WPA2 entreprise : Access-Accept but not connected
Arno Tarpin
arno.tarpin at gmail.com
Thu Jan 12 10:18:04 CET 2017
Hi,
First I'm sorry for my bad English...
I just install Freeradius (using this tutorial
<https://blog.fenrir.fr/2013/09/07/655/>), everything work (I get a
access-accept when I try the radtest command) but when I try connect to the
AP using WPA2 Entreprise, my devise (I use an Iphone but with a Laptop I
get the same problem) don't connect.
I don't have any error message, and after few try the device "give up" I
mean without any error message it just stop.
On the Freeradius server when I use the Freeradius -X command I can see the
Access-Accept but my device re-try a connection.
I have no idea where the problem come from...
-------------- next part --------------
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=7, length=166
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0229000d01612e74617270696e
Message-Authenticator = 0x0a9984d7862fea8595991bf7e33e8495
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 41 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 7 to 192.168.11.122 port 55831
EAP-Message = 0x012a00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6583515565a9447cddd63ca81a139940
Finished request 7.
Going to the next request
Waking up in 1.6 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=8, length=302
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022a0083158000000079160301007401000070030158765ac583685c94427ca4a1b3d0e966d0dadf85bde254f374a3261e9778b6ab00002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
State = 0x6583515565a9447cddd63ca81a139940
Message-Authenticator = 0x25848d413f08a29a0d751004026fea86
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 42 length 131
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 121
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0074], ClientHello
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0039], ServerHello
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 02ce], Certificate
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: Need to read more data: unknown state
[ttls] TLS_accept: Need to read more data: unknown state
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 8 to 192.168.11.122 port 55831
EAP-Message = 0x012b040015c00000046a1603010039020000350301e898244b1322372a75fa8a338fed1dc2025e4a42e1882726594df2373d61897500c01400000dff01000100000b00040300010216030102ce0b0002ca0002c70002c4308202c0308201a8a003020102020900f20ccd35f5be79e0300d06092a864886f70d01010b050030183116301406035504030c0d7562756e74752d726164697573301e170d3137303131313133343430315a170d3237303130393133343430315a30183116301406035504030c0d7562756e74752d72616469757330820122300d06092a864886f70d01010105000382010f003082010a0282010100bae84393e78ab8117a34
EAP-Message = 0x76a096a31a3e72a0687854fdb31f9471d7f73fc8b9efa43b5a4e7d5d98d6c7a86e55bcbd389e1ca26c8b5437f42f576c433fd19e8c3e5643d6066213a5383637a2bed3647057955d01ff33529b81cf41d72e6b6b27afd6aeec77fa1cf9b12017dbe1e0a4dbcf9edb451d764f54c441d1673f843c54cf01077a7298d9db84271628e244913e33d189625134fe482979915758b6d3b037fa255f2f52d8ba4d7fabf0ce4f0f2d769d81bee74047a97337568ea22fb52a14976ead23a3cadad2025a33a6c82e86de4fbe4d7d72ed5ecfbf2ed17e7e0473194f4e256a3059c0602f7ff48e011506a6b1377d2e231eff0230e4b705f08d83ef0203010001a30d
EAP-Message = 0x300b30090603551d1304023000300d06092a864886f70d01010b0500038201010054ac44d1f29e6edd1a0acc5a17366b78f30aa398f650f9adc659ff1c13b83e1755cb79bf6f7b67a9181eeda92656503673b7ab6868d0630930c84393dbee3e22740dbcf6bffaacb2e1256a0a6bc55f733fc7f760b14ed6cbdcf3077f28b6f4a555f9bac811e1b2e8a9e63ef90dd3790754d3feadc8f63c178e23279e9b3478c5d129ccc71c97776489b93a7e83599e180289509cdb671acf4ad68c79f6af0745b71ac8268e5fa864155e722da3293764c4123466d6937963361207c883a4678695c8f222db95a74bc779a63e6520e2e41ab3fe0239bf4afe388e6acb
EAP-Message = 0x893f42b934b7aadd295ba4a5ce95b63ce8626c77ff63e860adc0ed611a13fa690ea22af5160301014b0c00014703001741048b85cc21ba55414fc64d85d98a67c1f81772c8bfe10497a9955fdd49a8c496eb4af556716d96ab4ca22d6ecb83656af69128eb58883de1a27b428b7f95ac64f40100551342e56f5d59562a3f8408dbdcdce8344deeda4e61d5bfe27d870afa2f95b17a39b605222e8fc70ca40aaf9b7bcebae54f5d416efac099bab785633816fc22f9f4415c67ba5184d15d2fbb612be939fe00635e373fdd793308e151602960908577a90e1b33f5acbfc76604a357f12c53596ebfc9a19a744e2edf963d7d6d79ffd4d38bbc7eef6188
EAP-Message = 0x77eace7b5c2b4b22fb82dc71
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6583515564a8447cddd63ca81a139940
Finished request 8.
Going to the next request
Waking up in 1.6 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=9, length=177
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022b00061500
State = 0x6583515564a8447cddd63ca81a139940
Message-Authenticator = 0x06fb66916d2374f8cbcce6893f84ac5d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 43 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 9 to 192.168.11.122 port 55831
EAP-Message = 0x012c007e15800000046a8544dc8b6323e96d36a7a1ce5dc99153a918fdec07e81be1f583a548b2dba9927613035f0718a73522b7a2701a4918885a80db7506d70e05bd5e8bb604a06f679ac6494b1f1561da95f4a5ad0ca26db4967a80c2491d632684c67a9df7c5289ba77b6c99fc303545413ed516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6583515567af447cddd63ca81a139940
Finished request 9.
Going to the next request
Waking up in 1.6 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=10, length=315
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022c009015800000008616030100461000004241041364f7e7ca503af99d3920cdc6a9b747005dac54c74a2ca59c4d80269504eb7087bc54dbb58e22c5d2b1b01dc2f67389904585a6a2a4e25f47e09275f3cde8471403010001011603010030c31e15ee5e3b1568fb196a2367a9d5e59aef27d4d415444ecc09630a2c5760fd6a285fce379ffd00ae27d7af5c6ff4bc
State = 0x6583515567af447cddd63ca81a139940
Message-Authenticator = 0x63e5d32f2ad9cfa151774bfc46a03cd7
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 44 length 144
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 134
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 10 to 192.168.11.122 port 55831
EAP-Message = 0x012d004515800000003b1403010001011603010030071a928f4ff5bca3786c3254fbab5815e9c5a5de4d64abf284e914c786b0a23bbe2d113756704054fbfa0f904707e310
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6583515566ae447cddd63ca81a139940
Finished request 10.
Going to the next request
Waking up in 1.6 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=11, length=234
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022d003f15800000003517030100304c2d6c9de0e00ec19cb045bcb16971f6f4e9f1e35f8aacc0c6e0bdbc72ebd8cd72a91b4e7cd17284f141a6f6f7aa3b8d
State = 0x6583515566ae447cddd63ca81a139940
Message-Authenticator = 0xa48980d9837268531d37a15fcab1bc6f
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 45 length 63
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 53
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x0200000d01612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Got tunneled identity of a.tarpin
[ttls] Setting default EAP type for tunneled EAP session.
[ttls] Sending tunneled request
EAP-Message = 0x0200000d01612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 0 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Challenge
EAP-Message = 0x010100221a0101001d1081ba753217870e3bcdb5af1a175df987612e74617270696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1b6035f91b612fac14e500443d0b7814
[ttls] Got tunneled Access-Challenge
[ttls] >>> Unknown TLS version [length 0005]
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 11 to 192.168.11.122 port 55831
EAP-Message = 0x012e005f1580000000551703010050750887d0476e47f34a421da79a69ab878fa36a084bb90c9add12bd43b9c0dabf82842fcd5bfb10366012cb4ee69849484166423c78d87ce8f0f012e7961e7fc77fa897f5f8cc70cfe09e9318e5695164
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6583515561ad447cddd63ca81a139940
Finished request 11.
Going to the next request
Waking up in 1.6 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=12, length=298
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022e007f1580000000751703010070b683851865e7561ad366bf2ad42e6910e08c3db6a006e588525a53a78d87c4779bd9410df68071f400aa963f11c6cff8ab614e9f41b62bd7e3fc0f9787d9c5e266a00d02f85b9b2c0700cbefd7556440b17f4b04687b86b9f4a89e8847e7134983aa56c388b27d118b092549f666cfae
State = 0x6583515561ad447cddd63ca81a139940
Message-Authenticator = 0x1ae1949c285188c0e8f0bcaaf12690fb
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 46 length 127
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 117
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x020100431a0201003e316862e743eee9c3cb6735142930eb10850000000000000000222b30b386896f9d349da2acd34d4bf1fe98b5d57fdd669500612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
EAP-Message = 0x020100431a0201003e316862e743eee9c3cb6735142930eb10850000000000000000222b30b386896f9d349da2acd34d4bf1fe98b5d57fdd669500612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
State = 0x1b6035f91b612fac14e500443d0b7814
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 1 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +group MS-CHAP {
[mschap] Creating challenge hash with username: a.tarpin
[mschap] Client is using MS-CHAPv2 for a.tarpin, we need NT-Password
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] expand: %{User-Name} -> a.tarpin
[mschap] expand: %{%{User-Name}:-None} -> a.tarpin
[mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=a.tarpin
[mschap] Creating challenge hash with username: a.tarpin
[mschap] expand: %{mschap:Challenge} -> 163511854d8da47a
[mschap] expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=163511854d8da47a
[mschap] expand: %{mschap:NT-Response} -> 222b30b386896f9d349da2acd34d4bf1fe98b5d57fdd6695
[mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=222b30b386896f9d349da2acd34d4bf1fe98b5d57fdd6695
Exec output: NT_KEY: 01DAD29C6673DE9BAEBBE44D48C51144
Exec plaintext: NT_KEY: 01DAD29C6673DE9BAEBBE44D48C51144
[mschap] Exec: program returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
MSCHAP Success
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Challenge
EAP-Message = 0x010200331a0301002e533d30464643363742344441323845353645334444333830423843453035454235334430303542443142
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1b6035f91a622fac14e500443d0b7814
[ttls] Got tunneled Access-Challenge
[ttls] >>> Unknown TLS version [length 0005]
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 12 to 192.168.11.122 port 55831
EAP-Message = 0x012f006f15800000006517030100609747c79652af8ad27d147997314cd5f59849958543967889e268a09b318206ac4603f0007ffce4026ba0c33a45a9f8c4b900c931523c1d0cdedd4cea48ec2944b9789185ad8dd9cf8b02ee83f65c3ae1333216c86ab71eb67109c3c5fecb4a6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6583515560ac447cddd63ca81a139940
Finished request 12.
Going to the next request
Waking up in 1.5 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=13, length=234
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022f003f158000000035170301003096c19bce6919b31b203ee1428b7b169a0be62022da29491a5862edd8f04351ebbb40cb59cb61088c507a9d520b89b532
State = 0x6583515560ac447cddd63ca81a139940
Message-Authenticator = 0xb1001524aab5481401f315e400dcfbdf
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 47 length 63
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 53
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x020200061a03
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
EAP-Message = 0x020200061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
State = 0x1b6035f91a622fac14e500443d0b7814
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Accept
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0x01fe2d3466f9398b562419b5018d86ec
MS-MPPE-Recv-Key = 0x0a7139b656fcd9650b7280bf787b581b
EAP-Message = 0x03020004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "a.tarpin"
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
rlm_eap_ttls: Freeing handler for user a.tarpin
++[eap] = ok
+} # group authenticate = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 13 to 192.168.11.122 port 55831
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0x01fe2d3466f9398b562419b5018d86ec
MS-MPPE-Recv-Key = 0x0a7139b656fcd9650b7280bf787b581b
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "a.tarpin"
MS-MPPE-Recv-Key = 0x99e2ed24a3bb6bd19c20702601df7f3893f85e774ffaedcc5160cc6417ad5886
MS-MPPE-Send-Key = 0x61a2dc56f891c2b44c9d3d239aa1de42a3dd20c45e11d8e6f5d97556e18b5925
EAP-Message = 0x032f0004
Finished request 13.
Going to the next request
Waking up in 1.5 seconds.
Cleaning up request 0 ID 0 with timestamp +10
Cleaning up request 1 ID 1 with timestamp +10
Cleaning up request 2 ID 2 with timestamp +10
Cleaning up request 3 ID 3 with timestamp +10
Cleaning up request 4 ID 4 with timestamp +10
Cleaning up request 5 ID 5 with timestamp +10
Cleaning up request 6 ID 6 with timestamp +10
Waking up in 3.0 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=14, length=166
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027c000d01612e74617270696e
Message-Authenticator = 0x0e4a51fed0748b73e05f343bb222b7db
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 124 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 14 to 192.168.11.122 port 55831
EAP-Message = 0x017d00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb135ad58b148b80a4087147427232372
Finished request 14.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=15, length=302
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027d0083158000000079160301007401000070030158765ac9acafd49008d73e6f310d0252f43f2a912d03ab6ed04cbf3afec5edd900002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
State = 0xb135ad58b148b80a4087147427232372
Message-Authenticator = 0xcdfdf8eb0955a9b091fb30d9eb2d83cd
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 125 length 131
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 121
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0074], ClientHello
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0039], ServerHello
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 02ce], Certificate
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: Need to read more data: unknown state
[ttls] TLS_accept: Need to read more data: unknown state
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 15 to 192.168.11.122 port 55831
EAP-Message = 0x017e040015c00000046a160301003902000035030187d6e7c42ca4de3bf1108086140fa5c26f1401880f4aa20b16f706227a95027400c01400000dff01000100000b00040300010216030102ce0b0002ca0002c70002c4308202c0308201a8a003020102020900f20ccd35f5be79e0300d06092a864886f70d01010b050030183116301406035504030c0d7562756e74752d726164697573301e170d3137303131313133343430315a170d3237303130393133343430315a30183116301406035504030c0d7562756e74752d72616469757330820122300d06092a864886f70d01010105000382010f003082010a0282010100bae84393e78ab8117a34
EAP-Message = 0x76a096a31a3e72a0687854fdb31f9471d7f73fc8b9efa43b5a4e7d5d98d6c7a86e55bcbd389e1ca26c8b5437f42f576c433fd19e8c3e5643d6066213a5383637a2bed3647057955d01ff33529b81cf41d72e6b6b27afd6aeec77fa1cf9b12017dbe1e0a4dbcf9edb451d764f54c441d1673f843c54cf01077a7298d9db84271628e244913e33d189625134fe482979915758b6d3b037fa255f2f52d8ba4d7fabf0ce4f0f2d769d81bee74047a97337568ea22fb52a14976ead23a3cadad2025a33a6c82e86de4fbe4d7d72ed5ecfbf2ed17e7e0473194f4e256a3059c0602f7ff48e011506a6b1377d2e231eff0230e4b705f08d83ef0203010001a30d
EAP-Message = 0x300b30090603551d1304023000300d06092a864886f70d01010b0500038201010054ac44d1f29e6edd1a0acc5a17366b78f30aa398f650f9adc659ff1c13b83e1755cb79bf6f7b67a9181eeda92656503673b7ab6868d0630930c84393dbee3e22740dbcf6bffaacb2e1256a0a6bc55f733fc7f760b14ed6cbdcf3077f28b6f4a555f9bac811e1b2e8a9e63ef90dd3790754d3feadc8f63c178e23279e9b3478c5d129ccc71c97776489b93a7e83599e180289509cdb671acf4ad68c79f6af0745b71ac8268e5fa864155e722da3293764c4123466d6937963361207c883a4678695c8f222db95a74bc779a63e6520e2e41ab3fe0239bf4afe388e6acb
EAP-Message = 0x893f42b934b7aadd295ba4a5ce95b63ce8626c77ff63e860adc0ed611a13fa690ea22af5160301014b0c0001470300174104b834900644a5406ac78a1051797cb2bb168ba8b9a7c07dfea81e582c610a37fe4123ca87cca649db6c2502dd66e3c64dc92a594e24ba14d325184422ff30540201008d41e553dec52ae1229b8c861dae26753ce82ae8ec44810029709a74fd547646e2825c6b14c46429f56ebea1318260779d4b586822f98b78d5aee9b2fa8ab0fb2a1eadc7a84247a2f12eb7abc33641cfc634cad68ecd2d26d6a940bc385eb949e2721ddf24e4daa451c4a3abebc55cb317fc0ed23108bd29748a004896e5654752e247b71b780babcf
EAP-Message = 0xd1a7a8d4b51328083d36fd91
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb135ad58b04bb80a4087147427232372
Finished request 15.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=16, length=177
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027e00061500
State = 0xb135ad58b04bb80a4087147427232372
Message-Authenticator = 0x302927737a36ef814b48edd23da7ca5d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 126 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 16 to 192.168.11.122 port 55831
EAP-Message = 0x017f007e15800000046af563002da0aed29d9dc52a13a77721c0faf81ac7827cae720e38833cc6e6f954d317cb7dd69089802285b7c06000963f396cc2321d75f8e8bb0effdd3e4a1557eca9ef5197dc439ead2a486a755fdcc55a9e6f8eadcaa5dd51a570b12083e502a392523f075320c5f673c216030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb135ad58b34ab80a4087147427232372
Finished request 16.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=17, length=315
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027f00901580000000861603010046100000424104963967b4b16ae62ac3596cbf1843ed91aeb1052a6a4c82fbcf001c7af1dc2a33a16c928258d9e0fab58fb07e4b3fd43b9ff81c34bed3a3761cd9ad09c6bb91b41403010001011603010030aecaa21caf4b9ba0b48b99d566160ad90dccb0671f628d45167c73c406b9fcd520276fea9ef6f5d59b59b4772e9584f8
State = 0xb135ad58b34ab80a4087147427232372
Message-Authenticator = 0x287308b0deb64f79e8693f6a93aec5fb
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 127 length 144
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 134
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 17 to 192.168.11.122 port 55831
EAP-Message = 0x0180004515800000003b140301000101160301003026bf0eea7cb4ca21a7ffc56835d5ce7298adf14dee7a4006010494a1d5cc56d6fb3374221095462d1c6e6f4606c86c89
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb135ad58b2b5b80a4087147427232372
Finished request 17.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=18, length=234
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0280003f1580000000351703010030b016f15008ed12e3c4cfdbbee2baa70298e6f0fb1f86a4b630d8b3d136cb79c5b70d315abbd4a72111ec9d8366f9aa79
State = 0xb135ad58b2b5b80a4087147427232372
Message-Authenticator = 0x40659054e70138c6b2a9cc4c222a8c10
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 128 length 63
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 53
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x0200000d01612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Got tunneled identity of a.tarpin
[ttls] Setting default EAP type for tunneled EAP session.
[ttls] Sending tunneled request
EAP-Message = 0x0200000d01612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 0 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Challenge
EAP-Message = 0x010100221a0101001d1029feb51b70dba42b94e98e6b60c7026c612e74617270696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x584b6df0584a7715edb9e338d55edae5
[ttls] Got tunneled Access-Challenge
[ttls] >>> Unknown TLS version [length 0005]
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 18 to 192.168.11.122 port 55831
EAP-Message = 0x0181005f1580000000551703010050a598d0200e9e72114be93f8d36b4c2bcfcd4319927cceb94f8a490dc9160c8d9657f1bc7bdfbbb79e847ac2113f70a3d3715dfd83d11ce7d8106f02dc2a3c89efd73fa7c2d6d137eccfa3e2f590d30d5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb135ad58b5b4b80a4087147427232372
Finished request 18.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=19, length=298
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0281007f1580000000751703010070ef59c3bb1761ceb4ab5b805b5f2e364c39ca9f8e5ae0579dba76e22e2c5e34dc7fa23a5aa6e9d15947a0509ec80d9863f9abac763237aa726bbd5fc7c01069a2a832f58d35b46f1036fafa11b3b85c48919ed7f527a284d7716fee4c3b1a0691a14be62ede4b5be11fe0c41ac5c3a0dc
State = 0xb135ad58b5b4b80a4087147427232372
Message-Authenticator = 0x83d080afd41086914f9a7d5af84e02cb
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 129 length 127
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 117
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x020100431a0201003e3109b8dcc4b63274e4c62cef6aef42d17a0000000000000000ec899bb12e21c5a32829991995607287272dd8cde301a68200612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
EAP-Message = 0x020100431a0201003e3109b8dcc4b63274e4c62cef6aef42d17a0000000000000000ec899bb12e21c5a32829991995607287272dd8cde301a68200612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
State = 0x584b6df0584a7715edb9e338d55edae5
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 1 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +group MS-CHAP {
[mschap] Creating challenge hash with username: a.tarpin
[mschap] Client is using MS-CHAPv2 for a.tarpin, we need NT-Password
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] expand: %{User-Name} -> a.tarpin
[mschap] expand: %{%{User-Name}:-None} -> a.tarpin
[mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=a.tarpin
[mschap] Creating challenge hash with username: a.tarpin
[mschap] expand: %{mschap:Challenge} -> 2cf6e69a30ea1d93
[mschap] expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=2cf6e69a30ea1d93
[mschap] expand: %{mschap:NT-Response} -> ec899bb12e21c5a32829991995607287272dd8cde301a682
[mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=ec899bb12e21c5a32829991995607287272dd8cde301a682
Exec output: NT_KEY: 01DAD29C6673DE9BAEBBE44D48C51144
Exec plaintext: NT_KEY: 01DAD29C6673DE9BAEBBE44D48C51144
[mschap] Exec: program returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
MSCHAP Success
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Challenge
EAP-Message = 0x010200331a0301002e533d45343933353637334141433732393530443141333031453531413435373731384431454142343741
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x584b6df059497715edb9e338d55edae5
[ttls] Got tunneled Access-Challenge
[ttls] >>> Unknown TLS version [length 0005]
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 19 to 192.168.11.122 port 55831
EAP-Message = 0x0182006f1580000000651703010060369b58dce8f154c8dde05e23d9badb67cba276c0f2ba553d88c73fc9a02421d483bea10eb25c4f7ffba67f95b44dfe35a882dd40edd2411f6c221972cd87ff4e23c4598a2b2b129e8d236d2e72e6c533e41bbf53e53b650d9fd6412d4aa83ba3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb135ad58b4b7b80a4087147427232372
Finished request 19.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=20, length=234
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0282003f158000000035170301003069e8f50b1a958c19d269450bd5b2f7d137a346b058eea4320792bce7fc3aba4aa8017e2885cfea1c27996d555fcb8ea6
State = 0xb135ad58b4b7b80a4087147427232372
Message-Authenticator = 0x4249a23291f9e92538984f5014ec6f76
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 130 length 63
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 53
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x020200061a03
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
EAP-Message = 0x020200061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
State = 0x584b6df059497715edb9e338d55edae5
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Accept
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0x0cb767e1fe8fddd8aa89dd013237399a
MS-MPPE-Recv-Key = 0x3a95cebdea826b240a3624e7a0d6939d
EAP-Message = 0x03020004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "a.tarpin"
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
rlm_eap_ttls: Freeing handler for user a.tarpin
++[eap] = ok
+} # group authenticate = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 20 to 192.168.11.122 port 55831
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0x0cb767e1fe8fddd8aa89dd013237399a
MS-MPPE-Recv-Key = 0x3a95cebdea826b240a3624e7a0d6939d
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "a.tarpin"
MS-MPPE-Recv-Key = 0xf2513a456098b6f7f425bebf3bb5375dfae221a0d1d1d91e0dfe77faf269a506
MS-MPPE-Send-Key = 0xd713dd63e19f0fd1624164025776edb4412dd699b41310ef39ea0223c7bb955f
EAP-Message = 0x03820004
Finished request 20.
Going to the next request
Waking up in 0.4 seconds.
Cleaning up request 7 ID 7 with timestamp +13
Cleaning up request 8 ID 8 with timestamp +13
Cleaning up request 9 ID 9 with timestamp +13
Cleaning up request 10 ID 10 with timestamp +13
Cleaning up request 11 ID 11 with timestamp +13
Cleaning up request 12 ID 12 with timestamp +13
Cleaning up request 13 ID 13 with timestamp +13
Waking up in 4.2 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=21, length=166
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0276000d01612e74617270696e
Message-Authenticator = 0xb482c3828728d8da3c17525c676fd015
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 118 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 21 to 192.168.11.122 port 55831
EAP-Message = 0x017700061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa03d9759a04a8245fd2c6df765db38ab
Finished request 21.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=22, length=302
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x02770083158000000079160301007401000070030158765ace5ef18faad8307cbb0cb6e1fee9808dee2aba37a3bb2a535985894cf900002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
State = 0xa03d9759a04a8245fd2c6df765db38ab
Message-Authenticator = 0x884818949d3791fb2181464655b473bf
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 119 length 131
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 121
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0074], ClientHello
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0039], ServerHello
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 02ce], Certificate
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: Need to read more data: unknown state
[ttls] TLS_accept: Need to read more data: unknown state
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 22 to 192.168.11.122 port 55831
EAP-Message = 0x0178040015c00000046a1603010039020000350301b0b0c4309fe9e28baac03c379994a03c43c17edabf896adbe77d7c50ba92312e00c01400000dff01000100000b00040300010216030102ce0b0002ca0002c70002c4308202c0308201a8a003020102020900f20ccd35f5be79e0300d06092a864886f70d01010b050030183116301406035504030c0d7562756e74752d726164697573301e170d3137303131313133343430315a170d3237303130393133343430315a30183116301406035504030c0d7562756e74752d72616469757330820122300d06092a864886f70d01010105000382010f003082010a0282010100bae84393e78ab8117a34
EAP-Message = 0x76a096a31a3e72a0687854fdb31f9471d7f73fc8b9efa43b5a4e7d5d98d6c7a86e55bcbd389e1ca26c8b5437f42f576c433fd19e8c3e5643d6066213a5383637a2bed3647057955d01ff33529b81cf41d72e6b6b27afd6aeec77fa1cf9b12017dbe1e0a4dbcf9edb451d764f54c441d1673f843c54cf01077a7298d9db84271628e244913e33d189625134fe482979915758b6d3b037fa255f2f52d8ba4d7fabf0ce4f0f2d769d81bee74047a97337568ea22fb52a14976ead23a3cadad2025a33a6c82e86de4fbe4d7d72ed5ecfbf2ed17e7e0473194f4e256a3059c0602f7ff48e011506a6b1377d2e231eff0230e4b705f08d83ef0203010001a30d
EAP-Message = 0x300b30090603551d1304023000300d06092a864886f70d01010b0500038201010054ac44d1f29e6edd1a0acc5a17366b78f30aa398f650f9adc659ff1c13b83e1755cb79bf6f7b67a9181eeda92656503673b7ab6868d0630930c84393dbee3e22740dbcf6bffaacb2e1256a0a6bc55f733fc7f760b14ed6cbdcf3077f28b6f4a555f9bac811e1b2e8a9e63ef90dd3790754d3feadc8f63c178e23279e9b3478c5d129ccc71c97776489b93a7e83599e180289509cdb671acf4ad68c79f6af0745b71ac8268e5fa864155e722da3293764c4123466d6937963361207c883a4678695c8f222db95a74bc779a63e6520e2e41ab3fe0239bf4afe388e6acb
EAP-Message = 0x893f42b934b7aadd295ba4a5ce95b63ce8626c77ff63e860adc0ed611a13fa690ea22af5160301014b0c000147030017410432ca055c5c5b05b16674f7d9d1e9d004ecf2f103149134845196166fb05a30c237ce8006f620452d5e894a537e1a2a36dffbe42b1f822469a6e149d1be40f7f5010085ded0a16cf16c029409d4736e8771de33c73fe160dd5736ad16d16c8cc901aa8183289209c2182b6d4ca9e0904956c29f48249490ef3105dfa033ed72dc0ac415f517acd6274012814a997668ebd64a8b274b3b080cb19e88efec06fac54b27eaf8af80ad7b6c880428cd7b178c638d465504a75588ab9ac2dc7eb549cf21f4144da59dc52a80639b
EAP-Message = 0x4898b9179a8a4cbd1c3e8e02
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa03d9759a1458245fd2c6df765db38ab
Finished request 22.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=23, length=177
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027800061500
State = 0xa03d9759a1458245fd2c6df765db38ab
Message-Authenticator = 0xb74d4f399f88faa2dc6ecab5a7c59ef5
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 120 length 6
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 23 to 192.168.11.122 port 55831
EAP-Message = 0x0179007e15800000046a27736e313a9c94129d2e20ff6d830a5a4453100de43302a99f64c039ff4ebeb6346b5a970651e82c6675b58711f87aabbe0ce6b517e6748c9b8d875de71e1358910b6444b7768d9892592f05d8394b46a0d8c69569cbdcb3b705993cf58dbcfeecac447d0016d0c3a0849016030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa03d9759a2448245fd2c6df765db38ab
Finished request 23.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=24, length=315
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027900901580000000861603010046100000424104337e617747f33b002b76e435dc1a015dd8f2ce5bd23637e098b5d2b4b1d322c45359672ed0cdf5606884847fce6c20bb6df07d7447a8efc2eb4a3327f73f9e561403010001011603010030c10b7ec571ea0d94355fc52ccc65e4fe8de14af82d6513d0ba6c2789dbb20ea51c2ab948d5eb88ee83d48b0618a118a6
State = 0xa03d9759a2448245fd2c6df765db38ab
Message-Authenticator = 0x3f77a4fc48400fd15e67f53d2ed27281
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 121 length 144
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 134
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< Unknown TLS version [length 0005]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: unknown state
[ttls] >>> Unknown TLS version [length 0005]
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: unknown state
[ttls] TLS_accept: unknown state
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 24 to 192.168.11.122 port 55831
EAP-Message = 0x017a004515800000003b140301000101160301003067d24b1e24d98dd8358608a799d2d98a6c803b22a1ea02edd2876c83bce05478c4d42863ba281bde613fcd93746b5db4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa03d9759a3478245fd2c6df765db38ab
Finished request 24.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=25, length=234
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027a003f1580000000351703010030d90dc3c6217fad6c4a190dbcc710ce24952e5590ddf783a118ed33f2dd37cc8448a64e6283bd5e897d7205b56f5d3885
State = 0xa03d9759a3478245fd2c6df765db38ab
Message-Authenticator = 0xe5d71870121582e829028705cfaffddc
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 122 length 63
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 53
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x0200000d01612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Got tunneled identity of a.tarpin
[ttls] Setting default EAP type for tunneled EAP session.
[ttls] Sending tunneled request
EAP-Message = 0x0200000d01612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 0 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Challenge
EAP-Message = 0x010100221a0101001d1038372371be1aa9ef32ee8866de250ed1612e74617270696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa27a3a04a27b208a9cc215a0320ce53e
[ttls] Got tunneled Access-Challenge
[ttls] >>> Unknown TLS version [length 0005]
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 25 to 192.168.11.122 port 55831
EAP-Message = 0x017b005f158000000055170301005013cfcfbb5f2326d02ad8a21f00b79de7f7f9440febe577f655b77b7bea4f7eff27da9be6db7afb7ed3b6033d7fafe0b02395320aaf8d37e9c1c0e2d3330887789e21a7b6b1960a7cff3c197313824851
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa03d9759a4468245fd2c6df765db38ab
Finished request 25.
Going to the next request
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=26, length=298
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027b007f158000000075170301007011784dd9efc131615186767a7cb5c3b78df7760875fc18dda10bdbd1459549d53e678135a681fee2fd6871fb8ac703b9b32e689df31ca3d86a662dc31dbb2d9629c135b8bd69c8a2cf9d94c97b6eff528d64f8165292d61a32ab595c8b71111147a082a4821e1b8f9a537822e9ad2dd4
State = 0xa03d9759a4468245fd2c6df765db38ab
Message-Authenticator = 0x4bb694e9e82fd6e061f4e9659a2da866
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 123 length 127
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 117
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x020100431a0201003e31c10dfb638800e1500de9b56668cb74060000000000000000c88722ab37ce3585bfd3682bf02b02a4387b3766229aac2f00612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
EAP-Message = 0x020100431a0201003e31c10dfb638800e1500de9b56668cb74060000000000000000c88722ab37ce3585bfd3682bf02b02a4387b3766229aac2f00612e74617270696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
State = 0xa27a3a04a27b208a9cc215a0320ce53e
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 1 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +group MS-CHAP {
[mschap] Creating challenge hash with username: a.tarpin
[mschap] Client is using MS-CHAPv2 for a.tarpin, we need NT-Password
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] expand: %{User-Name} -> a.tarpin
[mschap] expand: %{%{User-Name}:-None} -> a.tarpin
[mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=a.tarpin
[mschap] Creating challenge hash with username: a.tarpin
[mschap] expand: %{mschap:Challenge} -> f8edaa904e9fa6d1
[mschap] expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=f8edaa904e9fa6d1
[mschap] expand: %{mschap:NT-Response} -> c88722ab37ce3585bfd3682bf02b02a4387b3766229aac2f
[mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=c88722ab37ce3585bfd3682bf02b02a4387b3766229aac2f
Exec output: NT_KEY: 01DAD29C6673DE9BAEBBE44D48C51144
Exec plaintext: NT_KEY: 01DAD29C6673DE9BAEBBE44D48C51144
[mschap] Exec: program returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
MSCHAP Success
++[eap] = handled
+} # group authenticate = handled
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Challenge
EAP-Message = 0x010200331a0301002e533d46353045323446453334373645323837353836313433443338443736343831443244314142353734
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa27a3a04a378208a9cc215a0320ce53e
[ttls] Got tunneled Access-Challenge
[ttls] >>> Unknown TLS version [length 0005]
++[eap] = handled
+} # group authenticate = handled
Sending Access-Challenge of id 26 to 192.168.11.122 port 55831
EAP-Message = 0x017c006f158000000065170301006011761203ff7caf21dd10aade0c2611d83e6360a822eb7d36687dac99645d9934600d20c5bdd07bebc121d18e4eb9d4e2d9be9eb5471af9f49ae21c6e3a216102250ba19cd5893b42233397d0517c56256d48859513f388ba2f714c54b7131ea3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa03d9759a5418245fd2c6df765db38ab
Finished request 26.
Going to the next request
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.11.122 port 55831, id=27, length=234
User-Name = "a.tarpin"
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x027c003f1580000000351703010030cb530b6a02511df7bf36a2fa6d3d5bc5f0a6441a155f462cbb00b4d2d0cbd4542d2c5f9040487cc2c483a970575d6161
State = 0xa03d9759a5418245fd2c6df765db38ab
Message-Authenticator = 0x7be49a2ae9d9f035ab78cc30ed8d0397
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 124 length 63
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 53
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< Unknown TLS version [length 0005]
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
EAP-Message = 0x020200061a03
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
EAP-Message = 0x020200061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "a.tarpin"
State = 0xa27a3a04a378208a9cc215a0320ce53e
NAS-Identifier = "802aa89673dd"
NAS-Port = 0
Called-Station-Id = "82-2A-A8-98-73-DD:wifi-test"
Calling-Station-Id = "04-4B-ED-1A-3B-6C"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
NAS-IP-Address = 192.168.11.122
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+group authorize {
++[chap] = noop
++[mschap] = noop
[suffix] No '@' in User-Name = "a.tarpin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++update control {
++} # update control = noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
WARNING: Empty post-auth section. Using default return values.
# Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
} # server inner-tunnel
[ttls] Got tunneled reply code Access-Accept
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0xd2945975ecf1a221e1ee1d070d2891dd
MS-MPPE-Recv-Key = 0x834f4d25d1269b7014c27c5140b1f898
EAP-Message = 0x03020004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "a.tarpin"
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
rlm_eap_ttls: Freeing handler for user a.tarpin
++[eap] = ok
+} # group authenticate = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 27 to 192.168.11.122 port 55831
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0xd2945975ecf1a221e1ee1d070d2891dd
MS-MPPE-Recv-Key = 0x834f4d25d1269b7014c27c5140b1f898
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "a.tarpin"
MS-MPPE-Recv-Key = 0xe27cfc4aeaf04ba460adf86811d3c2a068b52bbe4e30d0e79c48a1d801de5bbc
MS-MPPE-Send-Key = 0x4e3c07e4df836b2af32406a60a1ba337d035d39c2608723f6c43a54c636db116
EAP-Message = 0x037c0004
Finished request 27.
Going to the next request
Waking up in 0.3 seconds.
Cleaning up request 14 ID 14 with timestamp +17
Cleaning up request 15 ID 15 with timestamp +17
Cleaning up request 16 ID 16 with timestamp +17
Cleaning up request 17 ID 17 with timestamp +17
Cleaning up request 18 ID 18 with timestamp +17
Cleaning up request 19 ID 19 with timestamp +17
Cleaning up request 20 ID 20 with timestamp +17
Waking up in 4.3 seconds.
Cleaning up request 21 ID 21 with timestamp +22
Cleaning up request 22 ID 22 with timestamp +22
Cleaning up request 23 ID 23 with timestamp +22
Cleaning up request 24 ID 24 with timestamp +22
Cleaning up request 25 ID 25 with timestamp +22
Cleaning up request 26 ID 26 with timestamp +22
Cleaning up request 27 ID 27 with timestamp +22
Ready to process requests.
More information about the Freeradius-Users
mailing list