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:27:04 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 15 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 209 to 192.168.999.7 port 4815
EAP-Message = 0x011000061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaab75260aea74bbc8e4a8681cc46cd51
Finished request 25.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 21 ID 205 with timestamp +465
Cleaning up request 22 ID 206 with timestamp +465
Cleaning up request 23 ID 207 with timestamp +465
Cleaning up request 24 ID 208 with timestamp +465
Cleaning up request 25 ID 209 with timestamp +465
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xaab75260aea74bbc did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=210, length=237
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
EAP-Message = 0x0201001b01686f73742f4c502d303031302e70666663752e6f7267
Message-Authenticator = 0x7f18b5ce40762fc7ce1336cd53901e5e
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:28:03 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 176
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 210 to 192.168.999.7 port 4815
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fa5dbd85fa7c2ccdff397606527fb6f
Finished request 26.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=211, length=315
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x5fa5dbd85fa7c2ccdff397606527fb6f
EAP-Message = 0x0202005719800000004d16030100480100004403014dac90edd5d5ae7aeae2db199e6027cd395ca67651fa8010563678a47f88f5de00001600040005000a0009006400620003000600130012006301000005ff01000100
Message-Authenticator = 0xdf0705f30f8684c3201167c51a249414
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:28:03 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0883], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 211 to 192.168.999.7 port 4815
EAP-Message = 0x0103040019c0000008c0160301002a0200002603014dac90c37120de69c11067791b75cad05959a3ab5ceaf8cc0d64f51ed3f833600000040016030108830b00087f00087c0003b5308203b130820299a003020102020102300d06092a864886f70d010104050030819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e7066
EAP-Message = 0x6663752e6f7267301e170d3131303431383136313132345a170d3132303431373136313132345a308183310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311c301a060355040a1313506f6c69636520616e64204669726520464355311a3018060355040313116d6966666c696e2e70666663752e6f72673123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100ad3cc6d602bac5213757cd07b59881ae01cfb16ce8f0affd755a2e2ea0dbcd1a60fb5142fe4288b48b96c07498e569
EAP-Message = 0xab2601b42a73a161b0e171d2957d082cabffde39e5e6e9058e958f7b32349efb8765425bc3822ad39287bef9cb5b67369f886d1439c1876e15f057c6a329a52d2f9e23625678497d6945485768447b5903a84a9b2c6c6287291b1b60366ae4e3f0809c8d38f24ea9c040692c2bbd117eeda78fac45695a9e3b8b4a85b3b7fa9f8c7a19d7ad77fe40dbf573c6c573866f926d1a9ca4391ad47d1489526504ea76893c1a39b033ec72a59cad35f9a8e749a0259e787c03cec0df7d7c7763565afeafd06f450afdc881115dcb2f77f3fdb5cb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405
EAP-Message = 0x000382010100cd1bcf97d2ab9635403f1732591d98606e95cc939882656b198bf7b7bf585e159f950e7db747b25720ea1e4b05d91fa6a8bc7b367ed21d749731a803f726438a4942d49bb298322f278163435b6ec5ef9f810f5195ab021dd0aac53cc53494cccf30e6ed6186e9d32cd9cd41c2953173a01e7a7c82998ac7bf0f30451887dd5c0b8750d8bd6afac032a70eab0ea2704f277a0067f102b9e5ad68f9723a3ad65e439f90b782e5cdf2c2a21e5e1ac9ebf1e0d4fdeb370dec3538bd91f4cb925c2b52639e4fcd260462a10b54dc5e04e4110a94bd9fe6a3fe16b28abfb3370aa23b378d60f6fbf461f0e22ce4d988603f88b160210ed7a1e8
EAP-Message = 0xcdc08eb134ef355d3f0004c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fa5dbd85ea6c2ccdff397606527fb6f
Finished request 27.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=212, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x5fa5dbd85ea6c2ccdff397606527fb6f
EAP-Message = 0x020300061900
Message-Authenticator = 0x08975501af22ecabb6af227dd54fd96e
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:28:03 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 212 to 192.168.999.7 port 4815
EAP-Message = 0x010403fc1940308204bd308203a5a003020102020900ad8d39f4fcae271a300d06092a864886f70d010105050030819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f7267301e170d3131303431383136313132345a170d3132303431373136313132345a30819a310b3009060355040613025553311530
EAP-Message = 0x130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100e43cf5fcf5abf3d6beec6062d1709cd3ccf6bd5d6ba2f54c0f9ec9fa708defdaec3974d3315737519d86b114191dcda2811b89e9b8d2d7ca7ea04002c8c934cde3d550d3bf018f1583026bab19a4a38c5ae5
EAP-Message = 0xa53548a0a1652dc0908a9e06f58d9c473ec7ec55fcefa9c443311684ad6e9dd09ea14cb3d9fcb04a2429f9d1995c062f5b215658143eafdd0116334b0f1849cfef9a24579ea1d6ca31421f52b70d9d00a961408f747f2f2066231124d83c63c3c8b1d69b6f4b5ea50588b2f33b8a40ba8781455db36472bd9b4e85f81f1b82ebf326cd3ac504eb2dea1c5a9e7496f485a62d63d11bead3a4b79ce85453d6617c8b8fca4e1d3e5bb0c68c041c948f0203010001a38201023081ff301d0603551d0e041604146fb361c7649ba640bdf6ea8870cac051daeb9a9e3081cf0603551d230481c73081c480146fb361c7649ba640bdf6ea8870cac051daeb9a9e
EAP-Message = 0xa181a0a4819d30819a310b3009060355040613025553311530130603550408130c50656e6e73796c76616e6961311530130603550407130c5068696c6164656c70686961311c301a060355040a1313506f6c69636520616e642046697265204643553123302106092a864886f70d0109011614706f73746d61737465724070666663752e6f7267311a3018060355040313116d6966666c696e2e70666663752e6f7267820900ad8d39f4fcae271a300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008584a10eba26e3bac7f3a37b0250a525185f77e4cbe920d0d0e3a617dfe22e62954eb79a73d781e27f55c5e1b7
EAP-Message = 0x3c6900c0e5fd63fc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fa5dbd85da1c2ccdff397606527fb6f
Finished request 28.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=213, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x5fa5dbd85da1c2ccdff397606527fb6f
EAP-Message = 0x020400061900
Message-Authenticator = 0x2879f66153ca0f29f077d7ee441341e6
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:28:03 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 213 to 192.168.999.7 port 4815
EAP-Message = 0x010500da190000e668530fe5cdedf1fff694c02a985e9dbdaaaaf9915bb3b297c4ddf1ee0601670f0ad3a6b34f9b5959d25b8624147171fc575436a01288e78f2d4344841dd5307a83e6c1d553dbc0731016c4bb35ef324e49b727ccfe896f56ef9603188886b9cf2c7423c77fd441bfa16636772db885276f42a39801d6a334fc20074352933ff6cecfa79ed4b11493ed5a2db327e4b421c3c7fac2f636766698ba79a0cef62a2413ad01d9c31ff9599414e30b6d9d974f2d5430117e202bda0b60bbd6c920c65f7ed6bd1e87e7513d9f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fa5dbd85ca0c2ccdff397606527fb6f
Finished request 29.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.999.7 port 4815, id=214, length=234
Framed-MTU = 1480
NAS-IP-Address = 192.168.999.7
NAS-Identifier = "myorg-bnew"
User-Name = "host/LP-0010.myorg.org"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 61
NAS-Port-Type = Ethernet
NAS-Port-Id = "C13"
Called-Station-Id = "00-19-bb-a7-7e-43"
Calling-Station-Id = "00-1b-78-b5-f7-a0"
Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
State = 0x5fa5dbd85ca0c2ccdff397606527fb6f
EAP-Message = 0x020500061900
Message-Authenticator = 0x3b40bb8b2b7e40c2b99ea8b4202b9c17
# Executing section authorize from file /etc//raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess] hints: Matched DEFAULT at 36
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.999.7/auth-detail-20110418
[auth_log] expand: %t -> Mon Apr 18 15:28:03 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "/LP-0010.myorg.org", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Setting Stripped-User-Name = "/LP-0010.myorg.org"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc//raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 214 to 192.168.999.7 port 4815
EAP-Message = 0x010600061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fa5dbd85ba3c2ccdff397606527fb6f
Finished request 30.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 26 ID 210 with timestamp +524
Cleaning up request 27 ID 211 with timestamp +524
Cleaning up request 28 ID 212 with timestamp +524
Cleaning up request 29 ID 213 with timestamp +524
Waking up in 0.1 seconds.
Cleaning up request 30 ID 214 with timestamp +524
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x5fa5dbd85ba3c2cc did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
This E-mail, along with any attachments, is considered confidential and may well be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail or call 215-931-0300 / 800-228-8801 and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. Thank you for your cooperation.
More information about the Freeradius-Users
mailing list