FreeRADIUS Issue -
Nandkumar Palkar
nkpalkar at gmail.com
Mon Oct 15 16:04:43 CEST 2012
Hi Alan,
I'm facing the issue with configuration EAP-TTLS, LDAP and Perl and using
test client as "eapol_test".
Please find the debug logs below:
rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=0,
length=206
User-Name = "xxxxxxxx"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020000360175736572317676746e746b6a6b636b76656469756366767672636e657563756b6c766465637475726a646a666b676e7267
Message-Authenticator = 0x065b1291e4b6cff7cecc69db3a9b5b83
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 54
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01
rlm_perl: Added pair Message-Authenticator =
0x065b1291e4b6cff7cecc69db3a9b5b83
rlm_perl: Added pair User-Name = xxxxxxxx
rlm_perl: Added pair EAP-Message =
0x020000360175736572317676746e746b6a6b636b76656469756366767672636e657563756b6c766465637475726a646a666b676e7267
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
++[files] returns noop
[ldap] performing user authorization for xxxxxxxx
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> xxxxxxxx
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=xxxxxxxx)
[ldap] expand: dc=example,dc=com -> dc=example,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 192.168.1.103:389, authentication 0
[ldap] bind as cn=admin,dc=example,dc=com/xxxxxxxx to 192.168.1.103:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=example,dc=com, with filter (uid=xxxxxxxx)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Cleartext-Password == "xxxxxxxx"
[ldap] userPassword -> Password-With-Header == "xxxxxxxx"
[ldap] looking for reply items in directory...
[ldap] user xxxxxxxx authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
[pap] Config already contains "known good" password. Ignoring
Password-With-Header
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group EAP {...}
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01
rlm_perl: Added pair Message-Authenticator =
0x065b1291e4b6cff7cecc69db3a9b5b83
rlm_perl: Added pair User-Name = xxxxxxxx
rlm_perl: Added pair EAP-Message =
0x020000360175736572317676746e746b6a6b636b76656469756366767672636e657563756b6c766465637475726a646a666b676e7267
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Cleartext-Password = xxxxxxxx
rlm_perl: Added pair Password-With-Header = xxxxxxxx
rlm_perl: Added pair Ldap-UserDn = uid=xxxxxxxx,ou=people,dc=example,dc=com
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 127.0.0.1 port 45673
h323-credit-amount = "100"
EAP-Message = 0x010100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a7f4cbf2a7e5963e2206d31c110709d
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=1,
length=271
User-Name = "xxxxxxxx"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020100651500160301005a010000560301507c49a86cfabf980d6b3d94daf27fe3f600a2320dbc3427626ca4b918ad885f00002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
State = 0x2a7f4cbf2a7e5963e2206d31c110709d
Message-Authenticator = 0x7984af4d41a5bfd6c39d9a472fe0cc17
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 101
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group EAP {...}
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair State = 0x2a7f4cbf2a7e5963e2206d31c110709d
rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01
rlm_perl: Added pair Message-Authenticator =
0x7984af4d41a5bfd6c39d9a472fe0cc17
rlm_perl: Added pair User-Name = xxxxxxxx
rlm_perl: Added pair EAP-Message =
0x020100651500160301005a010000560301507c49a86cfabf980d6b3d94daf27fe3f600a2320dbc3427626ca4b918ad885f00002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair EAP-Type = EAP-TTLS
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 005a], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 02cd], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[ttls] TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 127.0.0.1 port 45673
h323-credit-amount = "100"
EAP-Message =
0x0102040015c0000004a316030100310200002d0301507c49a876d497d9f77288e6caa927ae9f07fcb259dfeb517d0ddbfa14c671c3000039010005ff0100010016030102cd0b0002c90002c60002c3308202bf308202280209008b00025017ffafe4300d06092a864886f70d01010505003081a3310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e310c300a060355040b130378797a312830260603550403141f224578616d706c6520436572746966696361746520417574686f72697479223120301e06092a86
EAP-Message =
0x4886f70d010901161161646d696e406578616d706c652e636f6d301e170d3132303931343136313931335a170d3133303931343136313931335a3081a3310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e310c300a060355040b130378797a312830260603550403141f224578616d706c6520436572746966696361746520417574686f72697479223120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100
EAP-Message =
0xc3d1b3c57f4c72c389bb132649aea31dd2d59953c56dc5e6a9630e5bf0902e8fbf68719eac848433d850602060ebc642c7cf0e121703ba1c152e713977216eef5f764473beafa4c53f51c96df814b4ab3b9de7ea22ba81d9b638d6333300a3fec763da2ad7f78574ac58c496749cbd1b22a732116ee9a25ae1131ce99ea00d310203010001300d06092a864886f70d01010505000381810007b898f0f249f93acd6b72df3a831a47c0a50b974b73da77b1824a9d77e8ce517299175fdc0c5e1610da5ad53fe266a585f30b23db1c980cc717acacc6f50ada63ca95daebed12b1ee47b704e6ccc2a84a44b27b0a17e14f19036e703a18c93687bdbe2b7e
EAP-Message =
0x78e990b1fb0ab9c489ccde5194eeee3974c42c7c3b0e3bfb5b2901160301018d0c0001890080c51c91cdb5dca84043ba6593725729e34c8db0986ef811b01d68d07c6f04b760bbc897fd296a98bce2a9e42f042c06074b2196d7eed711f388cab4e53eaac23a9f6b0244de91671659f446ce85bb8898dfd490c60e0d313ba5a59f7718c43a8b5864192b3edd5a3c4a696b93fa28559d52cc52de8db8dcbff46d809a46bf34c300010200804321e02ced80d60dbdce5f94fe118280f401a58c2a9841bf073318ec6ac528ddddf128849ad36365c3a60b90e234dc959e312c6ad8d02bb330e66686b6dafe243a8188d46b270abd9a30d3a6f6e7e4454dcc
EAP-Message = 0xb3c45b3ea56942954e0dbb66
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a7f4cbf2b7d5963e2206d31c110709d
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=2,
length=176
User-Name = "xxxxxxxx"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061500
State = 0x2a7f4cbf2b7d5963e2206d31c110709d
Message-Authenticator = 0x4d08a46158ad21253a616e97ad9ded18
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group EAP {...}
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair State = 0x2a7f4cbf2b7d5963e2206d31c110709d
rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01
rlm_perl: Added pair Message-Authenticator =
0x4d08a46158ad21253a616e97ad9ded18
rlm_perl: Added pair User-Name = xxxxxxxx
rlm_perl: Added pair EAP-Message = 0x020200061500
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair EAP-Type = EAP-TTLS
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 2 to 127.0.0.1 port 45673
h323-credit-amount = "100"
EAP-Message =
0x010300b71580000004a3f4da3a4fff56705c0118ee01841f0b363c07293ebcf69d05e1092c3e054bbdea541f00803a833293f40d96e86f2c849b5cdf9887eb868d3cac267e53b77c5ebe63b3a5e5989c08510c398b8dc3281bfdb5ae3578214cb26716be3557ca7f35d1a46a9a37b7b4d1eae9a10cace3b13dc194fb72249724b4b59c7dd62e66718bd50dcdb6ec376c57e4556cf4c44daa9c0adcf284e5c865714a7f71db352238d81e4207798016030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a7f4cbf287c5963e2206d31c110709d
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=3,
length=374
User-Name = "xxxxxxxx"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020300cc1500160301008610000082008090fd20bda5d27eb2d4deee9e076d8f77a8b14a91f33c6620eb5a3896f8280acd0bbd5bb0da405e5b09a842867e6083d21ee749f7f0ba637c2dd89005b8b98bb354742b01d83c676aee9a014355fbeff4b546055a2e0c39fd5a43ddac2031b42f81902efe3f17199e8f8be74683d1b0e05f2f126d7650a084e2800d62f26ab50f1403010001011603010030ccdda6df2d462f7b0b12cc43b02ee696b4cde6befa312d4147968c9af09c1e95b3ee38f8bd2b2521d88f4ed09e2f6969
State = 0x2a7f4cbf287c5963e2206d31c110709d
Message-Authenticator = 0x3cee3f55cea92deefa2591caaea03633
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group EAP {...}
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair State = 0x2a7f4cbf287c5963e2206d31c110709d
rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01
rlm_perl: Added pair Message-Authenticator =
0x3cee3f55cea92deefa2591caaea03633
rlm_perl: Added pair User-Name = xxxxxxxx
rlm_perl: Added pair EAP-Message =
0x020300cc1500160301008610000082008090fd20bda5d27eb2d4deee9e076d8f77a8b14a91f33c6620eb5a3896f8280acd0bbd5bb0da405e5b09a842867e6083d21ee749f7f0ba637c2dd89005b8b98bb354742b01d83c676aee9a014355fbeff4b546055a2e0c39fd5a43ddac2031b42f81902efe3f17199e8f8be74683d1b0e05f2f126d7650a084e2800d62f26ab50f1403010001011603010030ccdda6df2d462f7b0b12cc43b02ee696b4cde6befa312d4147968c9af09c1e95b3ee38f8bd2b2521d88f4ed09e2f6969
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair EAP-Type = EAP-TTLS
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 3 to 127.0.0.1 port 45673
h323-credit-amount = "100"
EAP-Message =
0x0104004515800000003b140301000101160301003044e95766bb9308bc45e92fa37e082e248aa382cb961ee973693c1e7c695c35e664de49304756c6e6430fe00e640ea5c4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2a7f4cbf297b5963e2206d31c110709d
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=4,
length=394
User-Name = "xxxxxxxx"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020400e0150017030100207c1f492109c1413df90458ac8bc6e2a363b5f4ef4a1b6b8e7e722ce41b4ac2fa17030100b0d13c2711852a1deb05113832a62cce19b446645bda91d1e8cb46d1339a44896b5ea3eee06c87e3309539d37d19c3c3ffa1cf4f32273143254278ad1bfafca9aa36d7f01fef67759698d74aa1d4aacf8ed329a53e24196b1817b85710bec6030ab55b2c69ce39ea67d900e7d392948b935cac44d35fa78211a54d318e60f1653c05103fcf515aa61da4e66b4ae43b9d4db728d023a9fcd03d6d4fa2e315a78021974d7f8b6df36a6f75442e2f8fe33712
State = 0x2a7f4cbf297b5963e2206d31c110709d
Message-Authenticator = 0x90ceee8718eb32ddcf5b3a9d56136a94
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 224
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group EAP {...}
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair State = 0x2a7f4cbf297b5963e2206d31c110709d
rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01
rlm_perl: Added pair Message-Authenticator =
0x90ceee8718eb32ddcf5b3a9d56136a94
rlm_perl: Added pair User-Name = xxxxxxxx
rlm_perl: Added pair EAP-Message =
0x020400e0150017030100207c1f492109c1413df90458ac8bc6e2a363b5f4ef4a1b6b8e7e722ce41b4ac2fa17030100b0d13c2711852a1deb05113832a62cce19b446645bda91d1e8cb46d1339a44896b5ea3eee06c87e3309539d37d19c3c3ffa1cf4f32273143254278ad1bfafca9aa36d7f01fef67759698d74aa1d4aacf8ed329a53e24196b1817b85710bec6030ab55b2c69ce39ea67d900e7d392948b935cac44d35fa78211a54d318e60f1653c05103fcf515aa61da4e66b4ae43b9d4db728d023a9fcd03d6d4fa2e315a78021974d7f8b6df36a6f75442e2f8fe33712
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair EAP-Type = EAP-TTLS
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "xxxxxxxx"
MS-CHAP-Challenge = 0x059b04af3b71d9387b15f96b14a7a4c2
MS-CHAP2-Response =
0x77005d91d477265941c389c2b9f9372a1a5000000000000000003459aea6d0b65a6173735fa334560fb0bb2190a33f9b3b88
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "xxxxxxxx"
MS-CHAP-Challenge = 0x059b04af3b71d9387b15f96b14a7a4c2
MS-CHAP2-Response =
0x77005d91d477265941c389c2b9f9372a1a5000000000000000003459aea6d0b65a6173735fa334560fb0bb2190a33f9b3b88
FreeRADIUS-Proxied-To = 127.0.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "02-00-00-00-00-01"
Connect-Info = "CONNECT 11Mbps 802.11b"
NAS-IP-Address = 127.0.0.1
Framed-MTU = 1400
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01
rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1
rlm_perl: Added pair MS-CHAP-Challenge = 0x059b04af3b71d9387b15f96b14a7a4c2
rlm_perl: Added pair User-Name = xxxxxxxx
rlm_perl: Added pair MS-CHAP2-Response =
0x77005d91d477265941c389c2b9f9372a1a5000000000000000003459aea6d0b65a6173735fa334560fb0bb2190a33f9b3b88
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair Auth-Type = MSCHAP
rlm_perl: Added pair Proxy-To-Realm = LOCAL
++[perl] returns ok
++[files] returns noop
[ldap] performing user authorization for xxxxxxxx
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> xxxxxxxx
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=xxxxxxxx)
[ldap] expand: dc=example,dc=com -> dc=example,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=example,dc=com, with filter (uid=xxxxxxxx)
[ldap] object not found
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[pap] returns noop
Found Auth-Type = MSCHAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: xxxxxxxx
[mschap] Told to do MS-CHAPv2 for xxxxxxxx with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
*[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
MS-CHAP-Error = "wE=691 R=1"
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.*
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> xxxxxxxx
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 4 for 1 seconds
Going to the next request
Waking up in 0.2 seconds.
Sending delayed reject for request 4
Sending Access-Reject of id 4 to 127.0.0.1 port 45673
EAP-Message = 0x04040004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 0 ID 0 with timestamp +2
Cleaning up request 1 ID 1 with timestamp +3
Cleaning up request 2 ID 2 with timestamp +3
Cleaning up request 3 ID 3 with timestamp +3
Waking up in 1.0 seconds.
Cleaning up request 4 ID 4 with timestamp +3
Ready to process requests.
Thanks and best regards,
Nand.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121015/e21d8715/attachment-0001.html>
More information about the Freeradius-Users
mailing list