Wi-Fi MAC OSX occascionally fails
John Teasley
ollieteasley at gmail.com
Wed Feb 10 01:03:48 CET 2016
Hello,
While this not really a MacOSX thread, I would do this if it was me:
1. What am I doing when the wireless drops? ( roaming around, do I have
repeaters for an upstairs or downstairs part of the house, etc)
2. Does this happen with any NON-Mac clients?
3. Google the error codes where the interface is dropping.
4. Does this happen when your machine has been idle for awhile?
5. Being that I dont have a Mac in front of, How about looking at the
kernel.log file using tail-f /var/log/kernel ( or where ever it is on a
Mac). Then just wait and see what happens.
SEE : https://arstechnica.com/civis/viewtopic.php?f=19&t=1306083
https://discussions.apple.com/thread/7311467?start=0&tstart=0
Whatever it ends up being, the radius output you posted looks correct.
Ollie Teasley
Linux Administrator
ISMELL.SHOES, LLC
On Tue, Feb 9, 2016 at 5:22 PM, Doug Berman <dougberman at gmail.com> wrote:
> Thanks, John. I didn't think to look at my MAC logs. I took a look syslog
> which is where I think the secure.log has ended up. They are below, any
> clues from the Mac side?
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]:
> IO80211AWDLPeerManager::setAwdlOperatingMode Setting the AWDL operation
> mode from AUTO to SUSPENDED
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]:
> IO80211AWDLPeerManager::setAwdlSuspendedMode() Suspending AWDL,
> enterQuietMode(true)
>
> Feb 9 18:13:37 dougs-MacBook-Pro WiFiAgent[517]: [EAPOLControl.c:180]
> EAPOLControlAuthInfoIsValid(): Ignoring
> SaveCredentialsOnSuccessfulAuthentication since no credentials were
> specified
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: interface
> en is coming UP
>
> Feb 9 18:13:37 --- last message repeated 1 time ---
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: interface
> en is sending notification 0x14
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: AirPort: Link Down on en0.
> Reason 8 (Disassociated because station leaving).
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: interface
> en is going DOWN
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: en0: channel changed to 1
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]:
> en0::IO80211Interface::postMessage bssid changed
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: en0: channel changed to 1
>
> Feb 9 18:13:37 --- last message repeated 1 time ---
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: interface
> en is sending notification 0x14
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: AirPort: Link Up on en0
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: interface
> en is coming UP
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: en0: BSSID changed to
> 0e:18:d6:9b:fe:a9
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]: en0: channel changed to 1
>
> Feb 9 18:13:37 dougs-MacBook-Pro kernel[0]:
> en0::IO80211Interface::postMessage bssid changed
>
> Feb 9 18:13:38 dougs-MacBook-Pro mDNSResponder[90]:
> mDNS_DeregisterInterface: Frequent transitions for interface en0
> (192.168.1.159)
>
> Feb 9 18:13:38 dougs-MacBook-Pro mDNSResponder[90]:
> mDNS_RegisterInterface: Frequent transitions for interface en0
> (FE80:0000:0000:0000:AEBC:32FF:FE86:B073)
>
> Feb 9 18:13:38 dougs-MacBook-Pro configd[52]: LINKLOCAL en0: parent has no
> IP
>
> Feb 9 18:13:38 dougs-MacBook-Pro mDNSResponder[90]:
> mDNS_RegisterInterface: Frequent transitions for interface en0
> (FE80:0000:0000:0000:AEBC:32FF:FE86:B073)
>
> Feb 9 18:13:38 dougs-MacBook-Pro eapolclient[43283]: en0 START uid 501 gid
> 20
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: Unexpected payload found for
> message 9, dataLen 0
>
> Feb 9 18:13:38 dougs-MacBook-Pro configd[52]: network changed:
> v4(en0-:192.168.1.159) DNS-
>
> Feb 9 18:13:38 dougs-MacBook-Pro UserEventAgent[44]: Captive:
> CNPluginHandler en0: Inactive
>
> Feb 9 18:13:38 dougs-MacBook-Pro vmnet-bridge[17522]: Dynamic store
> changed
>
> Feb 9 18:13:38 dougs-MacBook-Pro vmnet-bridge[17522]: Failed to read
> SCproperties for key: State:/Network/Global/IPv4
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: vmnet: VMNetDisconnect: called
> for port bridge102.
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: filter
> detached
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: down
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: detached
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: vmnet: Freeing hub 0.
>
> Feb 9 18:13:38 dougs-MacBook-Pro vmnet-bridge[17522]: Stopping bridge for:
> en0
>
> Feb 9 18:13:38 dougs-MacBook-Pro symptomsd[209]: -[NetworkAnalyticsEngine
> _writeJournalRecord:fromCellFingerprint:key:atLOI:ofKind:lqm:isFaulty:]
> Hashing of the primary key failed. Dropping the journal record.
>
> Feb 9 18:13:38 --- last message repeated 1 time ---
>
> Feb 9 18:13:38 dougs-MacBook-Pro eapolclient[43283]: en0: 802.1X User Mode
>
> Feb 9 18:13:38 dougs-MacBook-Pro Microsoft Outlook[37080]: Stream
> 0x81188c90 is sending an event before being opened
>
> Feb 9 18:13:38 --- last message repeated 1 time ---
>
> Feb 9 18:13:38 dougs-MacBook-Pro Microsoft Outlook[37080]: Stream
> 0x81169060 is sending an event before being opened
>
> Feb 9 18:13:38 --- last message repeated 1 time ---
>
> Feb 9 18:13:38 dougs-MacBook-Pro networkd[162]: -[NETClientConnection
> effectiveBundleID] using process name apsd as bundle ID (this is expected
> for daemons without bundle ID
>
> Feb 9 18:13:38 dougs-MacBook-Pro Microsoft Outlook[37080]:
> dnssd_clientstub DNSServiceProcessResult undefined for
> kDNSServiceFlagsShareConnection subordinate DNSServiceRef 0x7d9dfe00
>
> Feb 9 18:13:38 dougs-MacBook-Pro Microsoft Outlook[37080]: Stream
> 0x7c9f6bc0 is sending an event before being opened
>
> Feb 9 18:13:38 --- last message repeated 1 time ---
>
> Feb 9 18:13:38 dougs-MacBook-Pro Microsoft Outlook[37080]: Stream
> 0x811adc20 is sending an event before being opened
>
> Feb 9 18:13:38 --- last message repeated 1 time ---
>
> Feb 9 18:13:38 dougs-MacBook-Pro networkd[162]: -[NETClientConnection
> effectiveBundleID] using process name apsd as bundle ID (this is expected
> for daemons without bundle ID
>
> Feb 9 18:13:38 --- last message repeated 2 times ---
>
> Feb 9 18:13:38 dougs-MacBook-Pro Google Drive[531]:
> mod_SCNetworkReachabilityCallBack
>
> Feb 9 18:13:38 --- last message repeated 1 time ---
>
> Feb 9 18:13:38 dougs-MacBook-Pro networkd[162]: -[NETClientConnection
> effectiveBundleID] using process name apsd as bundle ID (this is expected
> for daemons without bundle ID
>
> Feb 9 18:13:38 dougs-MacBook-Pro eapolclient[43283]: en0 EAP-PEAP:
> successfully authenticated
>
> Feb 9 18:13:38 dougs-MacBook-Pro com.apple.WebKit.WebContent[40474]:
> [18:13:38.445] <<<< CRABS >>>> crabsFlumeHostUnavailable: [0x7f9eb285bcd0]
> Byte flume reports host unavailable.
>
> Feb 9 18:13:38 dougs-MacBook-Pro com.apple.WebKit.WebContent[40474]:
> [18:13:38.445] <<<< CRABS >>>> crabsFlumeHostUnavailable: [0x7f9eb2882950]
> Byte flume reports host unavailable.
>
> Feb 9 18:13:38 dougs-MacBook-Pro networkd[162]: -[NETClientConnection
> effectiveBundleID] using process name apsd as bundle ID (this is expected
> for daemons without bundle ID
>
> Feb 9 18:13:38 dougs-MacBook-Pro com.apple.WebKit.WebContent[40474]:
> [18:13:38.449] <<<< CRABS >>>> crabsFlumeHostUnavailable: [0x7f9eb06e4c30]
> Byte flume reports host unavailable.
>
> Feb 9 18:13:38 dougs-MacBook-Pro com.apple.WebKit.WebContent[40474]:
> [18:13:38.450] <<<< CRABS >>>> crabsFlumeHostUnavailable: [0x7f9eb29c2b80]
> Byte flume reports host unavailable.
>
> Feb 9 18:13:38 dougs-MacBook-Pro networkd[162]: -[NETClientConnection
> effectiveBundleID] using process name apsd as bundle ID (this is expected
> for daemons without bundle ID
>
> Feb 9 18:13:38 --- last message repeated 1 time ---
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: AirPort: RSN handshake
> complete on en0
>
> Feb 9 18:13:38 dougs-MacBook-Pro symptomsd[209]: -[NetworkAnalyticsEngine
> _writeJournalRecord:fromCellFingerprint:key:atLOI:ofKind:lqm:isFaulty:]
> Hashing of the primary key failed. Dropping the journal record.
>
> Feb 9 18:13:38 dougs-MacBook-Pro symptomsd[209]:
> __73-[NetworkAnalyticsEngine
> observeValueForKeyPath:ofObject:change:context:]_block_invoke unexpected
> switch value 2
>
> Feb 9 18:13:38 dougs-MacBook-Pro netbiosd[43277]:
> network_reachability_changed : network is not reachable, netbiosd is
> shutting down
>
> Feb 9 18:13:38 dougs-MacBook-Pro eapolclient[43283]: en0 STOP
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: en0: BSSID changed to
> 0e:18:d6:9b:fe:a9
>
> Feb 9 18:13:38 dougs-MacBook-Pro kernel[0]: en0: channel changed to 1
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: en0: BSSID changed to
> 0e:18:d6:9b:fe:a9
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: en0: channel changed to 1
>
> Feb 9 18:13:39 dougs-MacBook-Pro com.apple.xpc.launchd[1]
> (com.apple.airport.wps): Service only ran for 1 seconds. Pushing respawn
> out by 9 seconds.
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: AirPort: Link Down on en0.
> Reason 8 (Disassociated because station leaving).
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: en0: channel changed to 1
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]:
> en0::IO80211Interface::postMessage bssid changed
>
> Feb 9 18:13:39 dougs-MacBook-Pro mDNSResponder[90]:
> mDNS_DeregisterInterface: Frequent transitions for interface en0
> (FE80:0000:0000:0000:AEBC:32FF:FE86:B073)
>
> Feb 9 18:13:39 dougs-MacBook-Pro mDNSResponder[90]:
> mDNS_RegisterInterface: Frequent transitions for interface en0
> (FE80:0000:0000:0000:AEBC:32FF:FE86:B073)
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: AirPort: Link Up on en0
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: en0: BSSID changed to
> 0a:18:d6:9b:fe:a9
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: en0: channel changed to 1
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]:
> en0::IO80211Interface::postMessage bssid changed
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: AirPort: RSN handshake
> complete on en0
>
> Feb 9 18:13:39 dougs-MacBook-Pro symptomsd[209]: -[NetworkAnalyticsEngine
> _writeJournalRecord:fromCellFingerprint:key:atLOI:ofKind:lqm:isFaulty:]
> Hashing of the primary key failed. Dropping the journal record.
>
> Feb 9 18:13:39 dougs-MacBook-Pro kernel[0]: Unexpected payload found for
> message 9, dataLen 0
>
> Feb 9 18:13:39 dougs-MacBook-Pro mDNSResponder[90]:
> mDNS_DeregisterInterface: Frequent transitions for interface en0
> (FE80:0000:0000:0000:AEBC:32FF:FE86:B073)
>
> Feb 9 18:13:39 dougs-MacBook-Pro mDNSResponder[90]:
> mDNS_RegisterInterface: Frequent transitions for interface en0
> (FE80:0000:0000:0000:AEBC:32FF:FE86:B073)
>
> Feb 9 18:13:40 dougs-MacBook-Pro xpcproxy[43286]: LaunchServices: received
> XPC_ERROR_CONNECTION_INTERRUPTED trying to map database
>
> Feb 9 18:13:40 dougs-MacBook-Pro xpcproxy[43286]: LaunchServices: Database
> mapping failed with result -10822, retrying
>
> Feb 9 18:13:40 dougs-MacBook-Pro xpcproxy[43286]: LaunchServices: received
> XPC_ERROR_CONNECTION_INTERRUPTED trying to map database
>
> Feb 9 18:13:40 dougs-MacBook-Pro xpcproxy[43286]: CFPreferences could not
> connect to its daemon.
>
> Preferences using the connection 0x0 will be volatile and will not be
> persisted to disk.
>
> Feb 9 18:13:41 dougs-MacBook-Pro xpcproxy[43286]: LaunchServices: received
> XPC_ERROR_CONNECTION_INTERRUPTED trying to map database
>
> Feb 9 18:13:41 dougs-MacBook-Pro xpcproxy[43286]: LaunchServices: Database
> mapping failed with result -10822, retrying
>
> Feb 9 18:13:41 dougs-MacBook-Pro xpcproxy[43286]: LaunchServices: received
> XPC_ERROR_CONNECTION_INTERRUPTED trying to map database
>
> Feb 9 18:13:41 dougs-MacBook-Pro com.apple.xpc.launchd[1]
> (2BUA8C4S2C.com.agilebits.onepassword4-helper[43286]): Could not find
> and/or execute program specified by service: 149: Could not find a bundle
> of the given identifier through LaunchServices:
> 2BUA8C4S2C.com.agilebits.onepassword4-helper
>
> Feb 9 18:13:41 dougs-MacBook-Pro com.apple.xpc.launchd[1]
> (2BUA8C4S2C.com.agilebits.onepassword4-helper): Service only ran for 0
> seconds. Pushing respawn out by 10 seconds.
>
> Feb 9 18:13:41 dougs-MacBook-Pro networkd[162]: -[NETClientConnection
> effectiveBundleID] using process name apsd as bundle ID (this is expected
> for daemons without bundle ID
>
> Feb 9 18:13:42 --- last message repeated 3 times ---
>
> Feb 9 18:13:42 dougs-MacBook-Pro networkd[162]: -[NETClientConnection
> effectiveBundleID] using process name CalendarAgent as bundle ID (this is
> expected for daemons without bundle ID
>
> Feb 9 18:13:43 --- last message repeated 3 times ---
>
> Feb 9 18:13:43 dougs-MacBook-Pro mDNSResponder[90]:
> mDNS_RegisterInterface: Frequent transitions for interface en0
> (192.168.1.159)
>
> Feb 9 18:13:43 dougs-MacBook-Pro configd[52]: network changed: DNS*
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]:
> IO80211AWDLPeerManager::setAwdlOperatingMode Setting the AWDL operation
> mode from SUSPENDED to AUTO
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]:
> IO80211AWDLPeerManager::setAwdlAutoMode Resuming AWDL
>
> Feb 9 18:13:43 dougs-MacBook-Pro UserEventAgent[44]: Captive:
> [CNInfoNetworkActive:1748] en0: SSID 'labouche' making interface primary
> (cache indicates network not captive)
>
> Feb 9 18:13:43 dougs-MacBook-Pro UserEventAgent[44]: Captive:
> CNPluginHandler en0: Evaluating
>
> Feb 9 18:13:43 dougs-MacBook-Pro configd[52]: network changed:
> v4(en0!:192.168.1.159) DNS+ Proxy SMB
>
> Feb 9 18:13:43 dougs-MacBook-Pro UserEventAgent[44]: Captive: en0: Not
> probing 'labouche' (cache indicates not captive)
>
> Feb 9 18:13:43 dougs-MacBook-Pro vmnet-bridge[17522]: Dynamic store
> changed
>
> Feb 9 18:13:43 dougs-MacBook-Pro UserEventAgent[44]: Captive:
> CNPluginHandler en0: Authenticated
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: VNetUserIf_Create:
> created userif110.
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: VMNetConnect: returning
> port userif110.
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: Allocated hub 0.
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: VMNET_SO_BINDTOHUB:
> port: paddr 00:50:56:e1:0b:b5
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: Hub 0
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: Port 0
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: media 80
> devName en family 2
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: wireless
> interface detected.
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: up
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: bridge-en0: attached
>
> Feb 9 18:13:43 dougs-MacBook-Pro kernel[0]: vmnet: VNetUserIfFree: freeing
> userif110.
>
> Feb 9 18:13:43 dougs-MacBook-Pro vmnet-bridge[17522]: Started bridge for
> 0, en0
>
> Feb 9 18:13:44 dougs-MacBook-Pro Google Drive[531]:
> mod_SCNetworkReachabilityCallBack
>
> Feb 9 18:13:44 dougs-MacBook-Pro com.apple.WebKit.WebContent[40474]:
> [18:13:44.220] <<<< CRABS >>>> crabsFlumeHostAvailable: [0x7f9eb285bcd0]
> Byte flume reports host available again.
>
> Feb 9 18:13:44 dougs-MacBook-Pro symptomsd[209]:
> __73-[NetworkAnalyticsEngine
> observeValueForKeyPath:ofObject:change:context:]_block_invoke unexpected
> switch value 2
>
> Feb 9 18:13:44 dougs-MacBook-Pro com.apple.WebKit.WebContent[40474]:
> [18:13:44.226] <<<< CRABS >>>> crabsFlumeHostAvailable: [0x7f9eb2882950]
> Byte flume reports host available again.
>
> Feb 9 18:13:44 dougs-MacBook-Pro com.apple.WebKit.WebContent[40474]:
> [18:13:44.227] <<<< CRABS >>>> crabsFlumeHostAvailable: [0x7f9eb06e4c30]
> Byte flume reports host available again.
>
> Feb 9 18:13:44 dougs-MacBook-Pro com.apple.WebKit.WebContent[40474]:
> [18:13:44.227] <<<< CRABS >>>> crabsFlumeHostAvailable: [0x7f9eb29c2b80]
> Byte flume reports host available again.
>
> Feb 9 18:13:44 dougs-MacBook-Pro Google Drive[531]:
> mod_SCNetworkReachabilityCallBack
>
> Feb 9 18:13:44 dougs-MacBook-Pro Microsoft Outlook[37080]: Stream
> 0x8073b1f0 is sending an event before being opened
>
> Feb 9 18:13:46 --- last message repeated 1 time ---
>
> Feb 9 18:13:46 dougs-MacBook-Pro Microsoft Outlook[37080]: Stream
> 0x7c425d70 is sending an event before being opened
>
> Feb 9 18:13:46 --- last message repeated 1 time ---
>
> Feb 9 18:13:46 dougs-MacBook-Pro Microsoft Outlook[37080]: Stream
> 0x7cc1edc0 is sending an event before being opened
>
> On Tue, Feb 9, 2016 at 5:56 PM, John Teasley <ollieteasley at gmail.com>
> wrote:
>
> > Hello,
> >
> > I am new to the list as well. However, "Sending Access-Accept of id 102
> to
> > 192.168.1.29 port 56313" shows all is good. Have you tried checking the
> > logs on the client and server to see what happens when your connection
> > drops? What you posted above shows that you got authorized and
> > authenticated to me. I am sure some others on here may be able to help
> more
> > though.
> >
> > One note, when I was debugging on a linux client I had to check the
> > supplicant AND system logs. I am sure you could get some information on
> the
> > MacOSx daemon that handles the supplicant authorize / authentication
> > pieces. Watching both server and client at the same time may prove
> helpful.
> >
> >
> >
> > Ollie Teasley
> > Linux Administrator
> > ISMELL.SHOES, LLC
> >
> >
> > On Tue, Feb 9, 2016 at 4:46 PM, Doug Berman <dougberman at gmail.com>
> wrote:
> >
> > > I'm new to freeradius. I have a simple setup on ubuntu 14.04. I don't
> > > have SQL and simply have a user configured in the users file. The user
> > is
> > > me - dougberman. I also have a ubiquiti access point which I've
> > configured
> > > as a client to the radius server. What's frustrating is sometimes I'm
> > able
> > > to use 802.1x EAP/PEAP just fine on my MAC and other times, it fails.
> > I've
> > > looked through the radius debug and I can't find anything that stands
> out
> > > that calls my attention. Snipits for the file "users" and
> > "clients.conf"
> > > and the debug is below. Any help would be greatly appreciated.
> > >
> > > users:
> > >
> > > dougberman Cleartext-Password := "foo123"
> > >
> > > clients.conf
> > >
> > > client 192.168.1.29 {
> > >
> > > secret = network
> > >
> > > shortname = routergw
> > >
> > > nastype = other
> > >
> > > }
> > > Please let me know if you have any additional questions.
> > >
> > > doug at db-dell:~$ sudo freeradius -X
> > > [sudo] password for doug:
> > > FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Aug
> 26
> > > 2015 at 14:47:03
> > > Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> > > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> > > PARTICULAR PURPOSE.
> > > You may redistribute copies of FreeRADIUS under the terms of the
> > > GNU General Public License v2.
> > > Starting - reading configuration files ...
> > > including configuration file /etc/freeradius/radiusd.conf
> > > including configuration file /etc/freeradius/proxy.conf
> > > including configuration file /etc/freeradius/clients.conf
> > > including files in directory /etc/freeradius/modules/
> > > including configuration file /etc/freeradius/modules/smbpasswd
> > > including configuration file /etc/freeradius/modules/ippool
> > > including configuration file /etc/freeradius/modules/expr
> > > including configuration file /etc/freeradius/modules/pap
> > > including configuration file /etc/freeradius/modules/passwd
> > > including configuration file
> > > /etc/freeradius/modules/sqlcounter_expire_on_login
> > > including configuration file /etc/freeradius/modules/otp
> > > including configuration file /etc/freeradius/modules/expiration
> > > including configuration file /etc/freeradius/modules/
> detail.example.com
> > > including configuration file /etc/freeradius/modules/preprocess
> > > including configuration file /etc/freeradius/modules/exec
> > > including configuration file /etc/freeradius/modules/mac2vlan
> > > including configuration file /etc/freeradius/modules/files
> > > including configuration file /etc/freeradius/modules/attr_rewrite
> > > including configuration file /etc/freeradius/modules/dynamic_clients
> > > including configuration file /etc/freeradius/modules/perl
> > > including configuration file /etc/freeradius/modules/krb5
> > > including configuration file /etc/freeradius/modules/checkval
> > > including configuration file /etc/freeradius/modules/etc_group
> > > including configuration file /etc/freeradius/modules/mac2ip
> > > including configuration file /etc/freeradius/modules/smsotp
> > > including configuration file /etc/freeradius/modules/inner-eap
> > > including configuration file /etc/freeradius/modules/sradutmp
> > > including configuration file /etc/freeradius/modules/always
> > > including configuration file /etc/freeradius/modules/detail.log
> > > including configuration file /etc/freeradius/modules/attr_filter
> > > including configuration file /etc/freeradius/modules/rediswho
> > > including configuration file /etc/freeradius/modules/replicate
> > > including configuration file /etc/freeradius/modules/cui
> > > including configuration file /etc/freeradius/modules/unix
> > > including configuration file /etc/freeradius/modules/mschap
> > > including configuration file /etc/freeradius/modules/counter
> > > including configuration file /etc/freeradius/modules/ntlm_auth
> > > including configuration file /etc/freeradius/modules/acct_unique
> > > including configuration file /etc/freeradius/modules/linelog
> > > including configuration file /etc/freeradius/modules/realm
> > > including configuration file /etc/freeradius/modules/pam
> > > including configuration file /etc/freeradius/modules/radutmp
> > > including configuration file /etc/freeradius/modules/sql_log
> > > including configuration file /etc/freeradius/modules/ldap
> > > including configuration file /etc/freeradius/modules/redis
> > > including configuration file /etc/freeradius/modules/opendirectory
> > > including configuration file /etc/freeradius/modules/logintime
> > > including configuration file /etc/freeradius/modules/digest
> > > including configuration file /etc/freeradius/modules/policy
> > > including configuration file /etc/freeradius/modules/detail
> > > including configuration file /etc/freeradius/modules/echo
> > > including configuration file /etc/freeradius/modules/chap
> > > including configuration file /etc/freeradius/modules/wimax
> > > including configuration file /etc/freeradius/modules/soh
> > > including configuration file /etc/freeradius/eap.conf
> > > including configuration file /etc/freeradius/policy.conf
> > > including files in directory /etc/freeradius/sites-enabled/
> > > including configuration file /etc/freeradius/sites-enabled/inner-tunnel
> > > including configuration file /etc/freeradius/sites-enabled/default
> > > main {
> > > user = "freerad"
> > > group = "freerad"
> > > allow_core_dumps = no
> > > }
> > > including dictionary file /etc/freeradius/dictionary
> > > main {
> > > name = "freeradius"
> > > prefix = "/usr"
> > > localstatedir = "/var"
> > > sbindir = "/usr/sbin"
> > > logdir = "/var/log/freeradius"
> > > run_dir = "/var/run/freeradius"
> > > libdir = "/usr/lib/freeradius"
> > > radacctdir = "/var/log/freeradius/radacct"
> > > hostname_lookups = no
> > > max_request_time = 30
> > > cleanup_delay = 5
> > > max_requests = 1024
> > > pidfile = "/var/run/freeradius/freeradius.pid"
> > > checkrad = "/usr/sbin/checkrad"
> > > debug_level = 0
> > > proxy_requests = yes
> > > log {
> > > stripped_names = no
> > > auth = yes
> > > auth_badpass = yes
> > > auth_goodpass = yes
> > > }
> > > security {
> > > max_attributes = 200
> > > reject_delay = 1
> > > status_server = yes
> > > }
> > > }
> > > radiusd: #### Loading Realms and Home Servers ####
> > > proxy server {
> > > retry_delay = 5
> > > retry_count = 3
> > > default_fallback = no
> > > dead_time = 120
> > > wake_all_if_all_dead = no
> > > }
> > > home_server localhost {
> > > ipaddr = 127.0.0.1
> > > port = 1812
> > > type = "auth"
> > > secret = "testing123"
> > > response_window = 20
> > > max_outstanding = 65536
> > > require_message_authenticator = yes
> > > zombie_period = 40
> > > status_check = "status-server"
> > > ping_interval = 30
> > > check_interval = 30
> > > num_answers_to_alive = 3
> > > num_pings_to_alive = 3
> > > revive_interval = 120
> > > status_check_timeout = 4
> > > coa {
> > > irt = 2
> > > mrt = 16
> > > mrc = 5
> > > mrd = 30
> > > }
> > > }
> > > home_server_pool my_auth_failover {
> > > type = fail-over
> > > home_server = localhost
> > > }
> > > realm example.com {
> > > auth_pool = my_auth_failover
> > > }
> > > realm LOCAL {
> > > }
> > > radiusd: #### Loading Clients ####
> > > client localhost {
> > > ipaddr = 127.0.0.1
> > > require_message_authenticator = no
> > > secret = "testing123"
> > > nastype = "other"
> > > }
> > > client 192.168.1.29 {
> > > require_message_authenticator = no
> > > secret = "network"
> > > shortname = "routergw"
> > > nastype = "other"
> > > }
> > > radiusd: #### Instantiating modules ####
> > > instantiate {
> > > Module: Linked to module rlm_exec
> > > Module: Instantiating module "exec" from file
> > /etc/freeradius/modules/exec
> > > exec {
> > > wait = no
> > > input_pairs = "request"
> > > shell_escape = yes
> > > }
> > > Module: Linked to module rlm_expr
> > > Module: Instantiating module "expr" from file
> > /etc/freeradius/modules/expr
> > > Module: Linked to module rlm_expiration
> > > Module: Instantiating module "expiration" from file
> > > /etc/freeradius/modules/expiration
> > > expiration {
> > > reply-message = "Password Has Expired "
> > > }
> > > Module: Linked to module rlm_logintime
> > > Module: Instantiating module "logintime" from file
> > > /etc/freeradius/modules/logintime
> > > logintime {
> > > reply-message = "You are calling outside your allowed
> timespan "
> > > minimum-timeout = 60
> > > }
> > > }
> > > radiusd: #### Loading Virtual Servers ####
> > > server { # from file /etc/freeradius/radiusd.conf
> > > modules {
> > > Module: Creating Auth-Type = digest
> > > Module: Creating Post-Auth-Type = REJECT
> > > Module: Checking authenticate {...} for more modules to load
> > > Module: Linked to module rlm_pap
> > > Module: Instantiating module "pap" from file
> /etc/freeradius/modules/pap
> > > pap {
> > > encryption_scheme = "auto"
> > > auto_header = no
> > > }
> > > Module: Linked to module rlm_chap
> > > Module: Instantiating module "chap" from file
> > /etc/freeradius/modules/chap
> > > Module: Linked to module rlm_mschap
> > > Module: Instantiating module "mschap" from file
> > > /etc/freeradius/modules/mschap
> > > mschap {
> > > use_mppe = yes
> > > require_encryption = no
> > > require_strong = no
> > > with_ntdomain_hack = no
> > > allow_retry = yes
> > > }
> > > Module: Linked to module rlm_digest
> > > Module: Instantiating module "digest" from file
> > > /etc/freeradius/modules/digest
> > > Module: Linked to module rlm_unix
> > > Module: Instantiating module "unix" from file
> > /etc/freeradius/modules/unix
> > > unix {
> > > radwtmp = "/var/log/freeradius/radwtmp"
> > > }
> > > Module: Linked to module rlm_eap
> > > Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
> > > eap {
> > > default_eap_type = "md5"
> > > timer_expire = 60
> > > ignore_unknown_eap_types = no
> > > cisco_accounting_username_bug = no
> > > max_sessions = 4096
> > > }
> > > Module: Linked to sub-module rlm_eap_md5
> > > Module: Instantiating eap-md5
> > > Module: Linked to sub-module rlm_eap_leap
> > > Module: Instantiating eap-leap
> > > Module: Linked to sub-module rlm_eap_gtc
> > > Module: Instantiating eap-gtc
> > > gtc {
> > > challenge = "Password: "
> > > auth_type = "PAP"
> > > }
> > > Module: Linked to sub-module rlm_eap_tls
> > > Module: Instantiating eap-tls
> > > tls {
> > > rsa_key_exchange = no
> > > dh_key_exchange = yes
> > > rsa_key_length = 512
> > > dh_key_length = 512
> > > verify_depth = 0
> > > CA_path = "/etc/freeradius/certs"
> > > pem_file_type = yes
> > > private_key_file = "/etc/freeradius/certs/server.key"
> > > certificate_file = "/etc/freeradius/certs/server.pem"
> > > CA_file = "/etc/freeradius/certs/ca.pem"
> > > private_key_password = "whatever"
> > > dh_file = "/etc/freeradius/certs/dh"
> > > random_file = "/dev/urandom"
> > > fragment_size = 1024
> > > include_length = yes
> > > check_crl = no
> > > cipher_list = "DEFAULT"
> > > make_cert_command = "/etc/freeradius/certs/bootstrap"
> > > ecdh_curve = "prime256v1"
> > > cache {
> > > enable = no
> > > lifetime = 24
> > > max_entries = 255
> > > }
> > > verify {
> > > }
> > > ocsp {
> > > enable = no
> > > override_cert_url = yes
> > > url = "http://127.0.0.1/ocsp/"
> > > }
> > > }
> > > Module: Linked to sub-module rlm_eap_ttls
> > > Module: Instantiating eap-ttls
> > > ttls {
> > > default_eap_type = "md5"
> > > copy_request_to_tunnel = no
> > > use_tunneled_reply = no
> > > virtual_server = "inner-tunnel"
> > > include_length = yes
> > > }
> > > Module: Linked to sub-module rlm_eap_peap
> > > Module: Instantiating eap-peap
> > > peap {
> > > default_eap_type = "mschapv2"
> > > copy_request_to_tunnel = no
> > > use_tunneled_reply = no
> > > proxy_tunneled_request_as_eap = yes
> > > virtual_server = "inner-tunnel"
> > > soh = no
> > > }
> > > Module: Linked to sub-module rlm_eap_mschapv2
> > > Module: Instantiating eap-mschapv2
> > > mschapv2 {
> > > with_ntdomain_hack = no
> > > send_error = no
> > > }
> > > Module: Checking authorize {...} for more modules to load
> > > Module: Linked to module rlm_preprocess
> > > Module: Instantiating module "preprocess" from file
> > > /etc/freeradius/modules/preprocess
> > > preprocess {
> > > huntgroups = "/etc/freeradius/huntgroups"
> > > hints = "/etc/freeradius/hints"
> > > with_ascend_hack = no
> > > ascend_channels_per_line = 23
> > > with_ntdomain_hack = no
> > > with_specialix_jetstream_hack = no
> > > with_cisco_vsa_hack = no
> > > with_alvarion_vsa_hack = no
> > > }
> > > Module: Linked to module rlm_realm
> > > Module: Instantiating module "suffix" from file
> > > /etc/freeradius/modules/realm
> > > realm suffix {
> > > format = "suffix"
> > > delimiter = "@"
> > > ignore_default = no
> > > ignore_null = no
> > > }
> > > Module: Linked to module rlm_files
> > > Module: Instantiating module "files" from file
> > > /etc/freeradius/modules/files
> > > files {
> > > usersfile = "/etc/freeradius/users"
> > > acctusersfile = "/etc/freeradius/acct_users"
> > > preproxy_usersfile = "/etc/freeradius/preproxy_users"
> > > compat = "no"
> > > }
> > > Module: Checking preacct {...} for more modules to load
> > > Module: Linked to module rlm_acct_unique
> > > Module: Instantiating module "acct_unique" from file
> > > /etc/freeradius/modules/acct_unique
> > > acct_unique {
> > > key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> > > Client-IP-Address, NAS-Port"
> > > }
> > > Module: Checking accounting {...} for more modules to load
> > > Module: Linked to module rlm_detail
> > > Module: Instantiating module "detail" from file
> > > /etc/freeradius/modules/detail
> > > detail {
> > > detailfile =
> > >
> > >
> >
> "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
> > > header = "%t"
> > > detailperm = 384
> > > dirperm = 493
> > > locking = no
> > > log_packet_header = no
> > > }
> > > Module: Linked to module rlm_radutmp
> > > Module: Instantiating module "radutmp" from file
> > > /etc/freeradius/modules/radutmp
> > > radutmp {
> > > filename = "/var/log/freeradius/radutmp"
> > > username = "%{User-Name}"
> > > case_sensitive = yes
> > > check_with_nas = yes
> > > perm = 384
> > > callerid = yes
> > > }
> > > Module: Linked to module rlm_attr_filter
> > > Module: Instantiating module "attr_filter.accounting_response" from
> file
> > > /etc/freeradius/modules/attr_filter
> > > attr_filter attr_filter.accounting_response {
> > > attrsfile = "/etc/freeradius/attrs.accounting_response"
> > > key = "%{User-Name}"
> > > relaxed = no
> > > }
> > > Module: Checking session {...} for more modules to load
> > > Module: Checking post-proxy {...} for more modules to load
> > > Module: Checking post-auth {...} for more modules to load
> > > Module: Instantiating module "attr_filter.access_reject" from file
> > > /etc/freeradius/modules/attr_filter
> > > attr_filter attr_filter.access_reject {
> > > attrsfile = "/etc/freeradius/attrs.access_reject"
> > > key = "%{User-Name}"
> > > relaxed = no
> > > }
> > > } # modules
> > > } # server
> > > server inner-tunnel { # from file
> > > /etc/freeradius/sites-enabled/inner-tunnel
> > > modules {
> > > Module: Checking authenticate {...} for more modules to load
> > > Module: Checking authorize {...} for more modules to load
> > > Module: Checking session {...} for more modules to load
> > > Module: Checking post-proxy {...} for more modules to load
> > > Module: Checking post-auth {...} for more modules to load
> > > } # modules
> > > } # server
> > > radiusd: #### Opening IP addresses and Ports ####
> > > listen {
> > > type = "auth"
> > > ipaddr = *
> > > port = 0
> > > }
> > > listen {
> > > type = "acct"
> > > ipaddr = *
> > > port = 0
> > > }
> > > listen {
> > > type = "auth"
> > > ipaddr = 127.0.0.1
> > > port = 18120
> > > }
> > > ... adding new socket proxy address * port 51461
> > > Listening on authentication address * port 1812
> > > Listening on accounting address * port 1813
> > > Listening on authentication address 127.0.0.1 port 18120 as server
> > > inner-tunnel
> > > Listening on proxy address * port 1814
> > > Ready to process requests.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> id=93,
> > > length=182
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message = 0x0286000f01646f75676265726d616e
> > > Message-Authenticator = 0x1b7db57089969456fcff7f264214ac71
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 134 length 15
> > > [eap] No EAP Start, assuming it's an on-going EAP conversation
> > > ++[eap] returns updated
> > > [files] users: Matched entry dougberman at line 3
> > > ++[files] returns ok
> > > ++[expiration] returns noop
> > > ++[logintime] returns noop
> > > [pap] WARNING: Auth-Type already set. Not setting to PAP
> > > ++[pap] returns noop
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] EAP Identity
> > > [eap] processing type md5
> > > rlm_eap_md5: Issuing Challenge
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 93 to 192.168.1.29 port 56313
> > > EAP-Message = 0x018700160410a6e7f7cc1f9ae919f16aac7710972bd9
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b925ac86dd5e2158f0b41dda7
> > > Finished request 0.
> > > Going to the next request
> > > Waking up in 4.9 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> id=94,
> > > length=193
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message = 0x028700080319152b
> > > State = 0x92ddcc5b925ac86dd5e2158f0b41dda7
> > > Message-Authenticator = 0x3d6957c95c9c9ba03aa0574e37d2019c
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 135 length 8
> > > [eap] No EAP Start, assuming it's an on-going EAP conversation
> > > ++[eap] returns updated
> > > [files] users: Matched entry dougberman at line 3
> > > ++[files] returns ok
> > > ++[expiration] returns noop
> > > ++[logintime] returns noop
> > > [pap] WARNING: Auth-Type already set. Not setting to PAP
> > > ++[pap] returns noop
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP NAK
> > > [eap] EAP-NAK asked for EAP-Type/peap
> > > [eap] processing type tls
> > > [tls] Initiate
> > > [tls] Start returned 1
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 94 to 192.168.1.29 port 56313
> > > EAP-Message = 0x018800061920
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b9355d56dd5e2158f0b41dda7
> > > Finished request 1.
> > > Going to the next request
> > > Waking up in 4.9 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> id=95,
> > > length=316
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message =
> > >
> > >
> >
> 0x02880083198000000079160301007401000070030156ba68815990fdf76fe5ebc053ed7757fbde10eeeedd069c792855e3fc6abc2f00002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
> > > State = 0x92ddcc5b9355d56dd5e2158f0b41dda7
> > > Message-Authenticator = 0x40f21a53503b308c46cb0d395acff087
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 136 length 131
> > > [eap] Continuing tunnel setup.
> > > ++[eap] returns ok
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/peap
> > > [eap] processing type peap
> > > [peap] processing EAP-TLS
> > > TLS Length 121
> > > [peap] Length Included
> > > [peap] eaptls_verify returned 11
> > > [peap] (other): before/accept initialization
> > > [peap] TLS_accept: before/accept initialization
> > > [peap] <<< TLS 1.0 Handshake [length 0074], ClientHello
> > > [peap] TLS_accept: SSLv3 read client hello A
> > > [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
> > > [peap] TLS_accept: SSLv3 write server hello A
> > > [peap] >>> TLS 1.0 Handshake [length 02c2], Certificate
> > > [peap] TLS_accept: SSLv3 write certificate A
> > > [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
> > > [peap] TLS_accept: SSLv3 write key exchange A
> > > [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> > > [peap] TLS_accept: SSLv3 write server done A
> > > [peap] TLS_accept: SSLv3 flush data
> > > [peap] TLS_accept: Need to read more data: SSLv3 read client
> > > certificate A
> > > In SSL Handshake Phase
> > > In SSL Accept mode
> > > [peap] eaptls_process returned 13
> > > [peap] EAPTLS_HANDLED
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 95 to 192.168.1.29 port 56313
> > > EAP-Message =
> > >
> > >
> >
> 0x0189040019c00000045e16030100390200003503013ebf7047410d7a1859b5bbbf2a9d9888ce6e37c03ba9f1614c3bb95e24f1484d00c01400000dff01000100000b00040300010216030102c20b0002be0002bb0002b8308202b43082019ca003020102020900b793aee3ac33bc49300d06092a864886f70d01010b050030123110300e0603550403130764622d64656c6c301e170d3136303230323136353033355a170d3236303133303136353033355a30123110300e0603550403130764622d64656c6c30820122300d06092a864886f70d01010105000382010f003082010a0282010100a3869b5f162e1e131968dc8d564b1d234e592c42f841
> > > EAP-Message =
> > >
> > >
> >
> 0xa1241e96afe0db33d6d261b72bc407b2644f64812dba426bbbb6b3231f94a6cddbd263def9ce4e1a43f2a6c264cb9d1b3b4d9f2eace7afc4c2cf1e4c55e307e888b87e55003c404005a0c1a8b58fb034a59d7588206f9b280f5b0174dd53b9d5b8f8227936f640d73af94d8bf255316ba21199b9a01a45b33639cfa1c1f5145fc139819c84376523c6959ae1d6eccad8aa74a7fef8550fca94758e9f6e1a822b93439edcc4655baef7d39725f7378a4d8456581a45628523a8310467e66fb7cde362cabb555c9ef8807421e87adf51b3fb850ee59e23dc0d15fa956ed25af53b6bd8a3b703c431601aad0203010001a30d300b30090603551d13040230
> > > EAP-Message =
> > >
> > >
> >
> 0x00300d06092a864886f70d01010b050003820101006dbcd92c80fb31226b1e11ba78acdbfe58ef27a40611e499d4e6bbe5b1bda08cadd47e713fa241ca04627c7b7e4d47704f57af194b910b99d72202d070e26e1cb36107b6d92615758f8c0202fb8a77c92e3654299280c99f26c4dc0216849ffce1062fe9a346d91a04489642f9172d6fcb10bae6f2616bccebb43a00e72d3dbbd519cd0c0a4028eb7a316be8a2777459784bdc6085c3ca16aa635c04e0af7f73060016ce702081b5633f2d3204f0c3ddc35afb0159d6658ac5446a970fa89a090983e361df96e61d39550455483d1514b861ec58e826e508944aea60afb69463aabcce9787295042
> > > EAP-Message =
> > >
> > >
> >
> 0xd8b7e3f8a0d0318c55eee88732d1368ef2e6bc69c6ce6351160301014b0c00014703001741040884dfbcda7aeb9916409f3bec34b77584692af6d8d300907b4b79520e0bc4f8c97ad01ceea451d317bc57f48c22cb559c9aa94ddb890830c7355b5dd52dcb9b01002e7f7507025b5ab68f95c1f13cb6a007148404af7c5b9ead6cf1ef3548ebc99f69cd53b61590fbfd42f89369a909680c394c5a40bf756975d1f6d653190435dc34dee4b29704293006d600fb7c67015129e05deab4796a06100aea38c739152b9b8c5dabf734ce8f474cdeabfe63e42032f0ac74fbe2d8a09c17ad55b14b7cd2d9ed043ee42f26ae7e5b28fb5869e6d576ddb54d94
> > > EAP-Message = 0x2260d3c985a4fbc2debb2686
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b9054d56dd5e2158f0b41dda7
> > > Finished request 2.
> > > Going to the next request
> > > Waking up in 4.9 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> id=96,
> > > length=191
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message = 0x028900061900
> > > State = 0x92ddcc5b9054d56dd5e2158f0b41dda7
> > > Message-Authenticator = 0x27b924da3c4bc62298b84cf45ee60d4d
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 137 length 6
> > > [eap] Continuing tunnel setup.
> > > ++[eap] returns ok
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/peap
> > > [eap] processing type peap
> > > [peap] processing EAP-TLS
> > > [peap] Received TLS ACK
> > > [peap] ACK handshake fragment handler
> > > [peap] eaptls_verify returned 1
> > > [peap] eaptls_process returned 13
> > > [peap] EAPTLS_HANDLED
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 96 to 192.168.1.29 port 56313
> > > EAP-Message =
> > >
> > >
> >
> 0x018a006e1900d0186aabc9c735e04049ca34da2fa6662cc526354aced54cb41bf031aad5d36a846a299ab806fd96afabaa98d38cb74d2e6a91d979835114259e01d9ec687b5baec3220193694db1cdab30bf92501b4d349ad8a1310d81abf63b3b4b1857c016030100040e000000
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b9157d56dd5e2158f0b41dda7
> > > Finished request 3.
> > > Going to the next request
> > > Waking up in 4.9 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> id=97,
> > > length=329
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message =
> > >
> > >
> >
> 0x028a00901980000000861603010046100000424104ed317958262830a28c7e9283edbaf1f7c7439d456d2c06cb00a5e5301e69df241e3fa5282eec3182f7e1c1e962b2f0ac489e5828674581cedf4c07ed5ac68995140301000101160301003076d6347b1cbf07357530ccbb54e9b4c471868ff69a5139386b13eb2eb9dcb07eea053e1cfb0b7fbb62bfcebf33a9a72d
> > > State = 0x92ddcc5b9157d56dd5e2158f0b41dda7
> > > Message-Authenticator = 0xccec4c85154a5cfbc7b753f7d4f6f5c4
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 138 length 144
> > > [eap] Continuing tunnel setup.
> > > ++[eap] returns ok
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/peap
> > > [eap] processing type peap
> > > [peap] processing EAP-TLS
> > > TLS Length 134
> > > [peap] Length Included
> > > [peap] eaptls_verify returned 11
> > > [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
> > > [peap] TLS_accept: SSLv3 read client key exchange A
> > > [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
> > > [peap] <<< TLS 1.0 Handshake [length 0010], Finished
> > > [peap] TLS_accept: SSLv3 read finished A
> > > [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
> > > [peap] TLS_accept: SSLv3 write change cipher spec A
> > > [peap] >>> TLS 1.0 Handshake [length 0010], Finished
> > > [peap] TLS_accept: SSLv3 write finished A
> > > [peap] TLS_accept: SSLv3 flush data
> > > [peap] (other): SSL negotiation finished successfully
> > > SSL Connection Established
> > > [peap] eaptls_process returned 13
> > > [peap] EAPTLS_HANDLED
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 97 to 192.168.1.29 port 56313
> > > EAP-Message =
> > >
> > >
> >
> 0x018b00411900140301000101160301003051771428cfdf26c2c47df977b644bbc43c768bfd7c7edeea3e42b9c3befb5e8ad128a499452858b8052b39a413b6e959
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b9656d56dd5e2158f0b41dda7
> > > Finished request 4.
> > > Going to the next request
> > > Waking up in 4.8 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> id=98,
> > > length=191
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message = 0x028b00061900
> > > State = 0x92ddcc5b9656d56dd5e2158f0b41dda7
> > > Message-Authenticator = 0x11d4a4db9060a2cdfc52cb51bd1d7a9c
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 139 length 6
> > > [eap] Continuing tunnel setup.
> > > ++[eap] returns ok
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/peap
> > > [eap] processing type peap
> > > [peap] processing EAP-TLS
> > > [peap] Received TLS ACK
> > > [peap] ACK handshake is finished
> > > [peap] eaptls_verify returned 3
> > > [peap] eaptls_process returned 3
> > > [peap] EAPTLS_SUCCESS
> > > [peap] Session established. Decoding tunneled attributes.
> > > [peap] Peap state TUNNEL ESTABLISHED
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 98 to 192.168.1.29 port 56313
> > > EAP-Message =
> > >
> > >
> >
> 0x018c002b19001703010020a923eee39f2cc0b51d1cf16ffa14f000d5698841775ce1d5c2bc8a4f9fbc2885
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b9751d56dd5e2158f0b41dda7
> > > Finished request 5.
> > > Going to the next request
> > > Waking up in 4.8 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> id=99,
> > > length=228
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message =
> > >
> > >
> >
> 0x028c002b19001703010020cb258867342bee4a0d40637b5f7b1ecb8816b573d24a41522e0a1cfd83d6d36b
> > > State = 0x92ddcc5b9751d56dd5e2158f0b41dda7
> > > Message-Authenticator = 0xa819497f034aff31cd5bc5f7a2c4dba5
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 140 length 43
> > > [eap] Continuing tunnel setup.
> > > ++[eap] returns ok
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/peap
> > > [eap] processing type peap
> > > [peap] processing EAP-TLS
> > > [peap] eaptls_verify returned 7
> > > [peap] Done initial handshake
> > > [peap] eaptls_process returned 7
> > > [peap] EAPTLS_OK
> > > [peap] Session established. Decoding tunneled attributes.
> > > [peap] Peap state WAITING FOR INNER IDENTITY
> > > [peap] Identity - dougberman
> > > [peap] Got inner identity 'dougberman'
> > > [peap] Setting default EAP type for tunneled EAP session.
> > > [peap] Got tunneled request
> > > EAP-Message = 0x028c000f01646f75676265726d616e
> > > server {
> > > [peap] Setting User-Name to dougberman
> > > Sending tunneled request
> > > EAP-Message = 0x028c000f01646f75676265726d616e
> > > FreeRADIUS-Proxied-To = 127.0.0.1
> > > User-Name = "dougberman"
> > > server inner-tunnel {
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/inner-tunnel
> > > +- entering group authorize {...}
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > ++[control] returns noop
> > > [eap] EAP packet type response id 140 length 15
> > > [eap] No EAP Start, assuming it's an on-going EAP conversation
> > > ++[eap] returns updated
> > > [files] users: Matched entry dougberman at line 3
> > > ++[files] returns ok
> > > ++[expiration] returns noop
> > > ++[logintime] returns noop
> > > [pap] WARNING: Auth-Type already set. Not setting to PAP
> > > ++[pap] returns noop
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> > > +- entering group authenticate {...}
> > > [eap] EAP Identity
> > > [eap] processing type mschapv2
> > > rlm_eap_mschapv2: Issuing Challenge
> > > ++[eap] returns handled
> > > } # server inner-tunnel
> > > [peap] Got tunneled reply code 11
> > > EAP-Message =
> > >
> >
> 0x018d00241a018d001f10cf006efe556c46c968d25f3f74e42c4c646f75676265726d616e
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x5d67d9ca5deac34260158bcb9468438e
> > > [peap] Got tunneled reply RADIUS code 11
> > > EAP-Message =
> > >
> >
> 0x018d00241a018d001f10cf006efe556c46c968d25f3f74e42c4c646f75676265726d616e
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x5d67d9ca5deac34260158bcb9468438e
> > > [peap] Got tunneled Access-Challenge
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 99 to 192.168.1.29 port 56313
> > > EAP-Message =
> > >
> > >
> >
> 0x018d004b190017030100403e35c354c1073da27a14fa74c477928588301022d6aa6729b79c2c51db2b89c586ccf0c9150c592bfb9baf3193a83b1ffcb36c7c5ba5cc229517777d3f55aaea
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b9450d56dd5e2158f0b41dda7
> > > Finished request 6.
> > > Going to the next request
> > > Waking up in 4.8 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> > id=100,
> > > length=292
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message =
> > >
> > >
> >
> 0x028d006b19001703010060b70fa486d6bf4f875fa9d7a8eff48b27b87641cb505b84508bee2669019dbbd0922ac4bc2d51e1328401f694e79d98cdf6281c38477138810e2746ab8b4329ded060d04b7629f3cb6f6e9457e4b58aac2428f9bccd602dd3530269fd6b03f42a
> > > State = 0x92ddcc5b9450d56dd5e2158f0b41dda7
> > > Message-Authenticator = 0xdc449b545b1129a38bfcb7608bae4c17
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 141 length 107
> > > [eap] Continuing tunnel setup.
> > > ++[eap] returns ok
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/peap
> > > [eap] processing type peap
> > > [peap] processing EAP-TLS
> > > [peap] eaptls_verify returned 7
> > > [peap] Done initial handshake
> > > [peap] eaptls_process returned 7
> > > [peap] EAPTLS_OK
> > > [peap] Session established. Decoding tunneled attributes.
> > > [peap] Peap state phase2
> > > [peap] EAP type mschapv2
> > > [peap] Got tunneled request
> > > EAP-Message =
> > >
> > >
> >
> 0x028d00451a028d00403146434a04998e36ab37fc7799f66fb3bd000000000000000066b96f66e2fd852a854bdf7c7f3b83c5d01a4429eded44eb00646f75676265726d616e
> > > server {
> > > [peap] Setting User-Name to dougberman
> > > Sending tunneled request
> > > EAP-Message =
> > >
> > >
> >
> 0x028d00451a028d00403146434a04998e36ab37fc7799f66fb3bd000000000000000066b96f66e2fd852a854bdf7c7f3b83c5d01a4429eded44eb00646f75676265726d616e
> > > FreeRADIUS-Proxied-To = 127.0.0.1
> > > User-Name = "dougberman"
> > > State = 0x5d67d9ca5deac34260158bcb9468438e
> > > server inner-tunnel {
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/inner-tunnel
> > > +- entering group authorize {...}
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > ++[control] returns noop
> > > [eap] EAP packet type response id 141 length 69
> > > [eap] No EAP Start, assuming it's an on-going EAP conversation
> > > ++[eap] returns updated
> > > [files] users: Matched entry dougberman at line 3
> > > ++[files] returns ok
> > > ++[expiration] returns noop
> > > ++[logintime] returns noop
> > > [pap] WARNING: Auth-Type already set. Not setting to PAP
> > > ++[pap] returns noop
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/mschapv2
> > > [eap] processing type mschapv2
> > > [mschapv2] # Executing group from file
> > > /etc/freeradius/sites-enabled/inner-tunnel
> > > [mschapv2] +- entering group MS-CHAP {...}
> > > [mschap] Creating challenge hash with username: dougberman
> > > [mschap] Told to do MS-CHAPv2 for dougberman with NT-Password
> > > [mschap] adding MS-CHAPv2 MPPE keys
> > > ++[mschap] returns ok
> > > MSCHAP Success
> > > ++[eap] returns handled
> > > } # server inner-tunnel
> > > [peap] Got tunneled reply code 11
> > > EAP-Message =
> > >
> > >
> >
> 0x018e00331a038d002e533d45333641323545464241433739303646333430343941463330393332363636384445374332443933
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x5d67d9ca5ce9c34260158bcb9468438e
> > > [peap] Got tunneled reply RADIUS code 11
> > > EAP-Message =
> > >
> > >
> >
> 0x018e00331a038d002e533d45333641323545464241433739303646333430343941463330393332363636384445374332443933
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x5d67d9ca5ce9c34260158bcb9468438e
> > > [peap] Got tunneled Access-Challenge
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 100 to 192.168.1.29 port 56313
> > > EAP-Message =
> > >
> > >
> >
> 0x018e005b1900170301005030ee1789504ddef9c1333bbbc515a4784b2406050e883f87944bfd86e9914bc042b515b70f6cffecc16ae6e5fa393b8aeafc75a806b671e879445bf989d593d173e0fdb136426e1b31adc231b40ddb5d
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b9553d56dd5e2158f0b41dda7
> > > Finished request 7.
> > > Going to the next request
> > > Waking up in 4.8 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> > id=101,
> > > length=228
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message =
> > >
> > >
> >
> 0x028e002b190017030100201be8fd3e17dc6f89b2d40e30b05f30f1f77d27a450388d2c1198ef568e1d8505
> > > State = 0x92ddcc5b9553d56dd5e2158f0b41dda7
> > > Message-Authenticator = 0x46a8247ff6dca44292a4bd7086ebef15
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 142 length 43
> > > [eap] Continuing tunnel setup.
> > > ++[eap] returns ok
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/peap
> > > [eap] processing type peap
> > > [peap] processing EAP-TLS
> > > [peap] eaptls_verify returned 7
> > > [peap] Done initial handshake
> > > [peap] eaptls_process returned 7
> > > [peap] EAPTLS_OK
> > > [peap] Session established. Decoding tunneled attributes.
> > > [peap] Peap state phase2
> > > [peap] EAP type mschapv2
> > > [peap] Got tunneled request
> > > EAP-Message = 0x028e00061a03
> > > server {
> > > [peap] Setting User-Name to dougberman
> > > Sending tunneled request
> > > EAP-Message = 0x028e00061a03
> > > FreeRADIUS-Proxied-To = 127.0.0.1
> > > User-Name = "dougberman"
> > > State = 0x5d67d9ca5ce9c34260158bcb9468438e
> > > server inner-tunnel {
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/inner-tunnel
> > > +- entering group authorize {...}
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > ++[control] returns noop
> > > [eap] EAP packet type response id 142 length 6
> > > [eap] No EAP Start, assuming it's an on-going EAP conversation
> > > ++[eap] returns updated
> > > [files] users: Matched entry dougberman at line 3
> > > ++[files] returns ok
> > > ++[expiration] returns noop
> > > ++[logintime] returns noop
> > > [pap] WARNING: Auth-Type already set. Not setting to PAP
> > > ++[pap] returns noop
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/mschapv2
> > > [eap] processing type mschapv2
> > > [eap] Freeing handler
> > > ++[eap] returns ok
> > > Login OK: [dougberman/<via Auth-Type = EAP>] (from client routergw
> port 0
> > > via TLS tunnel)
> > > WARNING: Empty post-auth section. Using default return values.
> > > # Executing section post-auth from file
> > > /etc/freeradius/sites-enabled/inner-tunnel
> > > } # server inner-tunnel
> > > [peap] Got tunneled reply code 2
> > > MS-MPPE-Encryption-Policy = 0x00000001
> > > MS-MPPE-Encryption-Types = 0x00000006
> > > MS-MPPE-Send-Key = 0xab8f333e7b1793f215315676d210a3f5
> > > MS-MPPE-Recv-Key = 0xacc1ef31ff24cb71cf9aaf469356983b
> > > EAP-Message = 0x038e0004
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > User-Name = "dougberman"
> > > [peap] Got tunneled reply RADIUS code 2
> > > MS-MPPE-Encryption-Policy = 0x00000001
> > > MS-MPPE-Encryption-Types = 0x00000006
> > > MS-MPPE-Send-Key = 0xab8f333e7b1793f215315676d210a3f5
> > > MS-MPPE-Recv-Key = 0xacc1ef31ff24cb71cf9aaf469356983b
> > > EAP-Message = 0x038e0004
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > User-Name = "dougberman"
> > > [peap] Tunneled authentication was successful.
> > > [peap] SUCCESS
> > > ++[eap] returns handled
> > > Sending Access-Challenge of id 101 to 192.168.1.29 port 56313
> > > EAP-Message =
> > >
> > >
> >
> 0x018f002b19001703010020ab867b4420a3e8381d1fb52ab0437b2b5e0d6ecafe8b94ff523ab58c67518e61
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > State = 0x92ddcc5b9a52d56dd5e2158f0b41dda7
> > > Finished request 8.
> > > Going to the next request
> > > Waking up in 4.7 seconds.
> > > rad_recv: Access-Request packet from host 192.168.1.29 port 56313,
> > id=102,
> > > length=228
> > > User-Name = "dougberman"
> > > NAS-IP-Address = 192.168.1.29
> > > NAS-Identifier = "0418d69afea9"
> > > NAS-Port = 0
> > > Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
> > > Calling-Station-Id = "AC-BC-32-86-B0-73"
> > > Framed-MTU = 1400
> > > NAS-Port-Type = Wireless-802.11
> > > Connect-Info = "CONNECT 0Mbps 802.11b"
> > > EAP-Message =
> > >
> > >
> >
> 0x028f002b1900170301002098ec17e74b4b916aacfd9f48e67e31dbc65f7338ad6075a4925b3a6f08651023
> > > State = 0x92ddcc5b9a52d56dd5e2158f0b41dda7
> > > Message-Authenticator = 0xd8837e97e73a64990b77c80afc0e216b
> > > # Executing section authorize from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group authorize {...}
> > > ++[preprocess] returns ok
> > > ++[chap] returns noop
> > > ++[mschap] returns noop
> > > ++[digest] returns noop
> > > [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> > > [suffix] No such realm "NULL"
> > > ++[suffix] returns noop
> > > [eap] EAP packet type response id 143 length 43
> > > [eap] Continuing tunnel setup.
> > > ++[eap] returns ok
> > > Found Auth-Type = EAP
> > > # Executing group from file /etc/freeradius/sites-enabled/default
> > > +- entering group authenticate {...}
> > > [eap] Request found, released from the list
> > > [eap] EAP/peap
> > > [eap] processing type peap
> > > [peap] processing EAP-TLS
> > > [peap] eaptls_verify returned 7
> > > [peap] Done initial handshake
> > > [peap] eaptls_process returned 7
> > > [peap] EAPTLS_OK
> > > [peap] Session established. Decoding tunneled attributes.
> > > [peap] Peap state send tlv success
> > > [peap] Received EAP-TLV response.
> > > [peap] Success
> > > [eap] Freeing handler
> > > ++[eap] returns ok
> > > Login OK: [dougberman/<via Auth-Type = EAP>] (from client routergw
> port 0
> > > cli AC-BC-32-86-B0-73)
> > > # Executing section post-auth from file
> > > /etc/freeradius/sites-enabled/default
> > > +- entering group post-auth {...}
> > > ++[exec] returns noop
> > > Sending Access-Accept of id 102 to 192.168.1.29 port 56313
> > > MS-MPPE-Recv-Key =
> > > 0xda5ed9ef3092b9a8fb76b36b44aa72c53d6b80932c372a17f6019f83ceb9119e
> > > MS-MPPE-Send-Key =
> > > 0x67917a24c63ab8ed67f9308f77f21b44fff8686a1ccb03f22baf8b29acb9b2cc
> > > EAP-Message = 0x038f0004
> > > Message-Authenticator = 0x00000000000000000000000000000000
> > > User-Name = "dougberman"
> > > Finished request 9.
> > > Going to the next request
> > > Waking up in 4.7 seconds.
> > > Cleaning up request 0 ID 93 with timestamp +9
> > > Cleaning up request 1 ID 94 with timestamp +9
> > > Cleaning up request 2 ID 95 with timestamp +9
> > > Cleaning up request 3 ID 96 with timestamp +9
> > > Waking up in 0.1 seconds.
> > > Cleaning up request 4 ID 97 with timestamp +9
> > > Cleaning up request 5 ID 98 with timestamp +9
> > > Cleaning up request 6 ID 99 with timestamp +9
> > > Cleaning up request 7 ID 100 with timestamp +9
> > > Cleaning up request 8 ID 101 with timestamp +9
> > > Cleaning up request 9 ID 102 with timestamp +9
> > > Ready to process requests.
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list