Proxying PEAP/MSCHAPv2 to NPS errors
Seth Lampman
sethklampman at gmail.com
Mon Nov 19 16:52:27 CET 2012
Freeradius 2.2.0
I am trying to take an PEAP/MSCHAPv2 tunnel terminate it at 172.16.0.9 and
then proxy it as MSCHAPv2 to an NPS server at 172.16.0.15. This is for a
token server that does not allow PEAP. Everything works (I get an ACCEPT
from 172.16.0.15) but then freeradius crashes. I have searched the forumns
and it looks like others have had this issue but I can seem to find a
resolution. Sometimes I get the mutex lock and sometimes I get a
segmentation fault.
Any help would be greatly appreciated.
----SNIP OF ERROR FROM DEBUG----
rad_recv: Access-Accept packet from host 172.16.0.15 port 1812, id=24,
length=230
Proxy-State = 0x313137
Framed-Protocol = PPP
Service-Type = Framed-User
Class =
0xce4e0b840000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000
00000000000013
MS-MPPE-Recv-Key = 0x23f719b0d45157837af9e2d7fbdba7dd
MS-MPPE-Send-Key = 0x13a8461f37b23d89591fdb2a2f02f1ce
MS-CHAP2-Success =
0x06533d45413643313739303838373942324634394134304233443137353646454131324346
373637443143
MS-CHAP-Domain = "\006SKL"
# Executing section post-proxy from file
/etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[eap] Doing post-proxy callback
[eap] Passing reply from proxy back into the tunnel.
server inner-tunnel {
[eap] Passing reply back for EAP-MS-CHAP-V2
# Executing section post-proxy from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
++[eap] returns noop
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file
/etc/freeradius/sites-enabled/inner-tunnel
} # server inner-tunnel
[eap] Final reply from tunneled session code 2
Proxy-State = 0x313137
Framed-Protocol = PPP
Service-Type = Framed-User
Class =
0xce4e0b840000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000
00000000000013
MS-MPPE-Recv-Key = 0x23f719b0d45157837af9e2d7fbdba7dd
MS-MPPE-Send-Key = 0x13a8461f37b23d89591fdb2a2f02f1ce
MS-CHAP2-Success =
0x06533d45413643313739303838373942324634394134304233443137353646454131324346
373637443143
MS-CHAP-Domain = "\006SKL"
[eap] Got reply 2
freeradius: pthread_mutex_lock.c:321: __pthread_mutex_lock_full: Assertion
`robust || (oldval & 0x40000000) == 0' failed.
Aborted
----FULL DEBUG-----
rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=111,
length=69
User-Name = "test"
Calling-Station-Id = "0000005e556e"
EAP-Message = 0x020000090174657374
Message-Authenticator = 0xf371f7a858c4cf3987dfbe6446f66f06
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 111 to 172.16.0.5 port 50001
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcbe5a788cbe4bedafb635b97ce195b6e
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=112,
length=294
User-Name = "test"
Calling-Station-Id = "0000005e556e"
EAP-Message =
0x020100d8190016030100cd010000c9030150aa424cdfae162e9899919d786b33090b4b323d
aac9fbd35e022e21088cbfdf00005cc014c00a0039003800880087c00fc00500350084c012c0
0800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f0096004100
07c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b00
0403000102000a00340032000100020003000400050006000700080009000a000b000c000d00
0e000f001000110012001300140015001600170018001900230000
Message-Authenticator = 0xbc03ad926311fa1f509d8d04f055b2cb
State = 0xcbe5a788cbe4bedafb635b97ce195b6e
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 216
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00cd], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02b4], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 112 to 172.16.0.5 port 50001
EAP-Message =
0x0102040019c00000050a16030100310200002d030150aa423a46727bd1519ab8bdd743c21e
7463afab834acd5ce281873209acfcfc000039000005ff0100010016030102b40b0002b00002
ad0002aa308202a63082018e020900ec3ae1766fcc1e58300d06092a864886f70d0101050500
3015311330110603550403130a46524545524144495553301e170d3132313131393132333234
365a170d3232313131373132333234365a3015311330110603550403130a4652454552414449
555330820122300d06092a864886f70d01010105000382010f003082010a0282010100ad2f22
a51811df31b40221b1c484460547f03549615668c1c9925ed33a
EAP-Message =
0xc57811b046051eb5a8c3e8d5439e955d098320136f13d98d7be0d4681a9259b07cb65ff88c
d05bfb0ee0ffc6896c506f3094dca3194c84cdc8ca0868a40dbc9f952ed4302303cd014a6333
4a3ef77d403245cc68c701809a26fb4e1e2f14b4855e75f2163a67693cc92ba0de98abd49e3a
57ba78c6be7afd6de760fcd2ac492ef2cde96961440e06af7ea294f16a00133a9daa4ceadb43
2a543340fcc35ebe2c153f128220380ab9495928eb792aac36367d2438ad7b5a6422efa0f9b7
80481ff5dce1161c17df10ae0460debaf6e7dd19de58510dba5807897b4590dd49f5f2074fb1
0203010001300d06092a864886f70d010105050003820101006f
EAP-Message =
0x0f28b6c3f62e6ff85a23bc18537b888884499b4804bc075330eeeadf52814d0a6bf66e6486
f0c0aee368b8b832ae7e25998d3bea7588de8db72a36072b5d6655810b9c44e31c37357530df
6a7806c1d0fef5998c53b4dcc651cd32c6389361bf2fb4171432a9b353c2aaa767bd47ab9046
c2b349d4abab2c1358ec711687e1abfa000904df25baebdf4a3bf314a35e49dd3886e2078140
c3897425d1df13c244d32bf35d7ba7a0dcfc52583b62492e4c2f24dc5c0c895587975ba59d41
9836c9b444b33ee8c3a705b2fa42abcb1e558731ef77da6dcd41e01641cdab1b5896dff9f3f5
2da01680f0b2a463a3d153ea8dd12603093db20314a36da34c66
EAP-Message =
0x9ee1160301020d0c00020900809a9e58f82faf6e17e7ba9255156a584b7719f94b9fb5c434
222600ed1d577c73555bf5da1862faa858342f92c09c11939e07d568f9d6e6de29ad61711040
04316d4b294d479e940e83115b7ff42946a073ffb68f390c21a818ed3f30655f3a797836139b
16045513ab4274a64e1bc89e55dc8b001f9ea450f428e1790844b2d300010200801cf8f3a564
307d7a6164d27f26d0850a9c042b2d0bb060294e9a55cb8b54853e2ab5cde6c7521f80722a21
eb2b568c1776003554a8cceb7b22695fa11af58fcba9f01437851d4566ca12052683ff97ec3c
7cd3a8c334ab0fd222052bf3e9ca741b9c20fde566a80cbcb4a4
EAP-Message = 0xbe74f4d83a7b632d83614e4f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcbe5a788cae7bedafb635b97ce195b6e
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=113,
length=84
User-Name = "test"
Calling-Station-Id = "0000005e556e"
EAP-Message = 0x020200061900
Message-Authenticator = 0xf82d7391f32d9674b8c365a8c070aa0a
State = 0xcbe5a788cae7bedafb635b97ce195b6e
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 113 to 172.16.0.5 port 50001
EAP-Message =
0x0103011a19002b842bb0ed7a481a97010061d39c216a910dff62ae7229be38c500aea894cb
5887c6d1c175513c880bc1175bb7db26a678eb9bfb97fd387d964974353f30eed2e2ce3f8db7
883ff0655249fe2aad3b10edc06b394d46b0a6ea6beb4886bdb5d4717ecdb2a65142bc357b62
5f7ec440f59e7d59b8e8d5b334be8291e620cb5d61915325397aaa47cffae9584d0f683dccce
ba8fdb8df4f1adbb05643c83277dffb616859c4076628255f7d1c50437a44d31c3923372132a
29fd1cba2fea712798a8d9d900c69a82749b20749c4ff95f401ca6d963d351bf40dea3178b4d
78262c1ce7e498a4aae87c84c83e6f0ae8d404da69da7f528686
EAP-Message =
0x2630c8cf2cc7f8f07b501a5a9794ffe2af7c83dc16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcbe5a788c9e6bedafb635b97ce195b6e
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=114,
length=282
User-Name = "test"
Calling-Station-Id = "0000005e556e"
EAP-Message =
0x020300cc19001603010086100000820080508b290f81a0214e6d10ff2fa89011d6f95aaa8a
b474f85a09a7f1febd79f654512ccb197a153107474785ea2daa530e1aaf581d90a763bf295b
74daf18e92c23680c5010b079fe252b01c2aa3328764deb9637398f698fe2c61b391262d8837
fea96a3b488f43ccc01ab55ab312cff623542118ed4a3b4080702b2560a10f98140301000101
1603010030e82da932c8d42c1bcd8719e47f0fc80af867bd8de7ff82d489e8f098a2d0a1154f
280198c65ccfb36686e473c4bc67fc
Message-Authenticator = 0xda4d0bbe297d0fcd218364debf022974
State = 0xcbe5a788c9e6bedafb635b97ce195b6e
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 114 to 172.16.0.5 port 50001
EAP-Message =
0x010400411900140301000101160301003003804d439cf6d9771eadef0ee312d8a10442d471
867c4c3c6f8532e90e532ae715a71209d82b320e508a2fd862df963b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcbe5a788c8e1bedafb635b97ce195b6e
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=115,
length=84
User-Name = "test"
Calling-Station-Id = "0000005e556e"
EAP-Message = 0x020400061900
Message-Authenticator = 0x6fc3b38cd2d22d3460957666f8c64d77
State = 0xcbe5a788c8e1bedafb635b97ce195b6e
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 115 to 172.16.0.5 port 50001
EAP-Message =
0x0105002b1900170301002091dcf4fb8a45ff43f0b5b0a8ff1ec240a5954cede261fbffc541
537ce0ea8d16
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcbe5a788cfe0bedafb635b97ce195b6e
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=116,
length=158
User-Name = "test"
Calling-Station-Id = "0000005e556e"
EAP-Message =
0x0205005019001703010020147d574f2fd8de7e70c7c30c98ff2ff0a8d004e610e1eaa89469
c167ecb7f8e917030100205c7e6b0719ebf5c76c67d2d649bb2b122fe8486542ae427479c421
3aa84785d0
Message-Authenticator = 0x0e70611a43d9fc31d4169f19062666af
State = 0xcbe5a788cfe0bedafb635b97ce195b6e
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - test
[peap] Got inner identity 'test'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x020500090174657374
server {
PEAP: Setting User-Name to test
Sending tunneled request
EAP-Message = 0x020500090174657374
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test"
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 5 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 2
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Cancelling proxy to realm Safeword until the tunneled EAP session
has been established
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x0106001e1a01060019101f1a5f6f1779ad4d6c22bf2399d769be74657374
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x25bce37525baf980c4060621f65c4ede
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 116 to 172.16.0.5 port 50001
EAP-Message =
0x0106003b19001703010030cd6d34dbb44dc4e38c249b3c54e1d985a5b4a218bd5e80642c4a
6e6ff5d886f3b4d3af297360c7bec81533c421d3e450
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcbe5a788cee3bedafb635b97ce195b6e
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.0.5 port 50001, id=117,
length=206
User-Name = "test"
Calling-Station-Id = "0000005e556e"
EAP-Message =
0x0206008019001703010020d3cf90430c96bb87065bc2e8a04898fbaf343f2266d1903cf633
83490462c40f17030100505cee622dae2fcfc2a313bb5d697bca04acfddc7a9423a9d8d38539
a20b3d06d0e3178899bb66bf63ca79d08d98db46eb495f61214abee133f2cc79ec6d2bfed174
b0bc6bebe00ea6e1954da9084ef5fb
Message-Authenticator = 0x3c2e27330b44d0471cff932a68bb50ca
State = 0xcbe5a788cee3bedafb635b97ce195b6e
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 128
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x0206003f1a0206003a31b5d1d149fff8769167ae6daf7bc12c7d000000000000000081cf39
15134acdc91503d936b9a9be5832bff9ab46d42bf40074657374
server {
PEAP: Setting User-Name to test
Sending tunneled request
EAP-Message =
0x0206003f1a0206003a31b5d1d149fff8769167ae6daf7bc12c7d000000000000000081cf39
15134acdc91503d936b9a9be5832bff9ab46d42bf40074657374
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test"
State = 0x25bce37525baf980c4060621f65c4ede
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 6 length 63
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 2
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Not-EAP proxy set. Not composing EAP
++[eap] returns handled
PEAP: Tunneled authentication will be proxied to Safeword
PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
[eap] Tunneled session will be proxied. Not doing EAP.
++[eap] returns handled
WARNING: Empty pre-proxy section. Using default return values.
Sending Access-Request of id 24 to 172.16.0.15 port 1812
User-Name = "test"
MS-CHAP-Challenge = 0x1f1a5f6f1779ad4d6c22bf2399d769be
MS-CHAP2-Response =
0x0665b5d1d149fff8769167ae6daf7bc12c7d000000000000000081cf3915134acdc91503d9
36b9a9be5832bff9ab46d42bf4
Proxy-State = 0x313137
Proxying request 6 to home server 172.16.0.15 port 1812
Sending Access-Request of id 24 to 172.16.0.15 port 1812
User-Name = "test"
MS-CHAP-Challenge = 0x1f1a5f6f1779ad4d6c22bf2399d769be
MS-CHAP2-Response =
0x0665b5d1d149fff8769167ae6daf7bc12c7d000000000000000081cf3915134acdc91503d9
36b9a9be5832bff9ab46d42bf4
Proxy-State = 0x313137
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 172.16.0.15 port 1812, id=24,
length=230
Proxy-State = 0x313137
Framed-Protocol = PPP
Service-Type = Framed-User
Class =
0xce4e0b840000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000
00000000000013
MS-MPPE-Recv-Key = 0x23f719b0d45157837af9e2d7fbdba7dd
MS-MPPE-Send-Key = 0x13a8461f37b23d89591fdb2a2f02f1ce
MS-CHAP2-Success =
0x06533d45413643313739303838373942324634394134304233443137353646454131324346
373637443143
MS-CHAP-Domain = "\006SKL"
# Executing section post-proxy from file
/etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[eap] Doing post-proxy callback
[eap] Passing reply from proxy back into the tunnel.
server inner-tunnel {
[eap] Passing reply back for EAP-MS-CHAP-V2
# Executing section post-proxy from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
++[eap] returns noop
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file
/etc/freeradius/sites-enabled/inner-tunnel
} # server inner-tunnel
[eap] Final reply from tunneled session code 2
Proxy-State = 0x313137
Framed-Protocol = PPP
Service-Type = Framed-User
Class =
0xce4e0b840000013700010200ac10000f00000000c1f0b6db791d9ba301cdc5f9ffdd9c5000
00000000000013
MS-MPPE-Recv-Key = 0x23f719b0d45157837af9e2d7fbdba7dd
MS-MPPE-Send-Key = 0x13a8461f37b23d89591fdb2a2f02f1ce
MS-CHAP2-Success =
0x06533d45413643313739303838373942324634394134304233443137353646454131324346
373637443143
MS-CHAP-Domain = "\006SKL"
[eap] Got reply 2
freeradius: pthread_mutex_lock.c:321: __pthread_mutex_lock_full: Assertion
`robust || (oldval & 0x40000000) == 0' failed.
Aborted
]0;root at FREERADIUS: /etc/freeradiusroot at FREERADIUS:/etc/freeradius#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121119/248d6836/attachment-0001.html>
More information about the Freeradius-Users
mailing list