Is freeradius-server works through wifi?

Mr Dini diniboy74 at gmail.com
Wed Jun 15 15:35:29 CEST 2016


With another device it looks like this:

 ... adding new socket proxy address * port 5029
Listening on authentication interface wlan0 address * port 1812
Listening on accounting address * port 1813
Listening on command file /ffp/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0,
length=123
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x0200000a016775657374
        Message-Authenticator = 0xf80f9fdc6096dd96349b54a76158b41d
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 0 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql]   expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 30
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'guest'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'guest'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'guest'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 1567
        EAP-Message = 0x010100160410cd8c15f2fd69b58fb4195d391898b596
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x399ce09e399de459d22c81cf757f77c3
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0,
length=137
Cleaning up request 0 ID 0 with timestamp +5
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x399ce09e399de459d22c81cf757f77c3
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020100060319
        Message-Authenticator = 0x0b5161841c40607ce96ba86663e7d9df
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql]   expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 29
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'guest'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'guest'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'guest'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 1567
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x399ce09e389ef959d22c81cf757f77c3
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0,
length=339
Cleaning up request 1 ID 0 with timestamp +5
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x399ce09e389ef959d22c81cf757f77c3
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020200d01980000000c616030100c1010000bd030157615933b3693c0aea750b0ee6dd9dbf18d3de1572d4debe2b1567206506f0fe000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
        Message-Authenticator = 0xbfa945eeecafb0c62a1f47c26fbd4637
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 2 length 208
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< Unknown TLS version [length 0005]
[peap] <<< TLS 1.0 Handshake [length 00c1], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> Unknown TLS version [length 0005]
[peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> Unknown TLS version [length 0005]
[peap] >>> TLS 1.0 Handshake [length 08d0], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> Unknown TLS version [length 0005]
[peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[peap]     TLS_accept: SSLv3 write key exchange A
[peap] >>> Unknown TLS version [length 0005]
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: SSLv3 read client certificate A
[peap]     TLS_accept: Need to read more data: SSLv3 read client key
exchange A
[peap]     TLS_accept: Need to read more data: SSLv3 read client key
exchange A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 1567
        EAP-Message =
0x0103040019c000000a6c16030100390200003503016577e03d0a05338370a9862c952334eb8501593a6c8c8c3d07ff33c948df93dd00c01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504030c1d4578616d706c6520436572746966
        EAP-Message =
0x696361746520417574686f72697479301e170d3136303531343134333630355a170d3137303531343134333630355a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e5f566152c45d3d08569a02a97ab5ee56d8bda6b4489b2bc12d230fec56f33274beda3d1dac958e12f7cf251d4f1ad
        EAP-Message =
0x4cba2c75d7bcefdd9cbfab161d20775efab8c5c1b3681742ed9f2f75e49e60b0e32d70d60192f3e62ec6596660b027eb8634a1e56b0ccbfd5104bf1f4a31fd6857128489bd58e150661d70ee0df641cfc50e51a9740da212fce7e4b87180e11fda4df462b02d5f6c69110756daac49abbda75325457105bc5c93ed452dd2ebac9c9c2dab9498e3def300f5ce057d5741b579b2b9ce6aad9abde3d8d7ea41ffed87620871991a6e7b0740a5189596346e135a7333e3e6b2a7efdd0ee2ec942c14ce93c68b3be85134e16cc66b7d2a210f710203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba0
        EAP-Message =
0x29a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101006bb079b545e45c8fbf795f76c14a96a64cf0b9b8e8773aa0befd15cdc8d4d6c768259c2586a523d24a1286f46049739dde58b47dcd32694a94f1a448571848e3bbad4a370cc3f7b333b39164d3b33cf8675110c25fc1b6fe261d47e44b48498ff8d12c7219de3f24184cf142ef5049bd16ac22a44a5d9fef42909db26da7da762374f54d64b13124269cdd6f87a1a93e665693abda02fcf72c28950f8477447f4cebdcce4a87ff238b2135c6852af4d2c450937f40e650188fa54fd55d89fc
        EAP-Message = 0x211226534d8d60af55bdfe60
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x399ce09e3b9ff959d22c81cf757f77c3
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0,
length=137
Cleaning up request 2 ID 0 with timestamp +5
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x399ce09e3b9ff959d22c81cf757f77c3
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020300061900
        Message-Authenticator = 0xc48d956afbd172f7bb125bca0673ac40
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 1567
        EAP-Message =
0x010403fc19400918ca342c2f9259837b524bab816e6563dad2fcf662fbf0cb73a2cb339cb2b5d0e6a26c03fa3752386166b37b9dc979e2a790ba970004e5308204e1308203c9a0030201020209008d0d10e783eed109300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e
        EAP-Message =
0x170d3136303531343134333630355a170d3137303531343134333630355a308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100cbf1e21f268315aeff2f5bb05b29526075eed3469ea4ed717043980fa16b01ec3b999924eeced6ec
        EAP-Message =
0x4b4badaac384575b04caadc971eb57426979f3ac28ebb3fa6ac17252ad99686e8ae7713d8123985ca161382040f6af694b6608140cce7f8ef421abc7263fa9c773ee048e6dbd9d9b506008d39aec86869ca01e72dd7c7948184331e5da796ca5dda68624b15d0eb7f9c70e28ba1de07cb739c7409f28dfe7d02c40d789c0d791779875782eafaf2c75563d038123d11c8715fb2e1e923d0ae87f4846aee8679336fc4b4ec057f198cd662f0aec771b46ba0db7baba1081a45dddd4831244aa9b6878ccf6074bb91e5abb0e6d8fd57dd0ed72b6f0ffec9ded0203010001a382013430820130301d0603551d0e04160414d34bf9f912a71013a6f589bbd1
        EAP-Message =
0xc75bcf181082db3081c80603551d230481c03081bd8014d34bf9f912a71013a6f589bbd1c75bcf181082dba18199a48196308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504030c1d4578616d706c6520436572746966696361746520417574686f726974798209008d0d10e783eed109300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f777777
        EAP-Message = 0x2e6578616d706c65
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x399ce09e3a98f959d22c81cf757f77c3
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0,
length=137
Cleaning up request 3 ID 0 with timestamp +5
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x399ce09e3a98f959d22c81cf757f77c3
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020400061900
        Message-Authenticator = 0x62c22bde0e4bfb05d502dc6796372be3
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 1567
        EAP-Message =
0x0105028619002e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101007624eb27403040536834dced5ac23ecb3009a1398a2230570b8b44ca1d18b1a0f55277ff3fef2afe32d8c22c5c15ded6c408b8e73ae8aa0ca82f5cca7d070993ffb0691fa25923b1428a30b3d9ed1fac451b986c6a9651d8eda1b5d73a417fac92bdae8a25df4a2b3667538c405c177476ce054899e77f0cce0fa9e8cba061165b411f1c717832cbc43af6fb57cc3817ada969d9543f80773159d4b8e4be488f2fd5a52adf35f8e7c228fe43944e10500ec518c3217a1c1412275b3091b55af21f5a94b67fe92e91adf98eb014c366de
        EAP-Message =
0xc9f5bdb08298a39a5b5f495fce6a53f0f6b90b4f9582511755351a758de29cef97c539d34ef88a24edea97652d7fcee4160301014b0c00014703001741047c28b553851a5af81bf21cca63be551e5e19a99762001b62848ed45152ba5ec57326a8dc278e4c2affaefabd6b369d91aad7ec877c7c4a365f80a420c8d4706f010074f545562a3780188c585dad286775e941af05548d0687d542f08c0c0d8f72baa846e63bbe03183f4b787ac378430a353e41ab03fa82d908d346a1236c1752328e2e7cbd4ae092db457adfa68a35b6b88ac12e31950c97efd7a955aa856f573af958d25ec98106340b94f6cb0367503df80ed00e9ac33dc811737b79c0
        EAP-Message =
0x6805b910d041483efa5da53a18a81dd6edbae191983fc51f2142d6fb8d664ef36d226481223629cd193c83e0ec7b7f42da0447ef7605c4853e54df10e3d99856b0f5fdf93bf5689885412c84ad684368f76fe3166279a4b2fc219c85d363c440688e4dd93c37fa5f97602f43945bff46b2e05ff78197e31f99e0363459196281739b6416030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x399ce09e3d99f959d22c81cf757f77c3
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0,
length=275
Cleaning up request 4 ID 0 with timestamp +5
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x399ce09e3d99f959d22c81cf757f77c3
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020500901980000000861603010046100000424104f8cac159ae9389aac3c823d0e9c75c601e1443f3629a3bd87f4b0d307cf693646b78fea7a463d68b4f4a9b73903ee57949e1b1feb13764776b0fbc0224a2bda01403010001011603010030f4fc6c0350b8fae2e8dc515bc471c683c4cde7b61b474dc5f9d6e0b64da74509b723e0d16c7fe09d5947d2e970f5c453
        Message-Authenticator = 0xbb507a7752d31babeb4866e90e5c68bc
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 5 length 144
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< Unknown TLS version [length 0005]
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap]     TLS_accept: SSLv3 read certificate verify A
[peap] <<< Unknown TLS version [length 0005]
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< Unknown TLS version [length 0005]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> Unknown TLS version [length 0005]
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> Unknown TLS version [length 0005]
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 1567
        EAP-Message =
0x010600411900140301000101160301003050e0427d790f142ba1596763159e82c6567009ead7120bd992f302fc8cad71b8190ca9231665a3578dcd0a3d1006248a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x399ce09e3c9af959d22c81cf757f77c3
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0,
length=137
Cleaning up request 5 ID 0 with timestamp +5
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x399ce09e3c9af959d22c81cf757f77c3
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020600061900
        Message-Authenticator = 0x70f1a9e5c3ba0b4a15f9d513785a5497
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
[peap] >>> Unknown TLS version [length 0005]
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 1567
        EAP-Message =
0x0107002b19001703010020e6ad688c95c43bf4b949c963209c365efc77ef61505d117ca6dcf149cb8ad65f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x399ce09e3f9bf959d22c81cf757f77c3
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0,
length=211
Cleaning up request 6 ID 0 with timestamp +5
        User-Name = "guest"
        NAS-IP-Address = 192.168.1.1
        Called-Station-Id = "1eb72cd00f4f"
        Calling-Station-Id = "00e3b22aafa3"
        NAS-Identifier = "1eb72cd00f4f"
        NAS-Port = 38
        Framed-MTU = 1400
        State = 0x399ce09e3f9bf959d22c81cf757f77c3
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0207005019001703010020727843770bfb43acd09b2d0146b08fb3e564637617674b9dc0f216081e3ca2b31703010020d4bd000658bae62b7db4182dd786df6e0cfb415caa003b54f416dc4d87240474
        Message-Authenticator = 0x053b9032f1c5286b9f050b218739f2d2
# Executing section authorize from file /ffp/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 7 length 80
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] <<< Unknown TLS version [length 0005]
[peap] <<< Unknown TLS version [length 0005]
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - guest
[peap] Got inner identity 'guest'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
        EAP-Message = 0x0207000a016775657374
server  {
[peap] Setting User-Name to guest
Sending tunneled request
        EAP-Message = 0x0207000a016775657374
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "guest"
server inner-tunnel {
# Executing section authorize from file
/ffp/etc/raddb/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "guest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 7 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql]   expand: %{User-Name} -> guest
[sql] sql_set_user escaped user --> 'guest'
rlm_sql (sql): Reserving sql socket id: 28
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'guest'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'guest'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'guest'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 28
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /ffp/etc/raddb/sites-enabled/inner-tunnel
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
        EAP-Message =
0x0108001f1a0108001a10e0b2cc6218e6864f7592a0ee12067e166775657374
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa3aaee72a3a2f44a99a4fecc70268dce
[peap] Got tunneled reply RADIUS code Access-Challenge
        EAP-Message =
0x0108001f1a0108001a10e0b2cc6218e6864f7592a0ee12067e166775657374
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa3aaee72a3a2f44a99a4fecc70268dce
[peap] Got tunneled Access-Challenge
[peap] >>> Unknown TLS version [length 0005]
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 0 to 192.168.1.1 port 1567
        EAP-Message =
0x0108003b19001703010030a5f3970f9e04ae51edd933fd97d22aaf21d765091d1243bdae8400503c8f274bdd41d480dd265f218c44b7ef76a67272
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x399ce09e3e94f959d22c81cf757f77c3
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 7 ID 0 with timestamp +5
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x399ce09e3e94f959 did not finish!
WARNING: !! Please read
http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.


2016-06-15 15:12 GMT+02:00 Alan DeKok <aland at deployingradius.com>:

> On Jun 15, 2016, at 9:04 AM, Mr Dini <diniboy74 at gmail.com> wrote:
> > I'm using this nice program on an old, linux nas and it works perfectly.
> > But now I bought a dongle and attached to the nas. And I tried to connect
> > to my wifi but I Cannot do that, because it gives me an Access-reject...
> >
> > Is it possible to use that through wifi?
>
>   Yes.
>
> > Here is a debugger output:
> > ...
> > rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0,
> > length=137
> > Cleaning up request 1 ID 0 with timestamp +13
> >        User-Name = "guest"
> >        NAS-IP-Address = 192.168.1.1
> >        Called-Station-Id = "1eb72cd00f4f"
> >        Calling-Station-Id = "00e3b22aafa3"
> >        NAS-Identifier = "1eb72cd00f4f"
> >        NAS-Port = 38
> >        Framed-MTU = 1400
> >        State = 0x327b67de33796a5682a37fa2c5a9f0b6
> >        NAS-Port-Type = Wireless-802.11
> >        EAP-Message = 0x020200060300
>
>   That's wrong.
>
> > [eap] EAP NAK
> > [eap] NAK asked for bad type 0
> > [eap] Failed in EAP select
>
>   The client PC is broken.  it's not doing EAP properly.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list