EAP-TTLS/PAP with OpenLDAP user store

Stefano Zanmarchi zanmarchi at gmail.com
Tue Mar 6 18:32:33 CET 2012


Hi,
my aim is to to have eap-ttls/pap working using an openldap user
database with MD5
hashed passwords. I got it working configuring ldap parameters in
/etc/raddb/modules/ldap
and applying two changes in /etc/raddb/sites-available/inner-tunnel:
1) uncommented "ldap" in the authorize section
2) uncommented these lines in the authenticate section:
   Auth-Type LDAP {
     ldap
   }
Am I doing it right?
What puzzles me is the following comment in the authenticate section that seems
to warn me not to do what I have done ("EAP wont'work"):
  # Uncomment it if you want to use ldap for authentication
  #
  # Note that this means "check plain-text password against
  # the ldap database", which means that EAP won't work,
  # as it does not supply a plain-text password.

Thanks a lot for your time and help,
Stefano

Here's the very long of the debug output (test done with
JRadusSimulator with EAP-TTLS/PAP Authentication Protocol):


rad_recv: Access-Request packet from host 192.168.100.11 port 41898,
id=204, length=95
        NAS-Port = 100
        NAS-IP-Address = 123.123.123.123
        User-Name = "anonymous at unipd.it"
        EAP-Message = 0x0200001701616e6f6e796d6f757340756e6970642e6974
        Message-Authenticator = 0x4a6c7626f1ae57fabb14be50dbc07a24
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "unipd.it" for User-Name = "anonymous at unipd.it"
[suffix] No such realm "unipd.it"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 23
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 204 to 192.168.100.11 port 41898
        EAP-Message = 0x010100061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcd7901eacd78148a4b2cea7aabcc02f2
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.11 port 41898,
id=205, length=162
        NAS-Port = 100
        NAS-IP-Address = 123.123.123.123
        User-Name = "anonymous at unipd.it"
        State = 0xcd7901eacd78148a4b2cea7aabcc02f2
        EAP-Message =
0x020100481500160301003d0100003903014f5645254671b784085849aa6dd6e3f818aa3e40e058b087ba535933b62b721a0000120039003800330032001600130035002f000a0100
        Message-Authenticator = 0x19b7441b270f62ebbc9d4840c09bdb7a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "unipd.it" for User-Name = "anonymous at unipd.it"
[suffix] No such realm "unipd.it"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 72
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls]     (other): before/accept initialization
[ttls]     TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 003d], ClientHello
[ttls]     TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls]     TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate
[ttls]     TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[ttls]     TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls]     TLS_accept: SSLv3 write server done A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 205 to 192.168.100.11 port 41898
        EAP-Message =
0x0102040015c000000aad160301002a0200002603014f56452532ed154126bed11870476c01d7f373c20ad3d9c68ac6e05dd629561700003900160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
        EAP-Message =
0x301e170d3132303132343135303735395a170d3133303132333135303735395a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100fa0f3e1ceaf9177f2eb634acd46fb39abe162dcc17f73b8a79fa0b159fb608379beb9cca6a68546fb4395d33c847c667a01a87f28829d7fb310080eca9f8
        EAP-Message =
0x3458e66496b02ae443acf293f00ef76f4cc9e5ccfa418d10fff27cf43821b8ad462578a67e42dc0b6f3fc2014334dd79a599d45e64c626341605bf4126f773cf813ab0fb340f5b48f5210d6848fb6e054e105c8d94eb70fb7c8a886539414ede92e9c4b726fd4283b5bce1e0bfbb35531fc4b0bffd7bb4bd2867bca48145af082ee78032331f3edf63fb6ba6c0d79855250469c60ad8e38ab5b2954e29cafc5979bb3c10575a1c1d221cf47d98a4db79da5840c45a431b7025b9b807aefefd0881e10203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100bc3332769e2ecff294
        EAP-Message =
0x0a42a153dde30c127fc17b73cb994937130670488c983419461531cd82f99acf032930dfd2f5e1b23f0f61bb18f1c05c9a548fcfc365c1b38733b12a4229002cca44c9c3442d5f021e708806d8c5c378f01191ca86481c3f0654f7fa14b992ffd7541f68d57e5fb3116b142a5e12f6e2bf7554e0c008e6490dacfa62427787c4190b3e95abb39018767f92fa131dd729f778a6787f0ac4fcd940c0c42c9fdd6e31e0d9a93230130cad702cf7d081a0d0240a745bfa00527d6aa0846b5205f03f899fddc7b6dff5fbfbaedc29d09bd0aa602dfc4faa99ed24f320ac09069df43e36b971c3c73edb793dd8e4747963f3cc6add7def77934b0004ab308204
        EAP-Message = 0xa73082038fa0030201020209
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcd7901eacc7b148a4b2cea7aabcc02f2
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.11 port 41898,
id=206, length=96
        NAS-Port = 100
        NAS-IP-Address = 123.123.123.123
        User-Name = "anonymous at unipd.it"
        State = 0xcd7901eacc7b148a4b2cea7aabcc02f2
        EAP-Message = 0x020200061500
        Message-Authenticator = 0xa2c22a1a2e8fa392e6f8babe34a8a605
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "unipd.it" for User-Name = "anonymous at unipd.it"
[suffix] No such realm "unipd.it"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 206 to 192.168.100.11 port 41898
        EAP-Message =
0x0103040015c000000aad00e8494b90642e746f300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3132303132343135303735395a170d3133303132333135303735395a308193310b3009060355040613024652310f300d0603550408130652616469757331123010
        EAP-Message =
0x06035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100cd77ec7086dbc07f34f7cae3b3872f281bbb836151b0dc6723bb1c027715d93053050e0f43b8c0d9105565cdad4a780737970a5a420e0d597d900d60278e7376cd4a9fa1a04dd69486098a1c9300d0705ad547341553e146513a06936d96b24314c29649e16e46283b2ab2
        EAP-Message =
0xc02e488785b05212fbdb5593a67c081b5760d7c8ece614ca379a329ad870dce6ac78e1c5383ed4797aebfec23530572a5298b40a5686805317b03da9663c694b98d925e489eb6ca695cf3b0628c028c6fe88e83e37e125f005583b0f7c58936d4645b91a569b95df9aafed8d11b7b2b3165279e297a17622f96e2dc4a23415bd249fbc1ebd09103ae493d7adfb359f3fd7b03e9a390203010001a381fb3081f8301d0603551d0e04160414da070c5228c57bbee0cc49e2c4b12cf1720dabf73081c80603551d230481c03081bd8014da070c5228c57bbee0cc49e2c4b12cf1720dabf7a18199a48196308193310b3009060355040613024652310f300d
        EAP-Message =
0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900e8494b90642e746f300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100ba35653daf0e4c3b6cc689ebd67f3cbfd3f368f9827a6791587584ba9c9e19b9e4466f291e7d61ee59fcc4d255c4b1bddbf5a2b5e347e86285470bd3c6ec4e13fb8d790432bef10f0f04ae5d57db
        EAP-Message = 0x95aabab449a37124b01f7d23
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcd7901eacf7a148a4b2cea7aabcc02f2
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.11 port 41898,
id=207, length=96
        NAS-Port = 100
        NAS-IP-Address = 123.123.123.123
        User-Name = "anonymous at unipd.it"
        State = 0xcd7901eacf7a148a4b2cea7aabcc02f2
        EAP-Message = 0x020300061500
        Message-Authenticator = 0x7de069de52a18aaf03a8a63845bb52ab
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "unipd.it" for User-Name = "anonymous at unipd.it"
[suffix] No such realm "unipd.it"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 207 to 192.168.100.11 port 41898
        EAP-Message =
0x010402cb158000000aad2e32d34b73b029470cf489eed7f1dc989b9157a2c04d5d03791d618440aac34bebfa42cf0c52e516af7013aaf2093662be0201215cd5cfa43f570e827fcdcd68a9c10e77250179332e1844a5533e9f06ca5ff640c1f2a12a4f0ea6e63063b1091818c094ea5412575c9a80fc69f817711017550c5fec771b9551c9e0767161fde2cf39e938c4284698c459769b117678303aa015621f3c54c249d2d52985afd1390507efec33160301020d0c0002090080f09039993098ab5b7cfc785f08528979fc0525e868a74d8283896c088865610862093c47d49077eb9916d8c87c9c6d1e77153e9a7abace55f4d0b205a74f38b4191d
        EAP-Message =
0x114b0910b3a08dab17b65fe08eb9f564c1328fff3a299045398adb4a08f20c0c5e071e08172b5659e60964029beaaf23158643cf635bb2283f8ede606003000102008015e952d5ccf37e61fb8ee23373c3e5bf9a953e82cfd17f82fa78aec2202e1e13dab27035c72f9fea4bd170db65cd75ba77d5a8bdc99ce16e0f1dc6add5547d23e9b70d01f98a0ec44f8e8a6d7bec73b2f97cbf350adff04760906b9dc13a7fd3df3519e7b2cc81173b913cc6a00d7f90bedff8b942a3b9f91661c78bc7c1afd00100805befbdf25cf595abcb8b6701c75654d6eddb95b7e61194a9bc38cdc385d39f528b7576d74dbcd80de5668fe61f582c659db4727e2e3704
        EAP-Message =
0x2087d41ebd9420008136d668d0a9345721d00a5c6c3a0bb6600b13a1a601053d08d52ebd022540403d6a74f0822b70f0ad2b78013a222c87ef720d6a399e988cad506981fdfa51b2be0d77c7845aa9ef540533a3834c76e754e7946dc388d40a72b237acd9f7db0160ab6d14be7ac11a2495d106db5a3490298d7e7d5db912e68ea7a45be2333c3cdfffa3773fa35df4236b04d183c87cbedef9428934302510dd6543a090fbc6586647d8064a67eb40a63f0717ba10a8dbd48ef054215302f6bc220c4b315fe40d16030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcd7901eace7d148a4b2cea7aabcc02f2
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.11 port 41898,
id=208, length=310
        NAS-Port = 100
        NAS-IP-Address = 123.123.123.123
        User-Name = "anonymous at unipd.it"
        State = 0xcd7901eace7d148a4b2cea7aabcc02f2
        EAP-Message =
0x020400dc150016030100861000008200805fbeedad3d5af155f4c45f2410d3c02ec13fc5d3df27374d07e8c6684ec7356d99cafc892fc0e753551c1a74a425bb70161d0cd34fe326fe961ea1c9f027419bdb819329e5644b34dff39ca0c3d77ae8d8acdba6aaac53b7606985db292ea50c6f237bf90725a1ce53caf91f2428cb25d54e7e4bb7ffe6c2cd6df7c8a0d1fec814030100010116030100406e4ca038ddf976b6a0f080487c316d44684af947febc7432eba1209c637219ee06fdf4391e43753763be7d6237a01d7fd9e23854300e2d3c73e6cb79f13dfdf1
        Message-Authenticator = 0x3f0e85870f20ce1a998879c107f38832
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "unipd.it" for User-Name = "anonymous at unipd.it"
[suffix] No such realm "unipd.it"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 220
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[ttls]     TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls]     TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 write finished A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 208 to 192.168.100.11 port 41898
        EAP-Message =
0x0105004515800000003b14030100010116030100301ba0ec36ea8a4181d9b5b4d526ae533f3ea22fb31b29a8cf34824f52dfaf12589a6239eff19952d02b1d5a67ba056129
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcd7901eac97c148a4b2cea7aabcc02f2
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.11 port 41898,
id=209, length=96
        NAS-Port = 100
        NAS-IP-Address = 123.123.123.123
        User-Name = "anonymous at unipd.it"
        State = 0xcd7901eac97c148a4b2cea7aabcc02f2
        EAP-Message = 0x020500061500
        Message-Authenticator = 0x5bee6ebbb1f0dfb633b2c47db5deb0af
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "unipd.it" for User-Name = "anonymous at unipd.it"
[suffix] No such realm "unipd.it"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake is finished
[ttls] eaptls_verify returned 3
[ttls] eaptls_process returned 3
++[eap] returns handled
Sending Access-Challenge of id 209 to 192.168.100.11 port 41898
        EAP-Message = 0x0106000a158000000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcd7901eac87f148a4b2cea7aabcc02f2
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.11 port 41898,
id=210, length=250
        NAS-Port = 100
        NAS-IP-Address = 123.123.123.123
        User-Name = "anonymous at unipd.it"
        State = 0xcd7901eac87f148a4b2cea7aabcc02f2
        EAP-Message =
0x020600a015001703010030545053644b5cc5c386d17396a5b1fc38c717302eb5e26f5322df1a9c323793c233cb6e4effe95ab464a808910a93a8ea17030100604de78b46dbf0dd777446d710071eee3eb6b3a8f8728ac83280a4dad02e364e7e8c70dabaa49a0b5d887bb296b060546890c98623d8642229ae757dc61eb989fb6340807fb449fdedde56c40951d7a48e2a51c995364f1e6f49c3d8bd8463cef6
        Message-Authenticator = 0x60c9bcb9cdef0bee42e5b4ccec949aed
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "unipd.it" for User-Name = "anonymous at unipd.it"
[suffix] No such realm "unipd.it"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 160
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
        User-Name = "test.user at studenti.unipd.it"
        User-Password = "XXX"
        FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
        User-Name = "test.user at studenti.unipd.it"
        User-Password = "XXX"
        FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] Looking up realm "studenti.unipd.it" for User-Name =
"test.user at studenti.unipd.it"
[suffix] No such realm "studenti.unipd.it"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for test.user at studenti.unipd.it
[ldap]  expand: %{Stripped-User-Name} ->
[ldap]  expand: %{User-Name} -> test.user at studenti.unipd.it
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=test.user at studenti.unipd.it)
[ldap]  expand: dc=unipd,dc=it -> dc=unipd,dc=it
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to mytestingdirectory.it:389, authentication 0
rlm_ldap: bind as
uid=ldapconnect.user at studenti.unipd.it,ou=students,dc=unipd,dc=it/XXX
to mytestingdirectory.it:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=unipd,dc=it, with filter
(uid=test.user at studenti.unipd.it)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure
that the user is configured correctly?
[ldap] Setting Auth-Type = LDAP
[ldap] user test.user at studenti.unipd.it authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = LDAP
+- entering group LDAP {...}
[ldap] login attempt by "test.user at studenti.unipd.it" with password "XXX"
[ldap] user DN: uid=test.user at studenti.unipd.it,ou=students,dc=unipd,dc=it
rlm_ldap: (re)connect to mytestingdirectory.it:389, authentication 1
rlm_ldap: bind as
uid=test.user at studenti.unipd.it,ou=students,dc=unipd,dc=it/XXX to
mytestingdirectory.it:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
[ldap] user test.user at studenti.unipd.it authenticated succesfully
++[ldap] returns ok
  WARNING: Empty section.  Using default return values.
} # server inner-tunnel
[ttls] Got tunneled reply code 2
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 210 to 192.168.100.11 port 41898
        MS-MPPE-Recv-Key =
0x7e3008da04efccfd6c7be689ff4b9f936c80c49e65c3ca620ebe67043037fb4e
        MS-MPPE-Send-Key =
0x37248e65b82a594d264cc1f03d9a1cb55addc7e916ec0c035bbe98c183bf5548
        EAP-Message = 0x03060004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "anonymous at unipd.it"
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 204 with timestamp +12
Cleaning up request 1 ID 205 with timestamp +12
Cleaning up request 2 ID 206 with timestamp +12
Cleaning up request 3 ID 207 with timestamp +12
Cleaning up request 4 ID 208 with timestamp +12
Cleaning up request 5 ID 209 with timestamp +12
Cleaning up request 6 ID 210 with timestamp +12
Ready to process requests.


More information about the Freeradius-Users mailing list