EAP-MD5 group auth failure

Security Camera seccam.trilok at gmail.com
Mon Sep 12 19:11:35 CEST 2016


Hi all,

  I am trying to narrow down this EAP-MD5 802.1x authentication for the
last week and I unable to find exactly what the problem is.  Can you please
provide some pointers from the following logs on what could be the problem?
What group auth it is expecting? Is it the user group in /etc/passwd file?
I have put the user XXXX in the rad_users file along with
Cleartext-Password as it was complaining that user needs to have
Cleartext-Password.

 Thanks


ash-4.3# /var/packages/RadiusServer/target/sbin/radiusd -X

radiusd: FreeRADIUS Version 2.2.9 (git #e4cc22f), for host
armle-unknown-linux-gnu, built on Aug 17 2016 at 14:40:46

Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License.

For more information about these matters, see the file named COPYRIGHT.

Starting - reading configuration files ...

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/radiusd.conf

including configuration file /usr/local/synoradius/rad_listen

including configuration file /usr/local/synoradius/rad_port_auth

including configuration file /usr/local/synoradius/rad_port_auth

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/clients.conf

including configuration file /usr/local/synoradius/rad_clients

including files in directory /var/packages/RadiusServer/tar
get/etc/raddb/modules/

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/ippool

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/replicate

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/mschap

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/policy

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/linelog

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/sqlcounter_expire_on_login

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/detail

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/attr_rewrite

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/cache

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/smsotp

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/sql_log

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/wimax

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/echo

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/logintime

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/perl

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/expiration

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/rediswho

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/inner-eap

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/opendirectory

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/exec

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/sradutmp

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/pap

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/unix

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/checkval

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/passwd

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/mac2ip

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/detail.example.com

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/otp

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/soh

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/counter

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/preprocess

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/chap

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/realm

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/krb5

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/redis

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/files

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/attr_filter

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/acct_unique

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/detail.log

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/synorad

including configuration file /usr/local/synoradius/synoconf

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/digest

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/etc_group

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/mschap_ad

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/expr

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/cui

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/dynamic_clients

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/smbpasswd

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/always

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/radutmp

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/ldap

including configuration file /usr/local/synoradius/rad_ldap

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/pam

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/dhcp_sqlippool

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/sql/mysql/ippool-dhcp.conf

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/ntlm_auth

including configuration file /usr/local/synoradius/rad_ntlm_auth

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/mac2vlan

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/radrelay

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/eap.conf

including configuration file /usr/local/synoradius/rad_ca_cert

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/policy.conf

including files in directory /var/packages/RadiusServer/tar
get/etc/raddb/sites-enabled/

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/sites-enabled/inner-tunnel

including configuration file /usr/local/synoradius/rad_site_inn

including configuration file /usr/local/synoradius/rad_site_inn_local

including configuration file /usr/local/synoradius/rad_port_inner

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/sites-enabled/default

including configuration file /usr/local/synoradius/rad_site_def

including configuration file /usr/local/synoradius/rad_site_def_local

including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/sites-enabled/control-socket

main {

allow_core_dumps = no

}

including dictionary file /var/packages/RadiusServer/tar
get/etc/raddb/dictionary

main {

name = "radiusd"

prefix = "/var/packages/RadiusServer/target/"

localstatedir = "/var/packages/RadiusServer/target//var"

sbindir = "/var/packages/RadiusServer/target//sbin"

logdir = "/var/packages/RadiusServer/target//var/log/radius"

run_dir = "/var/packages/RadiusServer/target//var/run/radiusd"

libdir = "/var/packages/RadiusServer/target//lib"

radacctdir = "/var/packages/RadiusServer/target//var/log/radius/radacct"

hostname_lookups = no

max_request_time = 30

cleanup_delay = 5

max_requests = 1024

pidfile = "/var/packages/RadiusServer/target//var/run/radiusd/radiusd.pid"

checkrad = "/var/packages/RadiusServer/target//sbin/checkrad"

debug_level = 0

proxy_requests = no

 log {

  stripped_names = no

  auth = yes

  auth_badpass = no

  auth_goodpass = no

 }

 security {

  max_attributes = 200

  reject_delay = 1

  status_server = yes

  allow_vulnerable_openssl = no

 }

}

radiusd: #### Loading Realms and Home Servers ####

radiusd: #### Loading Clients ####

 client 192.168.2.0/24 {

  require_message_authenticator = no

  secret = "xxxxxxx"

  shortname = "xxxx"

 }

radiusd: #### Instantiating modules ####

 instantiate {

 Module: Linked to module rlm_exec

 Module: Instantiating module "exec" from file
/var/packages/RadiusServer/target/etc/raddb/modules/exec

  exec {

  wait = no

  input_pairs = "request"

  shell_escape = yes

  timeout = 10

  }

 Module: Linked to module rlm_expr

 Module: Instantiating module "expr" from file
/var/packages/RadiusServer/target/etc/raddb/modules/expr

 Module: Linked to module rlm_expiration

 Module: Instantiating module "expiration" from file
/var/packages/RadiusServer/target/etc/raddb/modules/expiration

  expiration {

  reply-message = "Password Has Expired  "

  }

 Module: Linked to module rlm_logintime

 Module: Instantiating module "logintime" from file
/var/packages/RadiusServer/target/etc/raddb/modules/logintime

  logintime {

  reply-message = "You are calling outside your allowed timespan  "

  minimum-timeout = 60

  }

 }

radiusd: #### Loading Virtual Servers ####

server { # from file /var/packages/RadiusServer/tar
get/etc/raddb/radiusd.conf

 modules {

 Module: Checking authenticate {...} for more modules to load

 Module: Linked to module rlm_eap

 Module: Instantiating module "eap" from file /var/packages/RadiusServer/tar
get/etc/raddb/eap.conf

  eap {

  default_eap_type = "mschapv2"

  timer_expire = 60

  ignore_unknown_eap_types = no

  cisco_accounting_username_bug = no

  max_sessions = 4096

  }

 Module: Linked to sub-module rlm_eap_md5

 Module: Instantiating eap-md5

 Module: Linked to sub-module rlm_eap_leap

 Module: Instantiating eap-leap

 Module: Linked to sub-module rlm_eap_gtc

 Module: Instantiating eap-gtc

   gtc {

   challenge = "Password: "

   auth_type = "PAP"

   }

 Module: Linked to sub-module rlm_eap_tls

 Module: Instantiating eap-tls

   tls {

   rsa_key_exchange = no

   dh_key_exchange = yes

   rsa_key_length = 512

   dh_key_length = 512

   verify_depth = 0

   pem_file_type = yes

   private_key_file = "/usr/local/etc/certificate/Ra
diusServer/radiusd/privkey.pem"

   certificate_file = "/usr/local/etc/certificate/Ra
diusServer/radiusd/fullchain.pem"

   private_key_password = "12345"

   dh_file = "/var/packages/RadiusServer/target/etc/raddb/certs/dh"

   random_file = "/var/packages/RadiusServer/target/etc/raddb/certs/random"

   fragment_size = 1024

   include_length = yes

   check_crl = no

   check_all_crl = no

   cipher_list = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-
ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-
AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-
RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-
RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-
CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:
AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-
SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"

   ecdh_curve = "prime256v1"

    verify {

    }

   }

 Module: Linked to sub-module rlm_eap_ttls

 Module: Instantiating eap-ttls

   ttls {

   default_eap_type = "mschapv2"

   copy_request_to_tunnel = no

   use_tunneled_reply = no

   virtual_server = "inner-tunnel"

   include_length = yes

   }

 Module: Linked to sub-module rlm_eap_peap

 Module: Instantiating eap-peap

   peap {

   default_eap_type = "mschapv2"

   copy_request_to_tunnel = no

   use_tunneled_reply = no

   proxy_tunneled_request_as_eap = yes

   virtual_server = "inner-tunnel"

   soh = no

   }

 Module: Linked to sub-module rlm_eap_mschapv2

 Module: Instantiating eap-mschapv2

   mschapv2 {

   with_ntdomain_hack = no

   send_error = no

   }

 Module: Checking authorize {...} for more modules to load

 Module: Linked to module rlm_preprocess

 Module: Instantiating module "preprocess" from file
/var/packages/RadiusServer/target/etc/raddb/modules/preprocess

  preprocess {

  huntgroups = "/var/packages/RadiusServer/target/etc/raddb/huntgroups"

  hints = "/var/packages/RadiusServer/target/etc/raddb/hints"

  with_ascend_hack = no

  ascend_channels_per_line = 23

  with_ntdomain_hack = no

  with_specialix_jetstream_hack = no

  with_cisco_vsa_hack = no

  with_alvarion_vsa_hack = no

  }

reading pairlist file /var/packages/RadiusServer/target/etc/raddb/huntgroups

reading pairlist file /var/packages/RadiusServer/target/etc/raddb/hints

 Module: Linked to module rlm_files

 Module: Instantiating module "files" from file
/var/packages/RadiusServer/target/etc/raddb/modules/files

  files {

  usersfile = "/var/packages/RadiusServer/target/etc/raddb/users"

  acctusersfile = "/var/packages/RadiusServer/target/etc/raddb/acct_users"

  preproxy_usersfile = "/var/packages/RadiusServer/ta
rget/etc/raddb/preproxy_users"

  compat = "no"

  }

reading pairlist file /var/packages/RadiusServer/target/etc/raddb/users

reading pairlist file /usr/local/synoradius/rad_users

reading pairlist file /var/packages/RadiusServer/target/etc/raddb/acct_users

reading pairlist file /var/packages/RadiusServer/tar
get/etc/raddb/preproxy_users

 Module: Checking preacct {...} for more modules to load

 Module: Linked to module rlm_acct_unique

 Module: Instantiating module "acct_unique" from file
/var/packages/RadiusServer/target/etc/raddb/modules/acct_unique

  acct_unique {

  key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier,
NAS-Port"

  }

 Module: Linked to module rlm_realm

 Module: Instantiating module "suffix" from file
/var/packages/RadiusServer/target/etc/raddb/modules/realm

  realm suffix {

  format = "suffix"

  delimiter = "@"

  ignore_default = no

  ignore_null = no

  }

 Module: Checking accounting {...} for more modules to load

 Module: Linked to module rlm_detail

 Module: Instantiating module "detail" from file
/var/packages/RadiusServer/target/etc/raddb/modules/detail

  detail {

  detailfile = "/var/packages/RadiusServer/target//var/log/radius/radacct/%
{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"

  header = "%t"

  detailperm = 384

  dirperm = 493

  locking = no

  log_packet_header = no

  escape_filenames = no

  }

 Module: Linked to module rlm_unix

 Module: Instantiating module "unix" from file
/var/packages/RadiusServer/target/etc/raddb/modules/unix

  unix {

  radwtmp = "/var/packages/RadiusServer/target//var/log/radius/radwtmp"

  }

 Module: Linked to module rlm_radutmp

 Module: Instantiating module "radutmp" from file
/var/packages/RadiusServer/target/etc/raddb/modules/radutmp

  radutmp {

  filename = "/var/packages/RadiusServer/target//var/log/radius/radutmp"

  username = "%{User-Name}"

  case_sensitive = yes

  check_with_nas = yes

  perm = 384

  callerid = yes

  }

 Module: Linked to module rlm_attr_filter

 Module: Instantiating module "attr_filter.accounting_response" from file
/var/packages/RadiusServer/target/etc/raddb/modules/attr_filter

  attr_filter attr_filter.accounting_response {

  attrsfile = "/var/packages/RadiusServer/target/etc/raddb/attrs.accountin
g_response"

  key = "%{User-Name}"

  relaxed = no

  }

reading pairlist file /var/packages/RadiusServer/tar
get/etc/raddb/attrs.accounting_response

 Module: Checking session {...} for more modules to load

 Module: Checking post-proxy {...} for more modules to load

 Module: Checking post-auth {...} for more modules to load

 Module: Instantiating module "attr_filter.access_reject" from file
/var/packages/RadiusServer/target/etc/raddb/modules/attr_filter

  attr_filter attr_filter.access_reject {

  attrsfile = "/var/packages/RadiusServer/target/etc/raddb/attrs.access_re
ject"

  key = "%{User-Name}"

  relaxed = no

  }

reading pairlist file /var/packages/RadiusServer/tar
get/etc/raddb/attrs.access_reject

 } # modules

} # server

server inner-tunnel { # from file /usr/local/synoradius/rad_site_inn_local

 modules {

 Module: Checking authenticate {...} for more modules to load

 Module: Linked to module rlm_pap

 Module: Instantiating module "pap" from file /var/packages/RadiusServer/tar
get/etc/raddb/modules/pap

  pap {

  encryption_scheme = "auto"

  auto_header = no

  }

 Module: Linked to module rlm_chap

 Module: Instantiating module "chap" from file
/var/packages/RadiusServer/target/etc/raddb/modules/chap

 Module: Linked to module rlm_mschap

 Module: Instantiating module "mschap" from file
/var/packages/RadiusServer/target/etc/raddb/modules/mschap

  mschap {

  use_mppe = yes

  require_encryption = no

  require_strong = no

  with_ntdomain_hack = yes

  allow_retry = yes

  }

 Module: Checking authorize {...} for more modules to load

 Module: Linked to module rlm_passwd

 Module: Instantiating module "smbpasswd" from file
/var/packages/RadiusServer/target/etc/raddb/modules/smbpasswd

  passwd smbpasswd {

  filename = "/etc/samba/private/smbpasswd"

  format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"

  delimiter = ":"

  ignorenislike = no

  ignoreempty = yes

  allowmultiplekeys = no

  hashsize = 100

  }

rlm_passwd: nfields: 7 keyfield 0(User-Name) listable: no

 Module: Checking session {...} for more modules to load

 Module: Checking post-proxy {...} for more modules to load

 Module: Checking post-auth {...} for more modules to load

 } # modules

} # server

radiusd: #### Opening IP addresses and Ports ####

listen {

  type = "auth"

  ipaddr = 127.0.0.1

  port = 1812

}

listen {

  type = "auth"

  ipaddr = 192.168.2.3

  port = 1812

}

listen {

  type = "control"

 listen {

  socket = "/var/packages/RadiusServer/target//var/run/radiusd/radiusd.sock"

 }

}

listen {

  type = "auth"

  ipaddr = 127.0.0.1

  port = 18120

}

Listening on authentication address 127.0.0.1 port 1812

Listening on authentication address 192.168.2.3 port 1812

Listening on command file /var/packages/RadiusServer/tar
get//var/run/radiusd/radiusd.sock

Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel

Ready to process requests.

rad_recv: Access-Request packet from host 192.168.2.170 port 6103, id=2,
length=145

User-Name = "xxxx"

NAS-IP-Address = 192.168.2.170

NAS-Identifier = "Intelligent Switch"

NAS-Port = 1

Service-Type = Framed-User

Called-Station-Id = "xx-xx-xx-xx-xx-xx"

Calling-Station-Id = "xx-xx-xx-xx-xx-xx"

Framed-MTU = 1300

NAS-Port-Type = Ethernet

EAP-Message = 0x02ab000a017377616d69

Message-Authenticator = 0xc991c984fab9c5cf0161004eea7f75d2

# Executing section authorize from file /usr/local/synoradius/rad_site
_def_local

+group authorize {

++[preprocess] = ok

[eap] EAP packet type response id 171 length 10

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

[files] users: Matched entry xxxx at line 4

++[files] = ok

++[expiration] = noop

++[logintime] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /usr/local/synoradius/rad_site_def_local

+group authenticate {

[eap] EAP Identity

[eap] processing type mschapv2

rlm_eap_mschapv2: Issuing Challenge

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 2 to 192.168.2.170 port 6103

EAP-Message = 0x01ac001f1a01ac001a10e9e1c078ad05caca313100efcdba9780737761
6d69

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x973167ca979d7d7672b64682fa1c6552

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 192.168.2.170 port 6103, id=4,
length=139

User-Name = "xxxx"

NAS-IP-Address = 192.168.2.170

NAS-Port = 1

Called-Station-Id = "xx-xx-xx-xx-xx-xx"

Calling-Station-Id = "xx-xx-xx-xx-xx-xx"

Framed-MTU = 1300

Service-Type = Framed-User

NAS-Port-Type = Ethernet

State = 0x973167ca979d7d7672b64682fa1c6552

EAP-Message = 0x02ac00060304

Message-Authenticator = 0x7ea32f868e5b2e8165614aaac0ed8338

# Executing section authorize from file /usr/local/synoradius/rad_site
_def_local

+group authorize {

++[preprocess] = ok

[eap] EAP packet type response id 172 length 6

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

[files] users: Matched entry xxxx at line 4

++[files] = ok

++[expiration] = noop

++[logintime] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /usr/local/synoradius/rad_site_def_local

+group authenticate {

[eap] Request found, released from the list

[eap] EAP NAK

[eap] EAP-NAK asked for EAP-Type/md5

[eap] processing type md5

rlm_eap_md5: Issuing Challenge

++[eap] = handled

+} # group authenticate = handled

Sending Access-Challenge of id 4 to 192.168.2.170 port 6103

EAP-Message = 0x01ad00160410fb47bcf981e68c462d0dc9670e427f8c

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x973167ca969c637672b64682fa1c6552

Finished request 1.

Going to the next request

Waking up in 4.0 seconds.

rad_recv: Access-Request packet from host 192.168.2.170 port 6103, id=6,
length=155

User-Name = "xxxx"

NAS-IP-Address = 192.168.2.170

NAS-Port = 1

Called-Station-Id = "xx-xx-xx-xx-xx-xx"

Calling-Station-Id = "xx-xx-xx-xx-xx-xx"

Framed-MTU = 1300

Service-Type = Framed-User

NAS-Port-Type = Ethernet

State = 0x973167ca969c637672b64682fa1c6552

EAP-Message = 0x02ad00160410f0f526bf8df80c013258a2952d03d8f0

Message-Authenticator = 0xb82937c382730e9d6582f7a456f13eb3

# Executing section authorize from file /usr/local/synoradius/rad_site
_def_local

+group authorize {

++[preprocess] = ok

[eap] EAP packet type response id 173 length 22

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] = updated

[files] users: Matched entry xxxx at line 4

++[files] = ok

++[expiration] = noop

++[logintime] = noop

+} # group authorize = updated

Found Auth-Type = EAP

# Executing group from file /usr/local/synoradius/rad_site_def_local

+group authenticate {

[eap] Request found, released from the list

[eap] EAP/md5

[eap] processing type md5

[eap] Freeing handler

++[eap] = reject

+} # group authenticate = reject

Failed to authenticate the user.

Login incorrect: [xxxx] (from client xxxx  port 1 cli xx-xx-xx-xx-xx-xx)

Using Post-Auth-Type Reject

# Executing group from file /usr/local/synoradius/rad_site_def_local

+group REJECT {

[attr_filter.access_reject] expand: %{User-Name} -> xxxx

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] = updated

+} # group REJECT = updated

Delaying reject of request 2 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 2

Sending Access-Reject of id 6 to 192.168.2.170 port 6103

EAP-Message = 0x04ad0004

Message-Authenticator = 0x00000000000000000000000000000000

Waking up in 2.0 seconds.

Cleaning up request 0 ID 2 with timestamp +32

Waking up in 0.9 seconds.

Cleaning up request 1 ID 4 with timestamp +33

Waking up in 1.9 seconds.

Cleaning up request 2 ID 6 with timestamp +34

Ready to process requests.


More information about the Freeradius-Users mailing list