EAP-PEAP drops attributes
freerad at spambin.de
freerad at spambin.de
Sun Feb 23 02:14:11 CET 2014
Hi,
I've set up a Cisco WLC carrying several SSIDs authenticating against
freeradius using EAP-PEAP. I would like to make it so that specific users
can only connect to some SSIDs.
Requests contain the attribute "Airespace-Wlan-Id" which contains the
numeric index of the SSID the request is associated to.
I have therefore set up my users file like this:
test1 Auth-Type == EAP, Airespace-Wlan-Id == 2, NAS-IP-Address == 192.168.225.110, Cleartext-Password := "test1"
This, however, doesn't seem to work as freeradius seems to drop the
Airespace-Wlan-Id attribute while processing the request. As can be seen
in the debug trace (debug_fail.txt), the user is being matched at first
([files] users: Matched entry test1 at line 173) but isn't found later on.
When I remove that one check from the users file leaving
test1 Auth-Type == EAP, NAS-IP-Address == 192.168.225.110, Cleartext-Password := "test1"
the request is being accepted (see debug_ok.txt).
The reject is clearly coming from freeradius being unable to match the
request against the users file therefore being unable to get to the
cleartext password, but only when I'm checking the Airespace-Wlan-Id
attribute. However, as can be seen, the attribute is present in the
request and the user is matched at first, even for the failed attempt.
This is freeradius 2.1.8 on Ubuntu 10.04, I'm not using inner-tunnel for
EAP.
I'm clearly missing something here, could somebody point me in the right
direction?
Thanks and regards,
Bodo
-------------- next part --------------
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=204, length=216
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x0201000a017465737431
Message-Authenticator = 0xe6779e106762bcbc7fc6bd6cc8085350
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry test1 at line 173
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 204 to 192.168.225.110 port 32770
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7713961f0cae58d860d864cbf
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=205, length=230
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020200060319
State = 0x713b6cb7713961f0cae58d860d864cbf
Message-Authenticator = 0x2129c09897a63325a77232a341d016f6
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry test1 at line 173
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 205 to 192.168.225.110 port 32770
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7703875f0cae58d860d864cbf
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=206, length=329
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x0203006919800000005f160301005a01000056030153094435e1248bf43acb9364d15157f38ef20afac3c1ff459e173e79430de30600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
State = 0x713b6cb7703875f0cae58d860d864cbf
Message-Authenticator = 0x3c7203091e2a767e2cd46fe3429c3f66
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 105
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0035], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 07e5], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 206 to 192.168.225.110 port 32770
EAP-Message = 0x0104040019c0000009bf16030100350200003103015309441f92c4d6c0f0c41a2b133d59349ec24f1e3dd2365034a56a603d3fbe2c000039000009ff010001000023000016030107e50b0007e10007de0003df308203db308202c3a003020102020102300d06092a864886f70d0101050500308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e6574301e170d31
EAP-Message = 0x33313232353132353235305a170d3134313232353132353235305a308193310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e65743110300e060355040b130753657276657273311a3018060355040313117261646975732e62656c6c75742e6e65743120301e06092a864886f70d01090116117365727665724062656c6c75742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100cb4786994b449b8a9c5bcf4798b27e4ad8604540a13fc83f8eae0ffdd85db353ce4e8472c92c4d4e01d3f2
EAP-Message = 0xbf0b9b29d8fbc0373ed56483bed82efcea87f6086d448778cc9e1073fcc86fc1fa7809b1a9580a48fb9e580aa9d6f7ef1010566bcfa964997a00f54dae27e42efa13a965e4d0a84fd7a9509b00d39c0e1b811a69dda3630a512b28854a4243c1704e18e9702c50fcc81172160c4a6c27c69fa5b68842df779bf33a002fc0bc4d3284f109ddd447620f6685d0e0d6edcaf58a3fe4690996d26f11cdebefdd52ca4173db81458796fcdc0a781e483abe534e618410b35be42622cbc424cccd4445467b158da33aa2acb9cbd14318f2d791a3192463390203010001a3483046300f0603551d11040830068704c0a8e10730130603551d25040c300a06082b
EAP-Message = 0x06010505070301301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d0101050500038201010018341317f2fb362959dfd6de7f954c4851ca93f3e956c9b7a0caed3b9d68237938b2186dc4c15e5df5bc8e22ab3a3ab7605397436bfac31c78ccace423d8cbffcb1929d1d7e86455b28303c01bd12d017d10a4d38b7de95284a92cca07a91ce482d4e3d639bf36a246c2738ae77b37d3d04bcd9ea38053b7c4b44475f069a842fa5540083adb97c92a0636af5431170e528798c21c893afa0ca7fd6f171db091ceda1c1dde6c3c53cf3ffa74e5452373f2a4420a86ec51835f1e90f0ea942f6aa113
EAP-Message = 0x8a8816c7284801c65782ec34
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7733f75f0cae58d860d864cbf
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=207, length=230
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020400061900
State = 0x713b6cb7733f75f0cae58d860d864cbf
Message-Authenticator = 0x8d8cfbed14bd8616d67cf97cce1e9356
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 207 to 192.168.225.110 port 32770
EAP-Message = 0x010503fc1940813bd4a0af69f6c42454671ef43d861815c7161169b4a5134dc29b7c3a94dd00fd374389bea7bc26fe9c92ae0cd5010c1ea50003f9308203f5308202dda003020102020101300d06092a864886f70d0101050500308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e6574301e170d3133313232353132343531335a170d32333132323331323435
EAP-Message = 0x31335a308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b5f6d60368abaf2d893b6e578414b7b12b4e3a9c02ef11684aca9c09fb6741c4e37bbea9fa05ec634687190cfcc155c78e0ce51d8dd42ccf895277ea844792af5f1f36e9ddca12a0c4c29467075f5441d26b30
EAP-Message = 0x31fd6b25bb7b27ca59ffeeb8656b4d4ae16027a3788cf65d6e602b148de9c52e72534acbc0e5d290f50981e3243ff5df6a6518bee07ec4174b669e3691ac28e456aac6a6fd92023a96642f579d176b2f7288f30fdad59077c876ca656d569b6f322f3644e031af8a4327ebe17c00bc9231be001bce462e00620cbb5f0b0966870cd900644ea82cd85f6a780cb22c887fb9bd1c91a9920c1fb5708326817e43a49473df27d1d2f111693e70b4610203010001a3723070300f0603551d130101ff040530030101ff301d0603551d0e04160414ca807faad8496bfc2e9e6dae67d105c2ee04c8d4300b0603551d0f040403020106301106096086480186f8
EAP-Message = 0x420101040403020007301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d010105050003820101002e6a0e584cce19ea36b2293a4ed18adc6bf8fd8d2bd273e419fdb13eeb1cd1c7b41de06ae30c1d2ce065e9ad2378a31e61902f58eed22a1b94802412b4767d13487853ad39c273323078dc8cdc07b99b3b4f7e28d3b47737295b98f91c3056e0bf4612be71c3337a0413bf12c2630de3099e4ebafc00db4925c6a887ed1d263d262ad717937870858f541f47b40d4e9d523cc25cac618235bc9d1719cf887edc3573df9e582762aac4a55fbfbb78379adea421b06693723ab6fb784bd348059e
EAP-Message = 0x29d4893d8c42aaf9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7723e75f0cae58d860d864cbf
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=208, length=230
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020500061900
State = 0x713b6cb7723e75f0cae58d860d864cbf
Message-Authenticator = 0x78a3af4863a48fc287b3afb1c3107e38
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 208 to 192.168.225.110 port 32770
EAP-Message = 0x010601d91900f5c2e96a0e9664f74a459562fff56b31552daba5b018fec2d3ab1501bd59526690f0cdf38dfb482c3c97b864151bd5db3d126dddb3d63fc6160301018d0c0001890040e2fddb80f2668b34eb9f1f6651f13e17d9ec405e7497c6f572b16233384711d07b758ba1282ef87b3550e73fe299b0c2794757ba89ba148c626bac5ab5df02e700010500403b20b8fd4c2a4405bb808df8d72b29be7ca0fac2bedfa5e50ad58d739056d2dc818a726ed56e06605ea93d5ef130e05e53bd5e446b1e7225238e45e706f308d201004a178aa45739683acf13a7cc77f1f2880e12fb871b84be2f37436fa6b877e0f557af543c58abd636f4c4ff09b0
EAP-Message = 0x787c544da7acc3aa21481d6adc15866528a0e333fcfb2acf7a668f903878cf933765081e29ce54246bb163c75fa64e8065718a82b21b173c1167326d168f79806450da87f8d086404445f4fda1c9cdbb20130e147a4fc0cd01bba791e63c8da2b569e34e9c3a602130e69b611f8f454cc926bccf78ebc8782005b048148ed1aaad6ff3292629082ff24c3998cf260eb1de779a258ade6cc56509d695f7132de8bc2414ff6e8deb97e6a172518df4199e9a3d829faeb28acfca2adb41ec27ee9ba951b2f2d010d983a79d01788fc63caf6ed8a416030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7753d75f0cae58d860d864cbf
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=209, length=368
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020600901980000000861603010046100000420040af24aec814fdac1c7f09f5fb00d35c100460e36dd5bee0babd122d88d680b7964517ee587a6d33de2067b308162bcc5f1e76c049c066f046f7ea392f31cc65c9140301000101160301003064eaae1e5c1db05fc2757f6d21763a098748410e46295ba4f74c7fef5c41ea3409a7ea26691fb88c9041a0cbea4c54f2
State = 0x713b6cb7753d75f0cae58d860d864cbf
Message-Authenticator = 0xbf33182e95ce257e82f839fdbc3c05fc
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 Handshake [length 00aa]???
[peap] TLS_accept: SSLv3 write session ticket A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 209 to 192.168.225.110 port 32770
EAP-Message = 0x010700f0190016030100aa040000a60000000000a07b261dc6bacf562c69d34b96fe5777daa39c3bbe2681c7b4c8199aad49579c47205a059c759fe5a6bbd2c45c1989a9c7d95b8609d9a6af24d822bc4ee8188135e987950495866b04590cb8da887c139774affe086438faa50845d695fb9b294153c86f167510bec452e8d52c7fad99c10c20a9c3f6b18d132b15cc01da53bb829a392119bc503ea25dc940911498cd945323989890623649bf207e7a14c3416014030100010116030100309714be978904215117ed406481b6b3e741d68012f2807ed6b1591f606d5e0485b9cec55f381556c75f614dacbda64dcb
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7743c75f0cae58d860d864cbf
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=210, length=230
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020700061900
State = 0x713b6cb7743c75f0cae58d860d864cbf
Message-Authenticator = 0x5cace8eb6cd014c3cfc73b31efd1bdbc
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 210 to 192.168.225.110 port 32770
EAP-Message = 0x0108002b190017030100207b311514c36dd13d9f20da1c3b1a9f26abc727168a424cf898a8ff3c951a0606
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7773375f0cae58d860d864cbf
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=211, length=304
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x02080050190017030100204645a30a5b06899ca2f5fe0ac3242e90ff526141edb80a019c4fd3115a451476170301002008bcd16f248aeafe2b7d3d58509712b7ae2256bfe374eb1a41a68c2c821746d6
State = 0x713b6cb7773375f0cae58d860d864cbf
Message-Authenticator = 0xe470a09584fd82372493a924070d5d81
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - test1
[peap] Got tunneled request
EAP-Message = 0x0208000a017465737431
server {
PEAP: Got tunneled identity of test1
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to test1
Sending tunneled request
EAP-Message = 0x0208000a017465737431
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test1"
server {
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
EAP-Message = 0x0109001f1a0109001a107d6d0e2befe8963f7f0fd38ff6f049767465737431
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6ad1a8676ad8b2489a3b38f793f59205
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0109001f1a0109001a107d6d0e2befe8963f7f0fd38ff6f049767465737431
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6ad1a8676ad8b2489a3b38f793f59205
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 211 to 192.168.225.110 port 32770
EAP-Message = 0x0109003b19001703010030ca3cf317ad166dcaa8ab4913405925acc25203a96f952fb7022150c06d11d32d1b61bcb71c6de9af454c2818ee731ed3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7763275f0cae58d860d864cbf
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=212, length=368
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x02090090190017030100205fb0a58ae2c8142015c882adba079b1b788dfe6c5e64e4316a8582be142b517517030100603ff3511ba6f4c8bf3b15c3b102891adcfb23a8a3c5ad51837ebcea6b764f3103b451d438f869fbea7ee670057862fa817c9ccf7c67b27e491cff386bda5f3533641c264e525489d3dedca83ccdf48114031995694ef361b6812d5b6a2fff230f
State = 0x713b6cb7763275f0cae58d860d864cbf
Message-Authenticator = 0x2d9b585c9608b9155a30b1c646c1f6a6
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900401a0209003b3178e098e04f02b236fcead04fa2581f6c000000000000000074ba9accfcfd5463c735b9fa7754afa73946d70befda06ec007465737431
server {
PEAP: Setting User-Name to test1
Sending tunneled request
EAP-Message = 0x020900401a0209003b3178e098e04f02b236fcead04fa2581f6c000000000000000074ba9accfcfd5463c735b9fa7754afa73946d70befda06ec007465737431
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test1"
State = 0x6ad1a8676ad8b2489a3b38f793f59205
server {
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for test1 with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
expand: , NAS: %{Calling-Station-Id}, Station: %{Called-Station-Id}, Auth-Type: %{control:Auth-Type}, EAP-Type: %{EAP-Type} -> , NAS: , Station: , Auth-Type: EAP, EAP-Type: MS-CHAP-V2
Login incorrect: [test1/<via Auth-Type = EAP>] (from client wlc port 0 via TLS tunnel) , NAS: , Station: , Auth-Type: EAP, EAP-Type: MS-CHAP-V2
} # server
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 212 to 192.168.225.110 port 32770
EAP-Message = 0x010a002b19001703010020aec406619276a3ef6571f01c389b526fdb889ede26e9742e3fea6f76ab33ae51
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x713b6cb7793175f0cae58d860d864cbf
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=213, length=304
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020a00501900170301002091118076fa001246650ff83152af2a159afb8b0a7e4e555cc392bd2ed6f2b23117030100208997b7163c58f5ce62bd7c5562860740f0c16c27b84a87a35e205065dd5eba0c
State = 0x713b6cb7793175f0cae58d860d864cbf
Message-Authenticator = 0x133ca2631afa245d0ae92223e33800db
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
expand: , NAS: %{Calling-Station-Id}, Station: %{Called-Station-Id}, Auth-Type: %{control:Auth-Type}, EAP-Type: %{EAP-Type} -> , NAS: 00-0e-35-0b-fa-86, Station: 00-23-eb-38-c0-b0:iLAN, Auth-Type: EAP, EAP-Type: PEAP
Login incorrect: [test1/<via Auth-Type = EAP>] (from client wlc port 1 cli 00-0e-35-0b-fa-86) , NAS: 00-0e-35-0b-fa-86, Station: 00-23-eb-38-c0-b0:iLAN, Auth-Type: EAP, EAP-Type: PEAP
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> test1
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 213 to 192.168.225.110 port 32770
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 0 ID 204 with timestamp +14
Cleaning up request 1 ID 205 with timestamp +14
Cleaning up request 2 ID 206 with timestamp +14
Cleaning up request 3 ID 207 with timestamp +14
Cleaning up request 4 ID 208 with timestamp +14
Cleaning up request 5 ID 209 with timestamp +14
Cleaning up request 6 ID 210 with timestamp +14
Cleaning up request 7 ID 211 with timestamp +14
Cleaning up request 8 ID 212 with timestamp +14
Waking up in 1.0 seconds.
Cleaning up request 9 ID 213 with timestamp +14
Ready to process requests.
-------------- next part --------------
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=163, length=216
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x0201000a017465737431
Message-Authenticator = 0xb90195029b921958a00cc07597321b1a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry test1 at line 173
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 163 to 192.168.225.110 port 32770
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42e5fc2fc68d9b1c1b731a3ad
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=164, length=230
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020200060319
State = 0x2e5dcfd42e5fc2fc68d9b1c1b731a3ad
Message-Authenticator = 0xb26636237cfc81fff3a1b9e71d44cbb0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry test1 at line 173
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 164 to 192.168.225.110 port 32770
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42f5ed6fc68d9b1c1b731a3ad
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=165, length=329
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x0203006919800000005f160301005a01000056030153093eca13210ef22f6f9667549eb4483091ae60ca4a4a4e5e7d8997e173949800002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
State = 0x2e5dcfd42f5ed6fc68d9b1c1b731a3ad
Message-Authenticator = 0x85563f2a3b7f6e328311ff6c8e7c9acb
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 105
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0035], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 07e5], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 165 to 192.168.225.110 port 32770
EAP-Message = 0x0104040019c0000009bf160301003502000031030153093eb3b98f5f583d94927a6ce0da3de3047c9890766b06d94feb8ef90c4020000039000009ff010001000023000016030107e50b0007e10007de0003df308203db308202c3a003020102020102300d06092a864886f70d0101050500308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e6574301e170d31
EAP-Message = 0x33313232353132353235305a170d3134313232353132353235305a308193310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e65743110300e060355040b130753657276657273311a3018060355040313117261646975732e62656c6c75742e6e65743120301e06092a864886f70d01090116117365727665724062656c6c75742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100cb4786994b449b8a9c5bcf4798b27e4ad8604540a13fc83f8eae0ffdd85db353ce4e8472c92c4d4e01d3f2
EAP-Message = 0xbf0b9b29d8fbc0373ed56483bed82efcea87f6086d448778cc9e1073fcc86fc1fa7809b1a9580a48fb9e580aa9d6f7ef1010566bcfa964997a00f54dae27e42efa13a965e4d0a84fd7a9509b00d39c0e1b811a69dda3630a512b28854a4243c1704e18e9702c50fcc81172160c4a6c27c69fa5b68842df779bf33a002fc0bc4d3284f109ddd447620f6685d0e0d6edcaf58a3fe4690996d26f11cdebefdd52ca4173db81458796fcdc0a781e483abe534e618410b35be42622cbc424cccd4445467b158da33aa2acb9cbd14318f2d791a3192463390203010001a3483046300f0603551d11040830068704c0a8e10730130603551d25040c300a06082b
EAP-Message = 0x06010505070301301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d0101050500038201010018341317f2fb362959dfd6de7f954c4851ca93f3e956c9b7a0caed3b9d68237938b2186dc4c15e5df5bc8e22ab3a3ab7605397436bfac31c78ccace423d8cbffcb1929d1d7e86455b28303c01bd12d017d10a4d38b7de95284a92cca07a91ce482d4e3d639bf36a246c2738ae77b37d3d04bcd9ea38053b7c4b44475f069a842fa5540083adb97c92a0636af5431170e528798c21c893afa0ca7fd6f171db091ceda1c1dde6c3c53cf3ffa74e5452373f2a4420a86ec51835f1e90f0ea942f6aa113
EAP-Message = 0x8a8816c7284801c65782ec34
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42c59d6fc68d9b1c1b731a3ad
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=166, length=230
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020400061900
State = 0x2e5dcfd42c59d6fc68d9b1c1b731a3ad
Message-Authenticator = 0x42fa0b83378f3ec7b70c0e9b899ec15f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 166 to 192.168.225.110 port 32770
EAP-Message = 0x010503fc1940813bd4a0af69f6c42454671ef43d861815c7161169b4a5134dc29b7c3a94dd00fd374389bea7bc26fe9c92ae0cd5010c1ea50003f9308203f5308202dda003020102020101300d06092a864886f70d0101050500308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e6574301e170d3133313232353132343531335a170d32333132323331323435
EAP-Message = 0x31335a308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b5f6d60368abaf2d893b6e578414b7b12b4e3a9c02ef11684aca9c09fb6741c4e37bbea9fa05ec634687190cfcc155c78e0ce51d8dd42ccf895277ea844792af5f1f36e9ddca12a0c4c29467075f5441d26b30
EAP-Message = 0x31fd6b25bb7b27ca59ffeeb8656b4d4ae16027a3788cf65d6e602b148de9c52e72534acbc0e5d290f50981e3243ff5df6a6518bee07ec4174b669e3691ac28e456aac6a6fd92023a96642f579d176b2f7288f30fdad59077c876ca656d569b6f322f3644e031af8a4327ebe17c00bc9231be001bce462e00620cbb5f0b0966870cd900644ea82cd85f6a780cb22c887fb9bd1c91a9920c1fb5708326817e43a49473df27d1d2f111693e70b4610203010001a3723070300f0603551d130101ff040530030101ff301d0603551d0e04160414ca807faad8496bfc2e9e6dae67d105c2ee04c8d4300b0603551d0f040403020106301106096086480186f8
EAP-Message = 0x420101040403020007301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d010105050003820101002e6a0e584cce19ea36b2293a4ed18adc6bf8fd8d2bd273e419fdb13eeb1cd1c7b41de06ae30c1d2ce065e9ad2378a31e61902f58eed22a1b94802412b4767d13487853ad39c273323078dc8cdc07b99b3b4f7e28d3b47737295b98f91c3056e0bf4612be71c3337a0413bf12c2630de3099e4ebafc00db4925c6a887ed1d263d262ad717937870858f541f47b40d4e9d523cc25cac618235bc9d1719cf887edc3573df9e582762aac4a55fbfbb78379adea421b06693723ab6fb784bd348059e
EAP-Message = 0x29d4893d8c42aaf9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42d58d6fc68d9b1c1b731a3ad
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=167, length=230
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020500061900
State = 0x2e5dcfd42d58d6fc68d9b1c1b731a3ad
Message-Authenticator = 0xf5dfc8fbe204f58f325e4c78b83fb67b
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 167 to 192.168.225.110 port 32770
EAP-Message = 0x010601d91900f5c2e96a0e9664f74a459562fff56b31552daba5b018fec2d3ab1501bd59526690f0cdf38dfb482c3c97b864151bd5db3d126dddb3d63fc6160301018d0c0001890040e2fddb80f2668b34eb9f1f6651f13e17d9ec405e7497c6f572b16233384711d07b758ba1282ef87b3550e73fe299b0c2794757ba89ba148c626bac5ab5df02e7000105004067bee532813bfe701590cf8aee486c1ae3e2054062cdea4961555c006ad6e430d233828bc8f8e57d102a8ce1a38a3129b9750df44d6065ee5de2047eefc310de010084fcbf36cdb9f14f11800d450b0a1645df329088c5aa2839853447f00f531f16c659bf1de3cbad37254783b374
EAP-Message = 0x55796dd44c5bf06024b01ed42f4d343a44be52851d57c1a6e5bff1c8e8dcd3d68bfe92f4fbbab92bdb183a807584d51426ed3f36eb59e86ebd65294c19e0c9e8ebbef43fe84010c0b7e6338c1065c838f3ac672b6a442974dbf1597536f1d439428af79e8c2c0540242b7cd2cb132ddec274ecb6e4a69fac008a4abef193c242c658fd97a7bf618d4eba62dbff9a7f3ccdf0f6552678c24bc507d84d19554dc4a86c0ef0fb99532a8823f2bc45c207cf09c29cdb21e1b6dad2804a33df7d91ba4e7fd8b67de2ab5ff5420169f8e56caf5292a816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42a5bd6fc68d9b1c1b731a3ad
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=168, length=368
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x02060090198000000086160301004610000042004044417554633bc710ba9e6c07d88fc0d44b3c44ad50e8cd488f1384bb94081a1c355cbb08cd830fa68a05eb6fb4cecab1c48fd6096e2fc7b3f93f115aee70eed814030100010116030100306095afce87927614e2827144c9af26f4b5e811836c36da814f35b2ee002767f9b76d8b749377ffe56d14a6dc0db71832
State = 0x2e5dcfd42a5bd6fc68d9b1c1b731a3ad
Message-Authenticator = 0x6ddfbdbe9118c17f0a61f7433e6304d1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 Handshake [length 00aa]???
[peap] TLS_accept: SSLv3 write session ticket A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 168 to 192.168.225.110 port 32770
EAP-Message = 0x010700f0190016030100aa040000a60000000000a0e9d0f40f470d6269ccc0015c292dac935370afcbba5bcc50c5fd5e767ce89a7a1cdc8a963d8403c29ea3b4271a7945414556f0102e50055830c630878e3d7685dadc9fe592f0259e698973a79f3a4203e82a0ef0dcc18210868caf579831b6d020d3d4104da31d9187d8cea689ee7a4afd420a7b844f33024bae52ce143444ce38e6850c177e5967629f96bc40f239b15c6bac5d463b66c5277b64912f50a16c1403010001011603010030180f735edfc69c90d060a34891f69d0fcb216c3cc2d2ba8b729abf517087dd2dca14fada729e3ae95ae990990c62cff6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42b5ad6fc68d9b1c1b731a3ad
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=169, length=230
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020700061900
State = 0x2e5dcfd42b5ad6fc68d9b1c1b731a3ad
Message-Authenticator = 0x01ec4a8c2ad1cc470cc4ca9c9b2790cf
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 169 to 192.168.225.110 port 32770
EAP-Message = 0x0108002b19001703010020d8504514cd05aeb420d62a5fd681a679f01d6c08f2d7afb9f4332f533d16590a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42855d6fc68d9b1c1b731a3ad
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=170, length=304
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x02080050190017030100203ae584510e53976106bdc580ab91f7b616a008532d43709d49770c34ce1519de170301002027236edc274414d29d6c6988b45506f2665e8246c727ed4d503cfe869b8bbb10
State = 0x2e5dcfd42855d6fc68d9b1c1b731a3ad
Message-Authenticator = 0x2a64b7dc7074453b5af267b06e8ad8fe
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - test1
[peap] Got tunneled request
EAP-Message = 0x0208000a017465737431
server {
PEAP: Got tunneled identity of test1
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to test1
Sending tunneled request
EAP-Message = 0x0208000a017465737431
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test1"
server {
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry test1 at line 173
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
EAP-Message = 0x0109001f1a0109001a10435650952ee6735a8bdf1c682be39d307465737431
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x60fe262660f73c48dbaf55f0181ae406
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0109001f1a0109001a10435650952ee6735a8bdf1c682be39d307465737431
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x60fe262660f73c48dbaf55f0181ae406
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 170 to 192.168.225.110 port 32770
EAP-Message = 0x0109003b190017030100304aa0aca115850311739c846bb43cee09d53264ff6baad991d7b7a7f3b3d7368f2303d2bc2ae9c68cb5238fc06cc6bfdf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42954d6fc68d9b1c1b731a3ad
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=171, length=368
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x0209009019001703010020896f750599313cc61eb518dab7082ab9603d061eb66240b93224feccd4bb609e1703010060ae6bd2803530844ea9d786fea4b3d072a34abad8cbd6934806aa3447372a34326869641f8231d015bc9a7eb981fe8b72fd64e8804c7b7e612ad54d98fc02531c035a75238f3ed0331daa91b668b35ca9c93f49b53dc49d654e7c13c78c5c9f05
State = 0x2e5dcfd42954d6fc68d9b1c1b731a3ad
Message-Authenticator = 0xfd20fd5ef14cf2363b321a831b48cece
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900401a0209003b317ac55f3cb272ccac6cc0fb67845d93ff0000000000000000acfdc5606f25ef1e3d4621dbca6e5cef0132c13db055776c007465737431
server {
PEAP: Setting User-Name to test1
Sending tunneled request
EAP-Message = 0x020900401a0209003b317ac55f3cb272ccac6cc0fb67845d93ff0000000000000000acfdc5606f25ef1e3d4621dbca6e5cef0132c13db055776c007465737431
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test1"
State = 0x60fe262660f73c48dbaf55f0181ae406
server {
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry test1 at line 173
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for test1 with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
EAP-Message = 0x010a00331a0309002e533d38443744344531434245434332414139463938384637353542354535313632363032374343443937
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x60fe262661f43c48dbaf55f0181ae406
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x010a00331a0309002e533d38443744344531434245434332414139463938384637353542354535313632363032374343443937
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x60fe262661f43c48dbaf55f0181ae406
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 171 to 192.168.225.110 port 32770
EAP-Message = 0x010a005b1900170301005001d70e02c02e6b0f4499340635a290efa6dca4d05b4ea4fa0823d672d88aec3eb7ab8eba6438c38c8acb9f495336793d2078687911aaa45e493c78580c4c06c88adab726ed3962cb11ec219cc6428470
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42657d6fc68d9b1c1b731a3ad
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=172, length=304
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020a0050190017030100209dd4e54bff384af6d147856ca4b19ae6a6b32789996cf738c0fe67e68a8df41e1703010020178d328db598803735d34cf419973029bfb3630b2faf631e7488f7a746ad08c9
State = 0x2e5dcfd42657d6fc68d9b1c1b731a3ad
Message-Authenticator = 0x591785e589a151ca34d2ae7e10ca170b
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020a00061a03
server {
PEAP: Setting User-Name to test1
Sending tunneled request
EAP-Message = 0x020a00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test1"
State = 0x60fe262661f43c48dbaf55f0181ae406
server {
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry test1 at line 173
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
expand: , NAS: %{Calling-Station-Id}, Station: %{Called-Station-Id}, Auth-Type: %{control:Auth-Type}, EAP-Type: %{EAP-Type} -> , NAS: , Station: , Auth-Type: EAP, EAP-Type: MS-CHAP-V2
Login OK: [test1/<via Auth-Type = EAP>] (from client wlc port 0 via TLS tunnel) , NAS: , Station: , Auth-Type: EAP, EAP-Type: MS-CHAP-V2
+- entering group post-auth {...}
++[exec] returns noop
} # server
[peap] Got tunneled reply code 2
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "test1"
[peap] Got tunneled reply RADIUS code 2
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "test1"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 172 to 192.168.225.110 port 32770
EAP-Message = 0x010b002b1900170301002099548404f91fa0384655853733e559c25b58e9e20472e08d02232e57378effda
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2e5dcfd42756d6fc68d9b1c1b731a3ad
Finished request 9.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=173, length=304
User-Name = "test1"
Calling-Station-Id = "00-0e-35-0b-fa-86"
Called-Station-Id = "00-23-eb-38-c0-b0:iLAN"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
NAS-IP-Address = 192.168.225.110
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
EAP-Message = 0x020b0050190017030100200385709c0d1c66eb4991e6f329642383cf0728089b57b217fa1f37f0dd30d8ea17030100208ff8ed27a0f5db0229b26481fde3f5cf1841c0ad5a10cf258310e90612a8087c
State = 0x2e5dcfd42756d6fc68d9b1c1b731a3ad
Message-Authenticator = 0xb7457628205a2d9a45dd1b2e48b11af9
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
expand: , NAS: %{Calling-Station-Id}, Station: %{Called-Station-Id}, Auth-Type: %{control:Auth-Type}, EAP-Type: %{EAP-Type} -> , NAS: 00-0e-35-0b-fa-86, Station: 00-23-eb-38-c0-b0:iLAN, Auth-Type: EAP, EAP-Type: PEAP
Login OK: [test1/<via Auth-Type = EAP>] (from client wlc port 1 cli 00-0e-35-0b-fa-86) , NAS: 00-0e-35-0b-fa-86, Station: 00-23-eb-38-c0-b0:iLAN, Auth-Type: EAP, EAP-Type: PEAP
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 173 to 192.168.225.110 port 32770
MS-MPPE-Recv-Key = 0xa96224725a60efc789008773e86b8aef960b7f3973eab27a0f7c5f94bc00529a
MS-MPPE-Send-Key = 0xa9fcd4a182e0ab629207546db781c2ae34d1b988569c22d536c677ad8ae22dd9
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "test1"
Finished request 10.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Accounting-Request packet from host 192.168.225.110 port 32770, id=14, length=207
User-Name = "test1"
NAS-Port = 1
NAS-IP-Address = 192.168.225.110
Framed-IP-Address = 192.168.224.201
NAS-Identifier = "WLC2106"
Airespace-Wlan-Id = 2
Acct-Session-Id = "53093eb4/00:0e:35:0b:fa:86/4"
Cisco-AVPair = "audit-session-id=6ee1a8c000000009b33e0953"
Acct-Authentic = RADIUS
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "40"
Acct-Status-Type = Start
Calling-Station-Id = "192.168.224.201"
Called-Station-Id = "192.168.225.110"
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 192.168.225.110,NAS-IP-Address = 192.168.225.110,Acct-Session-Id = "53093eb4/00:0e:35:0b:fa:86/4",User-Name = "test1"'
[acct_unique] Acct-Unique-Session-ID = "8105cfaeddbaa30b".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "test1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/freeradius/radacct/192.168.225.110/detail-20140223
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.168.225.110/detail-20140223
[detail] expand: %t -> Sun Feb 23 01:20:04 2014
++[detail] returns ok
[radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> test1
++[radutmp] returns ok
[attr_filter.accounting_response] expand: %{User-Name} -> test1
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 14 to 192.168.225.110 port 32770
Finished request 11.
Cleaning up request 11 ID 14 with timestamp +118
Going to the next request
Waking up in 4.6 seconds.
Cleaning up request 0 ID 163 with timestamp +117
Cleaning up request 1 ID 164 with timestamp +117
Cleaning up request 2 ID 165 with timestamp +117
Cleaning up request 3 ID 166 with timestamp +117
Cleaning up request 4 ID 167 with timestamp +117
Cleaning up request 5 ID 168 with timestamp +117
Cleaning up request 6 ID 169 with timestamp +117
Cleaning up request 7 ID 170 with timestamp +117
Cleaning up request 8 ID 171 with timestamp +117
Cleaning up request 9 ID 172 with timestamp +117
Cleaning up request 10 ID 173 with timestamp +117
Ready to process requests.
-------------- next part --------------
Bodo Bellut bodo at bellut.net | USE PGP! +-----------+
Stangefolstr. 17 Fax/Mobile: just ask | (key via server |\ O---m /|
44141 Dortmund Fon: +49-700-77-BELLUT | or on request) |/---------\|
PGP: 768/FA18A639 AE 5A 47 40 5A A0 D6 15 8E 54 44 AA 8D DD 6E BD+-----------+
More information about the Freeradius-Users
mailing list