Getting EAP-TTLS/TLS working

greg.huber greg.huber at carestream.com
Tue Feb 11 18:18:25 CET 2014


Hello,
I few releases back we had EAP-TTLS/TLS working (maybe 2 years ago??)
Since then it has stopped and I am having trouble finding the root cause.
Protocols like EAP-TLS and EAP-TTLS/MSCHAPV2 are working, and I verified
the certificates and keys.

I have attached the output from 'radiusd -X' below.  I see a lot of posts have
a nice condensed dump of the configuration, if someone could tell me how
to get the dump I will attach it also.

Near the end is the statement:

[ttls] WARNING: diameter2vp skipping long attribute 3005705648, attr

I found this in the source code but am not sure if is is part of the problem
or just a non-fatal warning.

Thank you for any help you can provide.


    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 0x020300061500
    State = 0x761f94dc741c81c1389e58c98036d07f
    Message-Authenticator = 0xb32ee439c871fca74db681b61df4ed0a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 150 to 10.0.1.254 port 1025
    EAP-Message =
0x0104040015c000000c578b377bc03abc12d9efd6a6057b6a8068e1c0d78eb5ea8a54d5d52c230626dd9f4b2ff161ac9d17dda991270ce17612c56b52c8adc23c017778aeed9a4d8f1e96e2cd2447783b8e9ca80f678749b48c7cd00590b3b9bd1bfcfe82e57b612889d8f9fa5f0c375e67d3480cd881a393ce30690c841d014ba04e96aa9526a9bc86ca35ebc4bf7fd86fbff92d8fb97b76772ff49fff6f5d43a4fa90865178e2d85d3b393ecf020b69bba1b65c8d773197db60a12244a8980d0a9cd445e4134f8a401c4b813e14300f76d62a25fe73a6860d790005733082056f30820357a003020102020900e69fcd1da395f8d1300d06092a864886
    EAP-Message =
0xf70d0101050500304e310b30090603550406130255533120301e060355040a0c174361726573747265616d204865616c74682c20496e632e311d301b06035504030c144361726573747265616d20446576696365204341301e170d3132303330383134343335385a170d3232303330383134343335385a304e310b30090603550406130255533120301e060355040a0c174361726573747265616d204865616c74682c20496e632e311d301b06035504030c144361726573747265616d2044657669636520434130820222300d06092a864886f70d01010105000382020f003082020a0282020100d3eb1fb917fd39578eeb97d1825ab99c826c9bab8f
    EAP-Message =
0x36eaa024842596cbfa775ac29a078a4dbffcb8672975c3360be599e79e282b76c133d091561c118294dce53ed7afd6c216b6a42b5babfd26b5d1743fd46a73c7d4e0e2f19775ad1ffda3dc526c29be5be8f951a5c4e195132e62e8b7084eb74d54f4f2b670ae7669582c3c42a69b833873e2bd4c8a4e25ad6db8762d943389ce3b876005d0d67384c1e1c45c14dccee08c93b29a8f7da340b6157b13b499b3678a7f96cc338b4eca643b3e91dd1e3bf6d67a39801e2fca2ba7e7463f7f4fe9f6f79dbb0e43d970386d0476f281f2c902f85f390febf77414946f0c632a3c084c0dbd26c212d20fabe73d32f7113d15e0b9fa6cb31e9b95821db543f16f
    EAP-Message =
0x3bfdcbbc791e2a734b645267a4d16f2906b48752285c75d749696c6094c7494216837c01f6287789977924590c132376dac76a59498020eea75d9f508a974b45051eeb3e71d8b48df1d98bf22424e05c33a9bab9de0556e5289805e58f663f30af7883a7b8a5e32b0fd314c40cb67bce2339adf9a908d226a5b338f74fa5db4a8504cea4e785c8f03d9acdd5a358bba70cbf1c633655e08a937305066d8cabb8198a0871acf035a412930d367c5222b37a819cff91947f986c55edff51b2380588ea734e453ef8c515f97c6795c8e25de79d25d9eb41e6683b6e24cebcb372c3f19321cfa7469870a6e410010a770203010001a350304e301d0603551d
    EAP-Message = 0x0e04160414baa2501fb648ce
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc751b81c1389e58c98036d07f
Finished request 44.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=151, length=199
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 0x020400061500
    State = 0x761f94dc751b81c1389e58c98036d07f
    Message-Authenticator = 0x9cf6a18d92fbce74c557c2aeec86317c
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 151 to 10.0.1.254 port 1025
    EAP-Message =
0x0105040015c000000c573f2efdfa4fee6ce894bef51ae1301f0603551d23041830168014baa2501fb648ce3f2efdfa4fee6ce894bef51ae1300c0603551d13040530030101ff300d06092a864886f70d01010505000382020100399fd531e7af489dc26dd1fb956d857530d63f1675eb72ed55f92fe4b0914f92335c418b3b1974e9f59da7b2ed57609f7afd99b4eed6efe8e7c736aef94f414e3348ee64d9433f2d484c011b9a7f43e5fbd97b37a2a7810e3ab37469f51264b5ede9a3e47bd60a7ed438b8bf2603c03b1290c0819b8f485f97e012029a1712e0b4adda8f6e69f409897c0e08f6484d80b92830a976115fc9a27b3701320e49849f1a17
    EAP-Message =
0x83fb02351233fdaf0597f648cc306f0e28502465193ef8665da49b84c15d4fd4cf32d2fb510907638fb6453b5176b1047366b9c9a9d4583e139d51390236be52f79776f1b0160439dfbf39d6b49ab6677034398d0c34c5d33db7d04298ea97f034aedcef56b0bef88ff3eae5a452f3e152e1883d05ca35be380bbfed2549f380e758ec5c9445651367443b2a1cdb93139ed7e944b6dfabd796e794ebf62b6755f54978f1a12911ad6f5bf358de8b210bccbfccccf5dfd1539ce1b85f478331a03df27b2c4d06b1a48fa708fab13acdb5e6c453825bbd47c6c06f3692a7fd3332eb5463a279bed9a3d3d3ed7205652df474cba6bb81d4337ae231b58775
    EAP-Message =
0xa63da01d1e050cdfd5895bd8c1606cad391c373badf0bb76fcb1a658ff1db760f65b6064adfdb33150537e839789cd430360b983908082d45abaecc38bde1179c83da08925438b7134883807cbd6f11f1ade5ef7b3c9cc19058ab4497ca706a6160301020d0c0002090080d0d6b54e7f02a1f12b53d11521a2df0f47df59ba4e72828003bc47d4fe2ca20295bde105d30e7455ad165507b5a71caa9e4dbeab3dd7442ca803afe3eba4e661dc2a84bc717ea92750d76c663186702f275656b7b31770f9492b41fecb7cc2e2365235bb45c188e5cdc8c77331912903f2d2c42f27e86a5146827964cd4b70ab000102008036dcbe879d2416c5eb1cf77cac
    EAP-Message =
0x73932f4176dd4e5a44a071d9c8bbe29698f1135ebd07b893dbdf58f5abb1c5b5d8cf894098e66428679cd39160bba67909cc88a1fbaa6d072b56df34e9131d764c45b0781c39d85ab6d1feaf164d9f103d2a33838735a6c09ebf0e2a0b2a0a47dc8d5cc82495db6e282c6175df054a1b07cf9f01006f8294da73d8931de354f423195a96a99b46ebc87ba4a3bafae3daf7ca6b625a061ec21a3ac17384107d0bdb64f91014edef701168e1819e9dba9cd20589abca5c87fedcdf68ed2244d8705138703ebb7b97e3fc37aff3b0d3bdf4358c9606a4f441576bd83784383bc42d48c19165f50bc2367451d2c83f9c5ad0904dd4d036312b6517804ab51e
    EAP-Message = 0x696b2fd0fd024afb51a530f1
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc721a81c1389e58c98036d07f
Finished request 45.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=152, length=199
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 0x020500061500
    State = 0x761f94dc721a81c1389e58c98036d07f
    Message-Authenticator = 0x4b0d6bf2e3c31ecba4d67a116f44cf08
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 152 to 10.0.1.254 port 1025
    EAP-Message =
0x0106007f158000000c57bcac2060ce3a7be3428c6509139a0d9f517755693f3d1e03ca4abcfc9f8c0c2a8cfc8c3a07321278d8adc562b3062800465fb4101e710b97d059e382df96beb1f02ea7bba99b9dfc64fc811e47624864d9c02960d032b88ad82c500bff4033b05b66b410940bf28b1ff46d7b16030100040e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc731981c1389e58c98036d07f
Finished request 46.
Going to the next request
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=153, length=401
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message =
0x020600d01580000000c616030100861000008200805c39448d5e1adc9473099da6f3b5e977eb4b6c228b42aa0025fdbdfc12e1e734c501144bbb819bcffa06e93063c8d81d2beb8b7bb708c8fecc30583848552f62b6cfdf03e4dcba79783aef1bcdc1ea35e508dbbfb0c686d2c77cd2a1f5ca6176136c69dc18eeddd88ec2cc148884fb6a1ab1c6f239dfa14d3bfcb099dcda89fe140301000101160301003063bdc079d511f15b530d36bc81f9f01f59d815f5145d98788c1e35dfb18d828361878373ae7a4f4608fe50e0071abfb4
    State = 0x761f94dc731981c1389e58c98036d07f
    Message-Authenticator = 0xfa7e5dc46932d17158f0fb5364793a71
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 198
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange 
[ttls]     TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] 
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished 
[ttls]     TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] 
[ttls]     TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished 
[ttls]     TLS_accept: SSLv3 write finished A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 153 to 10.0.1.254 port 1025
    EAP-Message =
0x0107004515800000003b14030100010116030100308bc073fb3c44054ff68892a215cd7ca55c5b7a696ecabcc664ded2883c400f5ec132d4d107271be3002b8018c09a77dd
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc701881c1389e58c98036d07f
Finished request 47.
Going to the next request
Waking up in 3.5 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=154, length=309
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message =
0x0207007415800000006a1703010020e277aca30a7252afb157379c5f561322e844f05a3f5e6e4aaa0f78f38a40ef4717030100402ce22f92eceaff1915ecb76561fce1ae518aaa3e26e9df62908a7a3fbd2c96c55430c8edf09840a9abe7cc15ad64c2d348f721b6874a0f125eed7cb83766834f
    State = 0x761f94dc701881c1389e58c98036d07f
    Message-Authenticator = 0x425f940358452267ee6fb7621b1f31ae
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 7 length 116
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 106
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
    EAP-Message = 0x0200001101303030303030303030303030
    FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Got tunneled identity of anonymous
[ttls] Setting default EAP type for tunneled EAP session.
[ttls] Sending tunneled request
    EAP-Message = 0x0200001101303030303030303030303030
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "anonymous"
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[inner-eap] EAP packet type response id 0 length 17
[inner-eap] No EAP Start, assuming it's an on-going EAP conversation
++[inner-eap] returns updated
[files] users: Matched entry anonymous at line 47
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = inner-eap
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[inner-eap] EAP Identity
[inner-eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[inner-eap] returns handled
} # server inner-tunnel
[ttls] Got tunneled reply code 11
    EAP-Message = 0x010100060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x8ffb87098ffa8a38ce217d93eaf46dce
[ttls] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 154 to 10.0.1.254 port 1025
    EAP-Message =
0x0108003f1580000000351703010030bcb4c7bdf42078e61e6f63f53e998ee0b34de3a872e2a5557c55e54a9504c220130bb0682513d40d444fdc662e6ae4a3
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc711781c1389e58c98036d07f
Finished request 48.
Going to the next request
Waking up in 3.5 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=155, length=421
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message =
0x020800e41580000000da170301002054f684ef417c190834493fa41656d4ab37a98c23bb2671afe611bc030bb3e50b17030100b0652320857a88f73b92201d3f52e5a5e56ae75e90be6cea591b2db17485cf858d634810a4c696a2c750a4dbeefc1bebfb13aefdc2bc74cad9a6875ba3a9ac9d7e89606c5d25d330ced0b3cea0da88bc4df72822f2be67757a600ddb8d49cfde1657f371886d6b1edcf3f66ac609aecbf2845676d2dac6adc5f843d2e7ca81503264a0baa0cbf36abd994758b4a22b088808c2ff870ca8376fcff6bd8a2a74ba102eeecbc229ba9b586c6ce264acddd0fc
    State = 0x761f94dc711781c1389e58c98036d07f
    Message-Authenticator = 0x3d8ebc1962b4e2ced1d627184f26397f
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 8 length 228
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 218
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
    EAP-Message =
0x020100890d800000007f160301007a0100007603015f12fd9e5afbeb33a851e5cf0eec68da09bcefef5b2dbb9d4d979f9cffc0c1a2000048c022c021003900380088008700350084c01cc01b00160013000ac01fc01e00330032009a009900450044002f009600410007000500040015001200090014001100080006000300ff01000005000f000101
    FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
    EAP-Message =
0x020100890d800000007f160301007a0100007603015f12fd9e5afbeb33a851e5cf0eec68da09bcefef5b2dbb9d4d979f9cffc0c1a2000048c022c021003900380088008700350084c01cc01b00160013000ac01fc01e00330032009a009900450044002f009600410007000500040015001200090014001100080006000300ff01000005000f000101
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "anonymous"
    State = 0x8ffb87098ffa8a38ce217d93eaf46dce
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[inner-eap] EAP packet type response id 1 length 137
[inner-eap] No EAP Start, assuming it's an on-going EAP conversation
++[inner-eap] returns updated
[files] users: Matched entry anonymous at line 47
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = inner-eap
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[inner-eap] Request found, released from the list
[inner-eap] EAP/tls
[inner-eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
  TLS Length 127
[tls] Length Included
[tls] eaptls_verify returned 11
[tls]     (other): before/accept initialization
[tls]     TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 007a], ClientHello 
[tls]     TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 0036], ServerHello 
[tls]     TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 09fc], Certificate 
[tls]     TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange 
[tls]     TLS_accept: SSLv3 write key exchange A
[tls] >>> TLS 1.0 Handshake [length 0062], CertificateRequest 
[tls]     TLS_accept: SSLv3 write certificate request A
[tls]     TLS_accept: SSLv3 flush data
[tls]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode 
[tls] eaptls_process returned 13
++[inner-eap] returns handled
} # server inner-tunnel
[ttls] Got tunneled reply code 11
    EAP-Message =
0x010203800dc000000cb5160301003602000032030152fa57ab2a2fd6841821e126ac6511783c3f3f168808dac332240be8a16b604c00003900000aff01000100000f00010116030109fc0b0009f80009f500047c3082047830820260a00302010202010b300d06092a864886f70d0101050500304e310b30090603550406130255533120301e060355040a0c174361726573747265616d204865616c74682c20496e632e311d301b06035504030c144361726573747265616d20446576696365204341301e170d3132303330383134333730355a170d3232303330363134333730355a3040310b30090603550406130255533120301e060355040a0c17
    EAP-Message =
0x4361726573747265616d204865616c74682c20496e632e310f300d06035504030c0673767239393830820122300d06092a864886f70d01010105000382010f003082010a0282010100b76170da326c4bcef5c64402d66566b7304e83d3ceeb33aefe0a63037d8441aa10bf72a2e011dc859f65f544bd2fc152e1476d62d0cd735d0f8cb6e47b4620438b9004e66f88504c7ffddeb11f27ee46ce0c2bd84d81db792252fa71d7a83408de900afbcfffd7251aa702a2345d7bc5aba0d762d6a2ad23af0098043482c8897b2faf91ab0f5d8312d5af33796884a4ce52e28cd3d345ea48113b2662c3c3081b1f634e3801b8e52fb6bc29c17e8a851b3fb44f
    EAP-Message =
0x88ead4013f140c10818a9cf80d1d9d5375d5552a403e71f10412774bfc835162ecd40bf7d98f8e1127a5be8a0bed7829fe0636f4f293537646ca4bea3d5152cf78cca369e58cb94b91e1269d0203010001a36f306d30090603551d1304023000300b0603551d0f0404030205a0301d0603551d0e04160414a099086e62bcbca450563c4c0d0d1a303c1ca52e301f0603551d23041830168014f4638fe7f1bcfcd00e02e0a3387e5ecfce60663030130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000382020100633588e4eaf0e4e090b8ff48b1ccf651af706f3d080149190166d2a325a01fa44360c26da30852
    EAP-Message =
0xbdb26b21401cf6d789c83d725c3affa9c7a2954349a249868c2c607b6a5b586dfcdf091929e9d15a0a1ecb0c6cd092cf7883d7ca795a5125a5ac1ca78f9f01cd3fc1d1d492dea54cba85a87bd087fcff5d7acaeafe8899a1523b63944eba4c1624833e9d93e8fb3092faebf5bc664c95719436e6c957019a91ede0e8e2fb3d39b0ec9e56810b19167a
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x8ffb87098ef98a38ce217d93eaf46dce
[ttls] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 155 to 10.0.1.254 port 1025
    EAP-Message =
0x010903df1580000003d517030103d08200aef0fb3b2f70d5ac4051ade8cd61c9ed710ce8797568fd055dc426630092062509afbe5dbcbfefec3c10de05aafce1439f9ecf1aa677e3e0053b0ce09f561c1dedd394f6ab54e88105caa4b1365b53b6f8d0b036e3ade1efcf4708a29a48c27b7663e7a8d841c156501e74d081168928572b50ce275827330c52195d23cf1c6b98af7fba74b5a502ddf1a0e10c655d02ca9246837e5f9879504b5b065e5d33101ac61c576c3558a37d3579d6d964352832d7c56fcdf3863a32892efabe0e138c6c89905c2f7f46f760b5f3b50c5304a142d8b6a20478660c6bd056a56ebef1496ea42417ebe48b1ff03a5074
    EAP-Message =
0x5853b1132680fa25d2ce3bb8e46d510b3a69fec0207d53ca69c9c991d489739343162e9a3d14c4acb2fba4991225d27eb5db98cbbdb868b253a78f0a78e0e53fa145a11d8ae163218d3e52ec84621e2bd02f0f0e966347bd1fb7b1a64f50924b06eaf81ef38ae9210e858095b02d94f9235dba866902718dacfc1db528166cf1db8adc84679762432c8eac56a21b1b0a4ff3cc7b6c0ce20d72cb103e251f00d8ae78994eb540fc4f085d365a16b25e88f60171120868661513967bfa531979a0cf019a7b1904178b2c16cc344cacaf611672d9112ebf35c82ac5dbb3e6fa0cbd498ab65a386f0e9eed8c4a90f92b309f5634534b64a0ce8e239362464d
    EAP-Message =
0x2f7083f241e625e7faf233fbd6724189aa28a73aa1b6ce292ea6378a54b495dd9652fbe666df1c9b1fb4ff74832825c26f3cb6ca807382a99ed3c53c1be97522f05310b0679a405aa60f78f6e09dbdffc811d90cdb2c72672d5691a8abeb25e07bfc1866737bc831d4084c8090499accd865b7662a9bc9def6d8605319a0b02db9755fb279ac09846240035d5467a86209c3ea1accaa89e68fa7b83be9991ec5c4087ac4346ccdcbbb1f152445df03c1fe495130548e56e9a59689f6d12ec302b9105bba91ec2612cfd2a9f0a90120f818b5a64ceb79eb38405edffa190a4d2064fa2c4dcdb6e322f6c2f88f5b98ff143b3870399e489b18a99056c820
    EAP-Message =
0xefe1e63df3af4ab06fb5ec72081e4bf1cf790dccb3da9a90360b7074c996ad70b2b7d0b40f0335dbe27d170c87c8815d5aaf6e9c452bfdd1753c7fa6d1dae36588ea8d850e7397df1a39a77a845f93c553936922e4f758e68451780b62942cc4e763e7b5805c8a78150d6658267da5c778be7ddbc5c4019d32d1304cf52e503d0c8816274736ad8a1c890364f9b2b8a3442895a06d3fcecef660638d6ecd01c27e2ce3bd88b4da14cbc9cb55f6473254e880587951fc7971a3a64cf5ed55eb2579003c5148bd5277873128afecf88af4c0e7ca22795b4dd5871d90938d2ae4a2e149a910a31d4044
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc7e1681c1389e58c98036d07f
Finished request 49.
Going to the next request
Waking up in 3.2 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=156, length=293
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message =
0x0209006415800000005a170301002008fbc5352c3ae3acc15cdad51302d1287863876898c671d62ed7e35bb05d89011703010030632c786d4a84019d484665bcb6f17f7b0a3c74dd64e7e19d8f7c8cf02778eccbeb377fe8c02a47c6e1590022aba6927b
    State = 0x761f94dc7e1681c1389e58c98036d07f
    Message-Authenticator = 0x5d251aa722847d535f92fe5ea2dd8279
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 9 length 100
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 90
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
    EAP-Message = 0x020200060d00
    FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
    EAP-Message = 0x020200060d00
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "anonymous"
    State = 0x8ffb87098ef98a38ce217d93eaf46dce
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[inner-eap] EAP packet type response id 2 length 6
[inner-eap] No EAP Start, assuming it's an on-going EAP conversation
++[inner-eap] returns updated
[files] users: Matched entry anonymous at line 47
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = inner-eap
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[inner-eap] Request found, released from the list
[inner-eap] EAP/tls
[inner-eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[inner-eap] returns handled
} # server inner-tunnel
[ttls] Got tunneled reply code 11
    EAP-Message =
0x010303800dc000000cb5f57cc0140449bae0b3f0fbe6feb4aa2119ddcf7cf9c82cb830b9d97943ae20c9a2c28df58e6a3cf9064d68203a73858dcc2455b827199199f2705a4f52c4931feb6a04496b15dcf9936996b90977167140475734fc8447b952a564dc73c2bd6a5146ead281a845b3046297845fb323fd7050a6d3f049d0d20dd2e22b980edb5da743adb1ca429374cbd34aa953ddc6615ca92f250ffc13d0ce8594d6e370e2961ed256eba43cba54fdce0a729b4fcd7de584f891ed4f799af530a855ef1c1862f4c9de40dde31369a15792a23bbd73dba235ddd74669ec807f48547f1422aba3bfcc89234c0fed5d151fdafb29b19829bbb67a
    EAP-Message =
0x281f561721450d5b3d03b983d73137fdff06ca0b3062f6a2a6e0286479c6f327ff54fc19a4fe0283c53d6cd151ccfd25e5e96cad3568119d2d711aec91291649709d77cea8abc804e673e4ec168a844b1312158c0eba53ac455e9d5cd20005733082056f30820357a003020102020900cdd24c0540e41aa7300d06092a864886f70d0101050500304e310b30090603550406130255533120301e060355040a0c174361726573747265616d204865616c74682c20496e632e311d301b06035504030c144361726573747265616d20446576696365204341301e170d3132303330383134333433395a170d3232303330383134333433395a304e310b3009
    EAP-Message =
0x0603550406130255533120301e060355040a0c174361726573747265616d204865616c74682c20496e632e311d301b06035504030c144361726573747265616d2044657669636520434130820222300d06092a864886f70d01010105000382020f003082020a0282020100c15110872e2e4a5740b2806926c2a8987dd7aab026b7ef0d2eff5321d107c6fdef6ba3e2380f7e7327ecdde1de555a61c300e738206831313edff00753619e76aac958bfcbabb6139aeed98a6b236c4877befb74390a7b73872cab14a974e3c039b97b98dde3cde395b74806a81ade977ec12bfa3d8796b175bc72556c62f3c6242eeb1fe0046f6ef423a48fb2151ac753c3
    EAP-Message =
0xe46525ec5715e8eb6cdc235e8c0c40ff219999b616a88feb3d878fa4ba057004dff8709d028fffe2e088f30b1102f873529a1422d612450cd062130ac1b13c1af3e52ef94d75583a494fc733b851109c0c8f1c03f9d96aa9eb7b3f4c31b342c9640c3df94e9bbe833f8dd984befb55e7bec0664efb09769b23cfe7b3e36a1088f03ec961981da5216d
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x8ffb87098df88a38ce217d93eaf46dce
[ttls] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 156 to 10.0.1.254 port 1025
    EAP-Message =
0x010a03df1580000003d517030103d03b00291e79190901cf469987a7f843defb8ed1a2e1a28d26c9ac28d35b5a2401cf16082c122634f17ea75d7c2063cee2d9c4ff8c41f2443bc4b5c7db2b6183e55a366799bb794955f7817e9811654251dc184e78a711f31316d385aaef27b24817dfa73e35656acf123cc069c428e6a59c51b04c5b5149bf0aae76530948b0a955338210a149c6d243549d0b1c8133df0e9a402e33fa8966a1948a0c0048f5ced07bb92a188feac85499b592a9214c9b032d23d86a169ebc55af408914fa1da79f8b9811a48a842e32e4a2b91d064d202de2433ca04bb7b5ee40831d76c5209e0d9238a5a9065eb42c70d52be511
    EAP-Message =
0xc5637c7db5d79acfe6b0b42fe7e8e6c4c6080ec9fc454b6ea79e22fd8133ae74ebd67b3db050f4d485bba4985987364ecebfe0f6f319a6a63fed6432e447eb4988acb2b52c7d75d646ca3b5cb9da52635f3203aca6596098280cdcd2fdf6bb53451efaeb1a59558e652163ac481308e42be15182dd8259eb3e6814c9d9ecd66d57bca4e583d5534f11cf7aa6941bae7bb7001b7c5c5603d7264e947043bd249d2026afc6bc1095c625939763fa8365561f29e7e2084f365c1974a5b70a669c2968d484036dfef6077ce4ce05261b13781eb3d796fa4e4362586022121340404ed1a0416ed362ffd448eae4b03f0934664221043573979292dda7bed81e
    EAP-Message =
0x332f25c746b9b4f65b20fdd93a6c725b11d386f63f1678b5c927c34e913a826dfa6c73fe8d75218c23911407b9b15312692ea347ca3b45e1d01961192d222e51cd0d9ce800d568ed4886965958bb92251c0b83ae51edceb85ddf8ed110eef39ca2cf5939b1ce1a8e935f19c5155db158f798448b48fa33c25bb1967b9f31535b433b16ce11c6136b88fcc8b657bb9244faba4c6a6f5fcbf935edc52df1071edbe780997fce75d82295894ed460591a82c27ee76964c5263b9af4d8b7280fa5afb4329a9ae26098143b8fc28cc4b8601298aec61746b40a5a16c9b9626a331fbb49d23ef0a4691821d4b06a6bf5ab2a8315dce58f50ad2847feff10fdcf
    EAP-Message =
0x94adbc038b6819ce53bc258897d6ccd6b9e6547c2a1180d5d10c97939ba69fcb0591c028c15710f191725400f21f4a1af3c4d9d39c6be5cf265f560faaf82f818f13599ef9e81e354621228e54b5bf693de42772c51521cd99b55abbec56cb067db505ab9b1c248d81e7dae882aa7d357e344b266c6b5b1030ac70551943efa6b08654b7864edc918f277cbe6d9b9da38ebc2888eec11b738744d762e48b52563ede85361d5af53232f4b2bf032f6f8517d0bce703401bee2640cc5c2eeecb271b96bff9be7c0f281391643bf366aeb9853ef2ccb14090cb98189d85e121967c4e034f7f3e0d09bb
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc7f1581c1389e58c98036d07f
Finished request 50.
Going to the next request
Waking up in 1.8 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=157, length=293
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message =
0x020a006415800000005a170301002087325f201a8ce28867d4d624b06f91bae623bfaf69e425181a12402cf3364deb170301003062d47d61e49b407e61440407c311ef5250d4b7cd4f16a8dc89d998737e1413276cab1bcc7eee5c5ca698364e7ac8e6b3
    State = 0x761f94dc7f1581c1389e58c98036d07f
    Message-Authenticator = 0xa2d396b72ed793f0a509ee0d8fd0544a
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 10 length 100
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 90
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
    EAP-Message = 0x020300060d00
    FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
    EAP-Message = 0x020300060d00
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "anonymous"
    State = 0x8ffb87098df88a38ce217d93eaf46dce
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[inner-eap] EAP packet type response id 3 length 6
[inner-eap] No EAP Start, assuming it's an on-going EAP conversation
++[inner-eap] returns updated
[files] users: Matched entry anonymous at line 47
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = inner-eap
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[inner-eap] Request found, released from the list
[inner-eap] EAP/tls
[inner-eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[inner-eap] returns handled
} # server inner-tunnel
[ttls] Got tunneled reply code 11
    EAP-Message =
0x010403800dc000000cb5ec415c7548aa7c51315941ee74c7c4e21124581dd8a3b7c4831877cbea385ce297c87149c7d1240f1d875875891bf1018a2be82bd839bf7516e693ae403bff49731aadbd295b96f062caef2565d0107954809f92d89b786787b712a0360efbe34c0c926a568550642de96d84940b2996b05873c2635786520315a3fcd9e79924f7b4b81d4ebf751ca81b810ddfed5f016bd0befadf29863d0ccbd4cdfccc3c3b69c831ef10e11b66b563c2f04a31bf743ee3896b2f052806fd0d0b21604023707f5cac625ca44f32b346d8f7def63c2ec1cdc75037bf8a82c3d26a8a0124010f7acb8d33970203010001a350304e301d060355
    EAP-Message =
0x1d0e04160414f4638fe7f1bcfcd00e02e0a3387e5ecfce606630301f0603551d23041830168014f4638fe7f1bcfcd00e02e0a3387e5ecfce606630300c0603551d13040530030101ff300d06092a864886f70d010105050003820201002aedad2a256b0fd6d3f11f74c30f1ed9652c8d82bff6779c09a32d6dea2fb9febd4525b7b3105b13967c3b5d5d61745264620c312d6fce405dd4ddfe4b72abe7e0d2c475b99133294a5cc91c4c328624bed219d73e62dd222b3a76f2de154114ae1e0b7fd615702ac7e1bbc30abf603258daa805479ebec4d0bea30599881df284a427dcf4396efda6122e65c265df815593f1224194deb4d4fe52d86337fd4e
    EAP-Message =
0x59331b5d3d0a40effc7d49a1a7860f7dc6d67ee31df8d30780f0dcf1353ef7b892d2da1aa70c436e9250dd9aade9ce5bcedc64cc959be7965ea227a8f1512e794f06e30e1294f314b6ae77ade19c0d73600259c4c7942204d7b58843bd9a65bb28657ae46cb4737c26a00421559de2e0e9613d29d20d30fe65fb2283b1d650092fbb8c62c5b091aec7fb64ff3c65487de63740c93c4adf2253abd0c4ae3afe09298ac0b468c0290130f3a1c08425dee9b7ca0004fbb32d5f4bba7a2517b130308b537fd0cde88c6cf035cc6c9581d2138c17e3187a6a926983dd64081680c56a57bd6696e18fbd28ab9a9ad54578d0bdeb1ffa28bfa39f6fd5acc6481d
    EAP-Message =
0x66beb3d335c77c76994fc91228198746f6133c9d3b435df2daae2a114bf7641b6298cbd23b52606c26832285ac539dfb2cfc362ffa520c374a44ad55584edb2505ecd417ad985065cc54a7a2bb4f5dc39f70bfc35fe207de3a79ed8c4bc4d30addb818160301020d0c0002090080d0d6b54e7f02a1f12b53d11521a2df0f47df59ba4e72828003bc47
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x8ffb87098cff8a38ce217d93eaf46dce
[ttls] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 157 to 10.0.1.254 port 1025
    EAP-Message =
0x010b03df1580000003d517030103d0c2fabef7808c1df30b72895545c41d2f0a433bbc1b792433fe42ecd0ca7cec555f0303f88eb9579944ac935f327322f2083da502c1ce24eef48be8c5ce900a351c8aa4475cadfac53880bfc96117af0c72e82a0a73d787af96e65ae4e232cd97c43e3bc4c599728af435def711e8aa3234d68a6d4211da252f47c7572aeed4e72421787148e9ee99803d7c5caf573a4bde4cb7f0245f5dbb381c6e1c74c3f5f99fcc1df77c9ce0292014c913104a6df483301e9cede488c6a5104db080b7f41271259c5eb92d9df5462f1e32d791e95837d8ce082b38bc12819128d783c28e50f98ea3ed200c5c89f37d49b1c0a5
    EAP-Message =
0x2b9f7b5f42c67ca3b352e70f90185a96ac4400acd727d7b08dd844dd53dde4e2f36f9ebc1cea9e6c4c3aa4895aa63574ef34e78aa02b18234286cd9d31ebb1cd185b36af1eefe9f3967eec66161ba4d0ea0be615356d528221c7f6ff006e9c185ff3d32b5fa0e82eeaff6c5b8c248964ddd29a1733c7301ca37c3f2fa7483e5eb4bf401b89c73beb6fca94e9d864877f683ed29b89dc6f357e3940d26f7db6a1a7c468b14323c4d1bc5490d70babd942d6931561a05ddd53b41e594efc1a00954f8c78de67a703accaa26084e578a4d0d81803eccabd4880a95f24c67f990e2b338c01dca7028a67a6469e3317234f7d0b6a8bace2c108226eaf451ad5
    EAP-Message =
0xb383a6a4c3c6027dc36f694d2e92cce86a36097d6f6792effbef8eeeb52fe6c25866f042529c2d6ef787c003445e484b089230636cd844254a8a19ea8da85ebf4bd9c02102f9b230adb924bba39c52af9910619cdd38f38a7cec698d6634ec7dbb80b1bd362f86207302c24423aecf64154ab944ab30600e0950cdddba836cc19fe7569dec7802ef86427bf21d8b3d02e320168d37d67d532a704eaf511428b3ecf858dd37af46f551712958b2d1962c93dd2f0190f821ba8525b9a005c1eb586b4a4f9cda5ea36a36a4ea01bad0ea36dd5c4b116cd6e72972214697858b58e52499da73fd721a61a6246111c0b331d6d2ca69b57534824527d092c53a
    EAP-Message =
0x0fdb6fdc12f292c0c1fca33064dd37d13c02a2cdc66b7cff911b0a3305ef883a161057f0e1fdab820cfddea475b06b825a6d7653e4c83216fa6c351609a8e703468800d319afc8ba4959b585ee6f81aa20086ad4ed663ca0283e369b1f40415b4c1f656504cdd2216e0e6bb1a61d8fb9cec0149ed2e74bb9727d855bda12d8e061e42c5f57b66ff921392ad24d2c28026c38f841ad332c82f9c83ba3d8108fc67725c944a0cdbb053fd8ff45a0e5b862fa9c3c69eecd3138f5dc476317b752f27ffdda5f9dcc7438fbe56c708126bb5c54b3f2b77f972c848770ed4b5e42ea5749464ec9bce46a85
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc7c1481c1389e58c98036d07f
Finished request 51.
Going to the next request
Waking up in 0.8 seconds.
Cleaning up request 41 ID 147 with timestamp +2390
Cleaning up request 42 ID 148 with timestamp +2390
Cleaning up request 43 ID 149 with timestamp +2390
Waking up in 0.3 seconds.
Cleaning up request 44 ID 150 with timestamp +2390
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=158, length=293
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message =
0x020b006415800000005a1703010020725c045571549f2efca53c13f5ecb4fb0b5175f64e5653b27887e4e78b25cef51703010030365526c1bf9f20fa9866f3c39857931108948794d84491a364880958d71ca1518e4686ee8fae0fb0cf3f1b2039de55bc
    State = 0x761f94dc7c1481c1389e58c98036d07f
    Message-Authenticator = 0xec5cb4cf863e261b285b3eebbc84a7b7
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 11 length 100
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 90
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
    EAP-Message = 0x020400060d00
    FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
    EAP-Message = 0x020400060d00
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "anonymous"
    State = 0x8ffb87098cff8a38ce217d93eaf46dce
server inner-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[control] returns ok
[inner-eap] EAP packet type response id 4 length 6
[inner-eap] No EAP Start, assuming it's an on-going EAP conversation
++[inner-eap] returns updated
[files] users: Matched entry anonymous at line 47
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = inner-eap
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[inner-eap] Request found, released from the list
[inner-eap] EAP/tls
[inner-eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[inner-eap] returns handled
} # server inner-tunnel
[ttls] Got tunneled reply code 11
    EAP-Message =
0x0105025d0d8000000cb5d4fe2ca20295bde105d30e7455ad165507b5a71caa9e4dbeab3dd7442ca803afe3eba4e661dc2a84bc717ea92750d76c663186702f275656b7b31770f9492b41fecb7cc2e2365235bb45c188e5cdc8c77331912903f2d2c42f27e86a5146827964cd4b70ab00010200809453f07e77c20e39e71a85f4e49bbede2a27540093957296fb7e8227ec1a5580d5f55935aeb36fd4897ae3b4299b93b85c1c2418b49537c8a46c1289ac6405d094c29130e302c1db50b6738feb776b01d0eef77e193020f1a989496d3cefec9797c47acf0889516ed8837c7fa88d2eb05c19b3714293b55399ccb3f09726c26401006c25e34d03f302
    EAP-Message =
0x01ba22522f7ac4028f28cc061a708ef9fa9507c656ad4c924b84984f412524fdcfa08eb619a386f5e9d9213494a8bc7409993cae4bd6b361174703b031056d7594b371569b45ad0d162a133e94705e637c966ff6d7887882bc17e73b250bc28ea1ba6e3aa890c1e9db3574e83cd28f5ad878748fc1175356de5eed25a66d7184503277dfc2e49bfa9db21161dd750a70d6c99c6dad9b349f9620e97326fcc22734b1704d816bbde328982af200b687298771977f99fbe407c98a9d909df26bca0a9928cda3676f46899766ac56cb5cc5e74c1c7d36b359b4b6728bbd4aee7243a34ce1008300eda5a24d0cfcdfe0138ebb56cb0e24a0e7d24216030100
    EAP-Message =
0x620d00005a05030401024000520050304e310b30090603550406130255533120301e060355040a0c174361726573747265616d204865616c74682c20496e632e311d301b06035504030c144361726573747265616d204465766963652043410e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x8ffb87098bfe8a38ce217d93eaf46dce
[ttls] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 158 to 10.0.1.254 port 1025
    EAP-Message =
0x010c02af1580000002a517030102a0100719a572f72047eca3918e647cd68db7b89845fc5032d1082f92a9f93e9c38ef5d40fc010a82a7837b8de2be1947054ab98f40051c23ead0addeeb47ee64f73146b54fa84e17a96d19d106c749f5c0f7d6b08bf1e54c997f60dc18bfccb527d7b1b80786168cf9bd600b687b09f169dc0a1ce35125ace3ce6c3e5fa1bd9af5c1a9bc3b84e0810aa698136fbcab9300bde56c9421194ced06283b4837e81b6e06496f675e5b5a2c426dc24649a1fa160f7904bebe4c9003cd691c3a5b511e004a980c2e965b5dd81b4dbb5fa85f64e1b496271a1fab20d9ac25a329b7d5f74cf3af7df94894c6facbd77e4a35c6
    EAP-Message =
0x6d2ff10eed956d67e597230cad0e01a0935cb2fac5d3d597625622bcdd1f1076b28be3295ab5b235c1c9770838a10c7094bc54d937529b6c6ddcfc831353feba5b358f502a3533e3efb92c326cf6ce3864c754a01cbff8c0aeb13e6c9c8e9ae98932e2825764ca2f8fad229ce4ac57249360b425ea3cc4fed7cff3dfba1cfec3dc7b7aaaa880832a8c3584556ae8e60bb067ebc6685d15064cd29642b5f5cfbf9d122bae67a8e119d3758d237e0478baa536eeb38c542071744af9a6213e13330b9b26acc4a55b50f1a9e80245d400b7a0bb272e7de3fd72b81a31189cde80426416b4f5e66b470ad4ca032541a870c8eeb60ff21013efbac257595425
    EAP-Message =
0x50ff0950ba7ebcb942a45d8fff2504b686aec981a32311389ad86583d754bc330fa774c24cbf2d544c5d0a9cdcd468711589d6ebfafcb110c66c1a7867df22a13d6029db0a45ae88e97d92c70a31f0d82c8777896d22f1c6fbb7a5be56dcb59e3dd084a3385a8ed4323cb842bbee7a83fe4652919fa687d71dd75b33465f6af8e75ef02aee28dfc556ca151e254c189b8705dd1fb5a55fd3578be18b5cefad41ce6703169b8789ceede74740ba0c200c9bcbd8cee7
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x761f94dc7d1381c1389e58c98036d07f
Finished request 52.
Going to the next request
Waking up in 0.2 seconds.
Cleaning up request 45 ID 151 with timestamp +2391
Waking up in 0.3 seconds.
Cleaning up request 46 ID 152 with timestamp +2391
Waking up in 0.3 seconds.
Cleaning up request 47 ID 153 with timestamp +2391
Cleaning up request 48 ID 154 with timestamp +2391
Waking up in 0.3 seconds.
Cleaning up request 49 ID 155 with timestamp +2392
Waking up in 1.3 seconds.
rad_recv: Access-Request packet from host 10.0.1.254 port 1025, id=159, length=1599
    User-Name = "anonymous"
    NAS-IP-Address = 10.0.1.254
    NAS-Identifier = "00:24:01:12:de:7a"
    NAS-Port = 0
    Called-Station-Id = "00-24-01-12-DE-7A:RADIUS_TEST_AP"
    Calling-Station-Id = "00-0E-8E-42-CB-20"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message =
0x020c057415800000056a17030100208f2d62933be444f56030a98ace30b40c340c0fba9465a773e844374eb5c3d10f1703010540f4dd89242a6133d2394798f08cb44425e7b66eb249edd2ac7d652cadedb3ced613182e9dce19b3b1a30b59ef06c2a26747cb9ecd94c31be2ca458853ecf1e131cb5c904b1680d34dea29c5702f38a3806951b803a48ae9ba3f295670a92966efa7201954b6c98433e43b1e4b9818677e569fb8474de71f7ea02f98ba1e27da5226f1db156318f9f55ffabc8997ee20512b7a2eebf19eb1fcabbbd4718bdfa47971f3c0c88770822241a2d797cd48b93357a4982ad7eb2c0d26ca1d446c578e6f6f7271979e536c48ea
    EAP-Message =
0xa5c8005057fad34851362037cea053e9e8a1af55365d01418a5029780a1e65763c3f0fe398fff6ceaf0e5b5ff11a0c5bbe2466e3fc2376e5703cdb9ee1e88b61069c23d05884f96de23ecd58065027aa2a799556dcce888c24c1aa35b36cee4d3bc7e8f055e30330c8773ad75223131e4e87f3f4417503aef5ed27dbbfe0c8496b8344bdc8175527af7f665e041ae714bad49de730bd298dfd8d6d02895fa266b0af94a4d7d18e9e39764ce68ec055616dc210b12513721b7b90e48f4d12e8d5ae2f88de562f6dc3e5ee97dfad2f05d18043fb401defda59742d6feebd20641de09ff200a6a04c71e3cf3e073e5004166f4077d6338fc4d5d2ba3513dd
    EAP-Message =
0x50d0d76634be5f4886eeaaea789ec0f4cdd39b6eac6d734f8cad6b82c886c25d83e3ea29fb997321a11fd21d4a1305203aa1942d70b8b41442893fff1163c405c524bf208a99a475217d94929089c5dd41295f5b495ddabce16eb3f7981f7ab0206402503ecb8928b942e2d84d3a53867eb3af5d0827399a4dec4cbdbbd7eb8d62ab766365bb48ba17653b677e7be1c4ded600d125190192e071b7018d34870ecdaed9c99cd68cfc6ed5afb833c285d344a945f8fbd918ba9e14ab3f30d452b23fefb12b4640bdf8f0033634090bf082122b739dc9710ae54123ed30642f95c595fbcc6ab51eca133ba9c5f7cbf330e7be996b4cbc96175d4942a23ff6
    EAP-Message =
0x2419e601c44cadcc9dd56d3f37da7f878e7d9218c172c079cc59f45e950c65a197777b8748993fd4d019cefb3e68df6b5f8e75801cba63ed00a99444899e43dcdbfd8ec0928948f419dd0c7d20b04747d7b6eeec0b2c48f798cb4d4f46bf2eadad7ce0b1c319023bee64b9160a83fab28fd5098037f1472d428dce61b64f80bc351355a58aef5b692473a5281fbbc5e8ec5c4c749afde522c33957b88529829d053f040052256d6dff7728d3a924acc12691eb7548a123819a0dce06467f5578c05d24f46e6e5313d95db48848009fa37137b8aa3ba13fd1082eb487a8321ecd7fa75c8b3efb3623bf2ca91b6556b67c8a345440196c5f2990de161433
    EAP-Message =
0xfc17ea4fb385c1b1e7b82e0ddfc72b55db07116719e19077f5e1fff992a04700dd222efff91d52ea1a8df6ecc05bcfe9e42148a162ba0d2b0d224872ee2adfed1c94ed5d5052c14f5a17df542e80044797fea0b8f9f48f91639c079a999cf7a855c1043948aafbf8b57e44094c1701c8eea57f2a4ad49f54f59c001f19fa37ec3a8ef69408bbe38c5bbed07f4da54f67d14f5ad80bf59d329deedc658b99d07a86c07e0ddae4ff73be5a5aadee874954827bde51bd0d9941aeb6c50adce24e59a4f18abb7e671e2246171fcdce76228b590134970be9b9a2740f525e4222ee56cf2c6045b3bcdc66bcdc18040487a2c08abb92cc11a8e43ff14fbbfda0
    EAP-Message =
0x17fa4a9ebaa1f14b16cfbcfac1ecca4aff4900d99b1580967a27b3dcf829e2fb1e4fd3a44e4d2520d9aced20be7964e25c2189ded39a529813d7d48839fbc945bc5b0c3a9a9918fb5eaab44df82da22a75b563e725888c8cd98732380b1acf03aaff2d37a5811435fc144961638292b431097e5748651833cd43fc744a390b293b51ff
    State = 0x761f94dc7d1381c1389e58c98036d07f
    Message-Authenticator = 0x50fec34474bd5ecc650245b062713045
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "anonymous", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 12 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 1386
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] WARNING: diameter2vp skipping long attribute 3005705648, attr
[eap] Handler failed in EAP/ttls
rlm_eap_ttls: Freeing handler for user anonymous
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> anonymous
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 53 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 53
Sending Access-Reject of id 159 to 10.0.1.254 port 1025
    EAP-Message = 0x040c0004
    Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 0.1 seconds.
Cleaning up request 50 ID 156 with timestamp +2393
Waking up in 1.0 seconds.
Cleaning up request 51 ID 157 with timestamp +2394
Waking up in 1.3 seconds.
Cleaning up request 52 ID 158 with timestamp +2395
Waking up in 2.4 seconds.
Cleaning up request 53 ID 159 with timestamp +2397
Ready to process requests.


-- 
Greg Huber
Embedded Development
Carestream Health



More information about the Freeradius-Users mailing list