eapol_test giving up and win-like error?
NdK
ndk.clanbo at gmail.com
Wed Jan 18 15:14:11 CET 2012
Hi all.
I think I'm near to correctly configure my server... but I incur in a
situation that IIUC should be related to win clients only: I get
-8<--
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x6ac8f8c260c3e171 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-8<--
message and *eapol_test* (run from a *linux* machine!) gives up after
about 10 seconds.
I checked the FAQ, but couldn't find anything useful.
The certs I'm using are from internal CA (actually from an internal
intermediate CA, cert chain is certs/ca.pem and is 4.5k; root CA's
self-signed cert is pointed by ca_cert= in eapol_test's config file).
Server is a plain Debian Squeeze, plus SAMBA 3.5.6 and FreeRADIUS 2.1.10 .
Domain is correctly joined and winbindd is running.
I followed steps described in
http://deployingradius.com/documents/configuration/active_directory.html
(then noticed that the two references to ntlm_auth in authenticate
sections aren't needed for mschapv2: ntlm_auth gets called by mschap
module).
The complete output from freeradius -X is:
FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 14
2010 at 21:12:30
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/passwd
including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 137.204.65.161 {
require_message_authenticator = no
secret = "testing123qaz"
}
client 137.204.65.96 {
require_message_authenticator = no
secret = "testing123qaz"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/etc/freeradius/modules/mschap
mschap {
use_mppe = no
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{mschap:User-Name}:-%{User-Name:-None}}
--domain=%{%{mschap:NT-Domain}:-PERSONALE}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file
/etc/freeradius/modules/digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/freeradius/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/etc/freeradius/modules/detail
detail {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.accounting_response" from
file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=0, length=154
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0200001c01504552534f4e414c455c646965676f2e7a75636361746f
Message-Authenticator = 0xc68141559c87212c55a2b2741272d0dd
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 28
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 137.204.65.96 port 37126
EAP-Message = 0x010100160410dc4a25c479305ea4fe8c21f192a4dca4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683543ee6c2a6e7507d0df55eb21
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=1, length=150
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060319
State = 0x43ef683543ee6c2a6e7507d0df55eb21
Message-Authenticator = 0x4edf220dd0140e17c8aa0857f1b5e29d
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 137.204.65.96 port 37126
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683542ed712a6e7507d0df55eb21
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=2, length=362
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020200da1980000000d016030100cb010000c703014f16ccffb3c34f03f4a77654249ab0c21036cd3ece504dc05416ca3a2aea6a2900005ac014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000
State = 0x43ef683542ed712a6e7507d0df55eb21
Message-Authenticator = 0x4c68e829881215fc01e273ba9cf55d20
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 218
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 208
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00cb], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 11ab], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 137.204.65.96 port 37126
EAP-Message =
0x0103040019c00000138116030100310200002d03014f16ccfd1c402dae323a0ef21e5d8a5afe0821a5d3dda9f1705e28a95d80f6f9000039000005ff0100010016030111ab0b0011a70011a40004d6308204d2308202baa003020102020112300d06092a864886f70d01010505003081ba310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d69613120301e06035504031317417374726f6e6f6d6961202d20
EAP-Message =
0x434120536572766572733122302006092a864886f70d0109011613646970617374722e736940756e69626f2e69743020170d3131313130383030303030305a180f39393939313233313233353935395a3081bd310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d6961312330210603550403131a7261646975732e617374726f6e6f6d69612e756e69626f2e69743122302006092a864886f70d0109011613
EAP-Message =
0x646970617374722e736940756e69626f2e697430819f300d06092a864886f70d010101050003818d0030818902818100c1c3b4a6e9b5fce7249f5440a7511ece035a791f3f621a91d6acbbbb5798f2f1ead6707f98fbeafe84b1593dd3a3794c69b43bff8314a380f52a44db1260043aea665a33823ef1772256b84440d6133ef83f7f2c38b5faf7f1643263c305d7c0fc140c5775b4ea392689908388fa8b973e1e58eb51512e695a011a6d01a3bf970203010001a360305e300c0603551d130101ff04023000301d0603551d0e041604146da6e750d66a1d54e6bbd913a5d85f72e4107999300b0603551d0f0404030205e0300f0603551d11040830
EAP-Message =
0x06870489cc4163301106096086480186f8420101040403020640300d06092a864886f70d0101050500038202010044824e99f11f014714ccfbccd8cba334673d130458ed773eb9fcf1749119e6cbdbbf6195b3e4985e0feaf58ee9f3c2dd284c2b44c5234d23b9428967b822917a65176be6b47985c4ba224df66a5f3b8627f855b53a867e7c8148327dbd43558c9352dc61fbdf59c0570118c2c3c6bc191198b2fa3dc5b4f3cf07b26c1245016c75823bd3e8ea1bd2c7a1dc3fda0ae658ea9a6609a0120f51bd34c64d82b2d094cd3ed063efc2272d0bf6d9440021b9c6827f561656de9b9197c76fc8597ac7b2ac50cd259cdf6145ff80951bdb41a0
EAP-Message = 0xf4833fe432eb73f52556205b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683541ec712a6e7507d0df55eb21
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=3, length=150
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0x43ef683541ec712a6e7507d0df55eb21
Message-Authenticator = 0xe97e4b03dcea854e92f7807e5a1fec21
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 137.204.65.96 port 37126
EAP-Message =
0x010403fc194013bef304b9b36fd11da95506f7d0ab98d840cc7954ad54619d25a1c07b212902891f1794db9f34496061f993fc975d3383950d58532953b20a516368420d7a1e7b6aaf99cdd32751ea6284092c12b409661afd56165ba3631aceb357115c0de589b66b975930ec93b4f5b1f3bb61858933eb89948a83c0c36d04dd42b59be638427449adba16a390966e64142fc1ba27dba01edd849b8ec8b4ccbbc794c32b0d810a246a8474e0f6b1e49f5cbc8989187f88dd3236507943a11c9ef419c54f05087b6bb0d33e6cb8ee517969594ff8b5e645141c9728786e4d5cb7442bc1ea464003af25294dc9f995b66fe32f25d057592181ef6e91d0
EAP-Message =
0xe7d75768520aef64038d6fba149898a05526ceadd05589b6dde0088d47baff4351da66d5f9f1f40ed2e3b31d09d00006643082066030820448a003020102020102300d06092a864886f70d01010505003081b7310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d6961311d301b06035504031314417374726f6e6f6d6961202d20526f6f742043413122302006092a864886f70d0109011613646970617374
EAP-Message =
0x722e736940756e69626f2e6974301e170d3131303431333130333730305a170d3231303431333130333430305a3081ba310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d69613120301e06035504031317417374726f6e6f6d6961202d20434120536572766572733122302006092a864886f70d0109011613646970617374722e736940756e69626f2e697430820222300d06092a864886f70d0101010500
EAP-Message =
0x0382020f003082020a0282020100c9a65b653687e1f4bf0d007c1b3aae71b27e2ff3b067da0b00dfbcbf0caf2c00604895c08456621a269599dcc830617f93d9c1deab2811dfd06be62d67b54ca64a5949b6bd8497ec291da11d93f2a2e587db880d812a98c5fda02b3679a241c7cdce479bbc700f03838935a1c53798e14992dce210fad9e9ba9bfd11dc190b32974bd4be6ae0df5c7dce19c7361a16457a3ca455d03d5cdc779d16683f7341e91aecc7700d227730e266b59b9c7e60b44d40a65bbfec45ba31ec7b02123c27edf85863965edf64b3baf16fc717fff7a1e3e836cce5af3998c1f652b61e94ad3c0d929b94dc29a23cf4a4756c786055
EAP-Message = 0x57c1c75cb275e2dc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683540eb712a6e7507d0df55eb21
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=4, length=150
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061900
State = 0x43ef683540eb712a6e7507d0df55eb21
Message-Authenticator = 0x9e08902da5fd2b646400ed4b41e91a21
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 137.204.65.96 port 37126
EAP-Message =
0x010503fc1940497db7ae62ebca425e91325041df3a0972986b9982f7371bd4b07e006d76de0b75c503345e77d85993d80e68402d8066603ccf88e2a2d326c6ebc6a7af4ee4fc20e5e9db1d9453305b2ed641b1aa87eeaebd1f19a814b71b8b217f93de4891037d8ace80d28d00228cacb32fac30040ee1d17085b30fdbc11703f26fec9db2e33c058fcbbd69e6504b2bd43b292c32f1b1848892dd33e3439d7f1d3e4375e030ec9be5a2ef407d6d85591c43208690b9c257bdb61e0b6e68b9bf1359ea4d08b11ba6a90019e964b3190c4005bf032c72408d3ae0c1b87fa069ed65c7cc25e0de88ab5b723cc11a10d0bc6c6e2e48f11e1c2c8932bb35bc
EAP-Message =
0x5bdaf7c2cc256a9dc7993d847f302df8eccf0203010001a3723070300f0603551d130101ff040530030101ff301d0603551d0e04160414bb0d326895f83bd24f85fcfaeabee6cc8a5e5686300b0603551d0f040403020106301106096086480186f8420101040403020007301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d0101050500038202010069f6c733df3066b2cf7705a1f4deb879d2c43ccab1b3d44fb22287067333f0517f99f9a07f62b5978fa9e902900370d50c0564d7855beed40c88831d65d07ca6698d4ee10305e0c488e88c1edd57ff1c02a0679cab0af5417459f650aeef
EAP-Message =
0x63d5f84fe63dccfc660b1381be5b08341ae7c60ac2c7a5ae1804c253c108bae37c3841472c01cc4fdff69ec7f4636dd47d07836933d9d00cfd445419d2877c82e0a8cea2da6b1f03cd1c583a0873cfa4570ec0aff784d75f5524b66ddf3b0ea2d76d2d51d665c8976babf7fabf17898b3863a6046de6c4e577a726531a141a298c901279807ec540bb6bd07421c74b5ee3e7c0b0002e41e8ae1466b53026a26f95bfa23ae5b3d8b8cdb4bc559a180ffb6bfe375900350f2828889e3c7534fd0efd544b2784efe655c6d8c6fb6d3afe60c877533bef905dca4eacf5a049d76e9f8276cd0eccabc0eccdb1e1e84652ebc8fe6336de3cb78cdb2972929135
EAP-Message =
0xc1fb48eb425e4cbadee88635e5d31cd6f92e459a8060931ca72220f652ecdb6158e6a8362f958d3cda07254a07fa4ead61be4c045ea160919d6b54425411f8871810b5ec45fe79cd08c696dd86f561b15fc6e990d40c14876cb49be71ddbe5a0e884a7a9f418f3a900d72287f2749d4d7a3110aab60298f2b187d3b2e4240ddebdbc520cfa91ddf780f8ab925af7685f5d226b696b58a84a9337b192147712f03b9bd36b320006613082065d30820445a003020102020101300d06092a864886f70d01010505003081b7310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c
EAP-Message = 0x060355040a131555
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683547ea712a6e7507d0df55eb21
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=5, length=150
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0x43ef683547ea712a6e7507d0df55eb21
Message-Authenticator = 0x91d8e3c1b56da793b962e80700e26bf2
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 5 to 137.204.65.96 port 37126
EAP-Message =
0x010603fc19406e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d6961311d301b06035504031314417374726f6e6f6d6961202d20526f6f742043413122302006092a864886f70d0109011613646970617374722e736940756e69626f2e6974301e170d3131303431333130333430305a170d3231303431333130333430305a3081b7310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b
EAP-Message =
0x131a446970617274696d656e746f20646920417374726f6e6f6d6961311d301b06035504031314417374726f6e6f6d6961202d20526f6f742043413122302006092a864886f70d0109011613646970617374722e736940756e69626f2e697430820222300d06092a864886f70d01010105000382020f003082020a0282020100b572b5d8c13ea37504ee78aa1797f2fd41bae7fcdbbe347b2e82ccb435e534ba0f3a86e855325864418e9a257c6ba9a235490a863d975525a0c61686bacc4c6a2bd72ae802168723c92e69ec9c607c14bab310d68a22d50bc26b67256530554e90110e50adda28f09bb2eb39287b0515b3d5647d28d45de0f483998a15
EAP-Message =
0x71276b02173ab7fcf982697be48847eafd4f3b2a82dc48be9d5a1b5099e012455d40694118097125da6ffb233804f7cae4df233d8269c94afe552d1df57e941087cd758d3bf1a84716470b1d163e61de926f76b1d8a593484ba9e2d9a6f2dbfd2bbe6eaf0297b491c7d2963e497759c90439ef565dbb9ca07afd7acdcd4637652ab48cd2c0d0b71f84881788b1314b40d43e67729cfdefa44d078f16bbf423da10a0cc0911f46afb31ef3c9e03e2fe84808249bd9d58129a6977643b0b2ff1836c41c7f9df69879ecd99a8aacfc951d49dbf311e51ffa4b69f4ce2c0a0c1315d15c0b2c25ed37ef40dd9a1205adce6ce1a45c4e17623d4347025e11e9a
EAP-Message =
0xa3284539579fce75d6bb213cb35fd75b22fa9764c34521f8e1f7eca57effa5c78145ab38278e73a25e4ab9e02da62ebe6560a65e4e9e92d35766f7aafc516acc177dbd84e56415f23b93832120a851a012534bf744c46bf37f7258f99697f7d9c7bbad728d63c7dec47b6a9cf6e1288d04e15c8d308296e645517fc297564d06d4e9c76715f10203010001a3723070300f0603551d130101ff040530030101ff301d0603551d0e04160414c82d02f0845d318f4982f8ee767edf32386b435d300b0603551d0f040403020106301106096086480186f8420101040403020007301e06096086480186f842010d0411160f78636120636572746966696361
EAP-Message = 0x7465300d06092a86
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683546e9712a6e7507d0df55eb21
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=6, length=150
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600061900
State = 0x43ef683546e9712a6e7507d0df55eb21
Message-Authenticator = 0x077edb2d3f7d2398c30c8ca6cfcd209c
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 6 to 137.204.65.96 port 37126
EAP-Message =
0x010703af19004886f70d010105050003820201008e9eed3d5cab551c140a2f7a7dc07e8343a21484b60e617e7f9642923c8b976534393d89c5ca72ba6388e878f730f2c45e327b3e05b6bcc3d1d168f06964d9b65c3a6e57c6c376a3b571c092ad0361b0dc4c9bde733f918c41dda48051dff54a7f28616bec00e865abf462533cfd0313a0ddc716844075ed48821e50527728527548ace4f8fa1e6fba70e0bfdb68f5047e4873ebe08cd10874d51823b780ca1406d1c0e864c866888a61cffe76a81e521bbb95be971095789fa1a05b349060e38f543a94372060c15db0eceb71e6e901554a65a98ff82fb5e015af6c3f359aefce149108ba56832a76
EAP-Message =
0x0ccbf811a7b147b57abe282b2f976b874e5d874b4e68b6049f823747eaa603b1d49386876d3f30ce48cb824a34f3334ed56fd85b6b0c52839cda6fffd8a4e58612e29ab9e4790c71dcfaab93a7ba27906745479013f71482d1847cdc32a157fb224a4967d12442112d1d4cb5b27d855399b36e7a6094945cd0dd1d62c8f5b12c44577fc41ec88148a936bffc4155e2471052751decb392dc9ac949b6b571919fb73e06e2cf9fa49f651d690cb2fdd28e4fe9eac7d69e83687a361ced306d185a7c33847c4b11e898a56b46bd6cf06e91a13e77830347dce154020c99b3b1137d6eaaa9bb3e986ad58658cac5325e3205fe1e1aa40f4376ebad56e32738
EAP-Message =
0xaf4629f89f2260261926dbef1e7b538135e845ea5a3f30ca58bc160301018d0c000189008086af5afd81c88476eb4edc6626f30532fc1c25e7fada2ff7f4e984cc33c8f686d5e84b9280c055086728ae16e62b8290c7b385605b8d78891b76b90c6f4079994972d901ff1808add6780846d0764e95394517eee4210bec51c4c21ea3585ed5ccb42f551589f73c5edaec4e85096cfcb129515e33580e35c65bc9a884774f73000102008057e7a7868b2f9d6622e844bcd694740942fc76f79eafdeb7e5a28d52410ef7f5b9995ee56f8b65bed8de7a5bc66e648a48375658ce1ce1554f56b09c98863fde3c626d9e2384cc540ec794038e1d768d7b4676
EAP-Message =
0xb7377cd6c3e2bc0560065d66f46f1cf1802f5c5c309ef2d7156c4709fc094fe932a2e4f553aff9247e6cc8d1d60080209fb36f0a4e491d426154c9f662928c6445de6500998cb2b80a31771909359d6937b561e921877fb7632e2dce99a514c758abcad7e532a631a5beea379bec1cb119ae9a8fca9d8e876737f7077dbccacc5602f69445d55c5854c39e44dbb7f587d6333461ca65b220927bcbfdc01ca1c61d49a0145e663b6c763d233c29516816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683545e8712a6e7507d0df55eb21
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=7, length=352
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020700d01980000000c6160301008610000082008058cb301e009d8318a60397ed75c8861dd36756ba2532b32838c82c63fa01249f74e1c82e7135b99af9f09cbaa421dd2ce762f4ee6cd653997fa66efb83e6eaf0c759aa67254341e7757487383ca57593ad791519575b775f4621f717f33504c13fdb6d446ce886d493c4a90d876de51c7fc2c13e25ec6e5ab26fad4279f7db7614030100010116030100300dede37dfec28dc8fa13099ce8dfaf7fcb620f48ac259780509a498d305d802212a9e74110e87c0de8945581b1b76d41
State = 0x43ef683545e8712a6e7507d0df55eb21
Message-Authenticator = 0x914cd62018f2bacb1b5e43844427bfe2
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 7 to 137.204.65.96 port 37126
EAP-Message =
0x010800411900140301000101160301003077355cb0da486b0aea4ca9ed045399695f9f681ed77edc1ced530c75ee8779af5a6e22760acf506e1ff11ff69292a1c0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683544e7712a6e7507d0df55eb21
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=8, length=150
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020800061900
State = 0x43ef683544e7712a6e7507d0df55eb21
Message-Authenticator = 0x95f257485417d82e8bf94ed289656605
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 8 to 137.204.65.96 port 37126
EAP-Message =
0x0109002b1900170301002011b3a4baaef394361a7512b0601adb69cd64e7af2263a874925458c57cbb06d5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef68354be6712a6e7507d0df55eb21
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=9, length=240
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0209006019001703010020ca89e914288890073989835b87135e61d123f1b99c9e9dbb59bd00e538fe267017030100303a5233f9f866703fc729d93881a51dfafcf7c271b58e4ad2025ca975dc66e1f50926ecc360a99ed05e0484657b041e79
State = 0x43ef68354be6712a6e7507d0df55eb21
Message-Authenticator = 0x53a08dffdbbacff3b1b6fba2481f6a23
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 96
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - PERSONALE\diego.zuccato
[peap] Got inner identity 'PERSONALE\diego.zuccato'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message =
0x0209001c01504552534f4e414c455c646965676f2e7a75636361746f
server {
PEAP: Setting User-Name to PERSONALE\diego.zuccato
Sending tunneled request
EAP-Message =
0x0209001c01504552534f4e414c455c646965676f2e7a75636361746f
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "PERSONALE\\diego.zuccato"
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 28
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010a00311a010a002c107cfe362585aadb4fa23845b02bcfe01d504552534f4e414c455c646965676f2e7a75636361746f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd1443252d14e285c0e8360ebb6b84386
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010a00311a010a002c107cfe362585aadb4fa23845b02bcfe01d504552534f4e414c455c646965676f2e7a75636361746f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd1443252d14e285c0e8360ebb6b84386
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 9 to 137.204.65.96 port 37126
EAP-Message =
0x010a005b19001703010050f9cbc0b02898cb8b33b5aadcf2e5d786e51996bf476af50b8bac872bf606a14a926337af4751a874a5d9847d53369d80d8176dcc4b04a7d78c9d24b8793710676b922857e73b358ee7614e9ff31ff80a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef68354ae5712a6e7507d0df55eb21
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 137.204.65.96 port 37126,
id=10, length=304
User-Name = "PERSONALE\\diego.zuccato"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020a00a01900170301002008596c1f4e70f289a40e621c9dcf0ca40054e79c53f3e2388597359078fe736f1703010070f7b6bde3723b7339008514fd27e63539ac816a7ad2b544ba51e6d690a98eb2985001bb97e6f4ece90a0f0ce5f8680c419e69036afd840b4d9db82fbf2d7f23ec150e3f114d9dfa21a178c3fe04182c840280a7c9a3881db001030c51d19214a245322d9693b21991dc342a7c361803e6
State = 0x43ef68354ae5712a6e7507d0df55eb21
Message-Authenticator = 0x87426031892e2deae424d6c68b5add28
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 160
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020a00521a020a004d315a07b47ea772821852bfa4a104f82bda000000000000000060eb877432cb1abb8ee542673b52a0350cf856409285d6ac00504552534f4e414c455c646965676f2e7a75636361746f
server {
PEAP: Setting User-Name to PERSONALE\diego.zuccato
Sending tunneled request
EAP-Message =
0x020a00521a020a004d315a07b47ea772821852bfa4a104f82bda000000000000000060eb877432cb1abb8ee542673b52a0350cf856409285d6ac00504552534f4e414c455c646965676f2e7a75636361746f
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "PERSONALE\\diego.zuccato"
State = 0xd1443252d14e285c0e8360ebb6b84386
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 10 length 82
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: diego.zuccato
[mschap] Told to do MS-CHAPv2 for diego.zuccato with NT-Password
[mschap] expand: %{mschap:User-Name} -> diego.zuccato
[mschap] expand:
--username=%{%{mschap:User-Name}:-%{User-Name:-None}} ->
--username=diego.zuccato
[mschap] expand: %{mschap:NT-Domain} -> PERSONALE
[mschap] expand: --domain=%{%{mschap:NT-Domain}:-PERSONALE} ->
--domain=PERSONALE
[mschap] mschap2: 7c
[mschap] Creating challenge hash with username: diego.zuccato
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=a386f8c169a1c226
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=60eb877432cb1abb8ee542673b52a0350cf856409285d6ac
Exec-Program output: NT_KEY: 9BB45778B8201310A484C797422B8D27
Exec-Program-Wait: plaintext: NT_KEY: 9BB45778B8201310A484C797422B8D27
Exec-Program: returned: 0
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010b00331a030a002e533d37343331453632374644453739373334444344324534393334414138303431343633384142373037
Message-Authenticator = 0x00000000000000000000000000000000
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: diego.zuccato
[mschap] Told to do MS-CHAPv2 for diego.zuccato with NT-Password
[mschap] expand: %{mschap:User-Name} -> diego.zuccato
[mschap] expand:
--username=%{%{mschap:User-Name}:-%{User-Name:-None}} ->
--username=diego.zuccato
[mschap] expand: %{mschap:NT-Domain} -> PERSONALE
[mschap] expand: --domain=%{%{mschap:NT-Domain}:-PERSONALE} ->
--domain=PERSONALE
[mschap] mschap2: 7c
[mschap] Creating challenge hash with username: diego.zuccato
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=a386f8c169a1c226
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=60eb877432cb1abb8ee542673b52a0350cf856409285d6ac
Exec-Program output: NT_KEY: 9BB45778B8201310A484C797422B8D27
Exec-Program-Wait: plaintext: NT_KEY: 9BB45778B8201310A484C797422B8D27
Exec-Program: returned: 0
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010b00331a030a002e533d37343331453632374644453739373334444344324534393334414138303431343633384142373037
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd1443252d04f285c0e8360ebb6b84386
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010b00331a030a002e533d37343331453632374644453739373334444344324534393334414138303431343633384142373037
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd1443252d04f285c0e8360ebb6b84386
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 10 to 137.204.65.96 port 37126
EAP-Message =
0x010b005b1900170301005045ddd3dfa215dc299b05eb6e78c8401b338a72d790e0c9a68dda5b5b37965481bc9986b0305597baa1886b95b644924146f8e906975675912df555716751ebb66b407cc46ceb46a84c17ac8b178aa6c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x43ef683549e4712a6e7507d0df55eb21
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +8
Cleaning up request 1 ID 1 with timestamp +8
Cleaning up request 2 ID 2 with timestamp +8
Cleaning up request 3 ID 3 with timestamp +8
Cleaning up request 4 ID 4 with timestamp +8
Cleaning up request 5 ID 5 with timestamp +8
Cleaning up request 6 ID 6 with timestamp +8
Cleaning up request 7 ID 7 with timestamp +8
Cleaning up request 8 ID 8 with timestamp +8
Cleaning up request 9 ID 9 with timestamp +8
Cleaning up request 10 ID 10 with timestamp +8
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x43ef683549e4712a did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
Any hint?
TIA!
Diego.
More information about the Freeradius-Users
mailing list