Freeradius reply attribute problem when using PEAP
Terry Kantorowski
terry.kantorowski at gmail.com
Fri Aug 8 22:01:59 CEST 2014
Per your request. I have included the debug output from freeradius.
You will see that my test user "rickjames" authenticates just fine.
The problem I am having is that the attribute value pairs for his
group are not passed and so he never actually "connects" to the
wireless network. The AVPs are missing when I try to connect with a
device using PEAP, but present when I force connect with TTLS. I did
not see this until I ran tcpdump.
Thanks for taking the time to look at this.
Ready to process requests
Received Access-Request Id 114 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 212
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message = 0x0200000e017269636b6a616d6573
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0xe824864fa1e5254555ea012f1d3749a7
(0) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=114, length=212
(0) User-Name = 'rickjames'
(0) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(0) NAS-IP-Address = NAS-INSIDE
(0) NAS-Port = 98
(0) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(0) Service-Type = Framed-User
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(0) Connect-Info = 'CONNECT 802.11a/n'
(0) EAP-Message = 0x0200000e017269636b6a616d6573
(0) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(0) Message-Authenticator = 0xe824864fa1e5254555ea012f1d3749a7
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0) authorize {
(0) filter_username filter_username {
(0) if (User-Name =~ /@.*@/ )
(0) if (User-Name =~ /@.*@/ ) -> FALSE
(0) if (User-Name =~ /\\.\\./ )
(0) if (User-Name =~ /\\.\\./ ) -> FALSE
(0) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(0) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(0) if (User-Name =~ /\\.$/)
(0) if (User-Name =~ /\\.$/) -> FALSE
(0) if (User-Name =~ /@\\./)
(0) if (User-Name =~ /@\\./) -> FALSE
(0) } # filter_username filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(0) suffix : No such realm "NULL"
(0) [suffix] = noop
(0) [files] = noop
(0) eap : Peer sent code Response (2) ID 0 length 14
(0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit
the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) authenticate {
(0) eap : Peer sent method Identity (1)
(0) eap : Calling eap_tls to process EAP data
(0) eap_tls : Flushing SSL sessions (of #0)
(0) eap_tls : Requiring client certificate
(0) eap_tls : Initiate
(0) eap_tls : Requiring client certificate
(0) eap_tls : Start returned 1
(0) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8ae0dd68c
(0) [eap] = handled
(0) } # authenticate = handled
(0) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=114, length=0
(0) EAP-Message = 0x010100060d20
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xae0cdbe8ae0dd68c958875bba3b09eb6
Sending Access-Challenge Id 114 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8ae0dd68c958875bba3b09eb6
(0) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 115 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 222
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message = 0x020100060319
State = 0xae0cdbe8ae0dd68c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0xfdb08cc0028aeb0eea5dc5c90f48835b
(1) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=115, length=222
(1) User-Name = 'rickjames'
(1) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(1) NAS-IP-Address = NAS-INSIDE
(1) NAS-Port = 98
(1) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(1) Service-Type = Framed-User
(1) Framed-MTU = 1400
(1) NAS-Port-Type = Wireless-802.11
(1) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(1) Connect-Info = 'CONNECT 802.11a/n'
(1) EAP-Message = 0x020100060319
(1) State = 0xae0cdbe8ae0dd68c958875bba3b09eb6
(1) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(1) Message-Authenticator = 0xfdb08cc0028aeb0eea5dc5c90f48835b
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1) authorize {
(1) filter_username filter_username {
(1) if (User-Name =~ /@.*@/ )
(1) if (User-Name =~ /@.*@/ ) -> FALSE
(1) if (User-Name =~ /\\.\\./ )
(1) if (User-Name =~ /\\.\\./ ) -> FALSE
(1) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(1) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(1) if (User-Name =~ /\\.$/)
(1) if (User-Name =~ /\\.$/) -> FALSE
(1) if (User-Name =~ /@\\./)
(1) if (User-Name =~ /@\\./) -> FALSE
(1) } # filter_username filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(1) suffix : No such realm "NULL"
(1) [suffix] = noop
(1) [files] = noop
(1) eap : Peer sent code Response (2) ID 1 length 6
(1) eap : No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) sql : EXPAND %{User-Name}
(1) sql : --> rickjames
(1) sql : SQL-User-Name set to 'rickjames'
rlm_sql (sql): Reserved connection (4)
(1) sql : EXPAND SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql : --> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'rickjames' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute,
value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id'
(1) sql : User found in radcheck table
(1) sql : EXPAND %{Packet-Src-IP-Address}
(1) sql : --> NAS-OUTSIDE
(1) sql : Check items matched
(1) sql : EXPAND SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql : --> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'rickjames' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute,
value, op FROM radreply WHERE username = 'rickjames' ORDER BY id'
(1) sql : EXPAND SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority
(1) sql : --> SELECT groupname FROM radusergroup WHERE username =
'rickjames' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup
WHERE username = 'rickjames' ORDER BY priority'
(1) sql : User found in the group table
rlm_sql (sql): Released connection (4)
(1) [sql] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) WARNING: pap : Auth-Type already set. Not setting to PAP
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = EAP
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1) authenticate {
(1) eap : Expiring EAP session with state 0xae0cdbe8ae0dd68c
(1) eap : Finished EAP session with state 0xae0cdbe8ae0dd68c
(1) eap : Previous EAP request found for state 0xae0cdbe8ae0dd68c,
released from the list
(1) eap : Peer sent method NAK (3)
(1) eap : Found mutually acceptable type PEAP (25)
(1) eap : Calling eap_peap to process EAP data
(1) eap_peap : Initiate
(1) eap_peap : Start returned 1
(1) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8af0ec28c
(1) [eap] = handled
(1) } # authenticate = handled
(1) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=115, length=0
(1) EAP-Message = 0x010200061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0xae0cdbe8af0ec28c958875bba3b09eb6
Sending Access-Challenge Id 115 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8af0ec28c958875bba3b09eb6
(1) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 116 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 424
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message =
0x020200d01980000000c616030100c1010000bd030153e5275783695b045513e2df6c382cb01f2383a48d64ba7aedc5023200cf1884000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
State = 0xae0cdbe8af0ec28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0xcee24249500d3790f1ed4bd248495a63
(2) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=116, length=424
(2) User-Name = 'rickjames'
(2) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(2) NAS-IP-Address = NAS-INSIDE
(2) NAS-Port = 98
(2) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(2) Service-Type = Framed-User
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(2) Connect-Info = 'CONNECT 802.11a/n'
(2) EAP-Message =
0x020200d01980000000c616030100c1010000bd030153e5275783695b045513e2df6c382cb01f2383a48d64ba7aedc5023200cf1884000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
(2) State = 0xae0cdbe8af0ec28c958875bba3b09eb6
(2) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(2) Message-Authenticator = 0xcee24249500d3790f1ed4bd248495a63
(2) # Executing section authorize from file /etc/raddb/sites-enabled/default
(2) authorize {
(2) filter_username filter_username {
(2) if (User-Name =~ /@.*@/ )
(2) if (User-Name =~ /@.*@/ ) -> FALSE
(2) if (User-Name =~ /\\.\\./ )
(2) if (User-Name =~ /\\.\\./ ) -> FALSE
(2) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(2) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(2) if (User-Name =~ /\\.$/)
(2) if (User-Name =~ /\\.$/) -> FALSE
(2) if (User-Name =~ /@\\./)
(2) if (User-Name =~ /@\\./) -> FALSE
(2) } # filter_username filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(2) suffix : No such realm "NULL"
(2) [suffix] = noop
(2) [files] = noop
(2) eap : Peer sent code Response (2) ID 2 length 208
(2) eap : Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2) authenticate {
(2) eap : Expiring EAP session with state 0xae0cdbe8af0ec28c
(2) eap : Finished EAP session with state 0xae0cdbe8af0ec28c
(2) eap : Previous EAP request found for state 0xae0cdbe8af0ec28c,
released from the list
(2) eap : Peer sent method PEAP (25)
(2) eap : EAP PEAP (25)
(2) eap : Calling eap_peap to process EAP data
(2) eap_peap : processing EAP-TLS
TLS Length 198
(2) eap_peap : Length Included
(2) eap_peap : eaptls_verify returned 11
(2) eap_peap : (other): before/accept initialization
(2) eap_peap : TLS_accept: before/accept initialization
(2) eap_peap : <<< TLS 1.0 Handshake [length 00c1], ClientHello
(2) eap_peap : TLS_accept: SSLv3 read client hello A
(2) eap_peap : >>> TLS 1.0 Handshake [length 0059], ServerHello
(2) eap_peap : TLS_accept: SSLv3 write server hello A
(2) eap_peap : >>> TLS 1.0 Handshake [length 0e63], Certificate
(2) eap_peap : TLS_accept: SSLv3 write certificate A
(2) eap_peap : >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
(2) eap_peap : TLS_accept: SSLv3 write key exchange A
(2) eap_peap : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
(2) eap_peap : TLS_accept: SSLv3 write server done A
(2) eap_peap : TLS_accept: SSLv3 flush data
(2) eap_peap : TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
(2) eap_peap : eaptls_process returned 13
(2) eap_peap : FR_TLS_HANDLED
(2) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8ac0fc28c
(2) [eap] = handled
(2) } # authenticate = handled
(2) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=116, length=0
(2) EAP-Message =
0x010303ec19c00000101f1603010059020000550301b94c573538257ba6b0fc2fc7e17d7f66e4dad3c42e819142c94bb65ac98d2aa52088e265710b2fcc6e8da92f9b8207f45fe93c2488f11cbe5f958e159a5489d218c01400000dff01000100000b0004030001021603010e630b000e5f000e5c0005303082052c30820414a003020102021100b512df55e3a6f3b415e81fff9b1dcf95300d06092a864886f70d01010505003073310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643119301706035504031310506f73697469766553534c2043412032301e170d3134303830343030303030305a170d3137303830333233353935395a30613121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c69646174656431143012060355040b130b506f73697469766553534c312630240603550403131d6d616e616765642d776972656c6573732e76656c6f636974792e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c1e570a88d32cd6fe220c09da1891a02990a1c66e0b95fd5a5973ebdb0577b36594ca66c048eb08f9c5e495333d1c9e6eb390a8a43b50130
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0xae0cdbe8ac0fc28c958875bba3b09eb6
Sending Access-Challenge Id 116 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x010303ec19c00000101f1603010059020000550301b94c573538257ba6b0fc2fc7e17d7f66e4dad3c42e819142c94bb65ac98d2aa52088e265710b2fcc6e8da92f9b8207f45fe93c2488f11cbe5f958e159a5489d218c01400000dff01000100000b0004030001021603010e630b000e5f000e5c0005303082052c30820414a003020102021100b512df55e3a6f3b415e81fff9b1dcf95300d06092a864886f70d01010505003073310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d697465643119301706035504031310506f73697469766553534c2043412032301e170d3134303830343030303030305a170d3137303830333233353935395a30613121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c69646174656431143012060355040b130b506f73697469766553534c312630240603550403131d6d616e616765642d776972656c6573732e76656c6f636974792e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100c1e570a88d32cd6fe220c09da1891a02990a1c66e0b95fd5a5973ebdb0577b36594ca66c048eb08f9c5e495333d1c9e6eb390a8a43b5013
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8ac0fc28c958875bba3b09eb6
(2) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 117 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 222
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message = 0x020300061900
State = 0xae0cdbe8ac0fc28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x5e34d6dfd4185ebd7781adcac8fd6998
(3) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=117, length=222
(3) User-Name = 'rickjames'
(3) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(3) NAS-IP-Address = NAS-INSIDE
(3) NAS-Port = 98
(3) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(3) Service-Type = Framed-User
(3) Framed-MTU = 1400
(3) NAS-Port-Type = Wireless-802.11
(3) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(3) Connect-Info = 'CONNECT 802.11a/n'
(3) EAP-Message = 0x020300061900
(3) State = 0xae0cdbe8ac0fc28c958875bba3b09eb6
(3) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(3) Message-Authenticator = 0x5e34d6dfd4185ebd7781adcac8fd6998
(3) # Executing section authorize from file /etc/raddb/sites-enabled/default
(3) authorize {
(3) filter_username filter_username {
(3) if (User-Name =~ /@.*@/ )
(3) if (User-Name =~ /@.*@/ ) -> FALSE
(3) if (User-Name =~ /\\.\\./ )
(3) if (User-Name =~ /\\.\\./ ) -> FALSE
(3) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(3) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(3) if (User-Name =~ /\\.$/)
(3) if (User-Name =~ /\\.$/) -> FALSE
(3) if (User-Name =~ /@\\./)
(3) if (User-Name =~ /@\\./) -> FALSE
(3) } # filter_username filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(3) suffix : No such realm "NULL"
(3) [suffix] = noop
(3) [files] = noop
(3) eap : Peer sent code Response (2) ID 3 length 6
(3) eap : Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /etc/raddb/sites-enabled/default
(3) authenticate {
(3) eap : Expiring EAP session with state 0xae0cdbe8ac0fc28c
(3) eap : Finished EAP session with state 0xae0cdbe8ac0fc28c
(3) eap : Previous EAP request found for state 0xae0cdbe8ac0fc28c,
released from the list
(3) eap : Peer sent method PEAP (25)
(3) eap : EAP PEAP (25)
(3) eap : Calling eap_peap to process EAP data
(3) eap_peap : processing EAP-TLS
(3) eap_peap : Received TLS ACK
(3) eap_peap : Received TLS ACK
(3) eap_peap : ACK handshake fragment handler
(3) eap_peap : eaptls_verify returned 1
(3) eap_peap : eaptls_process returned 13
(3) eap_peap : FR_TLS_HANDLED
(3) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8ad08c28c
(3) [eap] = handled
(3) } # authenticate = handled
(3) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=117, length=0
(3) EAP-Message =
0x010403e819402b06010505073002862a687474703a2f2f6372742e636f6d6f646f63612e636f6d2f506f73697469766553534c4341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d304b0603551d1104443042821d6d616e616765642d776972656c6573732e76656c6f636974792e6e657482217777772e6d616e616765642d776972656c6573732e76656c6f636974792e6e6574300d06092a864886f70d01010505000382010100cb149d1facc1f69732e870953b090e67ea1d1ed48fd7fa76a7a98d2515abf97afa296b5f101af7bb229cc9f1fe7f095499ef514fe7f6c0fe6d6dad75a067a3c9608d0b6e155ee5ce7768d431d4166f928ac7b9218db8787a0c2b1ecfe25c0fbb7be14731be74f7ad37c5f11b383c683643e60bd609afa3e057cb71223c297799e99666363bfff3e5c10c2036197d4b9569c130b7df40bd599aa923d04fef3ab258b021129db26870e958fb6f78800ebba921f11d2daa6091f5eb9cbe33b6f1f165f69909e3f7b24b8c63d75e77a5f742a4965a5ff20fd3546e4aaaf2b53f0296fb6240e7fdf13c142dfcf410a394dd74f45082e23e9186dde1629ca70b33eb080004e9308204e5308203cda0030201020210076f124681459c28d548d697c40e001b300d06092a864886f70d0101050500306f310b30
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0xae0cdbe8ad08c28c958875bba3b09eb6
Sending Access-Challenge Id 117 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x010403e819402b06010505073002862a687474703a2f2f6372742e636f6d6f646f63612e636f6d2f506f73697469766553534c4341322e637274302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d304b0603551d1104443042821d6d616e616765642d776972656c6573732e76656c6f636974792e6e657482217777772e6d616e616765642d776972656c6573732e76656c6f636974792e6e6574300d06092a864886f70d01010505000382010100cb149d1facc1f69732e870953b090e67ea1d1ed48fd7fa76a7a98d2515abf97afa296b5f101af7bb229cc9f1fe7f095499ef514fe7f6c0fe6d6dad75a067a3c9608d0b6e155ee5ce7768d431d4166f928ac7b9218db8787a0c2b1ecfe25c0fbb7be14731be74f7ad37c5f11b383c683643e60bd609afa3e057cb71223c297799e99666363bfff3e5c10c2036197d4b9569c130b7df40bd599aa923d04fef3ab258b021129db26870e958fb6f78800ebba921f11d2daa6091f5eb9cbe33b6f1f165f69909e3f7b24b8c63d75e77a5f742a4965a5ff20fd3546e4aaaf2b53f0296fb6240e7fdf13c142dfcf410a394dd74f45082e23e9186dde1629ca70b33eb080004e9308204e5308203cda0030201020210076f124681459c28d548d697c40e001b300d06092a864886f70d0101050500306f310b3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8ad08c28c958875bba3b09eb6
(3) Finished request
Waking up in 0.3 seconds.
Received Access-Request Id 118 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 222
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message = 0x020400061900
State = 0xae0cdbe8ad08c28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x454258f61b4966598c9cfc1c2cb5c893
(4) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=118, length=222
(4) User-Name = 'rickjames'
(4) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(4) NAS-IP-Address = NAS-INSIDE
(4) NAS-Port = 98
(4) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(4) Service-Type = Framed-User
(4) Framed-MTU = 1400
(4) NAS-Port-Type = Wireless-802.11
(4) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(4) Connect-Info = 'CONNECT 802.11a/n'
(4) EAP-Message = 0x020400061900
(4) State = 0xae0cdbe8ad08c28c958875bba3b09eb6
(4) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(4) Message-Authenticator = 0x454258f61b4966598c9cfc1c2cb5c893
(4) # Executing section authorize from file /etc/raddb/sites-enabled/default
(4) authorize {
(4) filter_username filter_username {
(4) if (User-Name =~ /@.*@/ )
(4) if (User-Name =~ /@.*@/ ) -> FALSE
(4) if (User-Name =~ /\\.\\./ )
(4) if (User-Name =~ /\\.\\./ ) -> FALSE
(4) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(4) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(4) if (User-Name =~ /\\.$/)
(4) if (User-Name =~ /\\.$/) -> FALSE
(4) if (User-Name =~ /@\\./)
(4) if (User-Name =~ /@\\./) -> FALSE
(4) } # filter_username filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(4) suffix : No such realm "NULL"
(4) [suffix] = noop
(4) [files] = noop
(4) eap : Peer sent code Response (2) ID 4 length 6
(4) eap : Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /etc/raddb/sites-enabled/default
(4) authenticate {
(4) eap : Expiring EAP session with state 0xae0cdbe8ad08c28c
(4) eap : Finished EAP session with state 0xae0cdbe8ad08c28c
(4) eap : Previous EAP request found for state 0xae0cdbe8ad08c28c,
released from the list
(4) eap : Peer sent method PEAP (25)
(4) eap : EAP PEAP (25)
(4) eap : Calling eap_peap to process EAP data
(4) eap_peap : processing EAP-TLS
(4) eap_peap : Received TLS ACK
(4) eap_peap : Received TLS ACK
(4) eap_peap : ACK handshake fragment handler
(4) eap_peap : eaptls_verify returned 1
(4) eap_peap : eaptls_process returned 13
(4) eap_peap : FR_TLS_HANDLED
(4) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8aa09c28c
(4) [eap] = handled
(4) } # authenticate = handled
(4) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=118, length=0
(4) EAP-Message =
0x010503e81940ac8055fe2893e10a1168f452576ffe480b5b5d1a6a67739982b49e43603ec75b2a126e1aeecb39aec3359da8bc5db02fc30203010001a382017730820173301f0603551d23041830168014adbd987a34b426f7fac42654ef03bde024cb541a301d0603551d0e0416041499e4405f6b145e3e05d9ddd36354fc62b8f700ac300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff02010030110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c3081b306082b060105050701010481a63081a3303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e703763303906082b06010505073002862d687474703a2f2f6372742e7573657274727573742e636f6d2f416464547275737455544e53474343412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d010105050003820101009c36e34eaef18abb6c978c8f4b67d09fd884aa9f215f35a15bc42b630de8bc775da7c437fd4b2d9ee81d69a1
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xae0cdbe8aa09c28c958875bba3b09eb6
Sending Access-Challenge Id 118 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x010503e81940ac8055fe2893e10a1168f452576ffe480b5b5d1a6a67739982b49e43603ec75b2a126e1aeecb39aec3359da8bc5db02fc30203010001a382017730820173301f0603551d23041830168014adbd987a34b426f7fac42654ef03bde024cb541a301d0603551d0e0416041499e4405f6b145e3e05d9ddd36354fc62b8f700ac300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff02010030110603551d20040a300830060604551d200030440603551d1f043d303b3039a037a0358633687474703a2f2f63726c2e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e63726c3081b306082b060105050701010481a63081a3303f06082b060105050730028633687474703a2f2f6372742e7573657274727573742e636f6d2f416464547275737445787465726e616c4341526f6f742e703763303906082b06010505073002862d687474703a2f2f6372742e7573657274727573742e636f6d2f416464547275737455544e53474343412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d010105050003820101009c36e34eaef18abb6c978c8f4b67d09fd884aa9f215f35a15bc42b630de8bc775da7c437fd4b2d9ee81d69a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8aa09c28c958875bba3b09eb6
(4) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 119 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 222
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message = 0x020500061900
State = 0xae0cdbe8aa09c28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x1783afc7c643b930d840219ee56c3285
(5) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=119, length=222
(5) User-Name = 'rickjames'
(5) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(5) NAS-IP-Address = NAS-INSIDE
(5) NAS-Port = 98
(5) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(5) Service-Type = Framed-User
(5) Framed-MTU = 1400
(5) NAS-Port-Type = Wireless-802.11
(5) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(5) Connect-Info = 'CONNECT 802.11a/n'
(5) EAP-Message = 0x020500061900
(5) State = 0xae0cdbe8aa09c28c958875bba3b09eb6
(5) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(5) Message-Authenticator = 0x1783afc7c643b930d840219ee56c3285
(5) # Executing section authorize from file /etc/raddb/sites-enabled/default
(5) authorize {
(5) filter_username filter_username {
(5) if (User-Name =~ /@.*@/ )
(5) if (User-Name =~ /@.*@/ ) -> FALSE
(5) if (User-Name =~ /\\.\\./ )
(5) if (User-Name =~ /\\.\\./ ) -> FALSE
(5) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(5) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(5) if (User-Name =~ /\\.$/)
(5) if (User-Name =~ /\\.$/) -> FALSE
(5) if (User-Name =~ /@\\./)
(5) if (User-Name =~ /@\\./) -> FALSE
(5) } # filter_username filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(5) suffix : No such realm "NULL"
(5) [suffix] = noop
(5) [files] = noop
(5) eap : Peer sent code Response (2) ID 5 length 6
(5) eap : Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /etc/raddb/sites-enabled/default
(5) authenticate {
(5) eap : Expiring EAP session with state 0xae0cdbe8aa09c28c
(5) eap : Finished EAP session with state 0xae0cdbe8aa09c28c
(5) eap : Previous EAP request found for state 0xae0cdbe8aa09c28c,
released from the list
(5) eap : Peer sent method PEAP (25)
(5) eap : EAP PEAP (25)
(5) eap : Calling eap_peap to process EAP data
(5) eap_peap : processing EAP-TLS
(5) eap_peap : Received TLS ACK
(5) eap_peap : Received TLS ACK
(5) eap_peap : ACK handshake fragment handler
(5) eap_peap : eaptls_verify returned 1
(5) eap_peap : eaptls_process returned 13
(5) eap_peap : FR_TLS_HANDLED
(5) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8ab0ac28c
(5) [eap] = handled
(5) } # authenticate = handled
(5) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=119, length=0
(5) EAP-Message =
0x010603e81940434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xae0cdbe8ab0ac28c958875bba3b09eb6
Sending Access-Challenge Id 119 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x010603e81940434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b31223020060355040313194
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8ab0ac28c958875bba3b09eb6
(5) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 120 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 222
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message = 0x020600061900
State = 0xae0cdbe8ab0ac28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x49e12bcca11dfd8d87b3df96ac5d5aed
(6) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=120, length=222
(6) User-Name = 'rickjames'
(6) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(6) NAS-IP-Address = NAS-INSIDE
(6) NAS-Port = 98
(6) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(6) Service-Type = Framed-User
(6) Framed-MTU = 1400
(6) NAS-Port-Type = Wireless-802.11
(6) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(6) Connect-Info = 'CONNECT 802.11a/n'
(6) EAP-Message = 0x020600061900
(6) State = 0xae0cdbe8ab0ac28c958875bba3b09eb6
(6) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(6) Message-Authenticator = 0x49e12bcca11dfd8d87b3df96ac5d5aed
(6) # Executing section authorize from file /etc/raddb/sites-enabled/default
(6) authorize {
(6) filter_username filter_username {
(6) if (User-Name =~ /@.*@/ )
(6) if (User-Name =~ /@.*@/ ) -> FALSE
(6) if (User-Name =~ /\\.\\./ )
(6) if (User-Name =~ /\\.\\./ ) -> FALSE
(6) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(6) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(6) if (User-Name =~ /\\.$/)
(6) if (User-Name =~ /\\.$/) -> FALSE
(6) if (User-Name =~ /@\\./)
(6) if (User-Name =~ /@\\./) -> FALSE
(6) } # filter_username filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(6) suffix : No such realm "NULL"
(6) [suffix] = noop
(6) [files] = noop
(6) eap : Peer sent code Response (2) ID 6 length 6
(6) eap : Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /etc/raddb/sites-enabled/default
(6) authenticate {
(6) eap : Expiring EAP session with state 0xae0cdbe8ab0ac28c
(6) eap : Finished EAP session with state 0xae0cdbe8ab0ac28c
(6) eap : Previous EAP request found for state 0xae0cdbe8ab0ac28c,
released from the list
(6) eap : Peer sent method PEAP (25)
(6) eap : EAP PEAP (25)
(6) eap : Calling eap_peap to process EAP data
(6) eap_peap : processing EAP-TLS
(6) eap_peap : Received TLS ACK
(6) eap_peap : Received TLS ACK
(6) eap_peap : ACK handshake fragment handler
(6) eap_peap : eaptls_verify returned 1
(6) eap_peap : eaptls_process returned 13
(6) eap_peap : FR_TLS_HANDLED
(6) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8a80bc28c
(6) [eap] = handled
(6) } # authenticate = handled
(6) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=120, length=0
(6) EAP-Message =
0x0107009d190018dd10520caff6b3d619a15119d235ba33343d64fbd095d739426ae1d64b324cdde61151b15bc848ae8241d54f19014d0796e2b3232b87712661900d939fa1dca01a2eba47ff360642f2ce5dd0444f177a82ebc91159cb13d794ba7b6e6d824dfa08d8dada4bc802dc7f0dabf9fbc02f89eb3c6c4a5e4232caa762fc26792268c1ec54db08ccd3f0d453d73aa93016030100040e000000
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0xae0cdbe8a80bc28c958875bba3b09eb6
Sending Access-Challenge Id 120 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x0107009d190018dd10520caff6b3d619a15119d235ba33343d64fbd095d739426ae1d64b324cdde61151b15bc848ae8241d54f19014d0796e2b3232b87712661900d939fa1dca01a2eba47ff360642f2ce5dd0444f177a82ebc91159cb13d794ba7b6e6d824dfa08d8dada4bc802dc7f0dabf9fbc02f89eb3c6c4a5e4232caa762fc26792268c1ec54db08ccd3f0d453d73aa93016030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8a80bc28c958875bba3b09eb6
(6) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 121 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 360
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message =
0x0207009019800000008616030100461000004241047e5182230539b5d0808c2f4e067fcb6d1f3c5fc1affc9c64308f18103ce49c65702f36c39e92e212768351765d645b51a52924c827c3df04bf03c708b75ce4081403010001011603010030dd6896ee57c83326a0ff97e7723451f10a91c557db463989bfadfcfbe8ecbab20b206dc95823a1a658d95d762a1f7d73
State = 0xae0cdbe8a80bc28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x706bf00f09690d6dfb51a3cc92bfb2f8
(7) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=121, length=360
(7) User-Name = 'rickjames'
(7) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(7) NAS-IP-Address = NAS-INSIDE
(7) NAS-Port = 98
(7) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(7) Service-Type = Framed-User
(7) Framed-MTU = 1400
(7) NAS-Port-Type = Wireless-802.11
(7) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(7) Connect-Info = 'CONNECT 802.11a/n'
(7) EAP-Message =
0x0207009019800000008616030100461000004241047e5182230539b5d0808c2f4e067fcb6d1f3c5fc1affc9c64308f18103ce49c65702f36c39e92e212768351765d645b51a52924c827c3df04bf03c708b75ce4081403010001011603010030dd6896ee57c83326a0ff97e7723451f10a91c557db463989bfadfcfbe8ecbab20b206dc95823a1a658d95d762a1f7d73
(7) State = 0xae0cdbe8a80bc28c958875bba3b09eb6
(7) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(7) Message-Authenticator = 0x706bf00f09690d6dfb51a3cc92bfb2f8
(7) # Executing section authorize from file /etc/raddb/sites-enabled/default
(7) authorize {
(7) filter_username filter_username {
(7) if (User-Name =~ /@.*@/ )
(7) if (User-Name =~ /@.*@/ ) -> FALSE
(7) if (User-Name =~ /\\.\\./ )
(7) if (User-Name =~ /\\.\\./ ) -> FALSE
(7) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(7) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(7) if (User-Name =~ /\\.$/)
(7) if (User-Name =~ /\\.$/) -> FALSE
(7) if (User-Name =~ /@\\./)
(7) if (User-Name =~ /@\\./) -> FALSE
(7) } # filter_username filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(7) suffix : No such realm "NULL"
(7) [suffix] = noop
(7) [files] = noop
(7) eap : Peer sent code Response (2) ID 7 length 144
(7) eap : Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /etc/raddb/sites-enabled/default
(7) authenticate {
(7) eap : Expiring EAP session with state 0xae0cdbe8a80bc28c
(7) eap : Finished EAP session with state 0xae0cdbe8a80bc28c
(7) eap : Previous EAP request found for state 0xae0cdbe8a80bc28c,
released from the list
(7) eap : Peer sent method PEAP (25)
(7) eap : EAP PEAP (25)
(7) eap : Calling eap_peap to process EAP data
(7) eap_peap : processing EAP-TLS
TLS Length 134
(7) eap_peap : Length Included
(7) eap_peap : eaptls_verify returned 11
(7) eap_peap : <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(7) eap_peap : TLS_accept: SSLv3 read client key exchange A
(7) eap_peap : <<< TLS 1.0 ChangeCipherSpec [length 0001]
(7) eap_peap : <<< TLS 1.0 Handshake [length 0010], Finished
(7) eap_peap : TLS_accept: SSLv3 read finished A
(7) eap_peap : >>> TLS 1.0 ChangeCipherSpec [length 0001]
(7) eap_peap : TLS_accept: SSLv3 write change cipher spec A
(7) eap_peap : >>> TLS 1.0 Handshake [length 0010], Finished
(7) eap_peap : TLS_accept: SSLv3 write finished A
(7) eap_peap : TLS_accept: SSLv3 flush data
SSL: Adding session
88e265710b2fcc6e8da92f9b8207f45fe93c2488f11cbe5f958e159a5489d218 to
cache
(7) eap_peap : (other): SSL negotiation finished successfully
SSL Connection Established
(7) eap_peap : eaptls_process returned 13
(7) eap_peap : FR_TLS_HANDLED
(7) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8a904c28c
(7) [eap] = handled
(7) } # authenticate = handled
(7) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=121, length=0
(7) EAP-Message =
0x01080041190014030100010116030100304fd4b31abc34b15a847f60e94c08ab9689ad51c5f543396910aea0b5f691acc0c1c9ee30f10d249be8205b284502e59b
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0xae0cdbe8a904c28c958875bba3b09eb6
Sending Access-Challenge Id 121 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x01080041190014030100010116030100304fd4b31abc34b15a847f60e94c08ab9689ad51c5f543396910aea0b5f691acc0c1c9ee30f10d249be8205b284502e59b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8a904c28c958875bba3b09eb6
(7) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 122 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 222
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message = 0x020800061900
State = 0xae0cdbe8a904c28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0xc7f85f7148cf63cce5a62dbde2249872
(8) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=122, length=222
(8) User-Name = 'rickjames'
(8) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(8) NAS-IP-Address = NAS-INSIDE
(8) NAS-Port = 98
(8) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(8) Service-Type = Framed-User
(8) Framed-MTU = 1400
(8) NAS-Port-Type = Wireless-802.11
(8) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(8) Connect-Info = 'CONNECT 802.11a/n'
(8) EAP-Message = 0x020800061900
(8) State = 0xae0cdbe8a904c28c958875bba3b09eb6
(8) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(8) Message-Authenticator = 0xc7f85f7148cf63cce5a62dbde2249872
(8) # Executing section authorize from file /etc/raddb/sites-enabled/default
(8) authorize {
(8) filter_username filter_username {
(8) if (User-Name =~ /@.*@/ )
(8) if (User-Name =~ /@.*@/ ) -> FALSE
(8) if (User-Name =~ /\\.\\./ )
(8) if (User-Name =~ /\\.\\./ ) -> FALSE
(8) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(8) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(8) if (User-Name =~ /\\.$/)
(8) if (User-Name =~ /\\.$/) -> FALSE
(8) if (User-Name =~ /@\\./)
(8) if (User-Name =~ /@\\./) -> FALSE
(8) } # filter_username filter_username = notfound
(8) [preprocess] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(8) suffix : No such realm "NULL"
(8) [suffix] = noop
(8) [files] = noop
(8) eap : Peer sent code Response (2) ID 8 length 6
(8) eap : Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /etc/raddb/sites-enabled/default
(8) authenticate {
(8) eap : Expiring EAP session with state 0xae0cdbe8a904c28c
(8) eap : Finished EAP session with state 0xae0cdbe8a904c28c
(8) eap : Previous EAP request found for state 0xae0cdbe8a904c28c,
released from the list
(8) eap : Peer sent method PEAP (25)
(8) eap : EAP PEAP (25)
(8) eap : Calling eap_peap to process EAP data
(8) eap_peap : processing EAP-TLS
(8) eap_peap : Received TLS ACK
(8) eap_peap : Received TLS ACK
(8) eap_peap : ACK handshake is finished
(8) eap_peap : eaptls_verify returned 3
(8) eap_peap : eaptls_process returned 3
(8) eap_peap : FR_TLS_SUCCESS
(8) eap_peap : Session established. Decoding tunneled attributes
(8) eap_peap : Peap state TUNNEL ESTABLISHED
(8) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8a605c28c
(8) [eap] = handled
(8) } # authenticate = handled
(8) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=122, length=0
(8) EAP-Message =
0x0109002b19001703010020f6929543ede2bc99d218d37fdeefccbc27504c46c06581d970af81cb1af394b1
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0xae0cdbe8a605c28c958875bba3b09eb6
Sending Access-Challenge Id 122 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x0109002b19001703010020f6929543ede2bc99d218d37fdeefccbc27504c46c06581d970af81cb1af394b1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8a605c28c958875bba3b09eb6
(8) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 123 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 296
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message =
0x0209005019001703010020430d54849046f35cef9b0557ae69d197ee306a6a67173b87f6efc115ee3272ad1703010020261c75feecc7b94db0d95b9c6ab6a104fbc66e43252a0391c9e7fefa81db83fc
State = 0xae0cdbe8a605c28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x26047dd54e1ab908a842c670d8c5ff1f
(9) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=123, length=296
(9) User-Name = 'rickjames'
(9) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(9) NAS-IP-Address = NAS-INSIDE
(9) NAS-Port = 98
(9) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(9) Service-Type = Framed-User
(9) Framed-MTU = 1400
(9) NAS-Port-Type = Wireless-802.11
(9) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(9) Connect-Info = 'CONNECT 802.11a/n'
(9) EAP-Message =
0x0209005019001703010020430d54849046f35cef9b0557ae69d197ee306a6a67173b87f6efc115ee3272ad1703010020261c75feecc7b94db0d95b9c6ab6a104fbc66e43252a0391c9e7fefa81db83fc
(9) State = 0xae0cdbe8a605c28c958875bba3b09eb6
(9) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(9) Message-Authenticator = 0x26047dd54e1ab908a842c670d8c5ff1f
(9) # Executing section authorize from file /etc/raddb/sites-enabled/default
(9) authorize {
(9) filter_username filter_username {
(9) if (User-Name =~ /@.*@/ )
(9) if (User-Name =~ /@.*@/ ) -> FALSE
(9) if (User-Name =~ /\\.\\./ )
(9) if (User-Name =~ /\\.\\./ ) -> FALSE
(9) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(9) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(9) if (User-Name =~ /\\.$/)
(9) if (User-Name =~ /\\.$/) -> FALSE
(9) if (User-Name =~ /@\\./)
(9) if (User-Name =~ /@\\./) -> FALSE
(9) } # filter_username filter_username = notfound
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(9) suffix : No such realm "NULL"
(9) [suffix] = noop
(9) [files] = noop
(9) eap : Peer sent code Response (2) ID 9 length 80
(9) eap : Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /etc/raddb/sites-enabled/default
(9) authenticate {
(9) eap : Expiring EAP session with state 0xae0cdbe8a605c28c
(9) eap : Finished EAP session with state 0xae0cdbe8a605c28c
(9) eap : Previous EAP request found for state 0xae0cdbe8a605c28c,
released from the list
(9) eap : Peer sent method PEAP (25)
(9) eap : EAP PEAP (25)
(9) eap : Calling eap_peap to process EAP data
(9) eap_peap : processing EAP-TLS
(9) eap_peap : eaptls_verify returned 7
(9) eap_peap : Done initial handshake
(9) eap_peap : eaptls_process returned 7
(9) eap_peap : FR_TLS_OK
(9) eap_peap : Session established. Decoding tunneled attributes
(9) eap_peap : Peap state WAITING FOR INNER IDENTITY
(9) eap_peap : Identity - rickjames
(9) eap_peap : Got inner identity 'rickjames'
(9) eap_peap : Setting default EAP type for tunneled EAP session
(9) eap_peap : Got tunneled request
EAP-Message = 0x0209000e017269636b6a616d6573
server default {
(9) eap_peap : Setting User-Name to rickjames
Sending tunneled request
EAP-Message = 0x0209000e017269636b6a616d6573
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
server inner-tunnel {
(9) server inner-tunnel {
(9) Request:
EAP-Message = 0x0209000e017269636b6a616d6573
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(9) # Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
(9) authorize {
(9) [chap] = noop
(9) [mschap] = noop
(9) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(9) suffix : No such realm "NULL"
(9) [suffix] = noop
(9) update control {
(9) Proxy-To-Realm := 'LOCAL'
(9) } # update control = noop
(9) eap : Peer sent code Response (2) ID 9 length 14
(9) eap : EAP-Identity reply, returning 'ok' so we can short-circuit
the rest of authorize
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(9) authenticate {
(9) eap : Peer sent method Identity (1)
(9) eap : Calling eap_mschapv2 to process EAP data
(9) eap_mschapv2 : Issuing Challenge
(9) eap : New EAP session, adding 'State' attribute to reply
0x01cb1c3201c1063c
(9) [eap] = handled
(9) } # authenticate = handled
(9) Reply:
EAP-Message =
0x010a00231a010a001e10b7e9bd1bb24a40606bfa0bf5dc26249e7269636b6a616d6573
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x01cb1c3201c1063c2648c1312ac5cc01
(9) } # server inner-tunnel
} # server inner-tunnel
(9) eap_peap : Got tunneled reply code 11
EAP-Message =
0x010a00231a010a001e10b7e9bd1bb24a40606bfa0bf5dc26249e7269636b6a616d6573
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x01cb1c3201c1063c2648c1312ac5cc01
(9) eap_peap : Got tunneled reply RADIUS code 11
EAP-Message =
0x010a00231a010a001e10b7e9bd1bb24a40606bfa0bf5dc26249e7269636b6a616d6573
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x01cb1c3201c1063c2648c1312ac5cc01
(9) eap_peap : Got tunneled Access-Challenge
(9) eap : New EAP session, adding 'State' attribute to reply 0xae0cdbe8a706c28c
(9) [eap] = handled
(9) } # authenticate = handled
(9) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=123, length=0
(9) EAP-Message =
0x010a004b19001703010040fd5359d7d6395396fd049586ff8f845eb8aca3488d091b0831afa26d56ea9d601b8b07ab142c91d7d2595b8651a105d2c408f0ef33d246ee35c56cc43eb90ec7
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0xae0cdbe8a706c28c958875bba3b09eb6
Sending Access-Challenge Id 123 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x010a004b19001703010040fd5359d7d6395396fd049586ff8f845eb8aca3488d091b0831afa26d56ea9d601b8b07ab142c91d7d2595b8651a105d2c408f0ef33d246ee35c56cc43eb90ec7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8a706c28c958875bba3b09eb6
(9) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 124 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 360
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message =
0x020a0090190017030100201aa6358da53edc930acce6c65924b3fa8321f5aec635b9a26b6eef18e405db6c1703010060ae82b5dde8f2ea4f8086e036941ad7335d46f31158852f63fd756380740d480ceea6b4a185b1111b30fa7e5b2d96bf42253a909e1c67b9d2ae0e5585c8517beb5a548f706f382dfe995ab2f95c123e319995f83b694e3c82a5b57b2a50624cef
State = 0xae0cdbe8a706c28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x40813d44ad350c94cf160632183580bb
(10) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=124, length=360
(10) User-Name = 'rickjames'
(10) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(10) NAS-IP-Address = NAS-INSIDE
(10) NAS-Port = 98
(10) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(10) Service-Type = Framed-User
(10) Framed-MTU = 1400
(10) NAS-Port-Type = Wireless-802.11
(10) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(10) Connect-Info = 'CONNECT 802.11a/n'
(10) EAP-Message =
0x020a0090190017030100201aa6358da53edc930acce6c65924b3fa8321f5aec635b9a26b6eef18e405db6c1703010060ae82b5dde8f2ea4f8086e036941ad7335d46f31158852f63fd756380740d480ceea6b4a185b1111b30fa7e5b2d96bf42253a909e1c67b9d2ae0e5585c8517beb5a548f706f382dfe995ab2f95c123e319995f83b694e3c82a5b57b2a50624cef
(10) State = 0xae0cdbe8a706c28c958875bba3b09eb6
(10) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(10) Message-Authenticator = 0x40813d44ad350c94cf160632183580bb
(10) # Executing section authorize from file /etc/raddb/sites-enabled/default
(10) authorize {
(10) filter_username filter_username {
(10) if (User-Name =~ /@.*@/ )
(10) if (User-Name =~ /@.*@/ ) -> FALSE
(10) if (User-Name =~ /\\.\\./ )
(10) if (User-Name =~ /\\.\\./ ) -> FALSE
(10) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(10) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(10) if (User-Name =~ /\\.$/)
(10) if (User-Name =~ /\\.$/) -> FALSE
(10) if (User-Name =~ /@\\./)
(10) if (User-Name =~ /@\\./) -> FALSE
(10) } # filter_username filter_username = notfound
(10) [preprocess] = ok
(10) [chap] = noop
(10) [mschap] = noop
(10) [digest] = noop
(10) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(10) suffix : No such realm "NULL"
(10) [suffix] = noop
(10) [files] = noop
(10) eap : Peer sent code Response (2) ID 10 length 144
(10) eap : Continuing tunnel setup
(10) [eap] = ok
(10) } # authorize = ok
(10) Found Auth-Type = EAP
(10) # Executing group from file /etc/raddb/sites-enabled/default
(10) authenticate {
(10) eap : Expiring EAP session with state 0x01cb1c3201c1063c
(10) eap : Finished EAP session with state 0xae0cdbe8a706c28c
(10) eap : Previous EAP request found for state 0xae0cdbe8a706c28c,
released from the list
(10) eap : Peer sent method PEAP (25)
(10) eap : EAP PEAP (25)
(10) eap : Calling eap_peap to process EAP data
(10) eap_peap : processing EAP-TLS
(10) eap_peap : eaptls_verify returned 7
(10) eap_peap : Done initial handshake
(10) eap_peap : eaptls_process returned 7
(10) eap_peap : FR_TLS_OK
(10) eap_peap : Session established. Decoding tunneled attributes
(10) eap_peap : Peap state phase2
(10) eap_peap : EAP type MSCHAPv2 (26)
(10) eap_peap : Got tunneled request
EAP-Message =
0x020a00441a020a003f31411b2a6c0dc0f9c40bb19b13aa8a5cb300000000000000003f711ae300e431d18cda62db72c308531fa1d8d2e18db063007269636b6a616d6573
server default {
(10) eap_peap : Setting User-Name to rickjames
Sending tunneled request
EAP-Message =
0x020a00441a020a003f31411b2a6c0dc0f9c40bb19b13aa8a5cb300000000000000003f711ae300e431d18cda62db72c308531fa1d8d2e18db063007269636b6a616d6573
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = 'rickjames'
State = 0x01cb1c3201c1063c2648c1312ac5cc01
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
server inner-tunnel {
(10) server inner-tunnel {
(10) Request:
EAP-Message =
0x020a00441a020a003f31411b2a6c0dc0f9c40bb19b13aa8a5cb300000000000000003f711ae300e431d18cda62db72c308531fa1d8d2e18db063007269636b6a616d6573
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = 'rickjames'
State = 0x01cb1c3201c1063c2648c1312ac5cc01
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(10) # Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
(10) authorize {
(10) [chap] = noop
(10) [mschap] = noop
(10) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(10) suffix : No such realm "NULL"
(10) [suffix] = noop
(10) update control {
(10) Proxy-To-Realm := 'LOCAL'
(10) } # update control = noop
(10) eap : Peer sent code Response (2) ID 10 length 68
(10) eap : No EAP Start, assuming it's an on-going EAP conversation
(10) [eap] = updated
(10) [files] = noop
(10) sql : EXPAND %{User-Name}
(10) sql : --> rickjames
(10) sql : SQL-User-Name set to 'rickjames'
rlm_sql (sql): Reserved connection (4)
(10) sql : EXPAND SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(10) sql : --> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'rickjames' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute,
value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id'
(10) sql : User found in radcheck table
(10) sql : EXPAND %{Packet-Src-IP-Address}
(10) sql : --> NAS-OUTSIDE
(10) sql : Check items matched
(10) sql : EXPAND SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(10) sql : --> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'rickjames' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute,
value, op FROM radreply WHERE username = 'rickjames' ORDER BY id'
(10) sql : EXPAND SELECT groupname FROM radusergroup WHERE username
= '%{SQL-User-Name}' ORDER BY priority
(10) sql : --> SELECT groupname FROM radusergroup WHERE username
= 'rickjames' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup
WHERE username = 'rickjames' ORDER BY priority'
(10) sql : User found in the group table
rlm_sql (sql): Released connection (4)
(10) [sql] = ok
(10) [expiration] = noop
(10) [logintime] = noop
(10) WARNING: pap : Auth-Type already set. Not setting to PAP
(10) [pap] = noop
(10) } # authorize = updated
(10) Found Auth-Type = EAP
(10) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(10) authenticate {
(10) eap : Expiring EAP session with state 0x01cb1c3201c1063c
(10) eap : Finished EAP session with state 0x01cb1c3201c1063c
(10) eap : Previous EAP request found for state 0x01cb1c3201c1063c,
released from the list
(10) eap : Peer sent method MSCHAPv2 (26)
(10) eap : EAP MSCHAPv2 (26)
(10) eap : Calling eap_mschapv2 to process EAP data
(10) eap_mschapv2 : # Executing group from file
/etc/raddb/sites-enabled/inner-tunnel
(10) eap_mschapv2 : Auth-Type MS-CHAP {
(10) mschap : Found Cleartext-Password, hashing to create LM-Password
(10) mschap : Found Cleartext-Password, hashing to create NT-Password
(10) mschap : Creating challenge hash with username: rickjames
(10) mschap : Client is using MS-CHAPv2
(10) mschap : Adding MS-CHAPv2 MPPE keys
(10) [mschap] = ok
(10) } # Auth-Type MS-CHAP = ok
MSCHAP Success
(10) eap : New EAP session, adding 'State' attribute to reply
0x01cb1c3200c0063c
(10) [eap] = handled
(10) } # authenticate = handled
(10) Reply:
EAP-Message =
0x010b00331a030a002e533d42453341453638384230463333323338363937464634393743344330383337303646413330414135
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x01cb1c3200c0063c2648c1312ac5cc01
(10) } # server inner-tunnel
} # server inner-tunnel
(10) eap_peap : Got tunneled reply code 11
EAP-Message =
0x010b00331a030a002e533d42453341453638384230463333323338363937464634393743344330383337303646413330414135
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x01cb1c3200c0063c2648c1312ac5cc01
(10) eap_peap : Got tunneled reply RADIUS code 11
EAP-Message =
0x010b00331a030a002e533d42453341453638384230463333323338363937464634393743344330383337303646413330414135
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x01cb1c3200c0063c2648c1312ac5cc01
(10) eap_peap : Got tunneled Access-Challenge
(10) eap : New EAP session, adding 'State' attribute to reply
0xae0cdbe8a407c28c
(10) [eap] = handled
(10) } # authenticate = handled
(10) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=124, length=0
(10) EAP-Message =
0x010b005b19001703010050680be7c5963a403a5a2362116e026992c0454c1bf3402b27e9d58fed56e939dba078f074595694089222ae5ac0d2d213133a9fd8dbb7556a8c7d57f625d4d8d4b9ecace2ee1acd2ce7544a2734d44859
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0xae0cdbe8a407c28c958875bba3b09eb6
Sending Access-Challenge Id 124 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x010b005b19001703010050680be7c5963a403a5a2362116e026992c0454c1bf3402b27e9d58fed56e939dba078f074595694089222ae5ac0d2d213133a9fd8dbb7556a8c7d57f625d4d8d4b9ecace2ee1acd2ce7544a2734d44859
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8a407c28c958875bba3b09eb6
(10) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 125 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 296
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message =
0x020b0050190017030100200488bd92060d7fab702ef70978708003783a1346f3c3f92274bfc85c394a265517030100208f06ac6ff02529377b283063be08be7318cdedb3fea50fb8a5e3d1120b73ab31
State = 0xae0cdbe8a407c28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x5e3da040ad71f3d18292e84e675c8f87
(11) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=125, length=296
(11) User-Name = 'rickjames'
(11) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(11) NAS-IP-Address = NAS-INSIDE
(11) NAS-Port = 98
(11) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(11) Service-Type = Framed-User
(11) Framed-MTU = 1400
(11) NAS-Port-Type = Wireless-802.11
(11) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(11) Connect-Info = 'CONNECT 802.11a/n'
(11) EAP-Message =
0x020b0050190017030100200488bd92060d7fab702ef70978708003783a1346f3c3f92274bfc85c394a265517030100208f06ac6ff02529377b283063be08be7318cdedb3fea50fb8a5e3d1120b73ab31
(11) State = 0xae0cdbe8a407c28c958875bba3b09eb6
(11) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(11) Message-Authenticator = 0x5e3da040ad71f3d18292e84e675c8f87
(11) # Executing section authorize from file /etc/raddb/sites-enabled/default
(11) authorize {
(11) filter_username filter_username {
(11) if (User-Name =~ /@.*@/ )
(11) if (User-Name =~ /@.*@/ ) -> FALSE
(11) if (User-Name =~ /\\.\\./ )
(11) if (User-Name =~ /\\.\\./ ) -> FALSE
(11) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(11) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(11) if (User-Name =~ /\\.$/)
(11) if (User-Name =~ /\\.$/) -> FALSE
(11) if (User-Name =~ /@\\./)
(11) if (User-Name =~ /@\\./) -> FALSE
(11) } # filter_username filter_username = notfound
(11) [preprocess] = ok
(11) [chap] = noop
(11) [mschap] = noop
(11) [digest] = noop
(11) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(11) suffix : No such realm "NULL"
(11) [suffix] = noop
(11) [files] = noop
(11) eap : Peer sent code Response (2) ID 11 length 80
(11) eap : Continuing tunnel setup
(11) [eap] = ok
(11) } # authorize = ok
(11) Found Auth-Type = EAP
(11) # Executing group from file /etc/raddb/sites-enabled/default
(11) authenticate {
(11) eap : Expiring EAP session with state 0x01cb1c3200c0063c
(11) eap : Finished EAP session with state 0xae0cdbe8a407c28c
(11) eap : Previous EAP request found for state 0xae0cdbe8a407c28c,
released from the list
(11) eap : Peer sent method PEAP (25)
(11) eap : EAP PEAP (25)
(11) eap : Calling eap_peap to process EAP data
(11) eap_peap : processing EAP-TLS
(11) eap_peap : eaptls_verify returned 7
(11) eap_peap : Done initial handshake
(11) eap_peap : eaptls_process returned 7
(11) eap_peap : FR_TLS_OK
(11) eap_peap : Session established. Decoding tunneled attributes
(11) eap_peap : Peap state phase2
(11) eap_peap : EAP type MSCHAPv2 (26)
(11) eap_peap : Got tunneled request
EAP-Message = 0x020b00061a03
server default {
(11) eap_peap : Setting User-Name to rickjames
Sending tunneled request
EAP-Message = 0x020b00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = 'rickjames'
State = 0x01cb1c3200c0063c2648c1312ac5cc01
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
server inner-tunnel {
(11) server inner-tunnel {
(11) Request:
EAP-Message = 0x020b00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = 'rickjames'
State = 0x01cb1c3200c0063c2648c1312ac5cc01
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(11) # Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
(11) authorize {
(11) [chap] = noop
(11) [mschap] = noop
(11) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(11) suffix : No such realm "NULL"
(11) [suffix] = noop
(11) update control {
(11) Proxy-To-Realm := 'LOCAL'
(11) } # update control = noop
(11) eap : Peer sent code Response (2) ID 11 length 6
(11) eap : No EAP Start, assuming it's an on-going EAP conversation
(11) [eap] = updated
(11) [files] = noop
(11) sql : EXPAND %{User-Name}
(11) sql : --> rickjames
(11) sql : SQL-User-Name set to 'rickjames'
rlm_sql (sql): Reserved connection (4)
(11) sql : EXPAND SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(11) sql : --> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'rickjames' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute,
value, op FROM radcheck WHERE username = 'rickjames' ORDER BY id'
(11) sql : User found in radcheck table
(11) sql : EXPAND %{Packet-Src-IP-Address}
(11) sql : --> NAS-OUTSIDE
(11) sql : Check items matched
(11) sql : EXPAND SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(11) sql : --> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'rickjames' ORDER BY id
rlm_sql (sql): Executing query: 'SELECT id, username, attribute,
value, op FROM radreply WHERE username = 'rickjames' ORDER BY id'
(11) sql : EXPAND SELECT groupname FROM radusergroup WHERE username
= '%{SQL-User-Name}' ORDER BY priority
(11) sql : --> SELECT groupname FROM radusergroup WHERE username
= 'rickjames' ORDER BY priority
rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup
WHERE username = 'rickjames' ORDER BY priority'
(11) sql : User found in the group table
rlm_sql (sql): Released connection (4)
(11) [sql] = ok
(11) [expiration] = noop
(11) [logintime] = noop
(11) WARNING: pap : Auth-Type already set. Not setting to PAP
(11) [pap] = noop
(11) } # authorize = updated
(11) Found Auth-Type = EAP
(11) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(11) authenticate {
(11) eap : Expiring EAP session with state 0x01cb1c3200c0063c
(11) eap : Finished EAP session with state 0x01cb1c3200c0063c
(11) eap : Previous EAP request found for state 0x01cb1c3200c0063c,
released from the list
(11) eap : Peer sent method MSCHAPv2 (26)
(11) eap : EAP MSCHAPv2 (26)
(11) eap : Calling eap_mschapv2 to process EAP data
(11) eap : Freeing handler
(11) [eap] = ok
(11) } # authenticate = ok
(11) # Executing section post-auth from file
/etc/raddb/sites-enabled/inner-tunnel
(11) post-auth {
(11) sql : EXPAND .query
(11) sql : --> .query
(11) sql : Using query template 'query'
rlm_sql (sql): Reserved connection (4)
(11) sql : EXPAND %{User-Name}
(11) sql : --> rickjames
(11) sql : SQL-User-Name set to 'rickjames'
(11) sql : EXPAND INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(11) sql : --> INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'rickjames', '', 'Access-Accept', '2014-08-08
15:39:12')
rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES ( 'rickjames', '', 'Access-Accept',
'2014-08-08 15:39:12')'
rlm_sql (sql): Released connection (4)
(11) [sql] = ok
(11) } # post-auth = ok
(11) Reply:
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
MS-MPPE-Send-Key = 0x179df4ed5c7771b6728858f3b86294c2
MS-MPPE-Recv-Key = 0xb9fea9733904585d418bc4af62e467f3
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = 'rickjames'
(11) } # server inner-tunnel
} # server inner-tunnel
(11) eap_peap : Got tunneled reply code 2
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
MS-MPPE-Send-Key = 0x179df4ed5c7771b6728858f3b86294c2
MS-MPPE-Recv-Key = 0xb9fea9733904585d418bc4af62e467f3
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = 'rickjames'
(11) eap_peap : Got tunneled reply RADIUS code 2
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
MS-MPPE-Send-Key = 0x179df4ed5c7771b6728858f3b86294c2
MS-MPPE-Recv-Key = 0xb9fea9733904585d418bc4af62e467f3
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = 'rickjames'
(11) eap_peap : Tunneled authentication was successful
(11) eap_peap : SUCCESS
(11) eap_peap : Saving tunneled attributes for later
(11) eap : New EAP session, adding 'State' attribute to reply
0xae0cdbe8a500c28c
(11) [eap] = handled
(11) } # authenticate = handled
(11) Sending Access-Challenge packet to host NAS-OUTSIDE port 30713,
id=125, length=0
(11) EAP-Message =
0x010c002b1900170301002056922e2b8a6eb48b269ae59add908b45c42b46f397e3714d6ecc268d0be4712c
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) State = 0xae0cdbe8a500c28c958875bba3b09eb6
Sending Access-Challenge Id 125 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
EAP-Message =
0x010c002b1900170301002056922e2b8a6eb48b269ae59add908b45c42b46f397e3714d6ecc268d0be4712c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae0cdbe8a500c28c958875bba3b09eb6
(11) Finished request
Waking up in 0.2 seconds.
Received Access-Request Id 126 from NAS-OUTSIDE:30713 to
RADIUS-SERVER:1812 length 296
User-Name = 'rickjames'
Calling-Station-Id = '10-A5-D0-E9-10-D0'
NAS-IP-Address = NAS-INSIDE
NAS-Port = 98
Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = '6C-AA-B3-CF-40-AD'
Connect-Info = 'CONNECT 802.11a/n'
EAP-Message =
0x020c0050190017030100203c1ed40a848c69a42d79c362202418abe665c4bc6633d0bb6b990c9d3bb99a881703010020663c8bdeb71859e38e5f6a45249c04efdfab4eba71c8e70f5f17ff7003f9a15a
State = 0xae0cdbe8a500c28c958875bba3b09eb6
Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
Message-Authenticator = 0x6d28ef3b08f29987cefab55995b259a4
(12) Received Access-Request packet from host NAS-OUTSIDE port 30713,
id=126, length=296
(12) User-Name = 'rickjames'
(12) Calling-Station-Id = '10-A5-D0-E9-10-D0'
(12) NAS-IP-Address = NAS-INSIDE
(12) NAS-Port = 98
(12) Called-Station-Id = '6C-AA-B3-CF-40-AD:test-eap-radius1'
(12) Service-Type = Framed-User
(12) Framed-MTU = 1400
(12) NAS-Port-Type = Wireless-802.11
(12) NAS-Identifier = '6C-AA-B3-CF-40-AD'
(12) Connect-Info = 'CONNECT 802.11a/n'
(12) EAP-Message =
0x020c0050190017030100203c1ed40a848c69a42d79c362202418abe665c4bc6633d0bb6b990c9d3bb99a881703010020663c8bdeb71859e38e5f6a45249c04efdfab4eba71c8e70f5f17ff7003f9a15a
(12) State = 0xae0cdbe8a500c28c958875bba3b09eb6
(12) Attr-26 = 0x000061dd0312746573742d6561702d72616469757331
(12) Message-Authenticator = 0x6d28ef3b08f29987cefab55995b259a4
(12) # Executing section authorize from file /etc/raddb/sites-enabled/default
(12) authorize {
(12) filter_username filter_username {
(12) if (User-Name =~ /@.*@/ )
(12) if (User-Name =~ /@.*@/ ) -> FALSE
(12) if (User-Name =~ /\\.\\./ )
(12) if (User-Name =~ /\\.\\./ ) -> FALSE
(12) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/))
(12) if ((User-Name =~ /@/) && (User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
(12) if (User-Name =~ /\\.$/)
(12) if (User-Name =~ /\\.$/) -> FALSE
(12) if (User-Name =~ /@\\./)
(12) if (User-Name =~ /@\\./) -> FALSE
(12) } # filter_username filter_username = notfound
(12) [preprocess] = ok
(12) [chap] = noop
(12) [mschap] = noop
(12) [digest] = noop
(12) suffix : No '@' in User-Name = "rickjames", looking up realm NULL
(12) suffix : No such realm "NULL"
(12) [suffix] = noop
(12) [files] = noop
(12) eap : Peer sent code Response (2) ID 12 length 80
(12) eap : Continuing tunnel setup
(12) [eap] = ok
(12) } # authorize = ok
(12) Found Auth-Type = EAP
(12) # Executing group from file /etc/raddb/sites-enabled/default
(12) authenticate {
(12) eap : Expiring EAP session with state 0xae0cdbe8a500c28c
(12) eap : Finished EAP session with state 0xae0cdbe8a500c28c
(12) eap : Previous EAP request found for state 0xae0cdbe8a500c28c,
released from the list
(12) eap : Peer sent method PEAP (25)
(12) eap : EAP PEAP (25)
(12) eap : Calling eap_peap to process EAP data
(12) eap_peap : processing EAP-TLS
(12) eap_peap : eaptls_verify returned 7
(12) eap_peap : Done initial handshake
(12) eap_peap : eaptls_process returned 7
(12) eap_peap : FR_TLS_OK
(12) eap_peap : Session established. Decoding tunneled attributes
(12) eap_peap : Peap state send tlv success
(12) eap_peap : Received EAP-TLV response
(12) eap_peap : Success
(12) eap_peap : Using saved attributes from the original Access-Accept
User-Name = 'rickjames'
(12) eap_peap : Saving session
88e265710b2fcc6e8da92f9b8207f45fe93c2488f11cbe5f958e159a5489d218 vps
0x17daa20 in the cache
(12) eap : Freeing handler
(12) [eap] = ok
(12) } # authenticate = ok
(12) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(12) post-auth {
(12) sql : EXPAND .query
(12) sql : --> .query
(12) sql : Using query template 'query'
rlm_sql (sql): Reserved connection (4)
(12) sql : EXPAND %{User-Name}
(12) sql : --> rickjames
(12) sql : SQL-User-Name set to 'rickjames'
(12) sql : EXPAND INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( '%{SQL-User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(12) sql : --> INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'rickjames', '', 'Access-Accept', '2014-08-08
15:39:12')
rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES ( 'rickjames', '', 'Access-Accept',
'2014-08-08 15:39:12')'
rlm_sql (sql): Released connection (4)
(12) [sql] = ok
(12) [exec] = noop
(12) remove_reply_message_if_eap remove_reply_message_if_eap {
(12) if (reply:EAP-Message && reply:Reply-Message)
(12) if (reply:EAP-Message && reply:Reply-Message) -> FALSE
(12) else else {
(12) [noop] = noop
(12) } # else else = noop
(12) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
(12) } # post-auth = ok
(12) Sending Access-Accept packet to host NAS-OUTSIDE port 30713,
id=126, length=0
(12) User-Name = 'rickjames'
(12) MS-MPPE-Recv-Key =
0x95a29eb8e7e7473a50ca0d2619dd07ef50e81de3f96bc8591b55916e38de5901
(12) MS-MPPE-Send-Key =
0x669171259bcd630681b4e1b9e4fb7d78ee8c764690be69c3bca200ff83407a20
(12) EAP-MSK =
0x95a29eb8e7e7473a50ca0d2619dd07ef50e81de3f96bc8591b55916e38de5901669171259bcd630681b4e1b9e4fb7d78ee8c764690be69c3bca200ff83407a20
(12) EAP-EMSK =
0x66d63feee81881b28fdc9237a17ecbbb155aa665c4d86f2bcb897466560cc914d0cb78bfc3ecf5a3e1f2578d56a20eb6fbfb19688b4fdc91aa60b9579f767d3c
(12) EAP-Session-Id =
0x1953e5275783695b045513e2df6c382cb01f2383a48d64ba7aedc5023200cf1884b94c573538257ba6b0fc2fc7e17d7f66e4dad3c42e819142c94bb65ac98d2aa5
(12) EAP-Message = 0x030c0004
(12) Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Accept Id 126 from RADIUS-SERVER:1812 to NAS-OUTSIDE:30713
User-Name = 'rickjames'
MS-MPPE-Recv-Key =
0x95a29eb8e7e7473a50ca0d2619dd07ef50e81de3f96bc8591b55916e38de5901
MS-MPPE-Send-Key =
0x669171259bcd630681b4e1b9e4fb7d78ee8c764690be69c3bca200ff83407a20
EAP-Message = 0x030c0004
Message-Authenticator = 0x00000000000000000000000000000000
(12) Finished request
Waking up in 0.2 seconds.
Waking up in 4.5 seconds.
(0) Cleaning up request packet ID 114 with timestamp +18
(1) Cleaning up request packet ID 115 with timestamp +18
(2) Cleaning up request packet ID 116 with timestamp +18
(3) Cleaning up request packet ID 117 with timestamp +18
(4) Cleaning up request packet ID 118 with timestamp +18
(5) Cleaning up request packet ID 119 with timestamp +18
(6) Cleaning up request packet ID 120 with timestamp +18
(7) Cleaning up request packet ID 121 with timestamp +19
(8) Cleaning up request packet ID 122 with timestamp +19
(9) Cleaning up request packet ID 123 with timestamp +19
(10) Cleaning up request packet ID 124 with timestamp +19
(11) Cleaning up request packet ID 125 with timestamp +19
(12) Cleaning up request packet ID 126 with timestamp +19
Ready to process requests
On Fri, Aug 8, 2014 at 3:26 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Terry Kantorowski wrote:
>> I'm trying to get Freeradius to authenticate wireless users. AVPs
>> don't pass when clients use PEAP even with tunneled reply on. If I force
>> the client to TTLS it works fine, passes AVPs everyones happy. Problem
>> is, windows android and ios all default to PEAP. Has anyone else run
>> into this? Any help is greatly appreciated.
>
> Please post the debug output as suggested in the FAQ, "man" page, web
> pages, and daily on this list.
>
>> I have included ttls and peap settings of my eap file:
>
> None of that is important.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Terry Kantorowski
terry.kantorowski at gmail.com
814-397-4724
More information about the Freeradius-Users
mailing list