Renaming during Machine Authentication
Mark Jones
Mjones at hpsd48.ab.ca
Mon Jun 6 21:50:26 CEST 2011
Here is the next piece
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=182, length=279
User-Name = "host/TEST-11501.hpsd48.ab.ca"
NAS-IP-Address = 10.152.0.100
NAS-Port = 1
NAS-Identifier = "10.152.0.100"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00265EE9B2CA"
Called-Station-Id = "000B86611894"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x0202005719800000004d16030100480100004403014ded0eabe88ab61a73d2eb01d8d7a0aeb692c5c29abad87ddbd6bef2a7ad2d4200001600040005000a0009006400620003000600130012006301000005ff01000100
State = 0x351287c635109e107d0e4bf1d59ff6a4
Aruba-Essid-Name = "HPSD_RAD2"
Aruba-Location-Id = "Tech 01"
Message-Authenticator = 0xc76135b813c9043695f6eefee2253abf
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 182 to 10.152.0.100 port 32819
EAP-Message = 0x0103040019c0000008a216030100310200002d03014ded0ea574477edb854fb55aebb36adb4abb79a8b8bd4e781eaccbe17e59d0de000004000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
EAP-Message = 0x74686f72697479301e170d3131303231303136333231325a170d3132303231303136333231325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c2962fab65858e76d1ddf7925706800d725d67efa3e928fc5b835d1da4e3d5c99cd3ba137db87cd26b5609df9ff9a00d2e26b6569bd5d5
EAP-Message = 0x7906b0ac844bcb0dcdafc47a271d7f4184b8e7c49def18565a1308653df9bf9af520481adbca2724c10912c5a027ebaf413980d610ac6deba96c5648b540eddcd14904c44ccdea22b433302f61cbe597a5d8587cf9cd1265a8eb71cbcd86db81668b26104bde6f85a48915ff0b49db217fddfc14199887a02eea6bab884c45f948e1ac8dfff1b174428ea59679abc877ed9a63d9d45a49e5c9260c8dfea7751f40742a8f4bdc3a159ca21c94180134fa8397913337b28431d3958f736c26766793bb5bb1f3d5b133c30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101004cec
EAP-Message = 0x45279ca506050661330f4a17d5cadf66ab4afcd673447238a372ab3fa04a4290b7329b34267c54ad822d9f5d52975247bd61560abaa1e6b5c189edf03731340a167f225be1f70bc782ae26ff1599a4f69892b7cbde36cf5a85b6e955b4fa52c512140091a0750b11c5a5aafb2572b582856ae20c7c96d42dc0bf0104467b02d7fcb088f371ee192d529d4fde2233d2f8d7c1825bcf23781cadd11aeabf49cd8ca853b47b5dc74b760d34faf67941eaced3bd06b86b65ff23c247b82527ddd7136397230ad87c477643afe9c748f0cf83eff9b102206276b4d0d682f2e5ed27afa85e45426b25f152b16012918d4c04ce0a8641da60885e3c3197b4e3ed
EAP-Message = 0x860004ab308204a73082038f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x351287c634119e107d0e4bf1d59ff6a4
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=183, length=198
User-Name = "host/TEST-11501.hpsd48.ab.ca"
NAS-IP-Address = 10.152.0.100
NAS-Port = 1
NAS-Identifier = "10.152.0.100"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00265EE9B2CA"
Called-Station-Id = "000B86611894"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x020300061900
State = 0x351287c634119e107d0e4bf1d59ff6a4
Aruba-Essid-Name = "HPSD_RAD2"
Aruba-Location-Id = "Tech 01"
Message-Authenticator = 0x0c02c2e486671a676f2146214b7d6329
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 183 to 10.152.0.100 port 32819
EAP-Message = 0x010403fc1940a003020102020900a014abbd42e47192300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303231303136333231325a170d3132303231303136333231325a308193310b3009060355040613024652310f300d0603550408130652616469757331
EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100aad4b906b8f15d9efa212c359bbae114566f2f9b0c75bf45ab4def0f4a617b3fe4e56795ecf32f378d128990b6317f25252528a101362bf9345a0a394dba35688e07e2eae969c4913c3796c1c224aced4e41e9d51f5335e6b9ec030da7c36217b48835b1df864ff9
EAP-Message = 0xd82ada8cda0de980115896e4bd8ec5bab2a6b9111c109dafdb3e07d6ee4a5cebfa21f39e4efeb6a45e8a8cefc278ef3418aa2ccdb710ebe491eda4ed31df9156020958cddc21ce23a5749c9f06eeb098f3894184707af45719ff0d29350defa774ea4dbda2d0c61b7939abb1757a3ee271f1bb8d4b9868bc6289db9516b6a3d7fa5ad8abdbe57b5ce5359c9eb6a6169647d1310a53e40e930203010001a381fb3081f8301d0603551d0e0416041493331cbb1ef41d0e3c45f31449266f0c304c9b193081c80603551d230481c03081bd801493331cbb1ef41d0e3c45f31449266f0c304c9b19a18199a48196308193310b300906035504061302465231
EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a014abbd42e47192300c0603551d13040530030101ff300d06092a864886f70d010105050003820101003cf11452f274ea06f722666622248542b6934b4f9aa2e919e20fb227801b1addbd2626d3570f8e4c20db411f132aa313a4e877f352772d0414b67207468978a5727bc5a22843f42390103f
EAP-Message = 0x53c8cb22d3f8f1f7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x351287c637169e107d0e4bf1d59ff6a4
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=184, length=198
User-Name = "host/TEST-11501.hpsd48.ab.ca"
NAS-IP-Address = 10.152.0.100
NAS-Port = 1
NAS-Identifier = "10.152.0.100"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00265EE9B2CA"
Called-Station-Id = "000B86611894"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x020400061900
State = 0x351287c637169e107d0e4bf1d59ff6a4
Aruba-Essid-Name = "HPSD_RAD2"
Aruba-Location-Id = "Tech 01"
Message-Authenticator = 0x119cdba488a7d26989d8954bd433b4a8
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 184 to 10.152.0.100 port 32819
EAP-Message = 0x010500bc19004c396c46b788613f2eae5433381f96d583a69217e9b3504b2751ba9b7c98b5795763ec2dca296f1c69e6a6c0814c9723f903ff293ab3d5bd932b98d0e833e3a01ded48b321eb509dd2e61548875967dc1282a4022b615f7360c573c4d1e52b10f16387a6d3ab90066bb454697e5715108aa946fe9208e0c56acbc5ba8277b15393f6d3ce03a2fb07536a1177550c4dbb473cf421ba6fd64330b3ef931207d7af48184e874f2e55130a498d722c16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x351287c636179e107d0e4bf1d59ff6a4
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=185, length=514
User-Name = "host/TEST-11501.hpsd48.ab.ca"
NAS-IP-Address = 10.152.0.100
NAS-Port = 1
NAS-Identifier = "10.152.0.100"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00265EE9B2CA"
Called-Station-Id = "000B86611894"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x020501401980000001361603010106100001020100af7d947b9773fe9077a2c66ee404afa0fb678991285a865d2d9de4f04ad98609bf599137e35f0f4aeffc8033d9c5e702472b08b65c73f6eae34045425c3ad875f168525f35e62e193f69c83d991a99416211e8db06afdc9bed2dd0de002302c482f5eea79f1ab9d00f428fb77bd2cdaed394eee44927d41d681435c641bcac71196996f34064206e571a7bb1866ddbb27241fd4a12e934ee15052cb25edd4c7d22fae6b989c6896ca7cf99eb5d851146c410c8dd046dc977d2e57c88727a269eb15830e388ef9d37822cc9331999e53827293d9dfcbdc73920d548a3e53c97e62541d8fa660912fe
EAP-Message = 0xf414ea8a401cc6382dfbf9a1a47ff89b7b62d49cc942bbfb1403010001011603010020a045024939506667da57643c8bd83399c6a3e3a8649eb38d44594e43305e74c1
State = 0x351287c636179e107d0e4bf1d59ff6a4
Aruba-Essid-Name = "HPSD_RAD2"
Aruba-Location-Id = "Tech 01"
Message-Authenticator = 0xebfb81416fe897f931bfb8daa890ead8
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 185 to 10.152.0.100 port 32819
EAP-Message = 0x0106003119001403010001011603010020cfda713e83ee9c9ade69432531cf7ef8fc28d87a9d03e8eee868c8575762052f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x351287c631149e107d0e4bf1d59ff6a4
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=186, length=198
User-Name = "host/TEST-11501.hpsd48.ab.ca"
NAS-IP-Address = 10.152.0.100
NAS-Port = 1
NAS-Identifier = "10.152.0.100"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00265EE9B2CA"
Called-Station-Id = "000B86611894"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x020600061900
State = 0x351287c631149e107d0e4bf1d59ff6a4
Aruba-Essid-Name = "HPSD_RAD2"
Aruba-Location-Id = "Tech 01"
Message-Authenticator = 0x1bfb600b6f0a8f5375f18a985b9c2c19
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 186 to 10.152.0.100 port 32819
EAP-Message = 0x0107002019001703010015950d4132031906006e4af6d74aa4b14f552a22839a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x351287c630159e107d0e4bf1d59ff6a4
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=187, length=248
User-Name = "host/TEST-11501.hpsd48.ab.ca"
NAS-IP-Address = 10.152.0.100
NAS-Port = 1
NAS-Identifier = "10.152.0.100"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00265EE9B2CA"
Called-Station-Id = "000B86611894"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x020700381900170301002d554f7f2caee0c646ba77fefbe2a91efd7ac46e6330fb7d473da6df47dd8dac9408aacfd1894589bca2ed220675
State = 0x351287c630159e107d0e4bf1d59ff6a4
Aruba-Essid-Name = "HPSD_RAD2"
Aruba-Location-Id = "Tech 01"
Message-Authenticator = 0x39f962a302fc2678b3938b9e1dc9451e
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 56
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - host/TEST-11501.hpsd48.ab.ca
[peap] Got inner identity 'host/TEST-11501.hpsd48.ab.ca'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0207002101686f73742f544553542d31313530312e6870736434382e61622e6361
server {
PEAP: Setting User-Name to host/TEST-11501.hpsd48.ab.ca
Sending tunneled request
EAP-Message = 0x0207002101686f73742f544553542d31313530312e6870736434382e61622e6361
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/TEST-11501.hpsd48.ab.ca"
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 33
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for host/TEST-11501.hpsd48.ab.ca
[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=TEST-11501$)
[ldap] expand: o=hpsd_48 -> o=hpsd_48
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=hpsd_48, with filter (uid=TEST-11501$)
[ldap] Added the eDirectory password xxxxx in check items as Cleartext-Password
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user host/TEST-11501.hpsd48.ab.ca authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x010800361a0108003110767e2048d63fb3b8fa7ee26dd9790895686f73742f544553542d31313530312e6870736434382e61622e6361
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1dc7def21dcfc42cab2b21ed670261c1
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010800361a0108003110767e2048d63fb3b8fa7ee26dd9790895686f73742f544553542d31313530312e6870736434382e61622e6361
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1dc7def21dcfc42cab2b21ed670261c1
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 187 to 10.152.0.100 port 32819
EAP-Message = 0x0108004d19001703010042c80199f6a3197bda613806b420f4193a31f45282edef246bd619d1cb90cf141f66abc9fd0e95e46b6a1ce68729d036ed7707e5d48393c0035810dfd87ac6c8d496d5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x351287c6331a9e107d0e4bf1d59ff6a4
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=188, length=302
User-Name = "host/TEST-11501.hpsd48.ab.ca"
NAS-IP-Address = 10.152.0.100
NAS-Port = 1
NAS-Identifier = "10.152.0.100"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00265EE9B2CA"
Called-Station-Id = "000B86611894"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x0208006e19001703010063b3597f44056259644b57977d26c5a386f64d577d92db2939b7357b9abaaa70521d52172f236039fc057506c544456c3d9cc0bdd2aab1e8fa4092fcc8a98d423c6b005189fc94712ce4adf77a8499c88dd5eab72a7dac41f8dcbf9077281e149f77571e
State = 0x351287c6331a9e107d0e4bf1d59ff6a4
Aruba-Essid-Name = "HPSD_RAD2"
Aruba-Location-Id = "Tech 01"
Message-Authenticator = 0x215d182fd95fe0adcd92e6ddfd90d0f3
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 110
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020800571a0208005231a83f8b39603c94edfee997158adcbffe00000000000000008168523c8deddfdf6a1eab9bd60d764976d278d43586a58200686f73742f544553542d31313530312e6870736434382e61622e6361
server {
PEAP: Setting User-Name to host/TEST-11501.hpsd48.ab.ca
Sending tunneled request
EAP-Message = 0x020800571a0208005231a83f8b39603c94edfee997158adcbffe00000000000000008168523c8deddfdf6a1eab9bd60d764976d278d43586a58200686f73742f544553542d31313530312e6870736434382e61622e6361
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/TEST-11501.hpsd48.ab.ca"
State = 0x1dc7def21dcfc42cab2b21ed670261c1
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 87
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for host/TEST-11501.hpsd48.ab.ca
[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=TEST-11501$)
[ldap] expand: o=hpsd_48 -> o=hpsd_48
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=hpsd_48, with filter (uid=TEST-11501$)
[ldap] Added the eDirectory password xxxxx in check items as Cleartext-Password
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user host/TEST-11501.hpsd48.ab.ca authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: host/TEST-11501.hpsd48.ab.ca
[mschap] Told to do MS-CHAPv2 for host/TEST-11501.hpsd48.ab.ca with NT-Password
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\010E=691 R=1"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\010E=691 R=1"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 188 to 10.152.0.100 port 32819
EAP-Message = 0x010900261900170301001b072adbce833a69b1eafb74ca2eec741cb66b500120cb916456c36a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x351287c6321b9e107d0e4bf1d59ff6a4
Finished request 7.
Going to the next request
>>> Alan DeKok <aland at deployingradius.com> 6/5/2011 2:18 AM >>>
Mark Jones wrote:
> Ok Im going to try following that guide Monday morning, just one
> question before I get started...does it work with an edir backend and a
> samba server acting as a PDC on an OES2 server?
Uh... no. The guide is for getting Active Directory to work. Active
Directory is not Samba.
eDir is just an LDAP server. You've configured it as an LDAP server:
[ldap] expand: o=hpsd_48 -> o=hpsd_48
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=hpsd_48, with filter (uid=TEST-11501$)
[ldap] Added the eDirectory password xxxx in check items as
Cleartext-Password
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user host/TEST-11501.hpsd48.ab.ca authorized to use remote access
...
But you *HAVEN'T* changed the "inner-tunnel" virtual server to use the
LDAP module. Go read it, and un-comment the line saying "ldap".
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This communication is intended for the use of the recipient to which it is addressed and may contain confidential, personal and/or privileged information. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110606/b4716828/attachment.html>
More information about the Freeradius-Users
mailing list