FreeRADIUS not sending "Access-Accept" for Cisco Phone
craig at mypenguin.net.au
craig at mypenguin.net.au
Fri May 27 02:32:07 CEST 2016
Ok I've upgraded to freeradius-server-3.0.11
Below is the output I get from the Cisco phone attempt, this is
iteration "320" and it just continues to make attempts (i assume because
it's UDP)?
==================================================================================================================================================================
(320) Received Access-Request Id 17 from 192.168.11.62:34495 to
192.168.11.61:1812 length 288
(320) User-Name = "CP-7841-SEPF07816D1207E"
(320) Called-Station-Id = "f8-b1-56-6f-15-d6"
(320) Calling-Station-Id = "f0:78:16:d1:20:7e"
(320) NAS-Identifier = "f8-b1-56-6f-15-d4"
(320) NAS-IP-Address = 192.168.11.62
(320) NAS-Port = 112
(320) Framed-MTU = 1500
(320) NAS-Port-Type = Ethernet
(320) State = 0x7d8fc9d87d2bc4167bd29e25682eecf2
(320) EAP-Message =
0x02a4007c0d8000000072160301006d0100006903035c452fa402c853860cd34fcff40565ec53ec45be8cf56a5ed4643fefd588dc6300000ac030c02f0035002f00ff01000036000b000403000102000a000a00080019001800170013000d001c001a000004010501060103010201010102020403050
+306
(320) Message-Authenticator = 0x0162446871ec20dd4a2638fd7278064c
(320) session-state: No cached attributes
(320) # Executing section authorize from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
(320) authorize {
(320) policy filter_username {
(320) if (!&User-Name) {
(320) if (!&User-Name) -> FALSE
(320) if (&User-Name =~ / /) {
(320) if (&User-Name =~ / /) -> FALSE
(320) if (&User-Name =~ /@.*@/ ) {
(320) if (&User-Name =~ /@.*@/ ) -> FALSE
(320) if (&User-Name =~ /\\.\\./ ) {
(320) if (&User-Name =~ /\\.\\./ ) -> FALSE
(320) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
{
(320) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
-> FALSE
(320) if (&User-Name =~ /\\.$/) {
(320) if (&User-Name =~ /\\.$/) -> FALSE
(320) if (&User-Name =~ /@\\./) {
(320) if (&User-Name =~ /@\\./) -> FALSE
(320) } # policy filter_username = notfound
(320) [preprocess] = ok
(320) [digest] = noop
(320) suffix: Checking for suffix after "@"
(320) suffix: No '@' in User-Name = "CP-7841-SEPF07816D1207E", looking
up realm NULL
(320) suffix: No such realm "NULL"
(320) [suffix] = noop
(320) eap: Peer sent EAP Response (code 2) ID 164 length 124
(320) eap: No EAP Start, assuming it's an on-going EAP conversation
(320) [eap] = updated
(320) [files] = noop
(320) [expiration] = noop
(320) [logintime] = noop
(320) [pap] = noop
(320) } # authorize = updated
(320) Found Auth-Type = eap
(320) # Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
(320) authenticate {
(320) eap: Expiring EAP session with state 0x59e62fe75ae3223b
(320) eap: Finished EAP session with state 0x7d8fc9d87d2bc416
(320) eap: Previous EAP request found for state 0x7d8fc9d87d2bc416,
released from the list
(320) eap: Peer sent packet with method EAP TLS (13)
(320) eap: Calling submodule eap_tls to process data
(320) eap_tls: Continuing EAP-TLS
(320) eap_tls: Peer indicated complete TLS record size will be 114 bytes
(320) eap_tls: Got complete TLS record (114 bytes)
(320) eap_tls: [eaptls verify] = length included
(320) eap_tls: (other): before/accept initialization
(320) eap_tls: TLS_accept: before/accept initialization
(320) eap_tls: <<< recv TLS 1.2 [length 006d]
(320) eap_tls: TLS_accept: SSLv3 read client hello A
(320) eap_tls: >>> send TLS 1.2 [length 0059]
(320) eap_tls: TLS_accept: SSLv3 write server hello A
(320) eap_tls: >>> send TLS 1.2 [length 0816]
(320) eap_tls: TLS_accept: SSLv3 write certificate A
(320) eap_tls: >>> send TLS 1.2 [length 014d]
(320) eap_tls: TLS_accept: SSLv3 write key exchange A
(320) eap_tls: >>> send TLS 1.2 [length 0073]
(320) eap_tls: TLS_accept: SSLv3 write certificate request A
(320) eap_tls: TLS_accept: SSLv3 flush data
(320) eap_tls: TLS_accept: Need to read more data: SSLv3 read client
certificate A
(320) eap_tls: TLS_accept: Need to read more data: SSLv3 read client
certificate A
(320) eap_tls: In SSL Handshake Phase
(320) eap_tls: In SSL Accept mode
(320) eap_tls: [eaptls process] = handled
(320) eap: Sending EAP Request (code 1) ID 165 length 1004
(320) eap: EAP session adding &reply:State = 0x7d8fc9d87c2ac416
(320) [eap] = handled
(320) } # authenticate = handled
(320) Using Post-Auth-Type Challenge
(320) Post-Auth-Type sub-section not found. Ignoring.
(320) # Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
(320) Sent Access-Challenge Id 17 from 192.168.11.61:1812 to
192.168.11.62:34495 length 0
(320) EAP-Message =
0x01a503ec0dc000000a43160303005902000055030357478e00dd7b5997bbb83b60ba5536c72cc6bf4cc099ed8246b5d6ba09b8eb30206df24a0f79a02af8687ebf21332b9e9a3fbf6b849f47f5a008b1eac24bd4d481c03000000dff01000100000b00040300010216030308160b00081200080f000
+452
(320) Message-Authenticator = 0x00000000000000000000000000000000
(320) State = 0x7d8fc9d87c2ac4167bd29e25682eecf2
(320) Finished request
(320) Cleaning up request packet ID 17 with timestamp +435
==================================================================================================================================================================
cheers
Craig
More information about the Freeradius-Users
mailing list