peap termination issue when using fault tolerance for Redundency
Gil Mazor
gil.mazor at safenet-inc.com
Sun Mar 27 14:29:30 CEST 2011
Hi Again,
Yes , the error do cause a problem, as once it occurs , I must restart
Radiusd.
I attach two logs, first one is with the failure and the second one is a
success , when the second IAS is commented in proxy.conf
Log of the problem:
FreeRADIUS Version 2.1.10, for host i686-pc-cygwin, built on Mar 15 2011 at
16:08:33
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file ..\etc\raddb/radiusd.conf
including configuration file ..\etc\raddb/proxy.conf
including configuration file ..\etc\raddb/clients.conf
including files in directory ..\etc\raddb/modules/
including configuration file ..\etc\raddb/modules/acct_unique
including configuration file ..\etc\raddb/modules/always
including configuration file ..\etc\raddb/modules/attr_filter
including configuration file ..\etc\raddb/modules/attr_rewrite
including configuration file ..\etc\raddb/modules/chap
including configuration file ..\etc\raddb/modules/checkval
including configuration file ..\etc\raddb/modules/counter
including configuration file ..\etc\raddb/modules/cui
including configuration file ..\etc\raddb/modules/detail
including configuration file ..\etc\raddb/modules/detail.example.com
including configuration file ..\etc\raddb/modules/detail.log
including configuration file ..\etc\raddb/modules/digest
including configuration file ..\etc\raddb/modules/dynamic_clients
including configuration file ..\etc\raddb/modules/echo
including configuration file ..\etc\raddb/modules/etc_group
including configuration file ..\etc\raddb/modules/exec
including configuration file ..\etc\raddb/modules/expiration
including configuration file ..\etc\raddb/modules/expr
including configuration file ..\etc\raddb/modules/files
including configuration file ..\etc\raddb/modules/inner-eap
including configuration file ..\etc\raddb/modules/ippool
including configuration file ..\etc\raddb/modules/krb5
including configuration file ..\etc\raddb/modules/ldap
including configuration file ..\etc\raddb/modules/linelog
including configuration file ..\etc\raddb/modules/logintime
including configuration file ..\etc\raddb/modules/mac2ip
including configuration file ..\etc\raddb/modules/mac2vlan
including configuration file ..\etc\raddb/modules/mschap
including configuration file ..\etc\raddb/modules/ntlm_auth
including configuration file ..\etc\raddb/modules/opendirectory
including configuration file ..\etc\raddb/modules/otp
including configuration file ..\etc\raddb/modules/pam
including configuration file ..\etc\raddb/modules/pap
including configuration file ..\etc\raddb/modules/passwd
including configuration file ..\etc\raddb/modules/perl
including configuration file ..\etc\raddb/modules/policy
including configuration file ..\etc\raddb/modules/preprocess
including configuration file ..\etc\raddb/modules/radutmp
including configuration file ..\etc\raddb/modules/realm
including configuration file ..\etc\raddb/modules/smbpasswd
including configuration file ..\etc\raddb/modules/smsotp
including configuration file ..\etc\raddb/modules/sqlcounter_expire_on_login
including configuration file ..\etc\raddb/modules/sql_log
including configuration file ..\etc\raddb/modules/sradutmp
including configuration file ..\etc\raddb/modules/unix
including configuration file ..\etc\raddb/modules/wimax
including configuration file ..\etc\raddb/eap.conf
including configuration file ..\etc\raddb/policy.conf
including files in directory ..\etc\raddb/sites-enabled/
including configuration file ..\etc\raddb/sites-enabled/control-socket
including configuration file ..\etc\raddb/sites-enabled/default
main {
allow_core_dumps = no
}
including dictionary file ..\etc\raddb/dictionary
main {
prefix = "C:\freeradius"
localstatedir = "C:\freeradius/var"
logdir = "C:\freeradius/var/log/radius"
libdir = "C:\freeradius/lib"
radacctdir = "C:\freeradius/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "C:\freeradius/var/run/radiusd/radiusd.pid"
checkrad = "C:\freeradius/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = yes
auth = yes
auth_badpass = yes
auth_goodpass = yes
msg_badpass = ""
msg_goodpass = ""
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
realm devtms2k8.com {
nostrip
ldflag = round_robin
authhost = 192.168.1.10:1812
accthost = 192.168.1.10:1813
secret = 1111
}
realm devtms2k8.com {
ldflag = round_robin
authhost = 192.168.1.117:1812
accthost = 192.168.1.117:1813
secret = 1111
} # realm devtms2k8.com
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 192.168.1.8/24 {
require_message_authenticator = no
secret = "1111"
shortname = "netmotion"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file ..\etc\raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file ..\etc\raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
..\etc\raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
..\etc\raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file ..\etc\raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file ..\etc\raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file ..\etc\raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file ..\etc\raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file ..\etc\raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file ..\etc\raddb/modules/unix
unix {
radwtmp = "C:\freeradius/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file ..\etc\raddb/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file =
"C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.pem"
certificate_file =
"C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.crt"
CA_file =
"C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-CA.crt"
private_key_password = "demo"
dh_file = "C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/dh"
random_file =
"C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not
work!
WARNING: Fix this by running the OpenSSL command listed in eap.conf
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = no
proxy_tunneled_request_as_eap = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
..\etc\raddb/modules/preprocess
preprocess {
huntgroups = "..\etc\raddb/huntgroups"
hints = "..\etc\raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file ..\etc\raddb/modules/files
files {
usersfile = "..\etc\raddb/users"
acctusersfile = "..\etc\raddb/acct_users"
preproxy_usersfile = "..\etc\raddb/preproxy_users"
compat = "no"
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
..\etc\raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file ..\etc\raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Instantiating module "ntdomain" from file
..\etc\raddb/modules/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file ..\etc\raddb/modules/detail
detail {
detailfile =
"C:\freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
..\etc\raddb/modules/radutmp
radutmp {
filename = "C:\freeradius/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file
..\etc\raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "..\etc\raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
..\etc\raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "..\etc\raddb/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "C:\freeradius/var/run/radiusd/radiusd.sock"
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file C:\freeradius/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=23,
length=136
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message =
0x0200002001444556544d53324b382e434f4d5c61646d696e6973747261746f72
Message-Authenticator = 0x5b7322e7ddf8041b7820547e8db809d0
Proxy-State = 0xc0a8010a00000017
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 0 length 32
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 23 to 192.168.1.10 port 2905
EAP-Message = 0x0101001604105dba3a2591b68f96b2f1f20440e1ef7d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4daf19744dae1d314ad6ef2775c40139
Proxy-State = 0xc0a8010a00000017
Finished request 11.
Going to the next request
Waking up in 4.10 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=24,
length=129
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message = 0x0201000703190d
Message-Authenticator = 0xff21f3c47d797fe4af54745f43649fb3
State = 0x4daf19744dae1d314ad6ef2775c40139
Proxy-State = 0xc0a8010a00000018
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 1 length 7
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 24 to 192.168.1.10 port 2905
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4daf19744cad00314ad6ef2775c40139
Proxy-State = 0xc0a8010a00000018
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=25,
length=338
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message =
0x020200d8190016030100cd010000c903014d8f28c19adc1bc280ae5fbeb11c8e59fd70f32b316159e37de10cd2d7fd747300005cc014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000
Message-Authenticator = 0xe80cbcbf8293113e007b986ad8fcf89a
State = 0x4daf19744cad00314ad6ef2775c40139
Proxy-State = 0xc0a8010a00000019
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 2 length 216
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00cd], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 09cd], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 25 to 192.168.1.10 port 2905
EAP-Message =
0x0103040019c000000a1116030100310200002d03014d8f28f3b81a48f0d123d3291182915d8e7d580fca4d14ec07c10dfac6472cfe000035000005ff0100010016030109cd0b0009c90009c60004f4308204f030820459a003020102020102300d06092a864886f70d01010405003081ad311a301806035504031311467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886
EAP-Message =
0xf70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574301e170d3036303431333031303830345a170d3136303431303031303030305a3081b1311e301c06035504031315467265655241444955532e6e65742d536572766572310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e657430819f300d06092a
EAP-Message =
0x864886f70d010101050003818d0030818902818100c52fed9c525523e090e52f74c1aa17e728f81326d6dc25fec0026a3b38d521f2c1534da84a50a71bfa98a73e41f1478ae20098234719694067607438c1b7729d1f83ba66d2f74def53d7b651446b1ca59be01e1d734e31ad3ab1baf2fac4bd42b3870fcb8de045f8c22c40e549ce34d13facabff6dda49f3993d71b33951b3330203010001a382021830820214300c0603551d130101ff04023000301d0603551d0e04160414deb8cba35c689399984553c2bb09245ffd24102f3081da0603551d230481d23081cf801468e090479d6ed81e03d598e1d67ce31a0f96ad36a181b3a481b03081ad31
EAP-Message =
0x1a301806035504031311467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574820101300b0603551d0f0404030202e4306f0603551d250468306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06
EAP-Message = 0x01050507030506082b060105
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4daf19744fac00314ad6ef2775c40139
Proxy-State = 0xc0a8010a00000019
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=26,
length=128
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message = 0x020300061900
Message-Authenticator = 0x99d7f3a38fa2c42cb3d80a06b9f131e9
State = 0x4daf19744fac00314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001a
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 26 to 192.168.1.10 port 2905
EAP-Message =
0x010403fc19400507030606082b0601050507030706082b06010505080202060a2b06010401823714020230250603551d11041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e657430250603551d12041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e6574301106096086480186f84201010404030202c4302906096086480186f842010d041c161a5669736974207777772e467265655241444955532e6e65742021300d06092a864886f70d0101040500038181007662b3b6b60fc4dd059c85c504e04f19d060660b72b0b2b0a70f99324f3f7499a81d0fc9bebe049e43e2838532195b27deba265f
EAP-Message =
0x2a5b62da9d95a87c9e50ec264bd467e8db60f54ebeb9972228c0535953e51baeb35ce908fa9e335e68d77a440074263ef771dd949c5312f4d985f6bcc9d3e0b8e32d7f1f83ddcb70e1929afc0004cc308204c830820431a003020102020101300d06092a864886f70d01010405003081ad311a301806035504031311467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886
EAP-Message =
0xf70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574301e170d3036303431333031303531325a170d3136303431303031303531325a3081ad311a301806035504031311467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e657430819f300d06092a864886f7
EAP-Message =
0x0d010101050003818d0030818902818100d9a1e9eb8dfc66796b854d0dde4ce84379bc84f46fa7e2a8165d571d417f42bb482867554d44cccd69f9c0e463b97651d84d0470e58ffae406d9182f4b071e9ba48175ea28f5b09ccef89ed7d05875ef188b05276682a2ff93f2b036af66394802207c829c43b388e24f71f315ef158061ccba5b27e4327b4614e56f451ee2ad0203010001a38201f4308201f0300f0603551d130101ff040530030101ff301d0603551d0e0416041468e090479d6ed81e03d598e1d67ce31a0f96ad363081da0603551d230481d23081cf801468e090479d6ed81e03d598e1d67ce31a0f96ad36a181b3a481b03081ad311a
EAP-Message = 0x3018060355040313
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4daf19744eab00314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001a
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=27,
length=128
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message = 0x020400061900
Message-Authenticator = 0x510c5285a2e6286ff4417a198cbb40c7
State = 0x4daf19744eab00314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001b
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 27 to 192.168.1.10 port 2905
EAP-Message =
0x0105022b190011467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574820101300b0603551d0f040403020106306f0603551d250468306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505
EAP-Message =
0x07030506082b0601050507030606082b0601050507030706082b06010505080202060a2b06010401823714020230250603551d11041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e6574301106096086480186f84201010404030200c7302906096086480186f842010d041c161a5669736974207777772e467265655241444955532e6e65742021300d06092a864886f70d01010405000381810000674d1b82e8db81e5a6fdb44ba24f89738dc5954c777fa794282102a5a8b3376a39e2aadc4be4d3833545cd0ea6fda3208a2a9ed4619f3dd71302f1327d4d65035933c1fc05b542ff65d9f971306a4b97932f283257f64f
EAP-Message =
0x66c8947edd4f93ee7ccf279d826338e05dee101e2524fdbe3000a60605c1070d081b97da24dadbf316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4daf197449aa00314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001b
Finished request 15.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=28,
length=326
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message =
0x020500cc190016030100861000008200809526a45149ed3d69cd0e5f4e3445dcc75292231f9eb0baffa496a575bb84b37d49c8cd8287845a7e523c9c4a548721fb24342640f40e716fd838de6d5e30df224e711d82fb09636eba59202a26118ddd982fd4a38c967099adc5b3a6898190ca124f39bde597ca47b8d6205dd6931b22ea841c92071a3786ff8d76ea577f8a3a14030100010116030100308e54eab523e34987562b56588dfe1ffd3735293e77efdcb1c2936819c09ad5b5a03e4cc0c79264872def804a84e37fc0
Message-Authenticator = 0x97a534afba31a195db1e610dccebefdf
State = 0x4daf197449aa00314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001c
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 5 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 28 to 192.168.1.10 port 2905
EAP-Message =
0x010600411900140301000101160301003034225ab9cafb1c96f110f21956d65b690b4f8691fac3771088fe257240a706690fc08d63d9f60f2740d1d0c3761e1f86
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4daf197448a900314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001c
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=29,
length=128
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message = 0x020600061900
Message-Authenticator = 0xfc8817855acd1ffa12d2f06f6480734f
State = 0x4daf197448a900314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001d
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 29 to 192.168.1.10 port 2905
EAP-Message =
0x0107002b190017030100202bb275ee2b905673edb5147fa89d956e5e6d7260509bc9930f6714a6070e0a03
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4daf19744ba800314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001d
Finished request 17.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=30,
length=234
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message =
0x0207007019001703010020dd58ef608153b104c9f35ece1f8f2ea4494c7c44054e56ae7914b2495405ec6317030100404b90d8691505c71a259e7f7ab96eaf34e4373aca8b1627f573c57a4f35abe530706b5fc19ac7b5164bf06ffd80b6a989d2747ffff116c95b83678996b1f2101c
Message-Authenticator = 0x26ac2fa17a0096b2f77b434e25e3313a
State = 0x4daf19744ba800314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001e
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 7 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - DEVTMS2K8.COM\administrator
[peap] Got inner identity 'DEVTMS2K8.COM\administrator'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message =
0x0207002001444556544d53324b382e434f4d5c61646d696e6973747261746f72
server {
PEAP: Setting User-Name to DEVTMS2K8.COM\administrator
Sending tunneled request
EAP-Message =
0x0207002001444556544d53324b382e434f4d5c61646d696e6973747261746f72
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "DEVTMS2K8.COM\\administrator"
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55b9"
NAS-IP-Address = 192.168.1.10
server {
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 7 length 32
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 204
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Cancelling proxy to realm devtms2k8.com until the tunneled EAP
session has been established
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010800351a01080030105a31dccfb71d37736d1ebc2002e1df90444556544d53324b382e434f4d5c61646d696e6973747261746f72
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x16f6bc8e16fea69a8f8674b7dc73bf4e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 30 to 192.168.1.10 port 2905
EAP-Message =
0x0108005b19001703010050a455947493a57ef08f819a264fae3621a58db9534677231bd01359600a0600c80d47d0cc3009f266ed51ae85d6ef9d23ec56e7098bf8178b15ee5338d2f745a658d0a8734d097ebe42e5d1dd437eb2fa
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4daf19744aa700314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001e
Finished request 18.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=31,
length=282
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55b9"
EAP-Message =
0x020800a019001703010020ba2503b02327c039d7b57c68eb0359edc079f05498f9fa83e9de7ae1c3383485170301007075eeceaf20cff4eb413d5404db9ec2147fad3d12819f5b28ce582eae6c7beea2095138c2a753b0fd7ed84a9fb1aa304686579cdc9afb41945d62d7108e94725385da8eea46f1197e13b02a14b115b2a9f9666ec5e40afbce595335ba212ea83e4aef6e9ddccf3373bf4d7e00613bc8fa
Message-Authenticator = 0xc7a97a069d71444df7e641852d050ac8
State = 0x4daf19744aa700314ad6ef2775c40139
Proxy-State = 0xc0a8010a0000001f
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 8 length 160
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020800561a0208005131d18d5c61c8305379edf20681a8c23450000000000000000095634a6e76db5375781a2422b07b7719fe4c28f299ae9a4f00444556544d53324b382e434f4d5c61646d696e6973747261746f72
server {
PEAP: Setting User-Name to DEVTMS2K8.COM\administrator
Sending tunneled request
EAP-Message =
0x020800561a0208005131d18d5c61c8305379edf20681a8c23450000000000000000095634a6e76db5375781a2422b07b7719fe4c28f299ae9a4f00444556544d53324b382e434f4d5c61646d696e6973747261746f72
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "DEVTMS2K8.COM\\administrator"
State = 0x16f6bc8e16fea69a8f8674b7dc73bf4e
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55b9"
NAS-IP-Address = 192.168.1.10
server {
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 8 length 86
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 204
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Not-EAP proxy set. Not composing EAP
++[eap] returns handled
PEAP: Tunneled authentication will be proxied to devtms2k8.com
PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
[eap] Tunneled session will be proxied. Not doing EAP.
++[eap] returns handled
WARNING: Empty pre-proxy section. Using default return values.
Sending Access-Request of id 172 to 192.168.1.117 port 1812
User-Name = "DEVTMS2K8.COM\\administrator"
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55b9"
NAS-IP-Address = 192.168.1.10
MS-CHAP-Challenge = 0x5a31dccfb71d37736d1ebc2002e1df90
MS-CHAP2-Response =
0x0845d18d5c61c8305379edf20681a8c23450000000000000000095634a6e76db5375781a2422b07b7719fe4c28f299ae9a4f
Proxy-State = 0x3331
Proxying request 19 to home server 192.168.1.117 port 1812
Sending Access-Request of id 172 to 192.168.1.117 port 1812
User-Name = "DEVTMS2K8.COM\\administrator"
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55b9"
NAS-IP-Address = 192.168.1.10
MS-CHAP-Challenge = 0x5a31dccfb71d37736d1ebc2002e1df90
MS-CHAP2-Response =
0x0845d18d5c61c8305379edf20681a8c23450000000000000000095634a6e76db5375781a2422b07b7719fe4c28f299ae9a4f
Proxy-State = 0x3331
Going to the next request
Waking up in 0.10 seconds.
Error receiving packet: Connection reset by peer
Waking up in 0.9 seconds.
Error receiving packet: Connection reset by peer
Waking up in 0.9 seconds.
Error receiving packet: Connection reset by peer
Waking up in 0.9 seconds.
Error receiving packet: Connection reset by peer
log of a success authentication when second IAS is disabled in proxy.conf:
FreeRADIUS Version 2.1.10, for host i686-pc-cygwin, built on Mar 15 2011 at
16:08:33
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file ..\etc\raddb/radiusd.conf
including configuration file ..\etc\raddb/proxy.conf
including configuration file ..\etc\raddb/clients.conf
including files in directory ..\etc\raddb/modules/
including configuration file ..\etc\raddb/modules/acct_unique
including configuration file ..\etc\raddb/modules/always
including configuration file ..\etc\raddb/modules/attr_filter
including configuration file ..\etc\raddb/modules/attr_rewrite
including configuration file ..\etc\raddb/modules/chap
including configuration file ..\etc\raddb/modules/checkval
including configuration file ..\etc\raddb/modules/counter
including configuration file ..\etc\raddb/modules/cui
including configuration file ..\etc\raddb/modules/detail
including configuration file ..\etc\raddb/modules/detail.example.com
including configuration file ..\etc\raddb/modules/detail.log
including configuration file ..\etc\raddb/modules/digest
including configuration file ..\etc\raddb/modules/dynamic_clients
including configuration file ..\etc\raddb/modules/echo
including configuration file ..\etc\raddb/modules/etc_group
including configuration file ..\etc\raddb/modules/exec
including configuration file ..\etc\raddb/modules/expiration
including configuration file ..\etc\raddb/modules/expr
including configuration file ..\etc\raddb/modules/files
including configuration file ..\etc\raddb/modules/inner-eap
including configuration file ..\etc\raddb/modules/ippool
including configuration file ..\etc\raddb/modules/krb5
including configuration file ..\etc\raddb/modules/ldap
including configuration file ..\etc\raddb/modules/linelog
including configuration file ..\etc\raddb/modules/logintime
including configuration file ..\etc\raddb/modules/mac2ip
including configuration file ..\etc\raddb/modules/mac2vlan
including configuration file ..\etc\raddb/modules/mschap
including configuration file ..\etc\raddb/modules/ntlm_auth
including configuration file ..\etc\raddb/modules/opendirectory
including configuration file ..\etc\raddb/modules/otp
including configuration file ..\etc\raddb/modules/pam
including configuration file ..\etc\raddb/modules/pap
including configuration file ..\etc\raddb/modules/passwd
including configuration file ..\etc\raddb/modules/perl
including configuration file ..\etc\raddb/modules/policy
including configuration file ..\etc\raddb/modules/preprocess
including configuration file ..\etc\raddb/modules/radutmp
including configuration file ..\etc\raddb/modules/realm
including configuration file ..\etc\raddb/modules/smbpasswd
including configuration file ..\etc\raddb/modules/smsotp
including configuration file ..\etc\raddb/modules/sqlcounter_expire_on_login
including configuration file ..\etc\raddb/modules/sql_log
including configuration file ..\etc\raddb/modules/sradutmp
including configuration file ..\etc\raddb/modules/unix
including configuration file ..\etc\raddb/modules/wimax
including configuration file ..\etc\raddb/eap.conf
including configuration file ..\etc\raddb/policy.conf
including files in directory ..\etc\raddb/sites-enabled/
including configuration file ..\etc\raddb/sites-enabled/control-socket
including configuration file ..\etc\raddb/sites-enabled/default
main {
allow_core_dumps = no
}
including dictionary file ..\etc\raddb/dictionary
main {
prefix = "C:\freeradius"
localstatedir = "C:\freeradius/var"
logdir = "C:\freeradius/var/log/radius"
libdir = "C:\freeradius/lib"
radacctdir = "C:\freeradius/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "C:\freeradius/var/run/radiusd/radiusd.pid"
checkrad = "C:\freeradius/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = yes
auth = yes
auth_badpass = yes
auth_goodpass = yes
msg_badpass = ""
msg_goodpass = ""
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
realm devtms2k8.com {
nostrip
ldflag = round_robin
authhost = 192.168.1.10:1812
accthost = 192.168.1.10:1813
secret = 1111
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 192.168.1.8/24 {
require_message_authenticator = no
secret = "1111"
shortname = "netmotion"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file ..\etc\raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file ..\etc\raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
..\etc\raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
..\etc\raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file ..\etc\raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file ..\etc\raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file ..\etc\raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file ..\etc\raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file ..\etc\raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file ..\etc\raddb/modules/unix
unix {
radwtmp = "C:\freeradius/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file ..\etc\raddb/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file =
"C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.pem"
certificate_file =
"C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.crt"
CA_file =
"C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-CA.crt"
private_key_password = "demo"
dh_file = "C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/dh"
random_file =
"C:\freeradius/etc/raddb/certs/FreeRADIUS.net/DemoCerts/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not
work!
WARNING: Fix this by running the OpenSSL command listed in eap.conf
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = no
proxy_tunneled_request_as_eap = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
..\etc\raddb/modules/preprocess
preprocess {
huntgroups = "..\etc\raddb/huntgroups"
hints = "..\etc\raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file ..\etc\raddb/modules/files
files {
usersfile = "..\etc\raddb/users"
acctusersfile = "..\etc\raddb/acct_users"
preproxy_usersfile = "..\etc\raddb/preproxy_users"
compat = "no"
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
..\etc\raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file ..\etc\raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Instantiating module "ntdomain" from file
..\etc\raddb/modules/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file ..\etc\raddb/modules/detail
detail {
detailfile =
"C:\freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
..\etc\raddb/modules/radutmp
radutmp {
filename = "C:\freeradius/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file
..\etc\raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "..\etc\raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
..\etc\raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "..\etc\raddb/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "C:\freeradius/var/run/radiusd/radiusd.sock"
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file C:\freeradius/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=34,
length=136
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message =
0x0200002001444556544d53324b382e434f4d5c61646d696e6973747261746f72
Message-Authenticator = 0xe12d315e5decf1a07a1cfd633f1c7d3e
Proxy-State = 0xc0a8010a00000022
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 0 length 32
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 34 to 192.168.1.10 port 2905
EAP-Message = 0x0101001604100bc879a282fe46e5b3a6606ab408767a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be01a1f6fb1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000022
Finished request 0.
Going to the next request
Waking up in 4.10 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=35,
length=129
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message = 0x0201000703190d
Message-Authenticator = 0x36bddb38b612627df8c0c1ec8f92cb00
State = 0x1a1e6be01a1f6fb1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000023
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 1 length 7
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 35 to 192.168.1.10 port 2905
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be01b1c72b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000023
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=36,
length=338
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message =
0x020200d8190016030100cd010000c903014d8f29a7bbced4829a08b0eb799d367a66e0107b7da46d0adc82474a5b4fa3c000005cc014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000
Message-Authenticator = 0xc9424039becc1cea361e0219ceec18c9
State = 0x1a1e6be01b1c72b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000024
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 2 length 216
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00cd], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 09cd], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 36 to 192.168.1.10 port 2905
EAP-Message =
0x0103040019c000000a1116030100310200002d03014d8f29d901f66c790cb9472c9ba6153c3a3d75eb9be741e5d81b7db8780a251c000035000005ff0100010016030109cd0b0009c90009c60004f4308204f030820459a003020102020102300d06092a864886f70d01010405003081ad311a301806035504031311467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886
EAP-Message =
0xf70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574301e170d3036303431333031303830345a170d3136303431303031303030305a3081b1311e301c06035504031315467265655241444955532e6e65742d536572766572310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e657430819f300d06092a
EAP-Message =
0x864886f70d010101050003818d0030818902818100c52fed9c525523e090e52f74c1aa17e728f81326d6dc25fec0026a3b38d521f2c1534da84a50a71bfa98a73e41f1478ae20098234719694067607438c1b7729d1f83ba66d2f74def53d7b651446b1ca59be01e1d734e31ad3ab1baf2fac4bd42b3870fcb8de045f8c22c40e549ce34d13facabff6dda49f3993d71b33951b3330203010001a382021830820214300c0603551d130101ff04023000301d0603551d0e04160414deb8cba35c689399984553c2bb09245ffd24102f3081da0603551d230481d23081cf801468e090479d6ed81e03d598e1d67ce31a0f96ad36a181b3a481b03081ad31
EAP-Message =
0x1a301806035504031311467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574820101300b0603551d0f0404030202e4306f0603551d250468306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06
EAP-Message = 0x01050507030506082b060105
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be0181d72b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000024
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=37,
length=128
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message = 0x020300061900
Message-Authenticator = 0x49bb2e6c397f182bf23d05085f1e4cbb
State = 0x1a1e6be0181d72b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000025
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 37 to 192.168.1.10 port 2905
EAP-Message =
0x010403fc19400507030606082b0601050507030706082b06010505080202060a2b06010401823714020230250603551d11041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e657430250603551d12041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e6574301106096086480186f84201010404030202c4302906096086480186f842010d041c161a5669736974207777772e467265655241444955532e6e65742021300d06092a864886f70d0101040500038181007662b3b6b60fc4dd059c85c504e04f19d060660b72b0b2b0a70f99324f3f7499a81d0fc9bebe049e43e2838532195b27deba265f
EAP-Message =
0x2a5b62da9d95a87c9e50ec264bd467e8db60f54ebeb9972228c0535953e51baeb35ce908fa9e335e68d77a440074263ef771dd949c5312f4d985f6bcc9d3e0b8e32d7f1f83ddcb70e1929afc0004cc308204c830820431a003020102020101300d06092a864886f70d01010405003081ad311a301806035504031311467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886
EAP-Message =
0xf70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574301e170d3036303431333031303531325a170d3136303431303031303531325a3081ad311a301806035504031311467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e657430819f300d06092a864886f7
EAP-Message =
0x0d010101050003818d0030818902818100d9a1e9eb8dfc66796b854d0dde4ce84379bc84f46fa7e2a8165d571d417f42bb482867554d44cccd69f9c0e463b97651d84d0470e58ffae406d9182f4b071e9ba48175ea28f5b09ccef89ed7d05875ef188b05276682a2ff93f2b036af66394802207c829c43b388e24f71f315ef158061ccba5b27e4327b4614e56f451ee2ad0203010001a38201f4308201f0300f0603551d130101ff040530030101ff301d0603551d0e0416041468e090479d6ed81e03d598e1d67ce31a0f96ad363081da0603551d230481d23081cf801468e090479d6ed81e03d598e1d67ce31a0f96ad36a181b3a481b03081ad311a
EAP-Message = 0x3018060355040313
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be0191a72b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000025
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=38,
length=128
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message = 0x020400061900
Message-Authenticator = 0x9014286922f5a2a5f54f8d4fb92a755b
State = 0x1a1e6be0191a72b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000026
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 38 to 192.168.1.10 port 2905
EAP-Message =
0x0105022b190011467265655241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574820101300b0603551d0f040403020106306f0603551d250468306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505
EAP-Message =
0x07030506082b0601050507030606082b0601050507030706082b06010505080202060a2b06010401823714020230250603551d11041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e6574301106096086480186f84201010404030200c7302906096086480186f842010d041c161a5669736974207777772e467265655241444955532e6e65742021300d06092a864886f70d01010405000381810000674d1b82e8db81e5a6fdb44ba24f89738dc5954c777fa794282102a5a8b3376a39e2aadc4be4d3833545cd0ea6fda3208a2a9ed4619f3dd71302f1327d4d65035933c1fc05b542ff65d9f971306a4b97932f283257f64f
EAP-Message =
0x66c8947edd4f93ee7ccf279d826338e05dee101e2524fdbe3000a60605c1070d081b97da24dadbf316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be01e1b72b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000026
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=39,
length=326
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message =
0x020500cc19001603010086100000820080bf5e26b53a6de61622737b5a96f5237f28565d04ece5be94198544ea586326ee35f7cb4a318b6c329edc540b3da68a73d085b0fd021b4bd54b240649221b219c06640c6723006bb268afd68b56f49551aad6b548909f706398a532d12b1ab2fda2b157ab9cc97019a40331fae5d2f71ea6ad0125256a9f0f5e4e2f0bb2c6d30a1403010001011603010030cd8560b22dc7fd59cc0c2eb534725c0f6bec322dcb1df4ee21a6c943edbe540cbce43815804b3ab42f4e3efa9f2dde46
Message-Authenticator = 0x427d2c8994fb6abba05db82537fcce84
State = 0x1a1e6be01e1b72b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000027
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 5 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 39 to 192.168.1.10 port 2905
EAP-Message =
0x01060041190014030100010116030100305c77576756136f45f56df90e49fa36adc11e748d1e00f326d391c9976e20d312fdb0fcc746a67447f79b7f56166bda23
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be01f1872b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000027
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=40,
length=128
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message = 0x020600061900
Message-Authenticator = 0x8625b430816ee12b39c0dae7076dfdbc
State = 0x1a1e6be01f1872b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000028
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 40 to 192.168.1.10 port 2905
EAP-Message =
0x0107002b19001703010020f0d3b068d890ba45a504d71adda3077f6a62f01dd72a5a0e62e1b02273eba054
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be01c1972b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000028
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=41,
length=234
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message =
0x020700701900170301002010f6c685e435e8b7e74ee9eb26a5a14e9298228e040e24ae6616a657cd380b8117030100403282e9ad2276d2c43b06f76c39f3a1313f219b5e2cd1a886cb5086304337447c6edb771549b43138d15761a156f43c221ab29a7603194e173c0ed52c6031001a
Message-Authenticator = 0xdfc3a12524103f59af9c938ccad49b4f
State = 0x1a1e6be01c1972b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000029
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 7 length 112
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - DEVTMS2K8.COM\administrator
[peap] Got inner identity 'DEVTMS2K8.COM\administrator'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message =
0x0207002001444556544d53324b382e434f4d5c61646d696e6973747261746f72
server {
PEAP: Setting User-Name to DEVTMS2K8.COM\administrator
Sending tunneled request
EAP-Message =
0x0207002001444556544d53324b382e434f4d5c61646d696e6973747261746f72
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "DEVTMS2K8.COM\\administrator"
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55ba"
NAS-IP-Address = 192.168.1.10
server {
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 7 length 32
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 204
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Cancelling proxy to realm devtms2k8.com until the tunneled EAP
session has been established
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010800351a0108003010e16411c9f88b9a64e3062408071d7706444556544d53324b382e434f4d5c61646d696e6973747261746f72
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x68df673868d77d6df543d30b30a2a0b9
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 41 to 192.168.1.10 port 2905
EAP-Message =
0x0108005b1900170301005046e53797a31f727d615cfe8d3d36ac2b739277b308c66f6de7d2f109114ef4b929cdf81fc45017e019d467498b23c60ad7322babe6ed4a0be24db04639f29758f18bbfd480aa3b77b43c372750dfc237
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be01d1672b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a00000029
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=42,
length=282
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message =
0x020800a01900170301002033b018164946779186fe5aecba9390d2c5d78295f26e166b8938d19c3f550f7a17030100708dd503e59ed1249e73a7c4fa803cb950793367df8c68ecbf384afb5c9bf4cb6d25bf1c17b96e8ace0922a314fd1d16b696ea99e6c611e10ee81a84a80d7499c1b7402809880e2b40ff4baa96afff8d8d967726adc94e8f6b7afcdd19fda2a60a2d480467c37a7ad282c0d01c807114c0
Message-Authenticator = 0x3ac3a8041a687b1e310622c445daa8af
State = 0x1a1e6be01d1672b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a0000002a
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 8 length 160
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020800561a0208005131b4a3dbb5beb781294abc39062dbbc29c0000000000000000ab02dcf402af9c1ce296943d1833c9c41c5a8f011eb85dd500444556544d53324b382e434f4d5c61646d696e6973747261746f72
server {
PEAP: Setting User-Name to DEVTMS2K8.COM\administrator
Sending tunneled request
EAP-Message =
0x020800561a0208005131b4a3dbb5beb781294abc39062dbbc29c0000000000000000ab02dcf402af9c1ce296943d1833c9c41c5a8f011eb85dd500444556544d53324b382e434f4d5c61646d696e6973747261746f72
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "DEVTMS2K8.COM\\administrator"
State = 0x68df673868d77d6df543d30b30a2a0b9
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55ba"
NAS-IP-Address = 192.168.1.10
server {
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 8 length 86
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 204
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Not-EAP proxy set. Not composing EAP
++[eap] returns handled
PEAP: Tunneled authentication will be proxied to devtms2k8.com
PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
[eap] Tunneled session will be proxied. Not doing EAP.
++[eap] returns handled
WARNING: Empty pre-proxy section. Using default return values.
Sending Access-Request of id 57 to 192.168.1.10 port 1812
User-Name = "DEVTMS2K8.COM\\administrator"
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55ba"
NAS-IP-Address = 192.168.1.10
MS-CHAP-Challenge = 0xe16411c9f88b9a64e3062408071d7706
MS-CHAP2-Response =
0x0845b4a3dbb5beb781294abc39062dbbc29c0000000000000000ab02dcf402af9c1ce296943d1833c9c41c5a8f011eb85dd5
Proxy-State = 0x3432
Proxying request 8 to home server 192.168.1.10 port 1812
Sending Access-Request of id 57 to 192.168.1.10 port 1812
User-Name = "DEVTMS2K8.COM\\administrator"
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55ba"
NAS-IP-Address = 192.168.1.10
MS-CHAP-Challenge = 0xe16411c9f88b9a64e3062408071d7706
MS-CHAP2-Response =
0x0845b4a3dbb5beb781294abc39062dbbc29c0000000000000000ab02dcf402af9c1ce296943d1833c9c41c5a8f011eb85dd5
Proxy-State = 0x3432
Going to the next request
Waking up in 0.10 seconds.
rad_recv: Access-Accept packet from host 192.168.1.10 port 1812, id=57,
length=159
Proxy-State = 0x3432
MS-MPPE-Send-Key = 0x30e37d74d97c2e11e3207a9d1fc7616e
MS-MPPE-Recv-Key = 0x7639a91a614bf43a76e09a323f0ec5c0
MS-CHAP2-Success =
0x81533d45383736354231314444453738423341334146303743423435353233374437453843443731324234
# Executing section post-proxy from file ..\etc\raddb/sites-enabled/default
+- entering group post-proxy {...}
[eap] Doing post-proxy callback
[eap] Passing reply from proxy back into the tunnel.
server (null) {
[eap] Passing reply back for EAP-MS-CHAP-V2
# Executing section post-proxy from file ..\etc\raddb/sites-enabled/default
+- entering group post-proxy {...}
[eap] Doing post-proxy callback
rlm_eap_mschapv2: Passing reply from proxy back into the tunnel 0x1018dd58
2.
rlm_eap_mschapv2: Authentication succeeded.
MSCHAP Success
++[eap] returns ok
# Executing section post-auth from file ..\etc\raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
} # server (null)
[eap] Final reply from tunneled session code 11
Proxy-State = 0x3432
EAP-Message =
0x010900331a0308002e533d45383736354231314444453738423341334146303743423435353233374437453843443731324234
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x68df673869d67d6df543d30b30a2a0b9
[eap] Got reply 11
[eap] Got tunneled reply RADIUS code 11
Proxy-State = 0x3432
EAP-Message =
0x010900331a0308002e533d45383736354231314444453738423341334146303743423435353233374437453843443731324234
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x68df673869d67d6df543d30b30a2a0b9
[eap] Got tunneled Access-Challenge
[eap] Reply was handled
++[eap] returns ok
Sending Access-Challenge of id 42 to 192.168.1.10 port 2905
EAP-Message =
0x0109005b1900170301005052d6f69436a7af0792fc83d6e520aa75f267dfeab12e331f33b51947fc3bfeee82ff0cf1de28e3995b95d920a176aacb3f2085161b799698d6342e68ea4a4f9d0105283e4c059a76327c1af7fb404f3e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be0121772b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a0000002a
Finished request 8.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=43,
length=202
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message =
0x0209005019001703010020735c954fef9c66ffa84bf341d70e33fd39030e9bfbac14c7ddc1cd70c842d924170301002078b85d9fea591166be28f76e5a46f217237fb9f16f5d88255be5a4634a46955a
Message-Authenticator = 0xc137016920e5d32fbf31247fbfebf48d
State = 0x1a1e6be0121772b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a0000002b
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 9 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900061a03
server {
PEAP: Setting User-Name to DEVTMS2K8.COM\administrator
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "DEVTMS2K8.COM\\administrator"
State = 0x68df673869d67d6df543d30b30a2a0b9
NAS-Identifier = "NETMOTION"
Calling-Station-Id = "0000005e55ba"
NAS-IP-Address = 192.168.1.10
server {
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 204
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
[peap] Got tunneled reply RADIUS code 2
MS-MPPE-Send-Key = 0x30e37d74d97c2e11e3207a9d1fc7616e
MS-MPPE-Recv-Key = 0x7639a91a614bf43a76e09a323f0ec5c0
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "DEVTMS2K8.COM\\administrator"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 43 to 192.168.1.10 port 2905
EAP-Message =
0x010a002b19001703010020ece5f58c0cb18046399a0ac9fdbd2d6c036e37c9042868e49aaece185f81ec4e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1a1e6be0131472b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a0000002b
Finished request 9.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.10 port 2905, id=44,
length=202
NAS-Identifier = "NETMOTION"
User-Name = "DEVTMS2K8.COM\\administrator"
Calling-Station-Id = "0000005e55ba"
EAP-Message =
0x020a0050190017030100204bcf5f06fb4f43c41bfdeac1e154569c3e1a4504e1d20fb7260a321fe9e70d581703010020db92ff0ccea165eaa47231ce07808e7bd85109a855978e1c10fae4eadd066ebe
Message-Authenticator = 0xf356b16497a9cf56a4b768a4f0d0d4e5
State = 0x1a1e6be0131472b1a3c3640ccefd05a2
Proxy-State = 0xc0a8010a0000002c
# Executing section authorize from file ..\etc\raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[eap] EAP packet type response id 10 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file ..\etc\raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
expand: ->
Login OK: [DEVTMS2K8.COM\\administrator/] (from client netmotion port 0 cli
0000005e55ba)
# Executing section post-auth from file ..\etc\raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 44 to 192.168.1.10 port 2905
MS-MPPE-Recv-Key =
0xd977b3456d1f16302f63255558756bc42693c5837eae669055fa8f181c69256f
MS-MPPE-Send-Key =
0x3257e3ec667b986e65e1568a6757546aaf019c6a945d93d31e6a83e724ea8435
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "DEVTMS2K8.COM\\administrator"
Proxy-State = 0xc0a8010a0000002c
Finished request 10.
Going to the next request
Waking up in 4.6 seconds.
Cleaning up request 0 ID 34 with timestamp +10
Cleaning up request 1 ID 35 with timestamp +10
Cleaning up request 2 ID 36 with timestamp +10
Cleaning up request 3 ID 37 with timestamp +10
Cleaning up request 4 ID 38 with timestamp +10
Cleaning up request 5 ID 39 with timestamp +10
Cleaning up request 6 ID 40 with timestamp +10
Cleaning up request 7 ID 41 with timestamp +10
Waking up in 0.2 seconds.
Cleaning up request 8 ID 42 with timestamp +10
Cleaning up request 9 ID 43 with timestamp +10
Cleaning up request 10 ID 44 with timestamp +10
Ready to process requests.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/peap-termination-issue-when-using-fault-tolerance-for-Redundency-tp4266256p4266315.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list