EAP problem
David Peterson
davidp at wirelessconnections.net
Fri Jul 27 21:26:34 CEST 2012
I have a new server giving me fits and I cannot figure out what the heck I
did wrong:
FreeRADIUS Version 3.0.0, for host x86_64-unknown-linux-gnu, built on Jul 27
2012 at 08:55:21
Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/sqlippool
including configuration file /usr/local/etc/raddb/sql/postgresql/ippool.conf
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/eap
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/sql
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/soh
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
main {
security {
allow_core_dumps = no
}
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/usr/local"
localstatedir = "/usr/local/var"
sbindir = "/usr/local/sbin"
logdir = "/usr/local/var/log/radius"
run_dir = "/usr/local/var/run/radiusd"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
realm cueband.com {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
proto = "*"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file
/usr/local/etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file
/usr/local/etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/usr/local/etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/usr/local/etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file
/usr/local/etc/raddb/modules/eap
eap {
default_eap_type = "mschapv2"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_pwd
Module: Instantiating eap-pwd
pwd {
group = 19
fragment_size = 1020
server_id = "theserver at example.com"
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
tls = "tls-common"
}
tls-config tls-common {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/usr/local/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
ecdh_curve = "prime256v1"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = yes
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
include_length = yes
}
debug: Using cached TLS configuration from previous invocation
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
}
debug: Using cached TLS configuration from previous invocation
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_wimax
Module: Instantiating module "wimax" from file
/usr/local/etc/raddb/modules/wimax
wimax {
delete_mppe_keys = yes
}
Module: Linked to module rlm_sql
Module: Instantiating module "sql" from file
/usr/local/etc/raddb/modules/sql
sql {
driver = "rlm_sql_mysql"
server = "10.50.0.10"
port = ""
login = "root"
password = "unl0ck"
radius_db = "radius"
read_groups = yes
sqltrace = no
sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
readclients = yes
deletestalesessions = yes
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret, server
FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id"
authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id"
accounting_onoff_query = "UPDATE radacct SET acctstoptime =
'%S', acctsessiontime = unix_timestamp('%S') -
unix_timestamp(acctstarttime), acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0}
WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND
acctstarttime <= '%S'"
accounting_update_query = " UPDATE radacct SET
framedipaddress = '%{Framed-IP-Address}', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username = '%{SQL-User-Name}'
AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime,
acctsessiontime, acctauthentic, connectinfo_start,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, servicetype, framedprotocol,
framedipaddress, acctstartdelay, xascendsessionsvrkey)
VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',
INTERVAL (%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}'
<< 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay,
xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET
acctstarttime = '%S', acctstartdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_start =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}'
AND username = '%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}'
AND username = '%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0})
SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}'
<< 32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER
BY priority"
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress,
callingstationid, framedprotocol FROM radacct
WHERE username = '%{SQL-User-Name}' AND
acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root at 10.50.0.10:/radius
rlm_sql (sql): Initialising connection pool
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
shortname, type, secret, server FROM nas
rlm_sql (sql): Opening additional connection (0)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing query
rlm_sql (sql): Read entry nasname=10.50.4.2,shortname=Geauga
AZ0,secret=unl0ck
rlm_sql (sql): Adding client 10.50.4.2 (Geauga AZ0, server=<none>) to
clients list
rlm_sql (sql): Read entry nasname=10.50.3.2,shortname=Geauga
AZ120,secret=unl0ck
rlm_sql (sql): Adding client 10.50.3.2 (Geauga AZ120, server=<none>) to
clients list
rlm_sql (sql): Read entry nasname=10.50.2.2,shortname=Geauga
AZ240,secret=unl0ck
rlm_sql (sql): Adding client 10.50.2.2 (Geauga AZ240, server=<none>) to
clients list
rlm_sql (sql): Released connection (0)
rlm_sql (sql): Closing idle connection (0): Too many free connections (1 >
0)
rlm_sql (sql): Closing connection (0)
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/usr/local/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file
/usr/local/etc/raddb/modules/unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_sql_log
Module: Instantiating module "sql_log" from file
/usr/local/etc/raddb/modules/sql_log
sql_log {
path = "/usr/local/var/log/radius/radacct/sql-relay"
Post-Auth = "INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES ('%{User-Name}',
'%{User-Password:-Chap-Password}', '%{reply:Packet-Type}',
'%S');"
sql_user_name = "%{%{User-Name}:-DEFAULT}"
utf8 = no
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
} # modules
} # server
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file
/usr/local/etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file
/usr/local/etc/raddb/modules/chap
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
max_pps = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
max_pps = 0
}
listen {
type = "control"
listen {
socket = "/usr/local/var/run/radiusd/radiusd.sock"
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=10,
length=274
User-Name =
"{am=1}{sm=1}396139FCA3777664EE26C1EC0FFFBFF2 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message =
0x0201003d017b616d3d317d7b736d3d317d3339363133394643413337373736363445453236
4331454330464646424646324063756562616e642e636f6d
Message-Authenticator = 0xd3e9283d07c41fc0d964b697a06bcbd0
(0) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(0) group authorize {
(0) - entering group authorize {...}
(0) [preprocess] = ok
(0) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(0) [wimax] = ok
(0) eap : EAP packet type response id 1 length 61
(0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0) [eap] = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) group authenticate {
(0) - entering group authenticate {...}
(0) eap : EAP Identity
(0) eap : processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
(0) [eap] = handled
Sending Access-Challenge of id 10 to 10.50.4.2 port 49154
EAP-Message =
0x010200521a0102004d10e477a9dde07ba9f3550c4c7c181cd79d7b616d3d317d7b736d3d31
7d33393631333946434133373737363634454532364331454330464646424646324063756562
616e642e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x534198ee534382198a827a734ef513ce
(0) Finished request 0.
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
(0) Cleaning up request packet ID 10 with timestamp +4
Ready to process requests.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=11,
length=274
User-Name =
"{am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message =
0x0201003d017b616d3d317d7b736d3d317d4641434644344237454241343238443146413739
3430323545343743413446354063756562616e642e636f6d
Message-Authenticator = 0x8822db580daa6714b72a1b28a3d08079
(1) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(1) group authorize {
(1) - entering group authorize {...}
(1) [preprocess] = ok
(1) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(1) [wimax] = ok
(1) eap : EAP packet type response id 1 length 61
(1) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(1) [eap] = ok
(1) Found Auth-Type = EAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) group authenticate {
(1) - entering group authenticate {...}
(1) eap : EAP Identity
(1) eap : processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
(1) [eap] = handled
Sending Access-Challenge of id 11 to 10.50.4.2 port 49154
EAP-Message =
0x010200521a0102004d1022f39aa355b7811088ab8a1bc0b211007b616d3d317d7b736d3d31
7d46414346443442374542413432384431464137393430323545343743413446354063756562
616e642e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x03a9feba03abe4620c7aa45ec6c0be35
(1) Finished request 1.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=12,
length=237
User-Name =
"{am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
State = 0x03a9feba03abe4620c7aa45ec6c0be35
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message = 0x020200060315
Message-Authenticator = 0x88fbeb571ec0612d6935910202c5f3cd
(2) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(2) group authorize {
(2) - entering group authorize {...}
(2) [preprocess] = ok
(2) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(2) [wimax] = ok
(2) eap : EAP packet type response id 2 length 6
(2) eap : No EAP Start, assuming it's an on-going EAP conversation
(2) [eap] = updated
(2) sql : expand: %{User-Name} ->
{am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com
(2) sql : sql_set_user escaped user -->
'{am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com'
rlm_sql (sql): Opening additional connection (1)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Reserved connection (1)
(2) sql : expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username =
'=7Bam=3D1=7D=7Bsm=3D1=7DFACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com'
ORDER BY id
rlm_sql (sql): Executing query
(2) sql : expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'=7Bam=3D1=7D=7Bsm=3D1=7DFACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com'
ORDER BY priority
rlm_sql (sql): Executing query
rlm_sql (sql): Released connection (1)
rlm_sql (sql): Closing idle connection (1): Too many free connections (1 >
0)
rlm_sql (sql): Closing connection (1)
(2) sql : User {am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com not
found
(2) [sql] = notfound
(2) [expiration] = noop
(2) [logintime] = noop
(2) Found Auth-Type = EAP
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2) group authenticate {
(2) - entering group authenticate {...}
(2) eap : Request found, released from the list
(2) eap : EAP NAK
(2) eap : EAP-NAK asked for EAP-Type/ttls
(2) eap : processing type ttls
(2) ttls : Flushing SSL sessions (of #0)
(2) ttls : Initiate
(2) ttls : Start returned 1
(2) [eap] = handled
Sending Access-Challenge of id 12 to 10.50.4.2 port 49154
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x03a9feba02aaeb620c7aa45ec6c0be35
(2) Finished request 2.
Waking up in 0.2 seconds.
Waking up in 4.5 seconds.
(1) Cleaning up request packet ID 11 with timestamp +19
(2) Cleaning up request packet ID 12 with timestamp +19
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x03a9feba02aaeb62 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=13,
length=274
User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message =
0x0201003d017b616d3d317d7b736d3d317d3934413433353634334330303244413345353446
3344393737394331464537304063756562616e642e636f6d
Message-Authenticator = 0x3ddf39952f63cae6374be72419a86f1e
(3) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(3) group authorize {
(3) - entering group authorize {...}
(3) [preprocess] = ok
(3) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(3) [wimax] = ok
(3) eap : EAP packet type response id 1 length 61
(3) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(3) [eap] = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3) group authenticate {
(3) - entering group authenticate {...}
(3) eap : EAP Identity
(3) eap : processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
(3) [eap] = handled
Sending Access-Challenge of id 13 to 10.50.4.2 port 49154
EAP-Message =
0x010200521a0102004d10bb0df969f618f1ce068b882685a6b16f7b616d3d317d7b736d3d31
7d39344134333536343343303032444133453534463344393737394331464537304063756562
616e642e636f6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1952930c19508927ccef9d983eb1b684
(3) Finished request 3.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=14,
length=237
User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
State = 0x1952930c19508927ccef9d983eb1b684
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message = 0x020200060315
Message-Authenticator = 0xdf93d27137571334ab88b524c3a48c2e
(4) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(4) group authorize {
(4) - entering group authorize {...}
(4) [preprocess] = ok
(4) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(4) [wimax] = ok
(4) eap : EAP packet type response id 2 length 6
(4) eap : No EAP Start, assuming it's an on-going EAP conversation
(4) [eap] = updated
(4) sql : expand: %{User-Name} ->
{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com
(4) sql : sql_set_user escaped user -->
'{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com'
rlm_sql (sql): Opening additional connection (2)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Reserved connection (2)
(4) sql : expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM radcheck
WHERE username =
'=7Bam=3D1=7D=7Bsm=3D1=7D94A435643C002DA3E54F3D9779C1FE70 at cueband.com'
ORDER BY id
rlm_sql (sql): Executing query
(4) sql : expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'=7Bam=3D1=7D=7Bsm=3D1=7D94A435643C002DA3E54F3D9779C1FE70 at cueband.com'
ORDER BY priority
rlm_sql (sql): Executing query
rlm_sql (sql): Released connection (2)
rlm_sql (sql): Closing idle connection (2): Too many free connections (1 >
0)
rlm_sql (sql): Closing connection (2)
(4) sql : User {am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com not
found
(4) [sql] = notfound
(4) [expiration] = noop
(4) [logintime] = noop
(4) Found Auth-Type = EAP
(4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(4) group authenticate {
(4) - entering group authenticate {...}
(4) eap : Request found, released from the list
(4) eap : EAP NAK
(4) eap : EAP-NAK asked for EAP-Type/ttls
(4) eap : processing type ttls
(4) ttls : Initiate
(4) ttls : Start returned 1
(4) [eap] = handled
Sending Access-Challenge of id 14 to 10.50.4.2 port 49154
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1952930c18518627ccef9d983eb1b684
(4) Finished request 4.
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=15,
length=319
User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
State = 0x1952930c18518627ccef9d983eb1b684
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message =
0x0203005815800000004e16030100490100004503014e4a68271cb3efd28c7ffd6cb2d5a69e
02c7835c4f6293c615d9eced05ab3a1700001e00390038003500160013000a00330032002f00
15001200090014001100080100
Message-Authenticator = 0x94c9d5d50fa8ae9231510126cdcbd0a8
(5) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(5) group authorize {
(5) - entering group authorize {...}
(5) [preprocess] = ok
(5) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(5) [wimax] = ok
(5) eap : EAP packet type response id 3 length 88
(5) eap : Continuing tunnel setup.
(5) [eap] = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(5) group authenticate {
(5) - entering group authenticate {...}
(5) eap : Request found, released from the list
(5) eap : EAP/ttls
(5) eap : processing type ttls
(5) ttls : Authenticate
(5) ttls : processing EAP-TLS
TLS Length 78
(5) ttls : Length Included
(5) ttls : eaptls_verify returned 11
(5) ttls : (other): before/accept initialization
(5) ttls : TLS_accept: before/accept initialization
(5) ttls : <<< TLS 1.0 Handshake [length 0049], ClientHello
(5) ttls : TLS_accept: SSLv3 read client hello A
(5) ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello
(5) ttls : TLS_accept: SSLv3 write server hello A
(5) ttls : >>> TLS 1.0 Handshake [length 085e], Certificate
(5) ttls : TLS_accept: SSLv3 write certificate A
(5) ttls : >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
(5) ttls : TLS_accept: SSLv3 write key exchange A
(5) ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
(5) ttls : TLS_accept: SSLv3 write server done A
(5) ttls : TLS_accept: SSLv3 flush data
(5) ttls : TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
(5) ttls : eaptls_process returned 13
(5) [eap] = handled
Sending Access-Challenge of id 15 to 10.50.4.2 port 49154
EAP-Message =
0x010403ec15c000000acd160301004a0200004603015012ea53cce022a5de5d29899ab62086
5e0b6e626f469622254c0e50eb26ce08204cf09e9c9f327a21bd3f49610525905b42346e067b
3d1f254b14331103397e81003900160301085e0b00085a0008570003a6308203a23082028aa0
03020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652
310f300d060355040813065261646975733112301006035504071309536f6d65776865726531
153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116
1161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31
32303732373132353731395a170d3133303732373132353731395a307c310b30090603550406
13024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c
6520496e632e312330210603550403131a4578616d706c652053657276657220436572746966
69636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f
6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100be15f401
8757bc2f4b8f997f0a1e9d1ca5dc41fcfd0eb2b787eee7a3ebe5
EAP-Message =
0x21573525464944eab09b4ffe0337dcbd756fb653290d7665b5fd49130292b9398948b72fc7
10eda687e3fefb84f601a95504c4da1b4b905e13d942af2a415422bf2a7c08ce134b099cd075
bdb85739fbc3e8133fef94631116eb03a78c6b658adf2a244e40e371a74dfd5bcade5f98d0c2
f85e44c1084e012e7ad72a1344aa7600f22c9fe2a90a14d5c52623bd4397bdbfa7a383dfb8f0
23de8e0ccb25c81eabed2d5a8ea3853b9a3afbd538bf3c7fbd2cf48962bef7e3da3924b11892
c7b0c422647fb1a11ca55df5634be49c74b581869d1d9dfb28c982ad07613d51194075d6e502
03010001a317301530130603551d25040c300a06082b06010505
EAP-Message =
0x070301300d06092a864886f70d010105050003820101007f104aa64a39f7411fcc53af2182
ad8801983e5ce15768e9a4adc9fae77d3eb5c37b601ee0481abb014cfaf2c660a1d0711b81b5
0d325fdd1de77e7bea774a879fbbd4127019ce73a86d729f38e75fedbc09f96dfcbf49b824c5
2e7b3d5652a78421afc9caf2c197d0e6c9cd653c5828a12a87d9cc131871b941f8cda86a594b
8e1d08a16d2fa0f8912199d936fb59ac2bf50e0cd8a0390279aac75d04e9619ce5cfd35f6301
f89691b32f904b48a73714e48fe9ac157cd3540167ae31786cd2eb9a598f4941e499ce798c42
748c445ff91c88c423cba1d29ce7f3062ca1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1952930c1b568627ccef9d983eb1b684
(5) Finished request 5.
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=16,
length=237
User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
State = 0x1952930c1b568627ccef9d983eb1b684
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message = 0x020400061500
Message-Authenticator = 0x50bbf63701339da3751b0969f39e75ff
(6) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(6) group authorize {
(6) - entering group authorize {...}
(6) [preprocess] = ok
(6) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(6) [wimax] = ok
(6) eap : EAP packet type response id 4 length 6
(6) eap : Continuing tunnel setup.
(6) [eap] = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(6) group authenticate {
(6) - entering group authenticate {...}
(6) eap : Request found, released from the list
(6) eap : EAP/ttls
(6) eap : processing type ttls
(6) ttls : Authenticate
(6) ttls : processing EAP-TLS
(6) ttls : Received TLS ACK
(6) ttls : Received TLS ACK
(6) ttls : ACK handshake fragment handler
(6) ttls : eaptls_verify returned 1
(6) ttls : eaptls_process returned 13
(6) [eap] = handled
Sending Access-Challenge of id 16 to 10.50.4.2 port 49154
EAP-Message =
0x010503ec15c000000acdb86f4a892e7341ac83b4d73f079f9b7bc84f5bf9b2b36de758714f
dd1128197b5a840004ab308204a73082038fa0030201020209009f2d7ada256cb590300d0609
2a864886f70d0101050500308193310b3009060355040613024652310f300d06035504081306
5261646975733112301006035504071309536f6d65776865726531153013060355040a130c45
78616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d
706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520
417574686f72697479301e170d3132303732373132353731395a
EAP-Message =
0x170d3133303732373132353731395a308193310b3009060355040613024652310f300d0603
55040813065261646975733112301006035504071309536f6d65776865726531153013060355
040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e
406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274696669
6361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f00
3082010a0282010100cfac03ee20e4ce9bdc0bd0a8138dcf8f6dd0a6cc7223212941e9637389
97c7804c8285dc1c6e118a8110d859c9115ac7632a3bf6ce899b
EAP-Message =
0xdd5c0ecd12235a8bd509535b9d5a84728637c6e034ceff030ddf41d755fc87ad1573d20de7
9706f928cb3991f3f000c309b268d63517a7152351ddcdb0374c4d425b7dc79aaa54e04b824a
e46c96debf4c67eb4f7644dfdd8d1b5f69e4abb512f60ac79b56687c096553bfb607384a82f0
40d00438e4448115ae8000f53994076a1a009b8c39961f200dd05fe6e89c8c694c8989d46e1b
393598a21f2c470b5f73b143730a631b2772402c6081b54f9725963cc2bef9642030ce9b1848
0ba7ef13a68535469f94f5370203010001a381fb3081f8301d0603551d0e041604144eb70ed6
4e9941f34a7066a80dccbede358df58f3081c80603551d230481
EAP-Message =
0xc03081bd80144eb70ed64e9941f34a7066a80dccbede358df58fa18199a48196308193310b
3009060355040613024652310f300d0603550408130652616469757331123010060355040713
09536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06
092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403
131d4578616d706c6520436572746966696361746520417574686f726974798209009f2d7ada
256cb590300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100
35808c266c4978a7eb629101e5d27c6dbb11
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1952930c1a578627ccef9d983eb1b684
(6) Finished request 6.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=17,
length=237
User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
State = 0x1952930c1a578627ccef9d983eb1b684
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message = 0x020500061500
Message-Authenticator = 0xfa070be428a7e0f31c1fb4c68760b4cf
(7) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(7) group authorize {
(7) - entering group authorize {...}
(7) [preprocess] = ok
(7) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(7) [wimax] = ok
(7) eap : EAP packet type response id 5 length 6
(7) eap : Continuing tunnel setup.
(7) [eap] = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7) group authenticate {
(7) - entering group authenticate {...}
(7) eap : Request found, released from the list
(7) eap : EAP/ttls
(7) eap : processing type ttls
(7) ttls : Authenticate
(7) ttls : processing EAP-TLS
(7) ttls : Received TLS ACK
(7) ttls : Received TLS ACK
(7) ttls : ACK handshake fragment handler
(7) ttls : eaptls_verify returned 1
(7) ttls : eaptls_process returned 13
(7) [eap] = handled
Sending Access-Challenge of id 17 to 10.50.4.2 port 49154
EAP-Message =
0x01060313158000000acd58f51ec582b80339e1b6e4840c26464b17b59fd9be0f60822d0d5a
ae008d36d7088a20489e421786f0359fd2e268ceafa3bf9c07bbf1c2e9267fdb99690d3d2f13
3235d56cf9583252b353b79cca2c57dbe3ca644f175bb48df9389d3575979cef123841f22597
956732f89380db12983f038ae0d7b7d4cbe8adac83af314936a2c318ea702c17cf0749d916d0
750a5af92a40a8419f9444ba0da4604878fd7094eaddf055aedcf748443c1f293bacd4e4d297
c6f5c6bf09039fdd9f6f570a24532a162a2688be5e16ad62f6050d4091be7d0a5c933c653802
3ac87145d6a53bf81dbb0246e3f745dca39b773e5b160301020d
EAP-Message =
0x0c0002090080937241455120e5f86723331c043ae3551d357c209fb557cb58312d1b1583a9
1e018e4955d2f2891568f6490d44dab517976062592a362a6857f2578ef2d1865e469f97f7dc
2b8b1fa0a1fed25aac2ccee0160f3369a80a73d70958c736f3eb6a0d59a74e8414372a5b2963
8a7e74e2875188d3f4280aa8633ac3ecac606c8abb00010200800198b440f8e9d92975289bc5
b020fe363603f57a4d9edf3e3627b137e0c60ba81756694410d0b588f253221c1b09b34d32a8
402a77d2b83eea0fc6551c1ef056f4d7b0db870f4a4fb6fc4a6e140dd6faaca5d1948255fa0f
1dbc352adfa2eb6585b5a2c0ae3dc2a738aa4ee53950dfe1bd40
EAP-Message =
0x368f69b0b921b6e14f7be84725b60100193202fd650f77df635b926ddebc6b0acf680a5ff5
454f8560c920e0ed1437ede5982e783fc5c1ab38cec26a2379ff7595fef27e4db5aee82b9523
31fd604d86daf606276006464defb8b06ff3e76ca02800f4a3401b803dca6ae97459add32448
d59fbd344f8dc8bb6622a97cf8cabfb6f6827eb10c8df775e5ffe8752747eff36249120770dd
48d2c885d7f93caff347d9baad490b640e45240629fc317a4cfae657cec634ac2809f214c984
fff2e9d6d8fff9ca019bf88aa997fd0cdaa3d726c3efa983167f925e3c40be1eeb9a2121b465
605dea0d6371adecf2d270321a2b30d427c848e94a37a00fbeef
EAP-Message =
0xab2f2f04cb1feffc067e581402bb2bf5913ea116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1952930c1d548627ccef9d983eb1b684
(7) Finished request 7.
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=18,
length=439
User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
State = 0x1952930c1d548627ccef9d983eb1b684
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message =
0x020600d01580000000c616030100861000008200804601ed4cea7a4fbf3ea936bb190447aa
79e902f76bd9ca26bf56b5002c860bb7514513debe0262889773db19e9fde0637c596e9f8e95
c758e5572d94b816837ff33624babf64a1e49b10391c78c7d0429098de0483b093fdc72b16e8
efe20271ceb0c635de78bf1d6676197e9132e558accb96c43accde388dc47be89ee22b401403
0100010116030100308113e5ba633d23953215f260177dec8b25a61b3db96c29b3986c88e2c4
ed89e87c5f2bdc224e78ade7702668167ba5a6
Message-Authenticator = 0xf1cb9dcb23d2730fdd71275b451e332d
(8) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(8) group authorize {
(8) - entering group authorize {...}
(8) [preprocess] = ok
(8) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(8) [wimax] = ok
(8) eap : EAP packet type response id 6 length 208
(8) eap : Continuing tunnel setup.
(8) [eap] = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(8) group authenticate {
(8) - entering group authenticate {...}
(8) eap : Request found, released from the list
(8) eap : EAP/ttls
(8) eap : processing type ttls
(8) ttls : Authenticate
(8) ttls : processing EAP-TLS
TLS Length 198
(8) ttls : Length Included
(8) ttls : eaptls_verify returned 11
(8) ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
(8) ttls : TLS_accept: SSLv3 read client key exchange A
(8) ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001]
(8) ttls : <<< TLS 1.0 Handshake [length 0010], Finished
(8) ttls : TLS_accept: SSLv3 read finished A
(8) ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001]
(8) ttls : TLS_accept: SSLv3 write change cipher spec A
(8) ttls : >>> TLS 1.0 Handshake [length 0010], Finished
(8) ttls : TLS_accept: SSLv3 write finished A
(8) ttls : TLS_accept: SSLv3 flush data
SSL: adding session
4cf09e9c9f327a21bd3f49610525905b42346e067b3d1f254b14331103397e81 to cache
(8) ttls : (other): SSL negotiation finished successfully
SSL Connection Established
(8) ttls : eaptls_process returned 13
(8) [eap] = handled
Sending Access-Challenge of id 18 to 10.50.4.2 port 49154
EAP-Message =
0x0107004515800000003b1403010001011603010030570f9a8f3128c5efe3ab40fedb710a6a
98b4a758734a6f041228fc595846a4271cd9fab4385458fcc226338fb0b91a15
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1952930c1c558627ccef9d983eb1b684
(8) Finished request 8.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=19,
length=423
User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
NAS-IP-Address = 10.50.4.2
NAS-Port-Type = Wireless-802.16
NAS-Port = 1
Calling-Station-Id = "\254\201\022\027\217\352"
NAS-Identifier = "010010010000032000"
WiMAX-GMT-Timezone-offset = 0
Framed-MTU = 1490
Service-Type = Framed-User
State = 0x1952930c1c558627ccef9d983eb1b684
WiMAX-Release = "1.0"
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303130303130303130303030303332303030
EAP-Message =
0x020700c015001703010020b101f024e95005e369d9c5d192382a8d453c5e51c9af2d15d2a8
b755743b33d3170301009021437256763846c6c051ca099d0357cea3821edb948ba156193791
20f1b97521bb987a775214f1564df6ffbb3f01fd4476a5319bbe7ce4fd1dd8a93abd57cb28b6
b8aed2f37753ede1783589002e0404d1a4247525b941b14d6708f0988df41511758749c51d52
9423167e100ab43bab6991c786266a10f5dd03324930afb09ae3020edcc6a9ac7a77eed51b44
0c88a8
Message-Authenticator = 0xbfaf7a1a3a19e84106b8191119a83fcc
(9) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(9) group authorize {
(9) - entering group authorize {...}
(9) [preprocess] = ok
(9) [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(9) [wimax] = ok
(9) eap : EAP packet type response id 7 length 192
(9) eap : Continuing tunnel setup.
(9) [eap] = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(9) group authenticate {
(9) - entering group authenticate {...}
(9) eap : Request found, released from the list
(9) eap : EAP/ttls
(9) eap : processing type ttls
(9) ttls : Authenticate
(9) ttls : processing EAP-TLS
(9) ttls : eaptls_verify returned 7
(9) ttls : Done initial handshake
(9) ttls : eaptls_process returned 7
(9) ttls : Session established. Proceeding to decode tunneled attributes.
(9) ttls : Tunneled attribute 1 is too short (1 < 12) to contain anything
useful.
SSL: Removing session
4cf09e9c9f327a21bd3f49610525905b42346e067b3d1f254b14331103397e81 from the
cache
(9) eap : Handler failed in EAP/ttls
(9) eap : Failed in EAP select
(9) [eap] = invalid
(9) Failed to authenticate the user.
(9) Using Post-Auth-Type Reject
(9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(9) group REJECT {
(9) - entering group REJECT {...}
(9) attr_filter.access_reject : expand: %{User-Name} ->
{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com
(9) attr_filter.access_reject : Matched entry DEFAULT at line 11
(9) [attr_filter.access_reject] = updated
(9) Finished request 9.
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
Waking up in 0.6 seconds.
(9) Sending delayed reject
Sending Access-Reject of id 19 to 10.50.4.2 port 49154
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2.3 seconds.
(3) Cleaning up request packet ID 13 with timestamp +35
(4) Cleaning up request packet ID 14 with timestamp +35
(5) Cleaning up request packet ID 15 with timestamp +36
More information about the Freeradius-Users
mailing list