Authentication issue
Alan Buxey
alan.buxey at gmail.com
Wed Jul 11 12:17:59 CEST 2018
client not happy with server cert for whatever reason - note "WARNING: !!
Please read http://wiki.freeradius.org/guide/Certificate_Compatibility"
alan
On 10 July 2018 at 22:30, Ryan Sinclair <Ryan.Sinclair at enovatemedical.com>
wrote:
> Afternoon all,
>
> Looking for a little guidance on an issue we're seeing with a wifi module
> that we can't seem to get to authenticate to the RADIUS server (default
> setup on Ubuntu). We get to the Access-Challenge but then nothing and
> eventually the session just errors out and says it did not finish. Output
> from debug below.
>
> BEGIN----
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=88,
> length=255
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 57, Channel: 1"
> Acct-Session-Id = "EDBDA43598F12EF9"
> Acct-Multi-Session-Id = "837FBA629412F692"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x02db001001574154454e4f5641543031
> Message-Authenticator = 0xad101bd76294451942d4c1cb39f4dd5e
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 219 length 16
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> [files] users: Matched entry WATENOVAT01 at line 1
> ++[files] = ok
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING: Auth-Type already set. Not setting to PAP
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 88 to 10.10.128.122 port 47803
> EAP-Message = 0x01dc00160410432880d91d2b837246de218eef6e8d47
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x7b85dc127b59d8c1271c8cde542b7f71
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
>
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=89,
> length=263
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 57, Channel: 1"
> Acct-Session-Id = "EDBDA43598F12EF9"
> Acct-Multi-Session-Id = "837FBA629412F692"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x02dc00060319
> State = 0x7b85dc127b59d8c1271c8cde542b7f71
> Message-Authenticator = 0x15e7f8766ac76afc0990807b6cb3075d
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 220 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> [files] users: Matched entry WATENOVAT01 at line 1
> ++[files] = ok
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING: Auth-Type already set. Not setting to PAP
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP NAK
> [eap] EAP-NAK asked for EAP-Type/peap
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 89 to 10.10.128.122 port 47803
> EAP-Message = 0x01dd00061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x7b85dc127a58c5c1271c8cde542b7f71
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
>
>
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=90,
> length=329
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 57, Channel: 1"
> Acct-Session-Id = "EDBDA43598F12EF9"
> Acct-Multi-Session-Id = "837FBA629412F692"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x02dd004819800000003e16030100
> 3901000035030100000001817ce41b057ae4ede29f237477a06811e1443f
> b62c5d4defb9f7814c000008002f00050004000a0100000400230000
> State = 0x7b85dc127a58c5c1271c8cde542b7f71
> Message-Authenticator = 0x4b72c60a28cb7368aae176e8e54fcc89
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 221 length 72
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 62
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] (other): before/accept initialization
> [peap] TLS_accept: before/accept initialization
> [peap] <<< Unknown TLS version [length 0005]
> [peap] <<< TLS 1.0 Handshake [length 0039], ClientHello
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 02c0], Certificate
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: Need to read more data: unknown state
> [peap] TLS_accept: Need to read more data: unknown state
> In SSL Handshake Phase
> In SSL Accept mode
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 90 to 10.10.128.122 port 47803
> EAP-Message = 0x01de03031900160301002a020000
> 26030183cfdd6aa50f0f3abfa737ebce57764a3c8fb4bb8fb89941ac18ea
> 9698155ff400002f0016030102c00b0002bc0002b90002b6308202b23082
> 019aa003020102020900f22226f9b340ee6a300d06092a864886f70d0101
> 0b05003011310f300d06035504030c06656d72647331301e170d31383036
> 30383133343334325a170d3238303630353133343334325a3011310f300d
> 06035504030c06656d7264733130820122300d06092a864886f70d010101
> 05000382010f003082010a0282010100b06fb34b4d3edb4340c9af6d7405
> 1e10d4727e25125bac166ff388c211eaeb7ef6ad59e2856fed6e4bb98a
> EAP-Message = 0xe3f5cb286a75bd28fd1d5bf806f9
> 1f252bd17974c0987e4e99447ee481fb2cafa44f633529d358a6933c9b7d
> 1393914cede0d4211ba354d617223eb6a866833218a755dd49c6e4ad5be5
> a6f682bab73a3ef50e365b3f8cf67e34b34e69003d344ae86042629f844a
> 96b4432d34a66a03337ac4b4337b42662f9ee72f6becc4402a002a970a65
> 57a5b406146625ec45468f233dfb163dcfb064001cc1cf485562a2d1b28a
> 6620d4fbe378d143dddfc8510ccceb0fb52e65f755b990bb83c4afd0a17a
> 49119de609110848c1f40b1226406eb5785a790203010001a30d300b3009
> 0603551d1304023000300d06092a864886f70d01010b05000382010100
> EAP-Message = 0x54b189ccdf1ef6284e17923457f5
> 166c5394de23b150b0abe6ced4dc1b807ae8ecce775348a252d01631063f
> 1947927d4916263dad5be918070429a3cc34190a7a19c80a9c720d509a6d
> 8a581baec2407c3348ce50e57d0825c71ca292a89ec6b67e8ea1102f5d1b
> 633ab067a66a5567a50be9457f9d72e14a7479273c4ace4b96ed82d62367
> f03edad46626d5d3c84996c67bf4995cd6f7dbacf50af8a018ac8ca2c7ce
> e6e36bb4d27832c33764a33d2622d08e9857298a69a48a87ccf31fa7c082
> eb6f63db5527e7e803bd1c4a928d972f2b04f475e6d10066f2c27853a44d
> bf7a6d8ebc3978d5656f5a7ecbcc8d5e1ff24ed9782abd06ca120fa8bf
> EAP-Message = 0x21948916030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x7b85dc12795bc5c1271c8cde542b7f71
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
>
>
>
>
>
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=91,
> length=255
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 56, Channel: 1"
> Acct-Session-Id = "103A93CA9F945C99"
> Acct-Multi-Session-Id = "FB64B58512B66D42"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x025c001001574154454e4f5641543031
> Message-Authenticator = 0xe08641665202ffc7100c4207b5f8bec5
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 92 length 16
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> [files] users: Matched entry WATENOVAT01 at line 1
> ++[files] = ok
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING: Auth-Type already set. Not setting to PAP
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 91 to 10.10.128.122 port 47803
> EAP-Message = 0x015d001604101d0ceee96b1ae4d80d70ba8b61634fef
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x7be386297bbe82a4fe9b40e370a4c69f
> Finished request 3.
> Going to the next request
> Waking up in 4.7 seconds.
>
>
>
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=92,
> length=263
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 57, Channel: 1"
> Acct-Session-Id = "103A93CA9F945C99"
> Acct-Multi-Session-Id = "FB64B58512B66D42"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x025d00060319
> State = 0x7be386297bbe82a4fe9b40e370a4c69f
> Message-Authenticator = 0xbcbe8b61c4739469b2df1f125e7d5338
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 93 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> [files] users: Matched entry WATENOVAT01 at line 1
> ++[files] = ok
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING: Auth-Type already set. Not setting to PAP
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP NAK
> [eap] EAP-NAK asked for EAP-Type/peap
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 92 to 10.10.128.122 port 47803
> EAP-Message = 0x015e00061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x7be386297abd9fa4fe9b40e370a4c69f
> Finished request 4.
> Going to the next request
> Waking up in 4.7 seconds.
>
>
>
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=93,
> length=329
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 57, Channel: 1"
> Acct-Session-Id = "103A93CA9F945C99"
> Acct-Multi-Session-Id = "FB64B58512B66D42"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x025e004819800000003e16030100
> 3901000035030100000001fba380567c1ebcb1df89ceac8196cc7eb323e3
> 87590402db7ab573e3000008002f00050004000a0100000400230000
> State = 0x7be386297abd9fa4fe9b40e370a4c69f
> Message-Authenticator = 0xe32dd642da8f3fa616bba44fe9c92c60
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 94 length 72
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 62
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] (other): before/accept initialization
> [peap] TLS_accept: before/accept initialization
> [peap] <<< Unknown TLS version [length 0005]
> [peap] <<< TLS 1.0 Handshake [length 0039], ClientHello
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 02c0], Certificate
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: Need to read more data: unknown state
> [peap] TLS_accept: Need to read more data: unknown state
> In SSL Handshake Phase
> In SSL Accept mode
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 93 to 10.10.128.122 port 47803
> EAP-Message = 0x015f03031900160301002a020000
> 260301574d25fe8f1282db72f69c545250f40312a6a17eba16c18885e5c6
> f8fb755ade00002f0016030102c00b0002bc0002b90002b6308202b23082
> 019aa003020102020900f22226f9b340ee6a300d06092a864886f70d0101
> 0b05003011310f300d06035504030c06656d72647331301e170d31383036
> 30383133343334325a170d3238303630353133343334325a3011310f300d
> 06035504030c06656d7264733130820122300d06092a864886f70d010101
> 05000382010f003082010a0282010100b06fb34b4d3edb4340c9af6d7405
> 1e10d4727e25125bac166ff388c211eaeb7ef6ad59e2856fed6e4bb98a
> EAP-Message = 0xe3f5cb286a75bd28fd1d5bf806f9
> 1f252bd17974c0987e4e99447ee481fb2cafa44f633529d358a6933c9b7d
> 1393914cede0d4211ba354d617223eb6a866833218a755dd49c6e4ad5be5
> a6f682bab73a3ef50e365b3f8cf67e34b34e69003d344ae86042629f844a
> 96b4432d34a66a03337ac4b4337b42662f9ee72f6becc4402a002a970a65
> 57a5b406146625ec45468f233dfb163dcfb064001cc1cf485562a2d1b28a
> 6620d4fbe378d143dddfc8510ccceb0fb52e65f755b990bb83c4afd0a17a
> 49119de609110848c1f40b1226406eb5785a790203010001a30d300b3009
> 0603551d1304023000300d06092a864886f70d01010b05000382010100
> EAP-Message = 0x54b189ccdf1ef6284e17923457f5
> 166c5394de23b150b0abe6ced4dc1b807ae8ecce775348a252d01631063f
> 1947927d4916263dad5be918070429a3cc34190a7a19c80a9c720d509a6d
> 8a581baec2407c3348ce50e57d0825c71ca292a89ec6b67e8ea1102f5d1b
> 633ab067a66a5567a50be9457f9d72e14a7479273c4ace4b96ed82d62367
> f03edad46626d5d3c84996c67bf4995cd6f7dbacf50af8a018ac8ca2c7ce
> e6e36bb4d27832c33764a33d2622d08e9857298a69a48a87ccf31fa7c082
> eb6f63db5527e7e803bd1c4a928d972f2b04f475e6d10066f2c27853a44d
> bf7a6d8ebc3978d5656f5a7ecbcc8d5e1ff24ed9782abd06ca120fa8bf
> EAP-Message = 0x21948916030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x7be3862979bc9fa4fe9b40e370a4c69f
> Finished request 5.
> Going to the next request
> Waking up in 4.7 seconds.
>
>
>
>
>
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=94,
> length=255
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 56, Channel: 1"
> Acct-Session-Id = "507EF396989770A0"
> Acct-Multi-Session-Id = "855C17C049E9B30C"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x0202001001574154454e4f5641543031
> Message-Authenticator = 0xb2f2618abdaaa322ddc3e0794b6aa836
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 2 length 16
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> [files] users: Matched entry WATENOVAT01 at line 1
> ++[files] = ok
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING: Auth-Type already set. Not setting to PAP
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 94 to 10.10.128.122 port 47803
> EAP-Message = 0x010300160410cc5f2922b7c1ce76a330bd8d921a8289
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x3eef75003eec71ccb9abaf49121ea830
> Finished request 6.
> Going to the next request
> Waking up in 4.5 seconds.
>
>
>
>
>
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=95,
> length=263
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 57, Channel: 1"
> Acct-Session-Id = "507EF396989770A0"
> Acct-Multi-Session-Id = "855C17C049E9B30C"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x020300060319
> State = 0x3eef75003eec71ccb9abaf49121ea830
> Message-Authenticator = 0x50f73eb2f017a3fe5861008dd8401c8f
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 3 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> [files] users: Matched entry WATENOVAT01 at line 1
> ++[files] = ok
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING: Auth-Type already set. Not setting to PAP
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP NAK
> [eap] EAP-NAK asked for EAP-Type/peap
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 95 to 10.10.128.122 port 47803
> EAP-Message = 0x010400061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x3eef75003feb6cccb9abaf49121ea830
> Finished request 7.
> Going to the next request
> Waking up in 4.5 seconds.
>
>
>
>
>
> rad_recv: Access-Request packet from host 10.10.128.122 port 47803, id=96,
> length=329
> User-Name = "WATENOVAT01"
> NAS-IP-Address = 10.10.128.122
> Called-Station-Id = "02-18-4A-8D-3D-97:AHSMwmD"
> NAS-Port-Type = Wireless-802.11
> Service-Type = Framed-User
> Calling-Station-Id = "00-1E-C0-6C-FB-0B"
> Connect-Info = "CONNECT 54.00 Mbps, 802.11g, RSSI: 57, Channel: 1"
> Acct-Session-Id = "507EF396989770A0"
> Acct-Multi-Session-Id = "855C17C049E9B30C"
> WLAN-Pairwise-Cipher = 1027076
> WLAN-Group-Cipher = 1027076
> WLAN-AKM-Suite = 1027073
> Vendor-29671-Attr-1 = 0x424357
> Framed-MTU = 1400
> EAP-Message = 0x0204004819800000003e16030100
> 39010000350301000000015f888176d6a0110f2bfa55c0b9fd650cfc8f52
> c7dabc6c09f2e09958000008002f00050004000a0100000400230000
> State = 0x3eef75003feb6cccb9abaf49121ea830
> Message-Authenticator = 0xa8a43f2bdacc4bcae48ba8b5e794081f
> # Executing section authorize from file /etc/freeradius/sites-enabled/
> default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "WATENOVAT01", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 4 length 72
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 62
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] (other): before/accept initialization
> [peap] TLS_accept: before/accept initialization
> [peap] <<< Unknown TLS version [length 0005]
> [peap] <<< TLS 1.0 Handshake [length 0039], ClientHello
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 02c0], Certificate
> [peap] TLS_accept: unknown state
> [peap] >>> Unknown TLS version [length 0005]
> [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: unknown state
> [peap] TLS_accept: Need to read more data: unknown state
> [peap] TLS_accept: Need to read more data: unknown state
> In SSL Handshake Phase
> In SSL Accept mode
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 96 to 10.10.128.122 port 47803
> EAP-Message = 0x010503031900160301002a020000
> 260301b5d489d36ffd9b68f632dd5d44b444dcc8285612eccbc2b1c4fa7d
> 475bc7a56900002f0016030102c00b0002bc0002b90002b6308202b23082
> 019aa003020102020900f22226f9b340ee6a300d06092a864886f70d0101
> 0b05003011310f300d06035504030c06656d72647331301e170d31383036
> 30383133343334325a170d3238303630353133343334325a3011310f300d
> 06035504030c06656d7264733130820122300d06092a864886f70d010101
> 05000382010f003082010a0282010100b06fb34b4d3edb4340c9af6d7405
> 1e10d4727e25125bac166ff388c211eaeb7ef6ad59e2856fed6e4bb98a
> EAP-Message = 0xe3f5cb286a75bd28fd1d5bf806f9
> 1f252bd17974c0987e4e99447ee481fb2cafa44f633529d358a6933c9b7d
> 1393914cede0d4211ba354d617223eb6a866833218a755dd49c6e4ad5be5
> a6f682bab73a3ef50e365b3f8cf67e34b34e69003d344ae86042629f844a
> 96b4432d34a66a03337ac4b4337b42662f9ee72f6becc4402a002a970a65
> 57a5b406146625ec45468f233dfb163dcfb064001cc1cf485562a2d1b28a
> 6620d4fbe378d143dddfc8510ccceb0fb52e65f755b990bb83c4afd0a17a
> 49119de609110848c1f40b1226406eb5785a790203010001a30d300b3009
> 0603551d1304023000300d06092a864886f70d01010b05000382010100
> EAP-Message = 0x54b189ccdf1ef6284e17923457f5
> 166c5394de23b150b0abe6ced4dc1b807ae8ecce775348a252d01631063f
> 1947927d4916263dad5be918070429a3cc34190a7a19c80a9c720d509a6d
> 8a581baec2407c3348ce50e57d0825c71ca292a89ec6b67e8ea1102f5d1b
> 633ab067a66a5567a50be9457f9d72e14a7479273c4ace4b96ed82d62367
> f03edad46626d5d3c84996c67bf4995cd6f7dbacf50af8a018ac8ca2c7ce
> e6e36bb4d27832c33764a33d2622d08e9857298a69a48a87ccf31fa7c082
> eb6f63db5527e7e803bd1c4a928d972f2b04f475e6d10066f2c27853a44d
> bf7a6d8ebc3978d5656f5a7ecbcc8d5e1ff24ed9782abd06ca120fa8bf
> EAP-Message = 0x21948916030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x3eef75003cea6cccb9abaf49121ea830
> Finished request 8.
> Going to the next request
> Waking up in 4.5 seconds.
> Cleaning up request 0 ID 88 with timestamp +98
> Cleaning up request 1 ID 89 with timestamp +98
> Cleaning up request 2 ID 90 with timestamp +98
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!
> WARNING: !! EAP session for state 0x7b85dc12795bc5c1 did not finish!
> WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_
> Compatibility
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!
> Waking up in 0.2 seconds.
> Cleaning up request 3 ID 91 with timestamp +99
> Cleaning up request 4 ID 92 with timestamp +99
> Cleaning up request 5 ID 93 with timestamp +99
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!
> WARNING: !! EAP session for state 0x7be3862979bc9fa4 did not finish!
> WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_
> Compatibility
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!
> Waking up in 0.1 seconds.
> Cleaning up request 6 ID 94 with timestamp +99
> Cleaning up request 7 ID 95 with timestamp +99
> Cleaning up request 8 ID 96 with timestamp +99
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!
> WARNING: !! EAP session for state 0x3eef75003cea6ccc did not finish!
> WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_
> Compatibility
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!!!!!!!!!
> Ready to process requests.
>
>
> ---END
> Ryan Sinclair
> IT Supervisor
>
> O: 615 896 1652 ext. 413 | F: 615 896 8906
> ryan.sinclair at enovatemedical.com
>
> Enovate Medical | 1152 Park Avenue, Murfreesboro, TN 37129 |
> www.enovatemedical.com<http://www.enovatemedical.com/>
>
> [rhythm]
> Enjoy remote visibility of workstation location and usage, as well as
> battery forecasting, remote re-boot, and support ticket integration.
> To learn more, ask your Enovate Medical representative to schedule a
> Rhythm demo today.<http://www.enovatemedical.com/enovate-
> medical-introduces-rhythm/>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list