EAP-MD5 group auth failure
Security Camera
seccam.trilok at gmail.com
Mon Sep 12 19:11:35 CEST 2016
Hi all,
I am trying to narrow down this EAP-MD5 802.1x authentication for the
last week and I unable to find exactly what the problem is. Can you please
provide some pointers from the following logs on what could be the problem?
What group auth it is expecting? Is it the user group in /etc/passwd file?
I have put the user XXXX in the rad_users file along with
Cleartext-Password as it was complaining that user needs to have
Cleartext-Password.
Thanks
ash-4.3# /var/packages/RadiusServer/target/sbin/radiusd -X
radiusd: FreeRADIUS Version 2.2.9 (git #e4cc22f), for host
armle-unknown-linux-gnu, built on Aug 17 2016 at 14:40:46
Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/radiusd.conf
including configuration file /usr/local/synoradius/rad_listen
including configuration file /usr/local/synoradius/rad_port_auth
including configuration file /usr/local/synoradius/rad_port_auth
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/clients.conf
including configuration file /usr/local/synoradius/rad_clients
including files in directory /var/packages/RadiusServer/tar
get/etc/raddb/modules/
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/ippool
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/replicate
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/mschap
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/policy
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/linelog
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/detail
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/attr_rewrite
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/cache
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/smsotp
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/sql_log
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/wimax
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/echo
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/logintime
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/perl
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/expiration
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/rediswho
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/inner-eap
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/opendirectory
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/exec
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/sradutmp
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/pap
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/unix
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/checkval
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/passwd
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/mac2ip
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/detail.example.com
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/otp
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/soh
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/counter
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/preprocess
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/chap
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/realm
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/krb5
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/redis
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/files
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/attr_filter
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/acct_unique
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/detail.log
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/synorad
including configuration file /usr/local/synoradius/synoconf
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/digest
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/etc_group
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/mschap_ad
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/expr
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/cui
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/dynamic_clients
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/smbpasswd
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/always
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/radutmp
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/ldap
including configuration file /usr/local/synoradius/rad_ldap
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/pam
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/dhcp_sqlippool
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/sql/mysql/ippool-dhcp.conf
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/synoradius/rad_ntlm_auth
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/mac2vlan
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/modules/radrelay
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/eap.conf
including configuration file /usr/local/synoradius/rad_ca_cert
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/policy.conf
including files in directory /var/packages/RadiusServer/tar
get/etc/raddb/sites-enabled/
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/synoradius/rad_site_inn
including configuration file /usr/local/synoradius/rad_site_inn_local
including configuration file /usr/local/synoradius/rad_port_inner
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/sites-enabled/default
including configuration file /usr/local/synoradius/rad_site_def
including configuration file /usr/local/synoradius/rad_site_def_local
including configuration file /var/packages/RadiusServer/tar
get/etc/raddb/sites-enabled/control-socket
main {
allow_core_dumps = no
}
including dictionary file /var/packages/RadiusServer/tar
get/etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/var/packages/RadiusServer/target/"
localstatedir = "/var/packages/RadiusServer/target//var"
sbindir = "/var/packages/RadiusServer/target//sbin"
logdir = "/var/packages/RadiusServer/target//var/log/radius"
run_dir = "/var/packages/RadiusServer/target//var/run/radiusd"
libdir = "/var/packages/RadiusServer/target//lib"
radacctdir = "/var/packages/RadiusServer/target//var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/packages/RadiusServer/target//var/run/radiusd/radiusd.pid"
checkrad = "/var/packages/RadiusServer/target//sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
allow_vulnerable_openssl = no
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client 192.168.2.0/24 {
require_message_authenticator = no
secret = "xxxxxxx"
shortname = "xxxx"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file
/var/packages/RadiusServer/target/etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file
/var/packages/RadiusServer/target/etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/var/packages/RadiusServer/target/etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/var/packages/RadiusServer/target/etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /var/packages/RadiusServer/tar
get/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /var/packages/RadiusServer/tar
get/etc/raddb/eap.conf
eap {
default_eap_type = "mschapv2"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/usr/local/etc/certificate/Ra
diusServer/radiusd/privkey.pem"
certificate_file = "/usr/local/etc/certificate/Ra
diusServer/radiusd/fullchain.pem"
private_key_password = "12345"
dh_file = "/var/packages/RadiusServer/target/etc/raddb/certs/dh"
random_file = "/var/packages/RadiusServer/target/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
check_all_crl = no
cipher_list = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-
ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-
AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-
RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-
RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-
CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:
AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-
SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
ecdh_curve = "prime256v1"
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/var/packages/RadiusServer/target/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/var/packages/RadiusServer/target/etc/raddb/huntgroups"
hints = "/var/packages/RadiusServer/target/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /var/packages/RadiusServer/target/etc/raddb/huntgroups
reading pairlist file /var/packages/RadiusServer/target/etc/raddb/hints
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/var/packages/RadiusServer/target/etc/raddb/modules/files
files {
usersfile = "/var/packages/RadiusServer/target/etc/raddb/users"
acctusersfile = "/var/packages/RadiusServer/target/etc/raddb/acct_users"
preproxy_usersfile = "/var/packages/RadiusServer/ta
rget/etc/raddb/preproxy_users"
compat = "no"
}
reading pairlist file /var/packages/RadiusServer/target/etc/raddb/users
reading pairlist file /usr/local/synoradius/rad_users
reading pairlist file /var/packages/RadiusServer/target/etc/raddb/acct_users
reading pairlist file /var/packages/RadiusServer/tar
get/etc/raddb/preproxy_users
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/var/packages/RadiusServer/target/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier,
NAS-Port"
}
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/var/packages/RadiusServer/target/etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/var/packages/RadiusServer/target/etc/raddb/modules/detail
detail {
detailfile = "/var/packages/RadiusServer/target//var/log/radius/radacct/%
{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
escape_filenames = no
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file
/var/packages/RadiusServer/target/etc/raddb/modules/unix
unix {
radwtmp = "/var/packages/RadiusServer/target//var/log/radius/radwtmp"
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/var/packages/RadiusServer/target/etc/raddb/modules/radutmp
radutmp {
filename = "/var/packages/RadiusServer/target//var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file
/var/packages/RadiusServer/target/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/var/packages/RadiusServer/target/etc/raddb/attrs.accountin
g_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /var/packages/RadiusServer/tar
get/etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/var/packages/RadiusServer/target/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/var/packages/RadiusServer/target/etc/raddb/attrs.access_re
ject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /var/packages/RadiusServer/tar
get/etc/raddb/attrs.access_reject
} # modules
} # server
server inner-tunnel { # from file /usr/local/synoradius/rad_site_inn_local
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /var/packages/RadiusServer/tar
get/etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file
/var/packages/RadiusServer/target/etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/var/packages/RadiusServer/target/etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
allow_retry = yes
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_passwd
Module: Instantiating module "smbpasswd" from file
/var/packages/RadiusServer/target/etc/raddb/modules/smbpasswd
passwd smbpasswd {
filename = "/etc/samba/private/smbpasswd"
format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
delimiter = ":"
ignorenislike = no
ignoreempty = yes
allowmultiplekeys = no
hashsize = 100
}
rlm_passwd: nfields: 7 keyfield 0(User-Name) listable: no
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 1812
}
listen {
type = "auth"
ipaddr = 192.168.2.3
port = 1812
}
listen {
type = "control"
listen {
socket = "/var/packages/RadiusServer/target//var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address 127.0.0.1 port 1812
Listening on authentication address 192.168.2.3 port 1812
Listening on command file /var/packages/RadiusServer/tar
get//var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.170 port 6103, id=2,
length=145
User-Name = "xxxx"
NAS-IP-Address = 192.168.2.170
NAS-Identifier = "Intelligent Switch"
NAS-Port = 1
Service-Type = Framed-User
Called-Station-Id = "xx-xx-xx-xx-xx-xx"
Calling-Station-Id = "xx-xx-xx-xx-xx-xx"
Framed-MTU = 1300
NAS-Port-Type = Ethernet
EAP-Message = 0x02ab000a017377616d69
Message-Authenticator = 0xc991c984fab9c5cf0161004eea7f75d2
# Executing section authorize from file /usr/local/synoradius/rad_site
_def_local
+group authorize {
++[preprocess] = ok
[eap] EAP packet type response id 171 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry xxxx at line 4
++[files] = ok
++[expiration] = noop
++[logintime] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 2 to 192.168.2.170 port 6103
EAP-Message = 0x01ac001f1a01ac001a10e9e1c078ad05caca313100efcdba9780737761
6d69
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x973167ca979d7d7672b64682fa1c6552
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.170 port 6103, id=4,
length=139
User-Name = "xxxx"
NAS-IP-Address = 192.168.2.170
NAS-Port = 1
Called-Station-Id = "xx-xx-xx-xx-xx-xx"
Calling-Station-Id = "xx-xx-xx-xx-xx-xx"
Framed-MTU = 1300
Service-Type = Framed-User
NAS-Port-Type = Ethernet
State = 0x973167ca979d7d7672b64682fa1c6552
EAP-Message = 0x02ac00060304
Message-Authenticator = 0x7ea32f868e5b2e8165614aaac0ed8338
# Executing section authorize from file /usr/local/synoradius/rad_site
_def_local
+group authorize {
++[preprocess] = ok
[eap] EAP packet type response id 172 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry xxxx at line 4
++[files] = ok
++[expiration] = noop
++[logintime] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+group authenticate {
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/md5
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 4 to 192.168.2.170 port 6103
EAP-Message = 0x01ad00160410fb47bcf981e68c462d0dc9670e427f8c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x973167ca969c637672b64682fa1c6552
Finished request 1.
Going to the next request
Waking up in 4.0 seconds.
rad_recv: Access-Request packet from host 192.168.2.170 port 6103, id=6,
length=155
User-Name = "xxxx"
NAS-IP-Address = 192.168.2.170
NAS-Port = 1
Called-Station-Id = "xx-xx-xx-xx-xx-xx"
Calling-Station-Id = "xx-xx-xx-xx-xx-xx"
Framed-MTU = 1300
Service-Type = Framed-User
NAS-Port-Type = Ethernet
State = 0x973167ca969c637672b64682fa1c6552
EAP-Message = 0x02ad00160410f0f526bf8df80c013258a2952d03d8f0
Message-Authenticator = 0xb82937c382730e9d6582f7a456f13eb3
# Executing section authorize from file /usr/local/synoradius/rad_site
_def_local
+group authorize {
++[preprocess] = ok
[eap] EAP packet type response id 173 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
[files] users: Matched entry xxxx at line 4
++[files] = ok
++[expiration] = noop
++[logintime] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /usr/local/synoradius/rad_site_def_local
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] = reject
+} # group authenticate = reject
Failed to authenticate the user.
Login incorrect: [xxxx] (from client xxxx port 1 cli xx-xx-xx-xx-xx-xx)
Using Post-Auth-Type Reject
# Executing group from file /usr/local/synoradius/rad_site_def_local
+group REJECT {
[attr_filter.access_reject] expand: %{User-Name} -> xxxx
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 6 to 192.168.2.170 port 6103
EAP-Message = 0x04ad0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2.0 seconds.
Cleaning up request 0 ID 2 with timestamp +32
Waking up in 0.9 seconds.
Cleaning up request 1 ID 4 with timestamp +33
Waking up in 1.9 seconds.
Cleaning up request 2 ID 6 with timestamp +34
Ready to process requests.
More information about the Freeradius-Users
mailing list