Help with proxy settings please

lmgo5991 lmgo at gcal.ac.uk
Thu Jan 12 14:23:38 CET 2012


Hi, 
Could someone please shed some light on the where we are going wrong.  We
have followed the documentation provided however it is unclear where to
reference our internal ad servers.
I have attached the output from our radiusd -X:-
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=134,
length=256
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message = 0x0202001a017261646c64617075736572406763752e61632e756b
        Message-Authenticator = 0x5499ecdd3317903a396087c244b3242f
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 134 to 10.1.5.4 port 32768
        EAP-Message = 0x0103001604101c5f6a48076abb9c734e38981c7217e2
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba7ac260d5c80b69f521e95f1c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=135,
length=254
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message = 0x020300060319
        State = 0x7ac164ba7ac260d5c80b69f521e95f1c
        Message-Authenticator = 0xa525aaece160f6dbfacf7cdb4b93c3a5
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 135 to 10.1.5.4 port 32768
        EAP-Message = 0x010400061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba7bc57dd5c80b69f521e95f1c
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=136,
length=353
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message =
0x0204006919800000005f160301005a0100005603014f0edd9d5db5b4c865a2f751dfae8b6187fcb5cbfc5719ebf587861508615770000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100
        State = 0x7ac164ba7bc57dd5c80b69f521e95f1c
        Message-Authenticator = 0x03b789c11ed6d11218b952f2e5f5758e
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 105
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 136 to 10.1.5.4 port 32768
        EAP-Message =
0x0105040019c0000008a216030100310200002d03014f0edd9d03560cec979059501c8cb223202dcbe9f787e3323f05325b9821b97c00002f000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
        EAP-Message =
0x74686f72697479301e170d3132303131303133343330395a170d3133303130393133343330395a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c117ba859c40ab6c9df33856b7985dc37a8b1895739aeaab7157d5ea2e9351258e3c0d9c0c3efe2c4b0033f03974114c216727611cc0f5
        EAP-Message =
0xf881e7b997bc7fa59faa23ddf197215fefca1c31fe9d7c5b910313f578cbd74a6a5e3725977373fa7d52d49e9e5bb230fd8884c70fa161daa1aa41d3f2f3f2772373c6ff597f3b875ac653726f1cd9c5fbcbe15e3edf868382a06faf9b1e2a6047a07bbc44cc6cf936c0eac3b8e02598a425acb8497dd0671f28f5c1c3d34b3ef96d3cdacfd9e67943886fdbd11a1f5e9ccb7782ea91590fcdf102206af05203318829e68284c56cf60c6b4c41dd8542c0ffd6fb4cb079e33d7a333823706fa8e08c312b02470207990203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101009a8e
        EAP-Message =
0x0d156b951e3e1c68fde3e69734c9dc4c59e4c6893458c4d7f3d7c620d73016d610fb769485229a62c864b8d131f09a8ea41497de055dc2a23f8b2543c2d3df122c157c0de2b92ef98c7c4daceb55ec911af59c0cb6f6dfdfa6a51a0949b12497cd4468de4acfe75e18b1bf0529f8e6d1d280039bc7db3cfcfd92711264d06ab670639a90241e869fb80a0b169525739fd89956a23f0892f1160f18e61dd19ccde9d13a07181fc8c49d245f8e18d0e0377d74d9a825706eb72a07de786844b4583e3fa436142ef00d7455b0b5abccbacbf5472f01acbb90f31a62cbc6fac632c10b2207320714cba517085a86fff56fa65942146ec3e3cdb4ebc7b4e873
        EAP-Message = 0x920004ab308204a73082038f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba78c47dd5c80b69f521e95f1c
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=137,
length=254
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message = 0x020500061900
        State = 0x7ac164ba78c47dd5c80b69f521e95f1c
        Message-Authenticator = 0x7892f991b7fd777154282e08a9b81237
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 137 to 10.1.5.4 port 32768
        EAP-Message =
0x010603fc1940a003020102020900ef2b35f9535b384c300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3132303131303133343330395a170d3133303130393133343330395a308193310b3009060355040613024652310f300d0603550408130652616469757331
        EAP-Message =
0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100f4164566b7242c5321d0372720b25fa2508bb0e0e69fa4200d5a45bb8321f3fc3d589eb314e096337df2d466fbccdc53468a9f64b6c3875cea83aeedeec1a2dc982ac3e28c76a006800bc899e4e74ba3c30ae3edb6838f74899c0879436d75cdb43dbff784cc9faa
        EAP-Message =
0x04fa999054d652fcc983323e947facaa0995377e18f4346c7f18aeb4e668c8efa63fd90711ee0d562dd92ed9f41243589b24157e3c27ba4a10f3721b091375ff5a9665ed876e97f3a2f682bb1ec64d6e760b7a7013b82c55eaec4f1bccd7fce7fef196042328993f84cb6c8c9e5dbafca5e67d5eb30cc9bdda8944148674e17b30d20c17701ce8edf0e72cff4d44d88291093bdb753e79130203010001a381fb3081f8301d0603551d0e0416041429a311aa3d3d8cd2c10255f7397c9b0d2fda2b1b3081c80603551d230481c03081bd801429a311aa3d3d8cd2c10255f7397c9b0d2fda2b1ba18199a48196308193310b300906035504061302465231
        EAP-Message =
0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ef2b35f9535b384c300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004a8f28098c96a3b0fd243f8dbcc988d21bcea65a3cd7a25e942c7098eb87fdc988638a1cda11ceb07c697cae9bb0f7418e68cb203c7b74c83b206fba51f94f1248b134cd0800c7bcbc9757
        EAP-Message = 0x710a4c17dd921848
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba79c77dd5c80b69f521e95f1c
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=138,
length=254
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message = 0x020600061900
        State = 0x7ac164ba79c77dd5c80b69f521e95f1c
        Message-Authenticator = 0x73ed972e163dc4c11fa01ec993089b67
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 138 to 10.1.5.4 port 32768
        EAP-Message =
0x010700bc1900a9b1e8772b2c313f49e39433ff8946473b1c7735aeee9122316edd5eaeee17df8e2e28d2b24eb023fec1dda7fb5a827ce37c90bc0a8c65e430ad395c05233bcbcddc48e210be210608d35d8c52c0a3e9a083cbc3800521b24478c9eb9c5d30242a6acd250d94aaf05b1e9b5576cd738e4c15b33eac2dc3debb676dd14f93e053fcabf4eb05ee243f18d59fa89cbd8a34831f9bcb7095ad1839c70ecd9f99fb28a7c2d269ac6635398ad8df96c716030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba7ec67dd5c80b69f521e95f1c
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=139,
length=586
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message =
0x020701501980000001461603010106100001020100a7152cd57ec079fae3650588277422a1016560e87f6575a85b94d333aaf270504d1c07b01660f5ad8f883be6885704ce1ad4410218a114c8cae3b968d0e374e37d2c0e50ef0cc0149e432f7f0b100dad12c87c44e7e5fc587367d2a7c2fa76dc68bb3ff8bbfcd897ea92383c2e6852ed0b69149a1423a8e599f87d754764eb20e016a8b58cf558fad666fac3f584a6f7aa1dc1214f791005d5582e716cece4b8badf01a9cc0ea32d64a8110b4f54b409028c97bb4eb8ade9639e04f3ecce83175f5c1703362587f4308adfe7f6ae5c54777631a032c0597ee8e9faff8c4219a480bbe430cece324b
        EAP-Message =
0xe865b8252b9e5557e6bc3d46bf66bbf3c8b7cbbf2dc42f641403010001011603010030e0b46052ab8a4da1b135f6f5e578f82d2e6f4b048e266b69ba54e05ae42356d0cc519a6955905703427428e7532cc6cc
        State = 0x7ac164ba7ec67dd5c80b69f521e95f1c
        Message-Authenticator = 0xc7fc61b4c3a2bbe4457d446834e40761
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 139 to 10.1.5.4 port 32768
        EAP-Message =
0x0108004119001403010001011603010030fbedfd1da06a9cdcb52184ddf667e4b93afc8e272607ecd4871ea47424226641e0202a8a0d7f26466f25af01993c68d6
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba7fc97dd5c80b69f521e95f1c
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=140,
length=254
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message = 0x020800061900
        State = 0x7ac164ba7fc97dd5c80b69f521e95f1c
        Message-Authenticator = 0x85455c0b6137e3ebac0d29171c9d12ed
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 140 to 10.1.5.4 port 32768
        EAP-Message =
0x0109002b19001703010020923f894cbac0014e859657b96e37111fe7cae95914b3150e3ed33da67a5ac794
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba7cc87dd5c80b69f521e95f1c
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=141,
length=307
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message =
0x0209003b1900170301003037487b34fb7a37ea8a6fea8a7261897f8b237f51856360d5060faf8162fe68e53d4ccbfcb7ed9ae34099fa05f8147aee
        State = 0x7ac164ba7cc87dd5c80b69f521e95f1c
        Message-Authenticator = 0x9c731ef70cc9623d9805ac8f901da10b
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 9 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - radldapuser at gcu.ac.uk
[peap] Got inner identity 'radldapuser at gcu.ac.uk'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
        EAP-Message = 0x0209001a017261646c64617075736572406763752e61632e756b
server  {
[peap] Setting User-Name to radldapuser at gcu.ac.uk
Sending tunneled request
        EAP-Message = 0x0209001a017261646c64617075736572406763752e61632e756b
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "radldapuser at gcu.ac.uk"
server inner-tunnel {
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] EAP packet type response id 9 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
        EAP-Message =
0x010a002f1a010a002a10bd3c8890bc23da511e37ca5fec98739e7261646c64617075736572406763752e61632e756b
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xff362c18ff3c36b5f2b64db14083f710
[peap] Got tunneled reply RADIUS code 11
        EAP-Message =
0x010a002f1a010a002a10bd3c8890bc23da511e37ca5fec98739e7261646c64617075736572406763752e61632e756b
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xff362c18ff3c36b5f2b64db14083f710
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 141 to 10.1.5.4 port 32768
        EAP-Message =
0x010a004b1900170301004061ed8cb4cf38f7cf13ef4ad3aa9cf3c5935cb84d24c96cca8e584bdddfdff337ddd120844d64379a5dc6d33586a31439389764f3e2c438be5025a26111634334
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba7dcb7dd5c80b69f521e95f1c
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=142,
length=371
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message =
0x020a007b190017030100704c2199bf1d81341c6096220d061bf1b5cd1da35100eb4beeaa39b81708be66ef899509483141d7d1929d28ab1b76d772dcea676dbccb0b849fb838c1d6e8adb0be3951ef6d4a0869738c62f47a47efab30beab42bf9e3db812221c44ed60a1b6a747193f65b8dfbc811e9844a69a259d
        State = 0x7ac164ba7dcb7dd5c80b69f521e95f1c
        Message-Authenticator = 0x44ad26aeac4f41bf70316f3663d0c9a0
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 10 length 123
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
        EAP-Message =
0x020a00501a020a004b317c3f214b10b27f29753acc6d42f57139000000000000000076c36f51916f66cde9fcb4e85c89c21d89710096cb80ad54007261646c64617075736572406763752e61632e756b
server  {
[peap] Setting User-Name to radldapuser at gcu.ac.uk
Sending tunneled request
        EAP-Message =
0x020a00501a020a004b317c3f214b10b27f29753acc6d42f57139000000000000000076c36f51916f66cde9fcb4e85c89c21d89710096cb80ad54007261646c64617075736572406763752e61632e756b
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "radldapuser at gcu.ac.uk"
        State = 0xff362c18ff3c36b5f2b64db14083f710
server inner-tunnel {
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[eap] EAP packet type response id 10 length 80
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: radldapuser at gcu.ac.uk
[mschap] Told to do MS-CHAPv2 for radldapuser at gcu.ac.uk with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
        MS-CHAP-Error = "\nE=691 R=1"
        EAP-Message = 0x040a0004
        Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
        MS-CHAP-Error = "\nE=691 R=1"
        EAP-Message = 0x040a0004
        Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 142 to 10.1.5.4 port 32768
        EAP-Message =
0x010b002b190017030100203f674d96b6c9b1c4d556badd2e95018be8b7d76ef19096513bb0fcc442edcb2a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7ac164ba72ca7dd5c80b69f521e95f1c
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=143,
length=291
        User-Name = "radldapuser at gcu.ac.uk"
        Calling-Station-Id = "00:24:2c:7a:d8:7d"
        Called-Station-Id = "00:26:cb:80:33:20:eduroam"
        NAS-Port = 29
        Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4"
        NAS-IP-Address = 10.1.5.4
        NAS-Identifier = "CLIC_WiSM_A"
        Airespace-Wlan-Id = 9
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "914"
        EAP-Message =
0x020b002b190017030100202f0f420fda76a7ad73b12963caead406e813362b7a25b49616b772582cca7083
        State = 0x7ac164ba72ca7dd5c80b69f521e95f1c
        Message-Authenticator = 0x15128e7f4d056ad5a975f35d8851cfbc
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm "gcu.ac.uk" for User-Name =
"radldapuser at gcu.ac.uk"
[suffix] Found realm "GCU.AC.UK"
[suffix] Adding Stripped-User-Name = "radldapuser"
[suffix] Adding Realm = "GCU.AC.UK"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 11 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug
output
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell
you.
[peap]  *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} ->
radldapuser at gcu.ac.uk
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 143 to 10.1.5.4 port 32768
        EAP-Message = 0x040b0004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 0 ID 134 with timestamp +16
Cleaning up request 1 ID 135 with timestamp +16
Cleaning up request 2 ID 136 with timestamp +16
Cleaning up request 3 ID 137 with timestamp +16
Cleaning up request 4 ID 138 with timestamp +17
Cleaning up request 5 ID 139 with timestamp +17
Cleaning up request 6 ID 140 with timestamp +17
Cleaning up request 7 ID 141 with timestamp +17
Cleaning up request 8 ID 142 with timestamp +17
Waking up in 1.0 seconds.
Cleaning up request 9 ID 143 with timestamp +17
Ready to process requests.



--
View this message in context: http://freeradius.1045715.n5.nabble.com/Help-with-proxy-settings-please-tp5139910p5139910.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list