rlm_cache NT-Password with EAP-PEAP
Sherker, Donald
Donald.Sherker at mybrighthouse.com
Fri Feb 27 22:20:40 CET 2015
> The cache module is being called in a different round to the call to mschap.auth which produced the hashes.
>
> Move your second cache call (the one to store the hashes) to :
>
> Auth-Type MS-CHAP {
> mschap
> cache.authorize
> }
>
I have made this change and the server is able to cache the hashes for both EAP-PEAP and EAP-TTLS now. I am now seeing a problem where after MSCHAPv2 finishes it's status is "updated" the first time the user tries to authenticate and then EAP fails. The device will try to authenticate again and MSCHAP will finish with a status of "ok" and the user successfully authenticates. I am adding a debug output below. This behavior is the same with either of the Auth-Type MS-CHAP sections that you suggested. I am only providing a debug for EAP-PEAP since the behavior appears to be the same for this and EAP-TTLS.
> Can't remember if ok = return in authenticate.
>
> If you find cache.authorize isn't being called
>
> Auth-Type MS-CHAP {
> mschap {
> ok = 1
> }
> cache.authorize
> }
>
> That'll ensure the hashes are stored immediately after being produced.
>
>Again, the cleaner way of doing this is with session-resumption. That way you avoid the many rounds of EAP required to do PEAP or TTLS.
>
> Ensure you've enabled it in the supplicant, on the server, and post the debug output, we might be able to suggest what's wrong.
>
>- Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS development team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Thanks,
Don
(0) Received Access-Request Id 34 from 24.94.145.173:50185 to 71.46.62.133:1812 length 180
(0) User-Name = 'qaresdon'
(0) NAS-IP-Address = 24.94.145.173
(0) NAS-Identifier = 'Ericsson'
(0) Called-Station-Id = '000d67218560:BHN_E_Secure'
(0) NAS-Port-Type = Wireless-802.11
(0) NAS-Port = 0
(0) Calling-Station-Id = 'e899c47233d8'
(0) Connect-Info = 'CONNECT 0Mbps 802.11b'
(0) Acct-Session-Id = '54ECEF48-000001CA'
(0) Framed-MTU = 1400
(0) EAP-Message = 0x027b000d017161726573646f6e
(0) Message-Authenticator = 0x208d40c09e6d1932f7d088d6c05d4ab4
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0) authorize {
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: Peer sent code Response (2) ID 123 length 13
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent method Identity (1)
(0) eap: Calling eap_peap to process EAP data
(0) eap_peap: Initiate
(0) eap_peap: Start returned 1
(0) eap: EAP session adding &reply:State = 0xa556eb9ba52af221
(0) [eap] = handled
(0) } # authenticate = handled
(0) Sent Access-Challenge Id 34 from 71.46.62.133:1812 to 24.94.145.173:50185 length 64
(0) EAP-Message = 0x017c00061920
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xa556eb9ba52af22199be7cd61cc0c5ae
(0) Finished request
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
(1) Received Access-Request Id 35 from 24.94.145.173:50185 to 71.46.62.133:1812 length 385
(1) User-Name = 'qaresdon'
(1) NAS-IP-Address = 24.94.145.173
(1) NAS-Identifier = 'Ericsson'
(1) Called-Station-Id = '000d67218560:BHN_E_Secure'
(1) NAS-Port-Type = Wireless-802.11
(1) NAS-Port = 0
(1) Calling-Station-Id = 'e899c47233d8'
(1) Connect-Info = 'CONNECT 0Mbps 802.11b'
(1) Acct-Session-Id = '54ECEF48-000001CA'
(1) Framed-MTU = 1400
(1) EAP-Message = 0x027c00c81980000000be16030100b9010000b5030154f0dc826a481caafebe692dc0a7affc19e170237b4ac78902acf13b7228617a000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc00200050004001500120009001400
(1) State = 0xa556eb9ba52af22199be7cd61cc0c5ae
(1) Message-Authenticator = 0x97476690c508dab97d1aff007310d6d1
(1) session-state: No cached attributes
(1) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(1) authorize {
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent code Response (2) ID 124 length 200
(1) eap: Continuing tunnel setup
(1) [eap] = ok
(1) } # authorize = ok
(1) Found Auth-Type = EAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0xa556eb9ba52af221
(1) eap: Finished EAP session with state 0xa556eb9ba52af221
(1) eap: Previous EAP request found for state 0xa556eb9ba52af221, released from the list
(1) eap: Peer sent method PEAP (25)
(1) eap: EAP PEAP (25)
(1) eap: Calling eap_peap to process EAP data
(1) eap_peap: processing EAP-TLS
(1) eap_peap: TLS Length 190
(1) eap_peap: Length Included
(1) eap_peap: eaptls_verify returned 11
(1) eap_peap: (other): before/accept initialization
(1) eap_peap: TLS_accept: before/accept initialization
(1) eap_peap: <<< TLS 1.0 Handshake [length 00b9], ClientHello
(1) eap_peap: TLS_accept: SSLv3 read client hello A
(1) eap_peap: >>> TLS 1.0 Handshake [length 0039], ServerHello
(1) eap_peap: TLS_accept: SSLv3 write server hello A
(1) eap_peap: >>> TLS 1.0 Handshake [length 0e58], Certificate
(1) eap_peap: TLS_accept: SSLv3 write certificate A
(1) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
(1) eap_peap: TLS_accept: SSLv3 write key exchange A
(1) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
(1) eap_peap: TLS_accept: SSLv3 write server done A
(1) eap_peap: TLS_accept: SSLv3 flush data
(1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
(1) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
(1) eap_peap: eaptls_process returned 13
(1) eap_peap: FR_TLS_HANDLED
(1) eap: EAP session adding &reply:State = 0xa556eb9ba42bf221
(1) [eap] = handled
(1) } # authenticate = handled
(1) Sent Access-Challenge Id 35 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1448
(1) EAP-Message = 0x017d056419c000000ff4160301003902000035030154f0dc83dd6feba23cfe7cd1c8b8f24ff711970219b9e87e07ac380c2e2d491200c01400000dff01000100000b0004030001021603010e580b000e54000e510005213082051d30820405a00302010202044c233c7e300d06092a864886f70d010105
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0xa556eb9ba42bf22199be7cd61cc0c5ae
(1) Finished request
Waking up in 0.3 seconds.
(2) Received Access-Request Id 36 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191
(2) User-Name = 'qaresdon'
(2) NAS-IP-Address = 24.94.145.173
(2) NAS-Identifier = 'Ericsson'
(2) Called-Station-Id = '000d67218560:BHN_E_Secure'
(2) NAS-Port-Type = Wireless-802.11
(2) NAS-Port = 0
(2) Calling-Station-Id = 'e899c47233d8'
(2) Connect-Info = 'CONNECT 0Mbps 802.11b'
(2) Acct-Session-Id = '54ECEF48-000001CA'
(2) Framed-MTU = 1400
(2) EAP-Message = 0x027d00061900
(2) State = 0xa556eb9ba42bf22199be7cd61cc0c5ae
(2) Message-Authenticator = 0xd687df2e95e0ff0c8697fbbcb293ce5d
(2) session-state: No cached attributes
(2) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(2) authorize {
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) eap: Peer sent code Response (2) ID 125 length 6
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0xa556eb9ba42bf221
(2) eap: Finished EAP session with state 0xa556eb9ba42bf221
(2) eap: Previous EAP request found for state 0xa556eb9ba42bf221, released from the list
(2) eap: Peer sent method PEAP (25)
(2) eap: EAP PEAP (25)
(2) eap: Calling eap_peap to process EAP data
(2) eap_peap: processing EAP-TLS
(2) eap_peap: Received TLS ACK
(2) eap_peap: Received TLS ACK
(2) eap_peap: ACK handshake fragment handler
(2) eap_peap: eaptls_verify returned 1
(2) eap_peap: eaptls_process returned 13
(2) eap_peap: FR_TLS_HANDLED
(2) eap: EAP session adding &reply:State = 0xa556eb9ba728f221
(2) [eap] = handled
(2) } # authenticate = handled
(2) Sent Access-Challenge Id 36 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1444
(2) EAP-Message = 0x017e05601940f3fa6ff051ec9a0730ea94aaa1596407296688590004f9308204f5308203dda00302010202044c0e8c39300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0xa556eb9ba728f22199be7cd61cc0c5ae
(2) Finished request
Waking up in 0.2 seconds.
(3) Received Access-Request Id 37 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191
(3) User-Name = 'qaresdon'
(3) NAS-IP-Address = 24.94.145.173
(3) NAS-Identifier = 'Ericsson'
(3) Called-Station-Id = '000d67218560:BHN_E_Secure'
(3) NAS-Port-Type = Wireless-802.11
(3) NAS-Port = 0
(3) Calling-Station-Id = 'e899c47233d8'
(3) Connect-Info = 'CONNECT 0Mbps 802.11b'
(3) Acct-Session-Id = '54ECEF48-000001CA'
(3) Framed-MTU = 1400
(3) EAP-Message = 0x027e00061900
(3) State = 0xa556eb9ba728f22199be7cd61cc0c5ae
(3) Message-Authenticator = 0x80271b4009354c26acdbccbdb347c5f6
(3) session-state: No cached attributes
(3) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(3) authorize {
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent code Response (2) ID 126 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0xa556eb9ba728f221
(3) eap: Finished EAP session with state 0xa556eb9ba728f221
(3) eap: Previous EAP request found for state 0xa556eb9ba728f221, released from the list
(3) eap: Peer sent method PEAP (25)
(3) eap: EAP PEAP (25)
(3) eap: Calling eap_peap to process EAP data
(3) eap_peap: processing EAP-TLS
(3) eap_peap: Received TLS ACK
(3) eap_peap: Received TLS ACK
(3) eap_peap: ACK handshake fragment handler
(3) eap_peap: eaptls_verify returned 1
(3) eap_peap: eaptls_process returned 13
(3) eap_peap: FR_TLS_HANDLED
(3) eap: EAP session adding &reply:State = 0xa556eb9ba629f221
(3) [eap] = handled
(3) } # authenticate = handled
(3) Sent Access-Challenge Id 37 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1418
(3) EAP-Message = 0x017f0546190077772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0xa556eb9ba629f22199be7cd61cc0c5ae
(3) Finished request
Waking up in 0.2 seconds.
(4) Received Access-Request Id 38 from 24.94.145.173:50185 to 71.46.62.133:1812 length 329
(4) User-Name = 'qaresdon'
(4) NAS-IP-Address = 24.94.145.173
(4) NAS-Identifier = 'Ericsson'
(4) Called-Station-Id = '000d67218560:BHN_E_Secure'
(4) NAS-Port-Type = Wireless-802.11
(4) NAS-Port = 0
(4) Calling-Station-Id = 'e899c47233d8'
(4) Connect-Info = 'CONNECT 0Mbps 802.11b'
(4) Acct-Session-Id = '54ECEF48-000001CA'
(4) Framed-MTU = 1400
(4) EAP-Message = 0x027f009019800000008616030100461000004241041de81c5e530c0b45cde9b29e698080657fb971117e91200e1e1b53d034e9aa7cd909defd5e4a312018215785bd7444ad7dcccf6fe8cc31611d8c7577612ad030140301000101160301003084fbd8dd08b1ce1bf3b49c94a180d71170640cbc5fd890
(4) State = 0xa556eb9ba629f22199be7cd61cc0c5ae
(4) Message-Authenticator = 0xdcf5dab46700349f7c7e7b140b81e2d4
(4) session-state: No cached attributes
(4) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(4) authorize {
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) eap: Peer sent code Response (2) ID 127 length 144
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0xa556eb9ba629f221
(4) eap: Finished EAP session with state 0xa556eb9ba629f221
(4) eap: Previous EAP request found for state 0xa556eb9ba629f221, released from the list
(4) eap: Peer sent method PEAP (25)
(4) eap: EAP PEAP (25)
(4) eap: Calling eap_peap to process EAP data
(4) eap_peap: processing EAP-TLS
(4) eap_peap: TLS Length 134
(4) eap_peap: Length Included
(4) eap_peap: eaptls_verify returned 11
(4) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(4) eap_peap: TLS_accept: SSLv3 read client key exchange A
(4) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001]
(4) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished
(4) eap_peap: TLS_accept: SSLv3 read finished A
(4) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001]
(4) eap_peap: TLS_accept: SSLv3 write change cipher spec A
(4) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished
(4) eap_peap: TLS_accept: SSLv3 write finished A
(4) eap_peap: TLS_accept: SSLv3 flush data
(4) eap_peap: (other): SSL negotiation finished successfully
SSL Connection Established
(4) eap_peap: eaptls_process returned 13
(4) eap_peap: FR_TLS_HANDLED
(4) eap: EAP session adding &reply:State = 0xa556eb9ba1d6f221
(4) [eap] = handled
(4) } # authenticate = handled
(4) Sent Access-Challenge Id 38 from 71.46.62.133:1812 to 24.94.145.173:50185 length 123
(4) EAP-Message = 0x0180004119001403010001011603010030d5232114ec7403ddd7f173d132b90c4ac7fa5197172c90d45d7473eb22089bde69bcb13420b2903a55b1f99dac80841f
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xa556eb9ba1d6f22199be7cd61cc0c5ae
(4) Finished request
Waking up in 0.1 seconds.
(5) Received Access-Request Id 39 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191
(5) User-Name = 'qaresdon'
(5) NAS-IP-Address = 24.94.145.173
(5) NAS-Identifier = 'Ericsson'
(5) Called-Station-Id = '000d67218560:BHN_E_Secure'
(5) NAS-Port-Type = Wireless-802.11
(5) NAS-Port = 0
(5) Calling-Station-Id = 'e899c47233d8'
(5) Connect-Info = 'CONNECT 0Mbps 802.11b'
(5) Acct-Session-Id = '54ECEF48-000001CA'
(5) Framed-MTU = 1400
(5) EAP-Message = 0x028000061900
(5) State = 0xa556eb9ba1d6f22199be7cd61cc0c5ae
(5) Message-Authenticator = 0x7084ea264ee8832f65c0477a20a10422
(5) session-state: No cached attributes
(5) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(5) authorize {
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent code Response (2) ID 128 length 6
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0xa556eb9ba1d6f221
(5) eap: Finished EAP session with state 0xa556eb9ba1d6f221
(5) eap: Previous EAP request found for state 0xa556eb9ba1d6f221, released from the list
(5) eap: Peer sent method PEAP (25)
(5) eap: EAP PEAP (25)
(5) eap: Calling eap_peap to process EAP data
(5) eap_peap: processing EAP-TLS
(5) eap_peap: Received TLS ACK
(5) eap_peap: Received TLS ACK
(5) eap_peap: ACK handshake is finished
(5) eap_peap: eaptls_verify returned 3
(5) eap_peap: eaptls_process returned 3
(5) eap_peap: FR_TLS_SUCCESS
(5) eap_peap: Session established. Decoding tunneled attributes
(5) eap_peap: PEAP state TUNNEL ESTABLISHED
(5) eap: EAP session adding &reply:State = 0xa556eb9ba0d7f221
(5) [eap] = handled
(5) } # authenticate = handled
(5) Sent Access-Challenge Id 39 from 71.46.62.133:1812 to 24.94.145.173:50185 length 101
(5) EAP-Message = 0x0181002b19001703010020e15d6454d6abc70c73a354d134980d5ad5ddc0b8bb8c5be9ae7a19a8cd4ca8c4
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xa556eb9ba0d7f22199be7cd61cc0c5ae
(5) Finished request
(6) Received Access-Request Id 40 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265
(6) User-Name = 'qaresdon'
(6) NAS-IP-Address = 24.94.145.173
(6) NAS-Identifier = 'Ericsson'
(6) Called-Station-Id = '000d67218560:BHN_E_Secure'
(6) NAS-Port-Type = Wireless-802.11
(6) NAS-Port = 0
(6) Calling-Station-Id = 'e899c47233d8'
(6) Connect-Info = 'CONNECT 0Mbps 802.11b'
(6) Acct-Session-Id = '54ECEF48-000001CA'
(6) Framed-MTU = 1400
(6) EAP-Message = 0x0281005019001703010020872287933fe24c95d0600a7f1cdc519b71d2fd8dd4bd7ac0daebc49ea243a36e17030100206532a40dfb17801a9eef9bbca26a4609fd01c1296a5ba37f46f4013568705504
(6) State = 0xa556eb9ba0d7f22199be7cd61cc0c5ae
(6) Message-Authenticator = 0xbb58c954bb6fd7272ef716a436427a0a
(6) session-state: No cached attributes
(6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(6) authorize {
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent code Response (2) ID 129 length 80
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0xa556eb9ba0d7f221
(6) eap: Finished EAP session with state 0xa556eb9ba0d7f221
(6) eap: Previous EAP request found for state 0xa556eb9ba0d7f221, released from the list
(6) eap: Peer sent method PEAP (25)
(6) eap: EAP PEAP (25)
(6) eap: Calling eap_peap to process EAP data
(6) eap_peap: processing EAP-TLS
(6) eap_peap: eaptls_verify returned 7
(6) eap_peap: Done initial handshake
(6) eap_peap: eaptls_process returned 7
(6) eap_peap: FR_TLS_OK
(6) eap_peap: Session established. Decoding tunneled attributes
(6) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(6) eap_peap: Identity - qaresdon
(6) eap_peap: Got inner identity 'qaresdon'
(6) eap_peap: Setting default EAP type for tunneled EAP session
(6) eap_peap: Got tunneled request
(6) eap_peap: EAP-Message = 0x0281000d017161726573646f6e
(6) eap_peap: Setting User-Name to qaresdon
(6) eap_peap: Sending tunneled request to inner-tunnel
(6) eap_peap: EAP-Message = 0x0281000d017161726573646f6e
(6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(6) eap_peap: User-Name = 'qaresdon'
(6) Virtual server received request
(6) EAP-Message = 0x0281000d017161726573646f6e
(6) FreeRADIUS-Proxied-To = 127.0.0.1
(6) User-Name = 'qaresdon'
(6) server inner-tunnel {
(6) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(6) authorize {
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) update control {
(6) &Proxy-To-Realm := 'LOCAL'
(6) } # update control = noop
(6) eap: Peer sent code Response (2) ID 129 length 13
(6) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(6) authenticate {
(6) eap: Peer sent method Identity (1)
(6) eap: Calling eap_mschapv2 to process EAP data
(6) eap_mschapv2: Issuing Challenge
(6) eap: EAP session adding &reply:State = 0x3f5c7fab3fde652b
(6) [eap] = handled
(6) } # authenticate = handled
(6) } # server inner-tunnel
(6) Virtual server sending reply
(6) EAP-Message = 0x018200221a0182001d106d37423145547268a8f3707c99b003ef7161726573646f6e
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x3f5c7fab3fde652b9f4b180614f7361c
(6) eap_peap: Got tunneled reply code 11
(6) eap_peap: EAP-Message = 0x018200221a0182001d106d37423145547268a8f3707c99b003ef7161726573646f6e
(6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap: State = 0x3f5c7fab3fde652b9f4b180614f7361c
(6) eap_peap: Got tunneled reply RADIUS code 11
(6) eap_peap: EAP-Message = 0x018200221a0182001d106d37423145547268a8f3707c99b003ef7161726573646f6e
(6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap: State = 0x3f5c7fab3fde652b9f4b180614f7361c
(6) eap_peap: Got tunneled Access-Challenge
(6) eap: EAP session adding &reply:State = 0xa556eb9ba3d4f221
(6) [eap] = handled
(6) } # authenticate = handled
(6) Sent Access-Challenge Id 40 from 71.46.62.133:1812 to 24.94.145.173:50185 length 133
(6) EAP-Message = 0x0182004b19001703010040c3071a2e2f018f665bdc343ffa6a77b187301b544040c82c7dad3cb7db531097eaca3b29307e382fb63e08816e5d92467a839d7744e2debd0667a737d6997f1d
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0xa556eb9ba3d4f22199be7cd61cc0c5ae
(6) Finished request
(7) Received Access-Request Id 41 from 24.94.145.173:50185 to 71.46.62.133:1812 length 329
(7) User-Name = 'qaresdon'
(7) NAS-IP-Address = 24.94.145.173
(7) NAS-Identifier = 'Ericsson'
(7) Called-Station-Id = '000d67218560:BHN_E_Secure'
(7) NAS-Port-Type = Wireless-802.11
(7) NAS-Port = 0
(7) Calling-Station-Id = 'e899c47233d8'
(7) Connect-Info = 'CONNECT 0Mbps 802.11b'
(7) Acct-Session-Id = '54ECEF48-000001CA'
(7) Framed-MTU = 1400
(7) EAP-Message = 0x028200901900170301002083722abeb6f8d0282836ebeda256f79ebbc5302178d42d95fb8372d01b2c94291703010060ae2ad6a9a08dfd9dd353e67997e8bff1cd91d2dd9368c1e7b361e9ccc113c63e2c0a37e5316e7f461962dc1b53b0b7c389ab126e6bbd7efa07f5c547d1ba6ad0f1206f874ac79b
(7) State = 0xa556eb9ba3d4f22199be7cd61cc0c5ae
(7) Message-Authenticator = 0x95f3368f42f367ecd22f70c68b175fbc
(7) session-state: No cached attributes
(7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(7) authorize {
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent code Response (2) ID 130 length 144
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0x3f5c7fab3fde652b
(7) eap: Finished EAP session with state 0xa556eb9ba3d4f221
(7) eap: Previous EAP request found for state 0xa556eb9ba3d4f221, released from the list
(7) eap: Peer sent method PEAP (25)
(7) eap: EAP PEAP (25)
(7) eap: Calling eap_peap to process EAP data
(7) eap_peap: processing EAP-TLS
(7) eap_peap: eaptls_verify returned 7
(7) eap_peap: Done initial handshake
(7) eap_peap: eaptls_process returned 7
(7) eap_peap: FR_TLS_OK
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state phase2
(7) eap_peap: EAP type MSCHAPv2 (26)
(7) eap_peap: Got tunneled request
(7) eap_peap: EAP-Message = 0x028200431a0282003e3179df509b18349f4cd5808bc78d57007a00000000000000008aceba6e8a8cbadabef078deb6260f457102477bde9e6991007161726573646f6e
(7) eap_peap: Setting User-Name to qaresdon
(7) eap_peap: Sending tunneled request to inner-tunnel
(7) eap_peap: EAP-Message = 0x028200431a0282003e3179df509b18349f4cd5808bc78d57007a00000000000000008aceba6e8a8cbadabef078deb6260f457102477bde9e6991007161726573646f6e
(7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(7) eap_peap: User-Name = 'qaresdon'
(7) eap_peap: State = 0x3f5c7fab3fde652b9f4b180614f7361c
(7) Virtual server received request
(7) EAP-Message = 0x028200431a0282003e3179df509b18349f4cd5808bc78d57007a00000000000000008aceba6e8a8cbadabef078deb6260f457102477bde9e6991007161726573646f6e
(7) FreeRADIUS-Proxied-To = 127.0.0.1
(7) User-Name = 'qaresdon'
(7) State = 0x3f5c7fab3fde652b9f4b180614f7361c
(7) server inner-tunnel {
(7) session-state: No cached attributes
(7) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(7) authorize {
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) update control {
(7) &Proxy-To-Realm := 'LOCAL'
(7) } # update control = noop
(7) eap: Peer sent code Response (2) ID 130 length 67
(7) eap: No EAP Start, assuming it's an on-going EAP conversation
(7) [eap] = updated
(7) [files] = noop
(7) update control {
(7) Cache-Status-Only = yes
(7) } # update control = noop
(7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
(7) cache: --> qaresdone899c47233d8
(7) cache: No cache entry found for "qaresdone899c47233d8"
(7) [cache] = notfound
(7) if (notfound) {
(7) if (notfound) -> TRUE
(7) if (notfound) {
rlm_ldap (ldap): Reserved connection (4)
(7) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(7) ldap: --> (uid=qaresdon)
(7) ldap: EXPAND ou=Customers,dc=brighthouse,dc=com
(7) ldap: --> ou=Customers,dc=brighthouse,dc=com
(7) ldap: Performing search in 'ou=Customers,dc=brighthouse,dc=com' with filter '(uid=qaresdon)', scope 'sub'
(7) ldap: Waiting for search result...
(7) ldap: User object found at DN "rrCustomerID=A6398B1D-9057-4873-B13F-E41B1808B52A,ou=18,ou=Customers,dc=brighthouse,dc=com"
(7) ldap: Added eDirectory password
rlm_ldap (ldap): Released connection (4)
rlm_ldap (ldap): Closing connection (0), from 1 unused connections
(7) [ldap] = ok
(7) } # if (notfound) = ok
(7) ... skipping else for request 7: Preceding "if" was taken
(7) [mschap] = noop
(7) [expiration] = noop
(7) [logintime] = noop
(7) } # authorize = updated
(7) Found Auth-Type = EAP
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(7) authenticate {
(7) eap: Expiring EAP session with state 0x3f5c7fab3fde652b
(7) eap: Finished EAP session with state 0x3f5c7fab3fde652b
(7) eap: Previous EAP request found for state 0x3f5c7fab3fde652b, released from the list
(7) eap: Peer sent method MSCHAPv2 (26)
(7) eap: EAP MSCHAPv2 (26)
(7) eap: Calling eap_mschapv2 to process EAP data
(7) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(7) eap_mschapv2: Auth-Type MS-CHAP {
(7) mschap: Found Cleartext-Password, hashing to create NT-Password
(7) mschap: Found Cleartext-Password, hashing to create LM-Password
(7) mschap: Creating challenge hash with username: qaresdon
(7) mschap: Client is using MS-CHAPv2
(7) mschap: Adding MS-CHAPv2 MPPE keys
(7) [mschap] = ok
(7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
(7) cache: --> qaresdone899c47233d8
(7) cache: No cache entry found for "qaresdone899c47233d8"
(7) cache: Creating new cache entry
(7) cache: EXPAND %{control:NT-Password}
(7) cache: --> 0x5835048ce94ad0564e29a924a03510ef
(7) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef
(7) cache: EXPAND %{control:LM-Password}
(7) cache: --> 0xe52cac67419a9a2238f10713b629b565
(7) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565
(7) cache: Merging cache entry into request
(7) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef
(7) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565
(7) cache: Commited entry, TTL 86400 seconds
(7) [cache.authorize] = updated
(7) } # Auth-Type MS-CHAP = updated
(7) eap: Freeing handler
(7) [eap] = reject
(7) } # authenticate = reject
(7) Failed to authenticate the user
(7) Using Post-Auth-Type Reject
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(7) Post-Auth-Type REJECT {
(7) attr_filter.access_reject: EXPAND %{User-Name}
(7) attr_filter.access_reject: --> qaresdon
(7) attr_filter.access_reject: Matched entry DEFAULT at line 11
(7) [attr_filter.access_reject] = updated
(7) update outer.session-state {
(7) No attributes updated
(7) } # update outer.session-state = noop
(7) } # Post-Auth-Type REJECT = updated
(7) } # server inner-tunnel
(7) Virtual server sending reply
(7) EAP-Message = 0x04820004
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: Got tunneled reply code 3
(7) eap_peap: EAP-Message = 0x04820004
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: Got tunneled reply RADIUS code 3
(7) eap_peap: EAP-Message = 0x04820004
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: Tunneled authentication was rejected
(7) eap_peap: FAILURE
(7) eap: EAP session adding &reply:State = 0xa556eb9ba2d5f221
(7) [eap] = handled
(7) } # authenticate = handled
(7) Sent Access-Challenge Id 41 from 71.46.62.133:1812 to 24.94.145.173:50185 length 101
(7) EAP-Message = 0x0183002b19001703010020cca9de57466d406605e1f13e74f8a1ec115029faf116054e07a94f2abd791152
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0xa556eb9ba2d5f22199be7cd61cc0c5ae
(7) Finished request
Waking up in 0.1 seconds.
(8) Received Access-Request Id 42 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265
(8) User-Name = 'qaresdon'
(8) NAS-IP-Address = 24.94.145.173
(8) NAS-Identifier = 'Ericsson'
(8) Called-Station-Id = '000d67218560:BHN_E_Secure'
(8) NAS-Port-Type = Wireless-802.11
(8) NAS-Port = 0
(8) Calling-Station-Id = 'e899c47233d8'
(8) Connect-Info = 'CONNECT 0Mbps 802.11b'
(8) Acct-Session-Id = '54ECEF48-000001CA'
(8) Framed-MTU = 1400
(8) EAP-Message = 0x028300501900170301002054989a2afeea8eb51367887c1c035a6c2a8e11363adf797f4a719063c84a25fe17030100204e021c8b497aaf4d5df146d6fd9d24a3fbcfe951d7ef1658cc63d9d203850b05
(8) State = 0xa556eb9ba2d5f22199be7cd61cc0c5ae
(8) Message-Authenticator = 0x729706077ff685f9cbae28168d4e83e3
(8) session-state: No cached attributes
(8) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(8) authorize {
(8) [preprocess] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) eap: Peer sent code Response (2) ID 131 length 80
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(8) authenticate {
(8) eap: Expiring EAP session with state 0xa556eb9ba2d5f221
(8) eap: Finished EAP session with state 0xa556eb9ba2d5f221
(8) eap: Previous EAP request found for state 0xa556eb9ba2d5f221, released from the list
(8) eap: Peer sent method PEAP (25)
(8) eap: EAP PEAP (25)
(8) eap: Calling eap_peap to process EAP data
(8) eap_peap: processing EAP-TLS
(8) eap_peap: eaptls_verify returned 7
(8) eap_peap: Done initial handshake
(8) eap_peap: eaptls_process returned 7
(8) eap_peap: FR_TLS_OK
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state send tlv failure
(8) eap_peap: Received EAP-TLV response
(8) eap_peap: The users session was previously rejected: returning reject (again.)
(8) eap_peap: This means you need to read the PREVIOUS messages in the debug output
(8) eap_peap: to find out the reason why the user was rejected
(8) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you
(8) eap_peap: what went wrong, and how to fix the problem
ERROR: (8) eap: Failed continuing EAP PEAP (25) session. EAP sub-module failed
(8) eap: Failed in EAP select
(8) [eap] = invalid
(8) } # authenticate = invalid
(8) Failed to authenticate the user
(8) Using Post-Auth-Type Reject
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(8) Post-Auth-Type REJECT {
(8) attr_filter.access_reject: EXPAND %{User-Name}
(8) attr_filter.access_reject: --> qaresdon
(8) attr_filter.access_reject: Matched entry DEFAULT at line 11
(8) [attr_filter.access_reject] = updated
(8) eap: Reply already contained an EAP-Message, not inserting EAP-Failure
(8) [eap] = noop
(8) policy remove_reply_message_if_eap {
(8) if (&reply:EAP-Message && &reply:Reply-Message) {
(8) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(8) else {
(8) [noop] = noop
(8) } # else = noop
(8) } # policy remove_reply_message_if_eap = noop
(8) } # Post-Auth-Type REJECT = updated
(8) Delaying response for 1.000000 seconds
Waking up in 0.6 seconds.
(8) Sending delayed response
(8) Sent Access-Reject Id 42 from 71.46.62.133:1812 to 24.94.145.173:50185 length 44
(8) EAP-Message = 0x04830004
(8) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 0.4 seconds.
(0) <done>: Cleaning up request packet ID 34 with timestamp +28
Waking up in 3.1 seconds.
(1) <done>: Cleaning up request packet ID 35 with timestamp +31
(2) <done>: Cleaning up request packet ID 36 with timestamp +31
(3) <done>: Cleaning up request packet ID 37 with timestamp +31
Waking up in 0.1 seconds.
(4) <done>: Cleaning up request packet ID 38 with timestamp +31
(5) <done>: Cleaning up request packet ID 39 with timestamp +31
(6) <done>: Cleaning up request packet ID 40 with timestamp +31
(7) <done>: Cleaning up request packet ID 41 with timestamp +31
(8) Cleaning up request packet ID 42 with timestamp +31
Ready to process requests
(9) Received Access-Request Id 43 from 24.94.145.173:50185 to 71.46.62.133:1812 length 180
(9) User-Name = 'qaresdon'
(9) NAS-IP-Address = 24.94.145.173
(9) NAS-Identifier = 'Ericsson'
(9) Called-Station-Id = '000d67218560:BHN_E_Secure'
(9) NAS-Port-Type = Wireless-802.11
(9) NAS-Port = 0
(9) Calling-Station-Id = 'e899c47233d8'
(9) Connect-Info = 'CONNECT 0Mbps 802.11b'
(9) Acct-Session-Id = '54ECEF48-000001CB'
(9) Framed-MTU = 1400
(9) EAP-Message = 0x0214000d017161726573646f6e
(9) Message-Authenticator = 0x3a0cccf1f57589731ceb5fb726237ff4
(9) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(9) authorize {
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent code Response (2) ID 20 length 13
(9) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(9) authenticate {
(9) eap: Peer sent method Identity (1)
(9) eap: Calling eap_peap to process EAP data
(9) eap_peap: Initiate
(9) eap_peap: Start returned 1
(9) eap: EAP session adding &reply:State = 0x47b9430247ac5af4
(9) [eap] = handled
(9) } # authenticate = handled
(9) Sent Access-Challenge Id 43 from 71.46.62.133:1812 to 24.94.145.173:50185 length 64
(9) EAP-Message = 0x011500061920
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x47b9430247ac5af4cf068da2e811b93b
(9) Finished request
Waking up in 0.3 seconds.
(10) Received Access-Request Id 44 from 24.94.145.173:50185 to 71.46.62.133:1812 length 385
(10) User-Name = 'qaresdon'
(10) NAS-IP-Address = 24.94.145.173
(10) NAS-Identifier = 'Ericsson'
(10) Called-Station-Id = '000d67218560:BHN_E_Secure'
(10) NAS-Port-Type = Wireless-802.11
(10) NAS-Port = 0
(10) Calling-Station-Id = 'e899c47233d8'
(10) Connect-Info = 'CONNECT 0Mbps 802.11b'
(10) Acct-Session-Id = '54ECEF48-000001CB'
(10) Framed-MTU = 1400
(10) EAP-Message = 0x021500c81980000000be16030100b9010000b5030154f0dc884fc1454e129b65ffd2f6d4a31ec7d6e7d7e1f272de0c172dcd5825e9000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc00200050004001500120009001400
(10) State = 0x47b9430247ac5af4cf068da2e811b93b
(10) Message-Authenticator = 0x234026d6e99d5452e63d92a6437786e3
(10) session-state: No cached attributes
(10) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(10) authorize {
(10) [preprocess] = ok
(10) [chap] = noop
(10) [mschap] = noop
(10) [digest] = noop
(10) suffix: Checking for suffix after "@"
(10) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(10) suffix: No such realm "NULL"
(10) [suffix] = noop
(10) eap: Peer sent code Response (2) ID 21 length 200
(10) eap: Continuing tunnel setup
(10) [eap] = ok
(10) } # authorize = ok
(10) Found Auth-Type = EAP
(10) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(10) authenticate {
(10) eap: Expiring EAP session with state 0x47b9430247ac5af4
(10) eap: Finished EAP session with state 0x47b9430247ac5af4
(10) eap: Previous EAP request found for state 0x47b9430247ac5af4, released from the list
(10) eap: Peer sent method PEAP (25)
(10) eap: EAP PEAP (25)
(10) eap: Calling eap_peap to process EAP data
(10) eap_peap: processing EAP-TLS
(10) eap_peap: TLS Length 190
(10) eap_peap: Length Included
(10) eap_peap: eaptls_verify returned 11
(10) eap_peap: (other): before/accept initialization
(10) eap_peap: TLS_accept: before/accept initialization
(10) eap_peap: <<< TLS 1.0 Handshake [length 00b9], ClientHello
(10) eap_peap: TLS_accept: SSLv3 read client hello A
(10) eap_peap: >>> TLS 1.0 Handshake [length 0039], ServerHello
(10) eap_peap: TLS_accept: SSLv3 write server hello A
(10) eap_peap: >>> TLS 1.0 Handshake [length 0e58], Certificate
(10) eap_peap: TLS_accept: SSLv3 write certificate A
(10) eap_peap: >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
(10) eap_peap: TLS_accept: SSLv3 write key exchange A
(10) eap_peap: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
(10) eap_peap: TLS_accept: SSLv3 write server done A
(10) eap_peap: TLS_accept: SSLv3 flush data
(10) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
(10) eap_peap: TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
(10) eap_peap: eaptls_process returned 13
(10) eap_peap: FR_TLS_HANDLED
(10) eap: EAP session adding &reply:State = 0x47b9430246af5af4
(10) [eap] = handled
(10) } # authenticate = handled
(10) Sent Access-Challenge Id 44 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1448
(10) EAP-Message = 0x0116056419c000000ff4160301003902000035030154f0dc89970e71c8c55af2f3ea817e733907cf0c78109fbc107a6a97dfa018c900c01400000dff01000100000b0004030001021603010e580b000e54000e510005213082051d30820405a00302010202044c233c7e300d06092a864886f70d010105
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0x47b9430246af5af4cf068da2e811b93b
(10) Finished request
Waking up in 0.2 seconds.
(11) Received Access-Request Id 45 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191
(11) User-Name = 'qaresdon'
(11) NAS-IP-Address = 24.94.145.173
(11) NAS-Identifier = 'Ericsson'
(11) Called-Station-Id = '000d67218560:BHN_E_Secure'
(11) NAS-Port-Type = Wireless-802.11
(11) NAS-Port = 0
(11) Calling-Station-Id = 'e899c47233d8'
(11) Connect-Info = 'CONNECT 0Mbps 802.11b'
(11) Acct-Session-Id = '54ECEF48-000001CB'
(11) Framed-MTU = 1400
(11) EAP-Message = 0x021600061900
(11) State = 0x47b9430246af5af4cf068da2e811b93b
(11) Message-Authenticator = 0xa6dc2bd00eb7ba6b36fcf73d49d2a857
(11) session-state: No cached attributes
(11) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(11) authorize {
(11) [preprocess] = ok
(11) [chap] = noop
(11) [mschap] = noop
(11) [digest] = noop
(11) suffix: Checking for suffix after "@"
(11) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(11) suffix: No such realm "NULL"
(11) [suffix] = noop
(11) eap: Peer sent code Response (2) ID 22 length 6
(11) eap: Continuing tunnel setup
(11) [eap] = ok
(11) } # authorize = ok
(11) Found Auth-Type = EAP
(11) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(11) authenticate {
(11) eap: Expiring EAP session with state 0x47b9430246af5af4
(11) eap: Finished EAP session with state 0x47b9430246af5af4
(11) eap: Previous EAP request found for state 0x47b9430246af5af4, released from the list
(11) eap: Peer sent method PEAP (25)
(11) eap: EAP PEAP (25)
(11) eap: Calling eap_peap to process EAP data
(11) eap_peap: processing EAP-TLS
(11) eap_peap: Received TLS ACK
(11) eap_peap: Received TLS ACK
(11) eap_peap: ACK handshake fragment handler
(11) eap_peap: eaptls_verify returned 1
(11) eap_peap: eaptls_process returned 13
(11) eap_peap: FR_TLS_HANDLED
(11) eap: EAP session adding &reply:State = 0x47b9430245ae5af4
(11) [eap] = handled
(11) } # authenticate = handled
(11) Sent Access-Challenge Id 45 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1444
(11) EAP-Message = 0x011705601940f3fa6ff051ec9a0730ea94aaa1596407296688590004f9308204f5308203dda00302010202044c0e8c39300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) State = 0x47b9430245ae5af4cf068da2e811b93b
(11) Finished request
Waking up in 0.1 seconds.
(12) Received Access-Request Id 46 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191
(12) User-Name = 'qaresdon'
(12) NAS-IP-Address = 24.94.145.173
(12) NAS-Identifier = 'Ericsson'
(12) Called-Station-Id = '000d67218560:BHN_E_Secure'
(12) NAS-Port-Type = Wireless-802.11
(12) NAS-Port = 0
(12) Calling-Station-Id = 'e899c47233d8'
(12) Connect-Info = 'CONNECT 0Mbps 802.11b'
(12) Acct-Session-Id = '54ECEF48-000001CB'
(12) Framed-MTU = 1400
(12) EAP-Message = 0x021700061900
(12) State = 0x47b9430245ae5af4cf068da2e811b93b
(12) Message-Authenticator = 0x520cb5bfae7e293e6ab6e47f41a6fda9
(12) session-state: No cached attributes
(12) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(12) authorize {
(12) [preprocess] = ok
(12) [chap] = noop
(12) [mschap] = noop
(12) [digest] = noop
(12) suffix: Checking for suffix after "@"
(12) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(12) suffix: No such realm "NULL"
(12) [suffix] = noop
(12) eap: Peer sent code Response (2) ID 23 length 6
(12) eap: Continuing tunnel setup
(12) [eap] = ok
(12) } # authorize = ok
(12) Found Auth-Type = EAP
(12) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(12) authenticate {
(12) eap: Expiring EAP session with state 0x47b9430245ae5af4
(12) eap: Finished EAP session with state 0x47b9430245ae5af4
(12) eap: Previous EAP request found for state 0x47b9430245ae5af4, released from the list
(12) eap: Peer sent method PEAP (25)
(12) eap: EAP PEAP (25)
(12) eap: Calling eap_peap to process EAP data
(12) eap_peap: processing EAP-TLS
(12) eap_peap: Received TLS ACK
(12) eap_peap: Received TLS ACK
(12) eap_peap: ACK handshake fragment handler
(12) eap_peap: eaptls_verify returned 1
(12) eap_peap: eaptls_process returned 13
(12) eap_peap: FR_TLS_HANDLED
(12) eap: EAP session adding &reply:State = 0x47b9430244a15af4
(12) [eap] = handled
(12) } # authenticate = handled
(12) Sent Access-Challenge Id 46 from 71.46.62.133:1812 to 24.94.145.173:50185 length 1418
(12) EAP-Message = 0x01180546190077772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e
(12) Message-Authenticator = 0x00000000000000000000000000000000
(12) State = 0x47b9430244a15af4cf068da2e811b93b
(12) Finished request
Waking up in 0.1 seconds.
(13) Received Access-Request Id 47 from 24.94.145.173:50185 to 71.46.62.133:1812 length 329
(13) User-Name = 'qaresdon'
(13) NAS-IP-Address = 24.94.145.173
(13) NAS-Identifier = 'Ericsson'
(13) Called-Station-Id = '000d67218560:BHN_E_Secure'
(13) NAS-Port-Type = Wireless-802.11
(13) NAS-Port = 0
(13) Calling-Station-Id = 'e899c47233d8'
(13) Connect-Info = 'CONNECT 0Mbps 802.11b'
(13) Acct-Session-Id = '54ECEF48-000001CB'
(13) Framed-MTU = 1400
(13) EAP-Message = 0x021800901980000000861603010046100000424104cf8de0d37e7d03185d5f474c8a22e3bd63b807ec8a91a3d64663479f485227a66533ac6fed318c79f4c935a17db196a161edc2bfdb946723531e64323306a2a81403010001011603010030400a86bf08c63fb1bc3ca7e3b2a3213b090e52d54b0d08
(13) State = 0x47b9430244a15af4cf068da2e811b93b
(13) Message-Authenticator = 0xdd77d733d8fe2cdb4a863140f35a0044
(13) session-state: No cached attributes
(13) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(13) authorize {
(13) [preprocess] = ok
(13) [chap] = noop
(13) [mschap] = noop
(13) [digest] = noop
(13) suffix: Checking for suffix after "@"
(13) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(13) suffix: No such realm "NULL"
(13) [suffix] = noop
(13) eap: Peer sent code Response (2) ID 24 length 144
(13) eap: Continuing tunnel setup
(13) [eap] = ok
(13) } # authorize = ok
(13) Found Auth-Type = EAP
(13) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(13) authenticate {
(13) eap: Expiring EAP session with state 0x47b9430244a15af4
(13) eap: Finished EAP session with state 0x47b9430244a15af4
(13) eap: Previous EAP request found for state 0x47b9430244a15af4, released from the list
(13) eap: Peer sent method PEAP (25)
(13) eap: EAP PEAP (25)
(13) eap: Calling eap_peap to process EAP data
(13) eap_peap: processing EAP-TLS
(13) eap_peap: TLS Length 134
(13) eap_peap: Length Included
(13) eap_peap: eaptls_verify returned 11
(13) eap_peap: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
(13) eap_peap: TLS_accept: SSLv3 read client key exchange A
(13) eap_peap: <<< TLS 1.0 ChangeCipherSpec [length 0001]
(13) eap_peap: <<< TLS 1.0 Handshake [length 0010], Finished
(13) eap_peap: TLS_accept: SSLv3 read finished A
(13) eap_peap: >>> TLS 1.0 ChangeCipherSpec [length 0001]
(13) eap_peap: TLS_accept: SSLv3 write change cipher spec A
(13) eap_peap: >>> TLS 1.0 Handshake [length 0010], Finished
(13) eap_peap: TLS_accept: SSLv3 write finished A
(13) eap_peap: TLS_accept: SSLv3 flush data
(13) eap_peap: (other): SSL negotiation finished successfully
SSL Connection Established
(13) eap_peap: eaptls_process returned 13
(13) eap_peap: FR_TLS_HANDLED
(13) eap: EAP session adding &reply:State = 0x47b9430243a05af4
(13) [eap] = handled
(13) } # authenticate = handled
(13) Sent Access-Challenge Id 47 from 71.46.62.133:1812 to 24.94.145.173:50185 length 123
(13) EAP-Message = 0x011900411900140301000101160301003004c2a3b4b9b82ccecd0e2179995775a93888a24f1541e581f521d8ed3ac7197776e1bd0a241ee64f59eccebf12e0d113
(13) Message-Authenticator = 0x00000000000000000000000000000000
(13) State = 0x47b9430243a05af4cf068da2e811b93b
(13) Finished request
(14) Received Access-Request Id 48 from 24.94.145.173:50185 to 71.46.62.133:1812 length 191
(14) User-Name = 'qaresdon'
(14) NAS-IP-Address = 24.94.145.173
(14) NAS-Identifier = 'Ericsson'
(14) Called-Station-Id = '000d67218560:BHN_E_Secure'
(14) NAS-Port-Type = Wireless-802.11
(14) NAS-Port = 0
(14) Calling-Station-Id = 'e899c47233d8'
(14) Connect-Info = 'CONNECT 0Mbps 802.11b'
(14) Acct-Session-Id = '54ECEF48-000001CB'
(14) Framed-MTU = 1400
(14) EAP-Message = 0x021900061900
(14) State = 0x47b9430243a05af4cf068da2e811b93b
(14) Message-Authenticator = 0xa5277ef10733e59154e448e453abcc84
(14) session-state: No cached attributes
(14) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(14) authorize {
(14) [preprocess] = ok
(14) [chap] = noop
(14) [mschap] = noop
(14) [digest] = noop
(14) suffix: Checking for suffix after "@"
(14) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(14) suffix: No such realm "NULL"
(14) [suffix] = noop
(14) eap: Peer sent code Response (2) ID 25 length 6
(14) eap: Continuing tunnel setup
(14) [eap] = ok
(14) } # authorize = ok
(14) Found Auth-Type = EAP
(14) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(14) authenticate {
(14) eap: Expiring EAP session with state 0x47b9430243a05af4
(14) eap: Finished EAP session with state 0x47b9430243a05af4
(14) eap: Previous EAP request found for state 0x47b9430243a05af4, released from the list
(14) eap: Peer sent method PEAP (25)
(14) eap: EAP PEAP (25)
(14) eap: Calling eap_peap to process EAP data
(14) eap_peap: processing EAP-TLS
(14) eap_peap: Received TLS ACK
(14) eap_peap: Received TLS ACK
(14) eap_peap: ACK handshake is finished
(14) eap_peap: eaptls_verify returned 3
(14) eap_peap: eaptls_process returned 3
(14) eap_peap: FR_TLS_SUCCESS
(14) eap_peap: Session established. Decoding tunneled attributes
(14) eap_peap: PEAP state TUNNEL ESTABLISHED
(14) eap: EAP session adding &reply:State = 0x47b9430242a35af4
(14) [eap] = handled
(14) } # authenticate = handled
(14) Sent Access-Challenge Id 48 from 71.46.62.133:1812 to 24.94.145.173:50185 length 101
(14) EAP-Message = 0x011a002b1900170301002063eff583b93a00adb2b8c32c0e6d76fdb770c48a2082c371a49d4e38f7e5e66e
(14) Message-Authenticator = 0x00000000000000000000000000000000
(14) State = 0x47b9430242a35af4cf068da2e811b93b
(14) Finished request
(15) Received Access-Request Id 49 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265
(15) User-Name = 'qaresdon'
(15) NAS-IP-Address = 24.94.145.173
(15) NAS-Identifier = 'Ericsson'
(15) Called-Station-Id = '000d67218560:BHN_E_Secure'
(15) NAS-Port-Type = Wireless-802.11
(15) NAS-Port = 0
(15) Calling-Station-Id = 'e899c47233d8'
(15) Connect-Info = 'CONNECT 0Mbps 802.11b'
(15) Acct-Session-Id = '54ECEF48-000001CB'
(15) Framed-MTU = 1400
(15) EAP-Message = 0x021a005019001703010020444d7703d0633278773a4532f81241a9657d462fe23ff85b61140f4b59dd9bde1703010020d3587111029d8c1912bae09f099a7961f6b45f3f3cbc749e70851e6620453370
(15) State = 0x47b9430242a35af4cf068da2e811b93b
(15) Message-Authenticator = 0xa50f8a0ece481dffa3a3d9ecdf8f3e97
(15) session-state: No cached attributes
(15) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(15) authorize {
(15) [preprocess] = ok
(15) [chap] = noop
(15) [mschap] = noop
(15) [digest] = noop
(15) suffix: Checking for suffix after "@"
(15) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(15) suffix: No such realm "NULL"
(15) [suffix] = noop
(15) eap: Peer sent code Response (2) ID 26 length 80
(15) eap: Continuing tunnel setup
(15) [eap] = ok
(15) } # authorize = ok
(15) Found Auth-Type = EAP
(15) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(15) authenticate {
(15) eap: Expiring EAP session with state 0x47b9430242a35af4
(15) eap: Finished EAP session with state 0x47b9430242a35af4
(15) eap: Previous EAP request found for state 0x47b9430242a35af4, released from the list
(15) eap: Peer sent method PEAP (25)
(15) eap: EAP PEAP (25)
(15) eap: Calling eap_peap to process EAP data
(15) eap_peap: processing EAP-TLS
(15) eap_peap: eaptls_verify returned 7
(15) eap_peap: Done initial handshake
(15) eap_peap: eaptls_process returned 7
(15) eap_peap: FR_TLS_OK
(15) eap_peap: Session established. Decoding tunneled attributes
(15) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(15) eap_peap: Identity - qaresdon
(15) eap_peap: Got inner identity 'qaresdon'
(15) eap_peap: Setting default EAP type for tunneled EAP session
(15) eap_peap: Got tunneled request
(15) eap_peap: EAP-Message = 0x021a000d017161726573646f6e
(15) eap_peap: Setting User-Name to qaresdon
(15) eap_peap: Sending tunneled request to inner-tunnel
(15) eap_peap: EAP-Message = 0x021a000d017161726573646f6e
(15) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(15) eap_peap: User-Name = 'qaresdon'
(15) Virtual server received request
(15) EAP-Message = 0x021a000d017161726573646f6e
(15) FreeRADIUS-Proxied-To = 127.0.0.1
(15) User-Name = 'qaresdon'
(15) server inner-tunnel {
(15) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(15) authorize {
(15) suffix: Checking for suffix after "@"
(15) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(15) suffix: No such realm "NULL"
(15) [suffix] = noop
(15) update control {
(15) &Proxy-To-Realm := 'LOCAL'
(15) } # update control = noop
(15) eap: Peer sent code Response (2) ID 26 length 13
(15) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(15) [eap] = ok
(15) } # authorize = ok
(15) Found Auth-Type = EAP
(15) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(15) authenticate {
(15) eap: Peer sent method Identity (1)
(15) eap: Calling eap_mschapv2 to process EAP data
(15) eap_mschapv2: Issuing Challenge
(15) eap: EAP session adding &reply:State = 0xdc34bc88dc2fa69e
(15) [eap] = handled
(15) } # authenticate = handled
(15) } # server inner-tunnel
(15) Virtual server sending reply
(15) EAP-Message = 0x011b00221a011b001d102ae72db84059d876a035665b490aebec7161726573646f6e
(15) Message-Authenticator = 0x00000000000000000000000000000000
(15) State = 0xdc34bc88dc2fa69e3a967a1782d5e125
(15) eap_peap: Got tunneled reply code 11
(15) eap_peap: EAP-Message = 0x011b00221a011b001d102ae72db84059d876a035665b490aebec7161726573646f6e
(15) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(15) eap_peap: State = 0xdc34bc88dc2fa69e3a967a1782d5e125
(15) eap_peap: Got tunneled reply RADIUS code 11
(15) eap_peap: EAP-Message = 0x011b00221a011b001d102ae72db84059d876a035665b490aebec7161726573646f6e
(15) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(15) eap_peap: State = 0xdc34bc88dc2fa69e3a967a1782d5e125
(15) eap_peap: Got tunneled Access-Challenge
(15) eap: EAP session adding &reply:State = 0x47b9430241a25af4
(15) [eap] = handled
(15) } # authenticate = handled
(15) Sent Access-Challenge Id 49 from 71.46.62.133:1812 to 24.94.145.173:50185 length 133
(15) EAP-Message = 0x011b004b19001703010040eba179c7a8505b77d573fb759f610e4a5f743948c449478c807b91e8588153d8ef0cdb1a703ce8b511797f517c3f932de933b6847f4d6edf7d6f7ce22c1990fa
(15) Message-Authenticator = 0x00000000000000000000000000000000
(15) State = 0x47b9430241a25af4cf068da2e811b93b
(15) Finished request
(16) Received Access-Request Id 50 from 24.94.145.173:50185 to 71.46.62.133:1812 length 329
(16) User-Name = 'qaresdon'
(16) NAS-IP-Address = 24.94.145.173
(16) NAS-Identifier = 'Ericsson'
(16) Called-Station-Id = '000d67218560:BHN_E_Secure'
(16) NAS-Port-Type = Wireless-802.11
(16) NAS-Port = 0
(16) Calling-Station-Id = 'e899c47233d8'
(16) Connect-Info = 'CONNECT 0Mbps 802.11b'
(16) Acct-Session-Id = '54ECEF48-000001CB'
(16) Framed-MTU = 1400
(16) EAP-Message = 0x021b00901900170301002007b2b83d6d25735150eccfd6bedee257068a23e21a51dab5c01352d1fd1d57cf17030100606591f863055ce53e41c486531210405f4d3ec5802ecbb7cb424108933a1ed369395e72b5c2ce7dc22f0156346f94b810bf4022d97edc3bd5eb980518b7b22a006e9d18a74b4ee2
(16) State = 0x47b9430241a25af4cf068da2e811b93b
(16) Message-Authenticator = 0xb3f1450970a5b899594f603443443972
(16) session-state: No cached attributes
(16) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(16) authorize {
(16) [preprocess] = ok
(16) [chap] = noop
(16) [mschap] = noop
(16) [digest] = noop
(16) suffix: Checking for suffix after "@"
(16) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(16) suffix: No such realm "NULL"
(16) [suffix] = noop
(16) eap: Peer sent code Response (2) ID 27 length 144
(16) eap: Continuing tunnel setup
(16) [eap] = ok
(16) } # authorize = ok
(16) Found Auth-Type = EAP
(16) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(16) authenticate {
(16) eap: Expiring EAP session with state 0xdc34bc88dc2fa69e
(16) eap: Finished EAP session with state 0x47b9430241a25af4
(16) eap: Previous EAP request found for state 0x47b9430241a25af4, released from the list
(16) eap: Peer sent method PEAP (25)
(16) eap: EAP PEAP (25)
(16) eap: Calling eap_peap to process EAP data
(16) eap_peap: processing EAP-TLS
(16) eap_peap: eaptls_verify returned 7
(16) eap_peap: Done initial handshake
(16) eap_peap: eaptls_process returned 7
(16) eap_peap: FR_TLS_OK
(16) eap_peap: Session established. Decoding tunneled attributes
(16) eap_peap: PEAP state phase2
(16) eap_peap: EAP type MSCHAPv2 (26)
(16) eap_peap: Got tunneled request
(16) eap_peap: EAP-Message = 0x021b00431a021b003e319d9b639720f94a20f9ce128df6bedfe800000000000000004c210c60184f767971ea8f80350a57d991e3a9d36b734b49007161726573646f6e
(16) eap_peap: Setting User-Name to qaresdon
(16) eap_peap: Sending tunneled request to inner-tunnel
(16) eap_peap: EAP-Message = 0x021b00431a021b003e319d9b639720f94a20f9ce128df6bedfe800000000000000004c210c60184f767971ea8f80350a57d991e3a9d36b734b49007161726573646f6e
(16) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(16) eap_peap: User-Name = 'qaresdon'
(16) eap_peap: State = 0xdc34bc88dc2fa69e3a967a1782d5e125
(16) Virtual server received request
(16) EAP-Message = 0x021b00431a021b003e319d9b639720f94a20f9ce128df6bedfe800000000000000004c210c60184f767971ea8f80350a57d991e3a9d36b734b49007161726573646f6e
(16) FreeRADIUS-Proxied-To = 127.0.0.1
(16) User-Name = 'qaresdon'
(16) State = 0xdc34bc88dc2fa69e3a967a1782d5e125
(16) server inner-tunnel {
(16) session-state: No cached attributes
(16) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(16) authorize {
(16) suffix: Checking for suffix after "@"
(16) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(16) suffix: No such realm "NULL"
(16) [suffix] = noop
(16) update control {
(16) &Proxy-To-Realm := 'LOCAL'
(16) } # update control = noop
(16) eap: Peer sent code Response (2) ID 27 length 67
(16) eap: No EAP Start, assuming it's an on-going EAP conversation
(16) [eap] = updated
(16) [files] = noop
(16) update control {
(16) Cache-Status-Only = yes
(16) } # update control = noop
(16) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
(16) cache: --> qaresdone899c47233d8
(16) cache: Found entry for "qaresdone899c47233d8"
(16) [cache] = ok
(16) if (notfound) {
(16) if (notfound) -> FALSE
(16) else {
(16) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
(16) cache: --> qaresdone899c47233d8
(16) cache: Found entry for "qaresdone899c47233d8"
(16) cache: Merging cache entry into request
(16) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef
(16) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565
(16) [cache] = ok
(16) } # else = ok
(16) [mschap] = noop
(16) [expiration] = noop
(16) [logintime] = noop
(16) } # authorize = updated
(16) Found Auth-Type = EAP
(16) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(16) authenticate {
(16) eap: Expiring EAP session with state 0xdc34bc88dc2fa69e
(16) eap: Finished EAP session with state 0xdc34bc88dc2fa69e
(16) eap: Previous EAP request found for state 0xdc34bc88dc2fa69e, released from the list
(16) eap: Peer sent method MSCHAPv2 (26)
(16) eap: EAP MSCHAPv2 (26)
(16) eap: Calling eap_mschapv2 to process EAP data
(16) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(16) eap_mschapv2: Auth-Type MS-CHAP {
(16) mschap: Found NT-Password
(16) mschap: Found LM-Password
(16) mschap: Creating challenge hash with username: qaresdon
(16) mschap: Client is using MS-CHAPv2
(16) mschap: Adding MS-CHAPv2 MPPE keys
(16) [mschap] = ok
(16) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
(16) cache: --> qaresdone899c47233d8
(16) cache: Found entry for "qaresdone899c47233d8"
(16) cache: Merging cache entry into request
(16) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef
(16) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565
(16) [cache.authorize] = ok
(16) } # Auth-Type MS-CHAP = ok
MSCHAP Success
(16) eap: EAP session adding &reply:State = 0xdc34bc88dd28a69e
(16) [eap] = handled
(16) } # authenticate = handled
(16) } # server inner-tunnel
(16) Virtual server sending reply
(16) EAP-Message = 0x011c00331a031b002e533d35414239433738313732353138424137433742444544414435323741353843373130323039393842
(16) Message-Authenticator = 0x00000000000000000000000000000000
(16) State = 0xdc34bc88dd28a69e3a967a1782d5e125
(16) eap_peap: Got tunneled reply code 11
(16) eap_peap: EAP-Message = 0x011c00331a031b002e533d35414239433738313732353138424137433742444544414435323741353843373130323039393842
(16) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(16) eap_peap: State = 0xdc34bc88dd28a69e3a967a1782d5e125
(16) eap_peap: Got tunneled reply RADIUS code 11
(16) eap_peap: EAP-Message = 0x011c00331a031b002e533d35414239433738313732353138424137433742444544414435323741353843373130323039393842
(16) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(16) eap_peap: State = 0xdc34bc88dd28a69e3a967a1782d5e125
(16) eap_peap: Got tunneled Access-Challenge
(16) eap: EAP session adding &reply:State = 0x47b9430240a55af4
(16) [eap] = handled
(16) } # authenticate = handled
(16) Sent Access-Challenge Id 50 from 71.46.62.133:1812 to 24.94.145.173:50185 length 149
(16) EAP-Message = 0x011c005b19001703010050faeddc27bdb1e63f8337eff705fe22de37ffec1ba614a61c61c75153252f3442fa5cee3a75d6742dfa5a7fbf8ea3472fb669d56643de844783d6509ff4318ed1d9247686bca35619614d64df96bf2dc3
(16) Message-Authenticator = 0x00000000000000000000000000000000
(16) State = 0x47b9430240a55af4cf068da2e811b93b
(16) Finished request
(17) Received Access-Request Id 51 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265
(17) User-Name = 'qaresdon'
(17) NAS-IP-Address = 24.94.145.173
(17) NAS-Identifier = 'Ericsson'
(17) Called-Station-Id = '000d67218560:BHN_E_Secure'
(17) NAS-Port-Type = Wireless-802.11
(17) NAS-Port = 0
(17) Calling-Station-Id = 'e899c47233d8'
(17) Connect-Info = 'CONNECT 0Mbps 802.11b'
(17) Acct-Session-Id = '54ECEF48-000001CB'
(17) Framed-MTU = 1400
(17) EAP-Message = 0x021c005019001703010020ddca3edd4477d26108d00beab500bbfcfa9b8951e1e049f9ebe4d5ada15745901703010020599c4141407f203a141fa9c50115e48414b543c36ee62c5af097f2e0ce3feaa4
(17) State = 0x47b9430240a55af4cf068da2e811b93b
(17) Message-Authenticator = 0x05b9d64e3540d0dd8a94b759ec9d3190
(17) session-state: No cached attributes
(17) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(17) authorize {
(17) [preprocess] = ok
(17) [chap] = noop
(17) [mschap] = noop
(17) [digest] = noop
(17) suffix: Checking for suffix after "@"
(17) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(17) suffix: No such realm "NULL"
(17) [suffix] = noop
(17) eap: Peer sent code Response (2) ID 28 length 80
(17) eap: Continuing tunnel setup
(17) [eap] = ok
(17) } # authorize = ok
(17) Found Auth-Type = EAP
(17) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(17) authenticate {
(17) eap: Expiring EAP session with state 0xdc34bc88dd28a69e
(17) eap: Finished EAP session with state 0x47b9430240a55af4
(17) eap: Previous EAP request found for state 0x47b9430240a55af4, released from the list
(17) eap: Peer sent method PEAP (25)
(17) eap: EAP PEAP (25)
(17) eap: Calling eap_peap to process EAP data
(17) eap_peap: processing EAP-TLS
(17) eap_peap: eaptls_verify returned 7
(17) eap_peap: Done initial handshake
(17) eap_peap: eaptls_process returned 7
(17) eap_peap: FR_TLS_OK
(17) eap_peap: Session established. Decoding tunneled attributes
(17) eap_peap: PEAP state phase2
(17) eap_peap: EAP type MSCHAPv2 (26)
(17) eap_peap: Got tunneled request
(17) eap_peap: EAP-Message = 0x021c00061a03
(17) eap_peap: Setting User-Name to qaresdon
(17) eap_peap: Sending tunneled request to inner-tunnel
(17) eap_peap: EAP-Message = 0x021c00061a03
(17) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(17) eap_peap: User-Name = 'qaresdon'
(17) eap_peap: State = 0xdc34bc88dd28a69e3a967a1782d5e125
(17) Virtual server received request
(17) EAP-Message = 0x021c00061a03
(17) FreeRADIUS-Proxied-To = 127.0.0.1
(17) User-Name = 'qaresdon'
(17) State = 0xdc34bc88dd28a69e3a967a1782d5e125
(17) server inner-tunnel {
(17) session-state: No cached attributes
(17) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(17) authorize {
(17) suffix: Checking for suffix after "@"
(17) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(17) suffix: No such realm "NULL"
(17) [suffix] = noop
(17) update control {
(17) &Proxy-To-Realm := 'LOCAL'
(17) } # update control = noop
(17) eap: Peer sent code Response (2) ID 28 length 6
(17) eap: No EAP Start, assuming it's an on-going EAP conversation
(17) [eap] = updated
(17) [files] = noop
(17) update control {
(17) Cache-Status-Only = yes
(17) } # update control = noop
(17) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
(17) cache: --> qaresdone899c47233d8
(17) cache: Found entry for "qaresdone899c47233d8"
(17) [cache] = ok
(17) if (notfound) {
(17) if (notfound) -> FALSE
(17) else {
(17) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id}
(17) cache: --> qaresdone899c47233d8
(17) cache: Found entry for "qaresdone899c47233d8"
(17) cache: Merging cache entry into request
(17) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef
(17) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565
(17) [cache] = ok
(17) } # else = ok
(17) [mschap] = noop
(17) [expiration] = noop
(17) [logintime] = noop
(17) } # authorize = updated
(17) Found Auth-Type = EAP
(17) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(17) authenticate {
(17) eap: Expiring EAP session with state 0xdc34bc88dd28a69e
(17) eap: Finished EAP session with state 0xdc34bc88dd28a69e
(17) eap: Previous EAP request found for state 0xdc34bc88dd28a69e, released from the list
(17) eap: Peer sent method MSCHAPv2 (26)
(17) eap: EAP MSCHAPv2 (26)
(17) eap: Calling eap_mschapv2 to process EAP data
(17) eap: Freeing handler
(17) [eap] = ok
(17) } # authenticate = ok
(17) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
(17) post-auth {
(17) policy cui-inner.post-auth {
(17) if (&outer.request:Chargeable-User-Identity && (&outer.request:Operator-Name || ('no' != 'yes'))) {
(17) if (&outer.request:Chargeable-User-Identity && (&outer.request:Operator-Name || ('no' != 'yes'))) -> FALSE
(17) } # policy cui-inner.post-auth = noop
(17) } # post-auth = noop
(17) } # server inner-tunnel
(17) Virtual server sending reply
(17) MS-MPPE-Encryption-Policy = Encryption-Required
(17) MS-MPPE-Encryption-Types = 4
(17) MS-MPPE-Send-Key = 0x71faf100c184bb80a7f5759128728a51
(17) MS-MPPE-Recv-Key = 0xe1fa5d528b2f14d5d87c9ab1f5be29e1
(17) EAP-Message = 0x031c0004
(17) Message-Authenticator = 0x00000000000000000000000000000000
(17) User-Name = 'qaresdon'
(17) eap_peap: Got tunneled reply code 2
(17) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Required
(17) eap_peap: MS-MPPE-Encryption-Types = 4
(17) eap_peap: MS-MPPE-Send-Key = 0x71faf100c184bb80a7f5759128728a51
(17) eap_peap: MS-MPPE-Recv-Key = 0xe1fa5d528b2f14d5d87c9ab1f5be29e1
(17) eap_peap: EAP-Message = 0x031c0004
(17) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(17) eap_peap: User-Name = 'qaresdon'
(17) eap_peap: Got tunneled reply RADIUS code 2
(17) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Required
(17) eap_peap: MS-MPPE-Encryption-Types = 4
(17) eap_peap: MS-MPPE-Send-Key = 0x71faf100c184bb80a7f5759128728a51
(17) eap_peap: MS-MPPE-Recv-Key = 0xe1fa5d528b2f14d5d87c9ab1f5be29e1
(17) eap_peap: EAP-Message = 0x031c0004
(17) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(17) eap_peap: User-Name = 'qaresdon'
(17) eap_peap: Tunneled authentication was successful
(17) eap_peap: SUCCESS
(17) eap: EAP session adding &reply:State = 0x47b943024fa45af4
(17) [eap] = handled
(17) } # authenticate = handled
(17) Sent Access-Challenge Id 51 from 71.46.62.133:1812 to 24.94.145.173:50185 length 101
(17) EAP-Message = 0x011d002b19001703010020c1cb8a2adaec97068fce3c79138415311733e76fbb606ebea6434e6cf31d0784
(17) Message-Authenticator = 0x00000000000000000000000000000000
(17) State = 0x47b943024fa45af4cf068da2e811b93b
(17) Finished request
(18) Received Access-Request Id 52 from 24.94.145.173:50185 to 71.46.62.133:1812 length 265
(18) User-Name = 'qaresdon'
(18) NAS-IP-Address = 24.94.145.173
(18) NAS-Identifier = 'Ericsson'
(18) Called-Station-Id = '000d67218560:BHN_E_Secure'
(18) NAS-Port-Type = Wireless-802.11
(18) NAS-Port = 0
(18) Calling-Station-Id = 'e899c47233d8'
(18) Connect-Info = 'CONNECT 0Mbps 802.11b'
(18) Acct-Session-Id = '54ECEF48-000001CB'
(18) Framed-MTU = 1400
(18) EAP-Message = 0x021d005019001703010020be84dba5e26b02d5cc27cdb27b51b4ff52bf7e95784ea825407ff03eaa95503017030100204903da62e5726b1c3bc71038c976a85512437c366aa52cb1818da43663d6bd6f
(18) State = 0x47b943024fa45af4cf068da2e811b93b
(18) Message-Authenticator = 0xfbe02e1d66841105f13857477767a3bc
(18) session-state: No cached attributes
(18) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(18) authorize {
(18) [preprocess] = ok
(18) [chap] = noop
(18) [mschap] = noop
(18) [digest] = noop
(18) suffix: Checking for suffix after "@"
(18) suffix: No '@' in User-Name = "qaresdon", looking up realm NULL
(18) suffix: No such realm "NULL"
(18) [suffix] = noop
(18) eap: Peer sent code Response (2) ID 29 length 80
(18) eap: Continuing tunnel setup
(18) [eap] = ok
(18) } # authorize = ok
(18) Found Auth-Type = EAP
(18) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(18) authenticate {
(18) eap: Expiring EAP session with state 0x47b943024fa45af4
(18) eap: Finished EAP session with state 0x47b943024fa45af4
(18) eap: Previous EAP request found for state 0x47b943024fa45af4, released from the list
(18) eap: Peer sent method PEAP (25)
(18) eap: EAP PEAP (25)
(18) eap: Calling eap_peap to process EAP data
(18) eap_peap: processing EAP-TLS
(18) eap_peap: eaptls_verify returned 7
(18) eap_peap: Done initial handshake
(18) eap_peap: eaptls_process returned 7
(18) eap_peap: FR_TLS_OK
(18) eap_peap: Session established. Decoding tunneled attributes
(18) eap_peap: PEAP state send tlv success
(18) eap_peap: Received EAP-TLV response
(18) eap_peap: Success
(18) eap: Freeing handler
(18) [eap] = ok
(18) } # authenticate = ok
(18) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
(18) post-auth {
(18) update {
(18) No attributes updated
(18) } # update = noop
(18) linelog: EXPAND Accounting-Request.%{%{Acct-Status-Type}:-unknown}
(18) linelog: --> Accounting-Request.unknown
(18) linelog: EXPAND /var/log/radius/linelog
(18) linelog: --> /var/log/radius/linelog
(18) linelog: EXPAND NAS %{Packet-Src-IP-Address} (%{NAS-IP-Address}) sent unknown Acct-Status-Type %{Acct-Status-Type}
(18) linelog: --> NAS 24.94.145.173 (24.94.145.173) sent unknown Acct-Status-Type
(18) [linelog] = ok
(18) [exec] = noop
(18) policy remove_reply_message_if_eap {
(18) if (&reply:EAP-Message && &reply:Reply-Message) {
(18) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(18) else {
(18) [noop] = noop
(18) } # else = noop
(18) } # policy remove_reply_message_if_eap = noop
(18) } # post-auth = ok
(18) Sent Access-Accept Id 52 from 71.46.62.133:1812 to 24.94.145.173:50185 length 170
(18) MS-MPPE-Recv-Key = 0x0fc71a3238ac879ef11f6f3f497abbc7a45f6f6524e89cad187536b10962f480
(18) MS-MPPE-Send-Key = 0x24b64b9cc9e8192e9b5c15773e0f5af470c32a8428c2380f98478063b3a35296
(18) EAP-Message = 0x031d0004
(18) Message-Authenticator = 0x00000000000000000000000000000000
(18) User-Name = 'qaresdon'
(18) Finished request
________________________________
CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.
More information about the Freeradius-Users
mailing list