use_tunneled_reply = yes didn't help.
Frank Rizzo
thefrankrizzo at hotmail.com
Sat Nov 21 20:31:11 CET 2015
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=251,
length=183
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message = 0x02c5000b017461626c6574
Message-Authenticator = 0xf86acd8486eaaabfafc1a356ea10b38b
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 197 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 251 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message = 0x01c600061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917550e891b34941288bb4105c0ef705
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=252,
length=386
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message =
0x02c600c41980000000ba16030100b5010000b103017f67e346c0431d8dcf092eb57b8914bb57a817bfd74a9be5159181b93ffe4b95000048c014c00a00390038c00fc0050035c013c00900330032c00ec004002fc011c007c00cc00200050004c012c00800160013c00dc003000a0015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
State = 0x917550e891b34941288bb4105c0ef705
Message-Authenticator = 0xeb66c871d700995ee41490904dca75f2
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 198 length 196
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 186
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00b5], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0568], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 252 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01c7040019c00000070416030100390200003503019b321add7f5e76be25b5437e90b74b6bd6e853d9991cea6f964fab92b979deba00c01400000dff01000100000b00040300010216030105680b000564000561000301308202fd30820266a003020102020101300d06092a864886f70d01010d05003043310b30090603550406130255533112301006035504080c0954656e6e65737365653120301e060355040a0c175370616461726f20546563686e6f6c6f67792c204c4c433020170d3135313131373233313531325a180f32313135313032343233313531325a3043310b30090603550406130255533112301006035504080c0954656e6e6573
EAP-Message =
0x7365653120301e060355040a0c175370616461726f20546563686e6f6c6f67792c204c4c4330820122300d06092a864886f70d01010105000382010f003082010a0282010100a0780742ecfc6191f036b3e2f8367fb1fbeef89afe9ec448dae36b31d8e22c0b49a3d47b4cdcab2043861bba25d2037c9ede8620d714539eacf9ddb9d23ed6546d19d531f200b950c606883ed9720f8fb3de1d95931f2c75ec8cf8309c1b79763b1e3ba3c7a1b3de1949f5cc73cc44cee42c2d81455bf60e8a61162cd70372ac2ab42d800e289bdb4a0009fed19ef4118d6a041fcac0ff07b9c13199e88cabd26e8abe2276a9ce1745314fdd4a4b9b839f193b90cd530a
EAP-Message =
0xa0c1b6a0abadfe61fd6d5b40f5bf9109f25b06387ff07d08ef7a8d29b08dec04fadd1ccb0a08779f7a369ccea85334ab6453cef41e692915729f5d0a98d36e016aab8992e6693ac7a70203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414e8df0c600ba256c720b15a7be9b87377420b989a301f0603551d2304183016801419684c3f6468cf3895c218360b11975bab61e3a6300d06092a864886f70d01010d0500038181002339b74bde9a77fc44269fe83d5146725fd00625b38feccf7bdf9ec114eb1b
EAP-Message =
0xf74b5429d55073834c9a6c0ca42626478983436c2221b119fdd608e7ffaf51f11500f1d0ea82cbb954009c4fecf5464872e4df45684219f7cac7c8e22ab07539d3464a997d20bad82332b4b6bdbd3019068f70a1fb27f7010e9286f6dc90888f2700025a30820256308201bfa00302010202090085a529d1b92096ca300d06092a864886f70d01010505003043310b30090603550406130255533112301006035504080c0954656e6e65737365653120301e060355040a0c175370616461726f20546563686e6f6c6f67792c204c4c433020170d3135313131373232353832355a180f32313135313032343232353832355a3043310b30090603550406
EAP-Message = 0x130255533112301006035504
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917550e890b24941288bb4105c0ef705
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=253,
length=196
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message = 0x02c700061900
State = 0x917550e890b24941288bb4105c0ef705
Message-Authenticator = 0xa26fc5f1773aab2017963dcad7b63be3
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 199 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 253 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01c803141900080c0954656e6e65737365653120301e060355040a0c175370616461726f20546563686e6f6c6f67792c204c4c4330819f300d06092a864886f70d010101050003818d0030818902818100af2d5f7c4d279a39e1376726be4f2b1cb98a540ff7d18104f3afc174d3916c6f96c0e964493ce776aa463bf814a547316dfe60cb6504ddbe122d9fa86a1a3f4b2ff03079f4e84089b6cf20165ce9b29aef64f70adb556de83f5f5704c55b6d239d80c14389a90a05497b3eacd64b382f93226b32221100411639d9d58bdd9bcb0203010001a350304e301d0603551d0e0416041419684c3f6468cf3895c218360b11975bab61e3a6301f0603
EAP-Message =
0x551d2304183016801419684c3f6468cf3895c218360b11975bab61e3a6300c0603551d13040530030101ff300d06092a864886f70d0101050500038181007fe26d67e3de909761c98ce994d8790b13eaba7fb7396b0f182bd843dc9e5aac1de9c914ce9b202bcfe508b374e3dbacf84b9f5a42d20d2dda4a4ac4d26c8723363525ba781b53d00341588e2c7880a73463a5f434c9b74167261b93327e3663bba16f71b18e16cc7c8235dad39834ebbec0c1d1110a9ff1b465068096fa57fd160301014b0c00014703001741047679dd6db734f887aa6b38bb24102f8c052928d7d75fbd20031f2e8f4d5d61cbe348a28fcc76767ba703a40368270ebf6a
EAP-Message =
0x0041e79490abce16b9bd9b7084761701007af12ee745c2fcd71bab886ed7c36e20fbac3249f6732b973731d238abf00679835cdd606fecd211f5314fa15a19eaf1b700e8784f15d8c79c5975d740c8411e1179abade180ae837997eb6141c720b649e214f8048a8ce025eea14a8af4fd6f358829d21586905e8131417cc7592b7b7013ad49cf81b22057862b5842b38dd71fca98da919ee8105bcbfa6dabe2c5e32acd689bff74317a5f4f55f4b643d22fd50d11d6ab5c0268f581f96198787497cbbea8bc9864ea78e253b1c767f23c73ebe72ff75fca932d0e7f7b39108f444e3dbf6da6370e229fdc4f482d959542113ec9a64f3a3577a2bb983c07
EAP-Message =
0x52b51a9d5c79e625d699a899d06351f4490c59e716030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917550e893bd4941288bb4105c0ef705
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=254,
length=334
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message =
0x02c800901980000000861603010046100000424104612cf44d7e729733eb608cb15e8dfd6d9ef25472a68a71986eb213b1c527e22bd8fe4e6ff2a8f4fbb10d003a9d7353d8df77e27751a2fe15afeee105e6d142871403010001011603010030a96110b161723d3ce61ba7e70157340edc865a71e027327139f497a6a84bdce076a06790ef668e0090805e1e1fd0c20e
State = 0x917550e893bd4941288bb4105c0ef705
Message-Authenticator = 0x5c697603b1ddc7fb14010a90bafaf4a0
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 200 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 254 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01c9004119001403010001011603010030a82dc2c9c6cf42bdaef48b695a8fed24f569375a823b3cd9ff4ea764bd3c4ef6c68beb4cd5a026153fd4df114cccc540
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917550e892bc4941288bb4105c0ef705
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=255,
length=196
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message = 0x02c900061900
State = 0x917550e892bc4941288bb4105c0ef705
Message-Authenticator = 0xc76bd2e114b5126f385a935995cc4dc8
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 201 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 255 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01ca002b190017030100200129b2574e23249725f491d24ce3a51f5af9a5d335d2a5e0011b11fab2b3921c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917550e895bf4941288bb4105c0ef705
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=0,
length=233
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message =
0x02ca002b1900170301002060a51aaf1a2d1bf962522dac72ecbd302abde3e0f5b98859fc8029066164e5cb
State = 0x917550e895bf4941288bb4105c0ef705
Message-Authenticator = 0x88ba7fe8a5662f50f591e8d3b17726aa
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 202 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - user1
[peap] Got inner identity 'user1'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x02ca000b017461626c6574
server {
[peap] Setting User-Name to user1
Sending tunneled request
EAP-Message = 0x02ca000b017461626c6574
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "user1"
server {
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 202 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01cb00201a01cb001b10929e6d3f6ef440ceb8c34a425881810a7461626c6574
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268f76a626446c9ec5d048383d010e48
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01cb00201a01cb001b10929e6d3f6ef440ceb8c34a425881810a7461626c6574
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268f76a626446c9ec5d048383d010e48
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01cb004b19001703010040a4177d6702834558d60f6381ba3f99bf4a15f730a7a400f0136789ba9396fb8ba33f38990b6d54319627923e8457f13bd688e23dd466169de164a97ca4a48a68
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917550e894be4941288bb4105c0ef705
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=1,
length=297
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message =
0x02cb006b1900170301006090ea1fff1b97c40276d50a887c5c2a22960b0b516fcc286b2d1cc84083d04af16fb738b00a7a373071f00490d0fc9ce5b7fd1585f5f3e6ba5b41a1c04b20372cebe02fb2d2f5f5776b04d29cfb906f4372836e42295228a884e9a3da7c2ea839
State = 0x917550e894be4941288bb4105c0ef705
Message-Authenticator = 0xd82f68f4d78ebb910dd21f4f74d36866
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 203 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x02cb00411a02cb003c3142c766962484f2a9be0af0f3574d28ee00000000000000008807a5c83f70b79e7fea1c6063d30f75f024e43aeb8c4d6b007461626c6574
server {
[peap] Setting User-Name to user1
Sending tunneled request
EAP-Message =
0x02cb00411a02cb003c3142c766962484f2a9be0af0f3574d28ee00000000000000008807a5c83f70b79e7fea1c6063d30f75f024e43aeb8c4d6b007461626c6574
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "user1"
State = 0x268f76a626446c9ec5d048383d010e48
server {
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 203 length 65
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/radiusd.conf
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: user1
[mschap] Told to do MS-CHAPv2 for user1 with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01cc00331a03cb002e533d30373830344632433841383839333544394433333242454632303138353942393038463837364244
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268f76a627436c9ec5d048383d010e48
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01cc00331a03cb002e533d30373830344632433841383839333544394433333242454632303138353942393038463837364244
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x268f76a627436c9ec5d048383d010e48
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 1 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01cc005b1900170301005065de0238ee1e67d30eca294839cd0e6cc3dabb8571164bb5588161f2cc9aa8dfea591448b1adfd13e923351b88e5d8d832de1db16dc60880ba83db4d61993fced5912fdbfd734f044a3f347c1b944b9b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917550e897b94941288bb4105c0ef705
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=2,
length=233
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message =
0x02cc002b1900170301002032853ec08f16a984dad8da9f0c25be31bf1dd8555291adfa1ee61f11efc2cd57
State = 0x917550e897b94941288bb4105c0ef705
Message-Authenticator = 0x3f5dba59f662768e1bb4bfeb8615fc64
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 204 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x02cc00061a03
server {
[peap] Setting User-Name to user1
Sending tunneled request
EAP-Message = 0x02cc00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "user1"
State = 0x268f76a627436c9ec5d048383d010e48
server {
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 204 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
} # server
[peap] Got tunneled reply code 2
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0x94432454bfed14fa8344dc218122ba45
MS-MPPE-Recv-Key = 0x931298b00312d7cc50a87645bd9dc3c0
EAP-Message = 0x03cc0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "user1"
[peap] Got tunneled reply RADIUS code 2
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0x94432454bfed14fa8344dc218122ba45
MS-MPPE-Recv-Key = 0x931298b00312d7cc50a87645bd9dc3c0
EAP-Message = 0x03cc0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "user1"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
++[eap] returns handled
Sending Access-Challenge of id 2 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
EAP-Message =
0x01cd002b19001703010020904136118aacb61f3f659de370904699b1e094132bec14d610a6a866c04c2a5b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x917550e896b84941288bb4105c0ef705
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 59195, id=3,
length=233
User-Name = "user1"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "test-desktop"
Called-Station-Id = "34-13-E8-XX-XX-XX:test-desktop"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "08-D4-2B-XX-XX-XX"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "564FAF2B-00000075"
Framed-MTU = 1400
EAP-Message =
0x02cd002b190017030100202f654025ae6021df0bf4de09587b08f96fd8e788033a91902cee93d68643fd7c
State = 0x917550e896b84941288bb4105c0ef705
Message-Authenticator = 0x0ccf874a68e67b444cb93ab4c7e0f368
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
++[preprocess] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 205 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 1
[files] users: Matched entry user1 at line 9
++[files] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
User-Name = "user1"
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 3 to 127.0.0.1 port 59195
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 := "2"
User-Name = "user1"
MS-MPPE-Recv-Key =
0x8431c7c88ceaea7a8579990f02becc3622735e7f8863e6a7dfd452022a9fab2d
MS-MPPE-Send-Key =
0x97d702843ca5e3c72268fb9a9c3e49707c354f218f9288a8df3a276f50e57e36
EAP-Message = 0x03cd0004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 251 with timestamp +11
Cleaning up request 1 ID 252 with timestamp +11
Cleaning up request 2 ID 253 with timestamp +11
Cleaning up request 3 ID 254 with timestamp +11
Cleaning up request 4 ID 255 with timestamp +11
Cleaning up request 5 ID 0 with timestamp +11
Cleaning up request 6 ID 1 with timestamp +11
Cleaning up request 7 ID 2 with timestamp +11
Cleaning up request 8 ID 3 with timestamp +11
Ready to process requests.
^C
On Sat, 21 Nov 2015 11:05:10 -0800, Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
wrote:
> radiusd -X
>
> Helps a lot :/
>
> alan
More information about the Freeradius-Users
mailing list