freeradius using linux user passwd

Julian Macassey julian at tele.com
Tue Jul 9 00:10:31 CEST 2013


On 2013-07-08 at 22:16, Matthew Newton (mcn4 at leicester.ac.uk) wrote:

> On Mon, Jul 08, 2013 at 01:49:47PM -0700, Julian Macassey wrote:
> > 	I have a Netgear WiFi router set up for WPA2 Enterprise.
> > It is pointed at a freeradius server. I am trying to use the
> > username and password of that server to authenticate. It fails
> > consistenty with: 
> > 
> > [pap] WARNING! No "known good" password found for the user.
> > Authentication may fail because of this.
> > ++[pap] returns noop
> > ERROR: No authenticate method (Auth-Type) found for the request:
> > Rejecting the user
> > Failed to authenticate the user.
> 
> It looks like you've removed 'eap' from your default server
> configuration. As WPA uses eap, you won't get far without it.

	So, I put it back in. I took it out earlier as 1. I
couldn't connect with it. 2. My understanding from reading the
docs was that pap alone would do the job.

> 
> However, if you want to authenticate using the system
> (/etc/passwd or shadow) database, then the only EAP type that's
> going to work is EAP-TTLS/PAP. 

	Now it, and everything else, seems to be there.

> Windows older than Win8 don't
> support that without a 3rd party supplicant, which is a barrier
> for many people wanting to use it, so most dont.
> 
> In short the most likely things you want to do after adding eap
> back in again are to use either a database with cleartext
> passwords in it or use mschap (NTLM hash) passwords.

	I'm just trying to do a bog standard username and
password for OS X and Linux users on laptops - Plus the
ubiquitous smartphones of course. I have no Microsoft gear on the
LAN.

Here is my latest output:


FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Sep 24 2012 at 17:58:57
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
	user = "freerad"
	group = "freerad"
	allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
	prefix = "/usr"
	localstatedir = "/var"
	logdir = "/var/log/freeradius"
	libdir = "/usr/lib/freeradius"
	radacctdir = "/var/log/freeradius/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 1024
	pidfile = "/var/run/plumgrid-radius1/plumgrid-radius1.pid"
	checkrad = "/usr/sbin/checkrad"
	debug_level = 0
	proxy_requests = yes
 log {
	stripped_names = no
	auth = no
	auth_badpass = no
	auth_goodpass = no
 }
 security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
	retry_delay = 5
	retry_count = 3
	default_fallback = no
	dead_time = 120
	wake_all_if_all_dead = no
 }
 home_server localhost {
	ipaddr = 127.0.0.1
	port = 1812
	type = "auth"
	secret = "d1sc0verplum"
	response_window = 20
	max_outstanding = 65536
	require_message_authenticator = yes
	zombie_period = 40
	status_check = "status-server"
	ping_interval = 30
	check_interval = 30
	num_answers_to_alive = 3
	num_pings_to_alive = 3
	revive_interval = 120
	status_check_timeout = 4
	irt = 2
	mrt = 16
	mrc = 5
	mrd = 30
 }
 home_server_pool my_auth_failover {
	type = fail-over
	home_server = localhost
 }
 realm example.com {
	auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
	ipaddr = 127.0.0.1
	require_message_authenticator = no
	secret = "d1sc0verplum"
	nastype = "other"
 }
 client 10.1.1.211 {
	ipaddr = 10.1.1.211
	require_message_authenticator = no
	secret = "d1sc0verplum"
	shortname = "wifi"
	nastype = "other"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  exec {
	wait = no
	input_pairs = "request"
	shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  expiration {
	reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  logintime {
	reply-message = "You are calling outside your allowed timespan  "
	minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  pap {
	encryption_scheme = "auto"
	auto_header = yes
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  mschap {
	use_mppe = yes
	require_encryption = no
	require_strong = no
	with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  unix {
	radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  eap {
	default_eap_type = "md5"
	timer_expire = 60
	ignore_unknown_eap_types = no
	cisco_accounting_username_bug = no
	max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
	challenge = "Password: "
	auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
	rsa_key_exchange = no
	dh_key_exchange = yes
	rsa_key_length = 512
	dh_key_length = 512
	verify_depth = 0
	CA_path = "/etc/freeradius/certs"
	pem_file_type = yes
	private_key_file = "/etc/freeradius/certs/server.key"
	certificate_file = "/etc/freeradius/certs/server.pem"
	CA_file = "/etc/freeradius/certs/ca.pem"
	private_key_password = "whatever"
	dh_file = "/etc/freeradius/certs/dh"
	random_file = "/dev/urandom"
	fragment_size = 1024
	include_length = yes
	check_crl = no
	cipher_list = "DEFAULT"
	make_cert_command = "/etc/freeradius/certs/bootstrap"
    cache {
	enable = no
	lifetime = 24
	max_entries = 255
    }
    verify {
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
	default_eap_type = "md5"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	virtual_server = "inner-tunnel"
	include_length = yes
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
	default_eap_type = "mschapv2"
	copy_request_to_tunnel = no
	use_tunneled_reply = no
	proxy_tunneled_request_as_eap = yes
	virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
	with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  realm suffix {
	format = "suffix"
	delimiter = "@"
	ignore_default = no
	ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating module "files" from file /etc/freeradius/modules/files
  files {
	usersfile = "/etc/freeradius/users"
	acctusersfile = "/etc/freeradius/acct_users"
	preproxy_usersfile = "/etc/freeradius/preproxy_users"
	compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  radutmp {
	filename = "/var/log/freeradius/radutmp"
	username = "%{User-Name}"
	case_sensitive = yes
	check_with_nas = yes
	perm = 384
	callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.access_reject {
	attrsfile = "/etc/freeradius/attrs.access_reject"
	key = "%{User-Name}"
  }
 } # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_digest
 Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  preprocess {
	huntgroups = "/etc/freeradius/huntgroups"
	hints = "/etc/freeradius/hints"
	with_ascend_hack = no
	ascend_channels_per_line = 23
	with_ntdomain_hack = no
	with_specialix_jetstream_hack = no
	with_cisco_vsa_hack = no
	with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  acct_unique {
	key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  detail {
	detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
	header = "%t"
	detailperm = 384
	dirperm = 493
	locking = no
	log_packet_header = no
  }
 Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  attr_filter attr_filter.accounting_response {
	attrsfile = "/etc/freeradius/attrs.accounting_response"
	key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	ipaddr = *
	port = 0
}
listen {
	type = "acct"
	ipaddr = *
	port = 0
}
listen {
	type = "auth"
	ipaddr = 127.0.0.1
	port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=124, length=162
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x0222000e0165766572677265656e
	Message-Authenticator = 0x971cc295e4f37b509240d5450ed9c594
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 34 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 124 to 10.1.1.211 port 35032
	EAP-Message = 0x012300160410eaaba32e48f9a3cff74043ca97a6cd70
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb950894d891fe1477c70ff2bf2308
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=125, length=172
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x022300060319
	State = 0x94fb950894d891fe1477c70ff2bf2308
	Message-Authenticator = 0x31a90e82ac4971b87149b06a414c6f94
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 35 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 125 to 10.1.1.211 port 35032
	EAP-Message = 0x012400061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb950895df8cfe1477c70ff2bf2308
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=126, length=298
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x0224008419800000007a160301007501000071030151db3692ab24ff2974fadd30e7f746344f43d23b57876c584d2f4bbcffe21a77000036c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a00320033003800390016001301000012000a00080006001700180019000b00020100
	State = 0x94fb950895df8cfe1477c70ff2bf2308
	Message-Authenticator = 0x1035bc59d348c3f030a370357439e1ab
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 36 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 126 to 10.1.1.211 port 35032
	EAP-Message = 0x0125040019c00000089b160301002a02000026030151db366edec4cd37c2c9de7c70687423e7985701f5c9f226faf8876b2da0a6e400002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
	EAP-Message = 0x301e170d3133303730383139333834305a170d3134303730383139333834305a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e0af0a8d6daefc6d3dfa2aeb1e1c8b372d649a84366dbc6fc1272eaa48b8b2ca7538485aa97f1dc687ac0ce85af6e20f4edef1f0a13269a46e9747bff07e
	EAP-Message = 0x25aa3372093de129a21dd65a9805254a6202a608d25bb720daa93c20e642ef960ea5ec7b056e12cbd5cc67e1244d0a91e4cf83a6bbb3f876d6b8f066562c7589b124e7e272d08e70aad01ce342f18495c33b5e1e883a65fbc95173198fcefc8b25e375855ef28475541922d285e61c5ee953c0484cf909bfb2cbf0ccd71f6d5a10d57fc3e60d6d2d653cd7de2141b36f9496a83bbaf06c85debb6e452b84546e63314075c5ecd5675b2d318c18a3c1d676f1ff78e9a40c8c29151cdda0f541d8f9fb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010050d81d2de1440f8bc8
	EAP-Message = 0x77a488be467952d2cfc2ec90173c8b5f096f489918bf4a8bdf86e55dc8d5d710b163340fe89373518b49d1fb7d96c25a9d48d99e7c72cf968ca5b3fbac58c650929f331d60650303bde6f7bd4636a7b0e567f251ee11f17908d5101c33a276ce9f446bd3ff2b4030f4b98c108d28a737ac4142a25e4557ed0a6f019dd6f7b73c77d0287d71ac7bc0d93ef1dce30251ef80457e61e22ad7e0f15c80ffa604d5cf1aad8a880c5f15c5a4248d2f292db14e029e9ac38482983f328c3ec21fd7ab5474689ac5975033f834b517bf78052563cc905d17aa52f0834c5047040890eb24552a0ee791b2839e6b88c5feeb9e8f586d5391b13322860004ab308204
	EAP-Message = 0xa73082038fa0030201020209
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb950896de8cfe1477c70ff2bf2308
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=127, length=172
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x022500061900
	State = 0x94fb950896de8cfe1477c70ff2bf2308
	Message-Authenticator = 0xa5dd14379b6c04a6d4f9e4c2ac6e79a1
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 37 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 127 to 10.1.1.211 port 35032
	EAP-Message = 0x012603fc194000f4d32f255cc0c348300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133303730383139333834305a170d3134303730383139333834305a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
	EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100eb807f1fd3cdb98ff7b2f777a95978d266049d6ab32321fd58a94fb0d52aa634ba90594211a99af6ffe7113bc15cf5fdbdc8bdf2c8ecd8d078fae7408a76f3816e725527c3606804cea0ced3ec70bbefd219ca812106414220c3134a998dadcf0b5529c14465df968b674ec4fd0a9a
	EAP-Message = 0x35a2d186c881b8fae5a72795edfee73b2a9f1674de1016c4f6fb26f658301c9bebeacc53a727313f787f03e0b98bb50925e08c71d0f70f0bed575758cde31c77cf34867f59fb04e042e442f278b6c44cdf991ed6a295799e923cb0c97b1097f9814b06b4c5c31d945c8b983837307777d343360fa5118fec602a3579cb0056737a2b850a3fa7d05baa6ca2b408d04a1a7b0203010001a381fb3081f8301d0603551d0e04160414d8240032936cdc231d88499a7eed6216431c60263081c80603551d230481c03081bd8014d8240032936cdc231d88499a7eed6216431c6026a18199a48196308193310b3009060355040613024652310f300d06035504
	EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900f4d32f255cc0c348300c0603551d13040530030101ff300d06092a864886f70d010105050003820101000b45b9ef3e89cff871a8afa66317465b27b832e27e470d88f657f81e6158a709600426240e2a8de1b2416644959f1dbe63e3f1c09a850213fad8c569191b22e178b5c08f9a4398ab81375f9e812186e00753
	EAP-Message = 0xd2ca375f069b9b31
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb950897dd8cfe1477c70ff2bf2308
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=128, length=172
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x022600061900
	State = 0x94fb950897dd8cfe1477c70ff2bf2308
	Message-Authenticator = 0xa875cace5dda858e41ea71c11bad415c
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 38 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 128 to 10.1.1.211 port 35032
	EAP-Message = 0x012700b519002782cf9825b84ae3e45b9cbc6882857730a54c1b56ae56c0395d529f545d8b605b210dbfd0985cde611bb8c55142f3113d2b5b6017ff5d972a579d0426036134e10aafdc036195223a3c16d25fe9d181b1007ccf2dd7f8588d0436fb1123222754e59d4f7ac6daa05e17d2407d8426181d55b23f3c8b4aaf178ae754b80273464aa76fa3f814f3f3492ef248d0a83a17a763da5cb5d022fcb0e7c4cf54c04580a222ad3eea0116030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb950890dc8cfe1477c70ff2bf2308
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=129, length=504
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x022701501980000001461603010106100001020100c34bcc8150e8c8d5df12bbb80fd474cd3541f104956c0a438880de306033f69b478baa473580203c8499c31a7696ee0640d9b49307584bc907426690c4aacec6dde59994969dd93861aa249957489bf442134cebff66b0e0200f68e290a5f5111ea29b2b9409b6d82d6e53e97da5b37dca907b4fd7f73735a88d389d9df20deeda155d5998aa72932a472c55c34b91cd14cd9760c508943eb9f2e20aedf401640e1b6613992855834d3169fb5de01dd7d6634d0163126b778fec6ef22de0f85a540c52160b78b65b08958cb7b9b4a7169dc63073ae9ea18c935394f7da46d070263e3b8358f2ee5e
	EAP-Message = 0x761de73dae90a1133563dc06945541a2f926b698bc9452a214030100010116030100302e635bbd4d8afdd87c7f67adc20550f334617b7ff417dc15a1687d5174470c8553d5eac5386b92aa8957feea182b2488
	State = 0x94fb950890dc8cfe1477c70ff2bf2308
	Message-Authenticator = 0xe3e2f1c119248b200ce367aac3727971
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 39 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 129 to 10.1.1.211 port 35032
	EAP-Message = 0x01280041190014030100010116030100307df7b3495e22ef9c1dac0bcee7feda3c496009b5055839a35f54be624426631b66c03a43ab68fe2fe26e5a2c4ad81bf2
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb950891d38cfe1477c70ff2bf2308
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=130, length=172
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x022800061900
	State = 0x94fb950891d38cfe1477c70ff2bf2308
	Message-Authenticator = 0xdff25c2e931ec03c6571ba44c0c343b8
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 40 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 130 to 10.1.1.211 port 35032
	EAP-Message = 0x0129002b1900170301002081d7d9527f298efa1fe2231ab7767690726678787b1ef906df809acbf19a2b41
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb950892d28cfe1477c70ff2bf2308
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=131, length=209
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x0229002b19001703010020f32c0d57ca9e9aeff37fc8e25aeac15f766362c5390e6d333f1a35d7dc2a0124
	State = 0x94fb950892d28cfe1477c70ff2bf2308
	Message-Authenticator = 0x93edbb3fa37b4fb8c8f583facdff2dfd
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 41 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - evergreen
[peap] Got inner identity 'evergreen'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
	EAP-Message = 0x0229000e0165766572677265656e
server  {
  PEAP: Setting User-Name to evergreen
Sending tunneled request
	EAP-Message = 0x0229000e0165766572677265656e
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "evergreen"
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 41 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message = 0x012a00231a012a001e1062b1047c531ad557fbce1ca39300531e65766572677265656e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x84873f8084ad259f85a24a928585c30e
[peap] Got tunneled reply RADIUS code 11
	EAP-Message = 0x012a00231a012a001e1062b1047c531ad557fbce1ca39300531e65766572677265656e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x84873f8084ad259f85a24a928585c30e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 131 to 10.1.1.211 port 35032
	EAP-Message = 0x012a004b19001703010040d12bb79ef84b4d6d33940e5cc65b6ec0585ac6bc5479eb1555d14d8e7ba7972cf374e37a10a705189fb909b87c7393afa40cf81fc8ba7a2fb389a2bd31ce20eb
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb950893d18cfe1477c70ff2bf2308
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=132, length=273
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x022a006b190017030100605c5d176dec06ee45d4d4daea33e4792577914d7f804e26739832d61290734264dfa9782f30b23e386765a8f19001936f8c66dcd2ea2f02eb4364ef8daaae2b46cfaba84893effe6c4e4e677d568bbf64a8a79dbe0bf171f00d4d118821d8494a
	State = 0x94fb950893d18cfe1477c70ff2bf2308
	Message-Authenticator = 0xaae8e93ec4baedb57226f5857fbeefcf
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 42 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x022a00441a022a003f314218e8aafbcedebcaa680a818e2c69530000000000000000cb6a372ed7a55bc851177ce70298c4a87bf9075a371534c40065766572677265656e
server  {
  PEAP: Setting User-Name to evergreen
Sending tunneled request
	EAP-Message = 0x022a00441a022a003f314218e8aafbcedebcaa680a818e2c69530000000000000000cb6a372ed7a55bc851177ce70298c4a87bf9075a371534c40065766572677265656e
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "evergreen"
	State = 0x84873f8084ad259f85a24a928585c30e
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 42 length 68
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: evergreen
[mschap] Told to do MS-CHAPv2 for evergreen with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
	MS-CHAP-Error = "*E=691 R=1"
	EAP-Message = 0x042a0004
	Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
	MS-CHAP-Error = "*E=691 R=1"
	EAP-Message = 0x042a0004
	Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 132 to 10.1.1.211 port 35032
	EAP-Message = 0x012b002b19001703010020ff10092adaa9fdacb79530b044899aabc8899262b7ae726656391f88a3911b25
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x94fb95089cd08cfe1477c70ff2bf2308
Finished request 8.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=133, length=209
	User-Name = "evergreen"
	NAS-IP-Address = 192.168.1.1
	NAS-Port = 0
	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
	Calling-Station-Id = "00-1F-5B-C1-AB-24"
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	Connect-Info = "CONNECT 0Mbps 802.11b"
	EAP-Message = 0x022b002b190017030100208e327eb0489d3827eac9d59af7e4e298ae6cfbb307128bdf4eac86347d5a3c3f
	State = 0x94fb95089cd08cfe1477c70ff2bf2308
	Message-Authenticator = 0x46ed47a21c5bc33ea610f9f3583bc9cb
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 43 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug output
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell you.
[peap]  *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> evergreen
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 133 to 10.1.1.211 port 35032
	EAP-Message = 0x042b0004
	Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
Cleaning up request 0 ID 124 with timestamp +42
Cleaning up request 1 ID 125 with timestamp +42
Cleaning up request 2 ID 126 with timestamp +42
Cleaning up request 3 ID 127 with timestamp +42
Cleaning up request 4 ID 128 with timestamp +42
Cleaning up request 5 ID 129 with timestamp +42
Cleaning up request 6 ID 130 with timestamp +43
Cleaning up request 7 ID 131 with timestamp +43
Cleaning up request 8 ID 132 with timestamp +43
Waking up in 1.0 seconds.
Cleaning up request 9 ID 133 with timestamp +43
Ready to process requests.

> 
> > rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=73, length=162
> > 	User-Name = "evergreen"
> > 	NAS-IP-Address = 192.168.1.1
> > 	NAS-Port = 0
> > 	Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
> > 	Calling-Station-Id = "00-1F-5B-C1-AB-24"
> > 	Framed-MTU = 1400
> > 	NAS-Port-Type = Wireless-802.11
> > 	Connect-Info = "CONNECT 0Mbps 802.11b"
> > 	EAP-Message = 0x02b1000e0165766572677265656e
> > 	Message-Authenticator = 0x6f0e884ab22ca3b623c88cb2a8bab823
> > # Executing section authorize from file /etc/freeradius/sites-enabled/default
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > ++[digest] returns noop
> > [suffix] No '@' in User-Name = "evergreen", looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix] returns noop
> > ++[unix] returns notfound
> > ++[files] returns noop
> > ++[expiration] returns noop
> > ++[logintime] returns noop
> > [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
> > ++[pap] returns noop
> > ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
> > Failed to authenticate the user.
> > Using Post-Auth-Type Reject
> > # Executing group from file /etc/freeradius/sites-enabled/default
> > +- entering group REJECT {...}
> > [attr_filter.access_reject] 	expand: %{User-Name} -> evergreen
> >  attr_filter: Matched entry DEFAULT at line 11
> > ++[attr_filter.access_reject] returns updated
> > Delaying reject of request 0 for 1 seconds
> > Going to the next request
> > Waking up in 0.9 seconds.
> > Sending delayed reject for request 0
> > Sending Access-Reject of id 73 to 10.1.1.211 port 35032
> > Waking up in 4.9 seconds.
> 
> 
> -- 
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
> 
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> 
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
http://www.fightforthefuture.org/#



More information about the Freeradius-Users mailing list