TTLS with MSCHAPv2
Fajar A. Nugraha
list at fajar.net
Fri Mar 2 10:01:09 CET 2018
On Fri, Mar 2, 2018 at 3:08 PM, <elias.naslund at skf.com> wrote:
> Hello,
>
> I have installed FreeRADIUS on Ubuntu Server 16.04. I can connect to it
> with EAP MSCHAPv2 and many other ways but it fails on TTLS MSCHAPv2 which
> is the one I need to use. If wanted I can send the debug information from
> a working EAP MSCHAPv2.
>
> I try to connect with an android phone through a ASUS router.
>
> Anyone got any idea why it is not working?
>
> root at ubuntuRADIUS:/etc/freeradius# freeradius -X
> freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on
Since you're using 2.2.8 ...
> [ttls] TLS_accept: before/accept initialization
> [ttls] <<< Unknown TLS version [length 0005]
... and get this, I'd suggest reading this thread
http://lists.freeradius.org/pipermail/freeradius-users/2015-May/077613.html
http://lists.freeradius.org/pipermail/freeradius-users/2015-May/077614.html
--
Fajar
> [ttls] <<< Unknown TLS version [length 00a0]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0039]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 02cc]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 014d]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0004]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: Need to read more data: unknown state
> [ttls] TLS_accept: Need to read more data: unknown state
> In SSL Handshake Phase
> In SSL Accept mode
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0102040015c00000046a1603030039020000350303882e3d0906b3ac53b42c9a46285a2d0ae21d934798a065c56e02ad4103ed1b5800c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7
> EAP-Message =
> 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b
> EAP-Message =
> 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3
> EAP-Message =
> 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c00014903001741041c8714338c965bc7b84cfcb017ba8f7b4ac0b9677bab6c17f25b3d7ae14e08b09a2bedeb5c45f7979bff9eecd8c07b25fd937226555016d601cc60fa422ef751060101006dd90aabf97ea915a14e0e6ef6c57bfe4829db82b1602975b98712ec5db42b3c8b5c79572d5573bcd0a5c7560a03067e2f771494ecafa8a038672befabaf28d49b5f0d9b0a55b8d7d225eb2a11727955c030546f3709e912bc3f1b4d904c979c1fd43b0a325c403a3adc3aeeededdb811a1d55a2f8de44262e62557d74e60789234cd69ce46be1c86a
> EAP-Message = 0x6c200c441581cef8c8df6fa0
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x566041d25762548b775c8b93cb3b8ac0
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=141
> Cleaning up request 1 ID 0 with timestamp +34
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x566041d25762548b775c8b93cb3b8ac0
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x020200061500
> Message-Authenticator = 0x9edaf5e9ac1eadb44961e09e6104bcbe
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 2 length 6
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] Received TLS ACK
> [ttls] ACK handshake fragment handler
> [ttls] eaptls_verify returned 1
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0103007e15800000046aac4b2092f7d8e1ea994220a3e8fd64f6d29dd5d76d635dd7ac0895ea388f366812df6a1924dc25d7bb65058b2688fb10a125244fbfb429eddaab8d0bbdd38c76c39129ccddd422eaec8d1f5b478a431a81eeda645fc6502dfb21b1aa3c3a2abe102dd9b84bd475b427489216030300040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x566041d25463548b775c8b93cb3b8ac0
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=267
> Cleaning up request 2 ID 0 with timestamp +34
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x566041d25463548b775c8b93cb3b8ac0
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x02030084150016030300461000004241046c37eb48dbbe8b3f2e0d3f4da3132daa81876d95c47c3c705cbf6917fa06d3ded4742817f732475c9c8b95f86670e5e80736e8f8e722d7e5a840d53943d1487d14030300010116030300280000000000000000db7f068e8fcce0d83d6a09d6b3abb56aefe288bc0d88a8c936338de79690e402
> Message-Authenticator = 0x73f1ad17bb3790824f1409941692e2c8
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 3 length 132
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] eaptls_verify returned 7
> [ttls] Done initial handshake
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0046]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0001]
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0010]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0001]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0010]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] (other): SSL negotiation finished successfully
> SSL Connection Established
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0104003d158000000033140303000101160303002848357c1cd4efab5cceee0653c966dd0bf3a945b2ad77d149c6a69feff8cda8dcc4ab0b04d23d59d8
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x566041d25564548b775c8b93cb3b8ac0
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=278
> Cleaning up request 3 ID 0 with timestamp +34
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x566041d25564548b775c8b93cb3b8ac0
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x0204008f150017030300840000000000000001adeee8b56ad79d8da4b1679db4746911f0033f5b5d83956312523861b8b2791310d63b269ec0b5eff151f90027dccef0ad6d604f6362e4bec2d7e8329969d05507acde23d18bf5c09ef07eface4cd2cba6c386f193dd76063b912057d569d1a549db5a68e108be0542d58e654e1b61e4716d701605d32b81ac0e5e9c
> Message-Authenticator = 0x05dc9439feca7c1d8a89f6cf01ca1fe5
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 4 length 143
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] eaptls_verify returned 7
> [ttls] Done initial handshake
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] eaptls_process returned 7
> [ttls] Session established. Proceeding to decode tunneled attributes.
> [ttls] Tunneled challenge is incorrect
> [eap] Handler failed in EAP/ttls
> [eap] Failed in EAP select
> ++[eap] = invalid
> +} # group authenticate = invalid
> Failed to authenticate the user.
> Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2
> port 14 cli 2c0e3d040b41)
> Using Post-Auth-Type Reject
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group REJECT {
> [eap] Reply already contained an EAP-Message, not inserting EAP-Failure
> ++[eap] = noop
> [attr_filter.access_reject] expand: %{User-Name} -> anonymous
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] = updated
> +} # group REJECT = updated
> Delaying reject of request 4 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 4
> Sending Access-Reject of id 0 to 10.0.2.2 port 37101
> EAP-Message = 0x04040004
> Message-Authenticator = 0x00000000000000000000000000000000
> Waking up in 4.9 seconds.
> Cleaning up request 4 ID 0 with timestamp +34
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=131
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x0200000e01616e6f6e796d6f7573
> Message-Authenticator = 0x1c6c04fb8378f1910b9fb507c133e93c
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 0 length 14
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> ++[files] = noop
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING! No "known good" password found for the user. Authentication
> may fail because of this.
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] EAP Identity
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message = 0x010100061520
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x0c457a660c446f12a95d9c7efeb2c3c0
> Finished request 5.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=306
> Cleaning up request 5 ID 0 with timestamp +41
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x0c457a660c446f12a95d9c7efeb2c3c0
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x020100ab150016030100a00100009c03037bd1bcd41a4e58bb2447cae4df3b01e79efc412376c6c44ecd111b633f6da95900003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019
> Message-Authenticator = 0x26bfb48fc179201a854a456aae91e65c
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 1 length 171
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] eaptls_verify returned 7
> [ttls] Done initial handshake
> [ttls] (other): before/accept initialization
> [ttls] TLS_accept: before/accept initialization
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 00a0]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0039]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 02cc]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 014d]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0004]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: Need to read more data: unknown state
> [ttls] TLS_accept: Need to read more data: unknown state
> In SSL Handshake Phase
> In SSL Accept mode
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0102040015c00000046a16030300390200003503039c0f1bfc9ead4d4ac014ec5aa1165fa6567c65c0de03bd01fde7d800817a142500c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7
> EAP-Message =
> 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b
> EAP-Message =
> 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3
> EAP-Message =
> 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c0001490300174104c9045f5eb696e3bae69ae45f211aa435df203c126a105d4a36ff13d66e0d4a63be257f9607c09181a5937f23017e649418a160a82bd6665ec0c91baf97c6426d06010100929ea9e28c3494ad9133da7258e1b236497833a40dab4df86ddeb1c9d15551ea00a6527607177a2245b04be917f5290ea002cfb420ae25310982a2d28b6db50e72f77b59c971b9952f55452e845b89a799a6de4b20a436d32f8d8b096784af93e77e1173ac2f8f7f93fac69934ee96dae1758470d9da75f2e48bcd9c71552e1da13bb79bbc9757153e
> EAP-Message = 0x0a6dd003a8cc5909b776178e
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x0c457a660d476f12a95d9c7efeb2c3c0
> Finished request 6.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=141
> Cleaning up request 6 ID 0 with timestamp +41
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x0c457a660d476f12a95d9c7efeb2c3c0
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x020200061500
> Message-Authenticator = 0xa934c5d9ef37110127b4f5bde5976891
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 2 length 6
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] Received TLS ACK
> [ttls] ACK handshake fragment handler
> [ttls] eaptls_verify returned 1
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0103007e15800000046acb854a80c6735479539ee466b6a78aea03b8217eca2044c6ae68d2abbe534fde390dee64a8f7fd6b3dae8a0df9ac8d0af161c7625e3c3760846bfecd09dd16ee51aa7dcc9fba22300f028808728e22ead32640c245d1a74109ccab548af6f1de2121336a0c96e46418d10716030300040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x0c457a660e466f12a95d9c7efeb2c3c0
> Finished request 7.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=267
> Cleaning up request 7 ID 0 with timestamp +41
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x0c457a660e466f12a95d9c7efeb2c3c0
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x02030084150016030300461000004241040908ad55e927f17918673c168d8477906aabd3bc14038f994d1c1a2f327e121ddf4f448468ff574b1de06a5e5c00123236777eace6353a385d9d6205b8e023d51403030001011603030028000000000000000038383460e069ca3fb477847a834dece115cf0c5f26f01130a5b49d8a3e7e3efc
> Message-Authenticator = 0xcf44d9a2c92b07296faf5930c64adb01
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 3 length 132
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] eaptls_verify returned 7
> [ttls] Done initial handshake
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0046]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0001]
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0010]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0001]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0010]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] (other): SSL negotiation finished successfully
> SSL Connection Established
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0104003d1580000000331403030001011603030028df04f4b005fc62dedaf73c81ca86bc8d61392e442fd3a85c287b0d0e06972d6e6410ba3fbf7330d1
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x0c457a660f416f12a95d9c7efeb2c3c0
> Finished request 8.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=278
> Cleaning up request 8 ID 0 with timestamp +41
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x0c457a660f416f12a95d9c7efeb2c3c0
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x0204008f1500170303008400000000000000010b253d2220ac2acfe53e1fd5fbf2f2598a92443873a876f42e99da95a7bb051826a9c1c5dffc5c67c16c586df567d560ca07a7241921db2556e8d2a66f422b1932cfb3e1eb112d1fc6d3ba616889e05555c878940ee3f351d7a15a49586714bdd55276e3cdeab9ed113e4e460db718e3924ebd328bdf9a3e3236b6fc
> Message-Authenticator = 0x1af17b63a64f47fcbc3a0ec16717a910
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 4 length 143
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] eaptls_verify returned 7
> [ttls] Done initial handshake
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] eaptls_process returned 7
> [ttls] Session established. Proceeding to decode tunneled attributes.
> [ttls] Tunneled challenge is incorrect
> [eap] Handler failed in EAP/ttls
> [eap] Failed in EAP select
> ++[eap] = invalid
> +} # group authenticate = invalid
> Failed to authenticate the user.
> Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2
> port 14 cli 2c0e3d040b41)
> Using Post-Auth-Type Reject
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group REJECT {
> [eap] Reply already contained an EAP-Message, not inserting EAP-Failure
> ++[eap] = noop
> [attr_filter.access_reject] expand: %{User-Name} -> anonymous
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] = updated
> +} # group REJECT = updated
> Delaying reject of request 9 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 9
> Sending Access-Reject of id 0 to 10.0.2.2 port 37101
> EAP-Message = 0x04040004
> Message-Authenticator = 0x00000000000000000000000000000000
> Waking up in 4.9 seconds.
> Cleaning up request 9 ID 0 with timestamp +41
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=131
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x0200000e01616e6f6e796d6f7573
> Message-Authenticator = 0x676ec42b20976a91a8bd7ab0d8cb999f
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 0 length 14
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] = updated
> ++[files] = noop
> ++[expiration] = noop
> ++[logintime] = noop
> [pap] WARNING! No "known good" password found for the user. Authentication
> may fail because of this.
> ++[pap] = noop
> +} # group authorize = updated
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] EAP Identity
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message = 0x010100061520
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x983a0f7a983b1a9e70d1786f6677e705
> Finished request 10.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=306
> Cleaning up request 10 ID 0 with timestamp +49
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x983a0f7a983b1a9e70d1786f6677e705
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x020100ab150016030100a00100009c0303a27710c867999b0722e29b8d455b6f41806830d2b5785a86ef947bc76d4ef04a00003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019
> Message-Authenticator = 0x4494d20d1a8cb27ec272148c29dfc456
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 1 length 171
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] eaptls_verify returned 7
> [ttls] Done initial handshake
> [ttls] (other): before/accept initialization
> [ttls] TLS_accept: before/accept initialization
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 00a0]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0039]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 02cc]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 014d]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0004]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: Need to read more data: unknown state
> [ttls] TLS_accept: Need to read more data: unknown state
> In SSL Handshake Phase
> In SSL Accept mode
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0102040015c00000046a160303003902000035030338d451eebc70f7a6865019f0f9fe971d97d29dbbf259f8c9fd51f0aa6f931c6000c03000000dff01000100000b00040300010216030302cc0b0002c80002c50002c2308202be308201a6a003020102020900b37fe074c794d454300d06092a864886f70d01010b050030173115301306035504030c0c7562756e7475524144495553301e170d3138303330313133353235325a170d3238303232373133353235325a30173115301306035504030c0c7562756e747552414449555330820122300d06092a864886f70d01010105000382010f003082010a0282010100be9382ed2dc1add32b1b35f7
> EAP-Message =
> 0x52c8fc8c0d2652e99ec612ac75a1029c63f63cfff4fd6cd9bb9e419bcfb7aed8e64d01f0f410c11961e22e9d2bea61dc6aacf0717dc0e386103809ea6f9978c068b1d59f405695fddfd47aff401b5f3390333b57b915960ec53698c32b02a49566bbbfb192c0a9b928a24535f40190231bf71416c580b6d982b17e744c7780ac0a64ea777a6f6d3cc493896914f89e0569b9a24f5a59387c852f838f053a9c396eee54f4ea222ae605b4735262d4e3685c6088da5fb881f739c00c93542663954a9800c99410e74ff3593536a9a669c0ef50b612e4270afe8f123d0ad38121639babf0fbd66137021597d97e6ef7d4aa7f9c02710203010001a30d300b
> EAP-Message =
> 0x30090603551d1304023000300d06092a864886f70d01010b050003820101000b407680d9c47a5900401c7b6fe5390675f547567dacb4a75fb72387a0b621d5a668726d0654ef300fbe6b18324ddf2510cb0b6e459e90857c9d9cc34482c2aa5d7d9df792b1cc77f83aa3ccb7c6d0bd9080c31e22f5eb90212ede14732eaffcc9b24c580fede255a3e5acf05effc49d74cb63971ea81cda755983b202bffc116440616a01f57ad5b353cd7bba302dcf067313b00d0ff8a1bdd01e1b612ee04fd36c42949a32175585a1b28583c6a46f9399989acc68d2c3e7b7360ceddca417823ae7fe9d21a888c393bca3a9dbd66ccbbf59d5a1a290e7c67f1abe3bb3
> EAP-Message =
> 0x77e112552a255d336731fee2e1a05bd01a87a238f12694278b87ef2146a11e649288160303014d0c0001490300174104d4bc9b3384651e6ecdfedf74bd004c614a51dfeeae36a9fc6b3f3e9d756da259a0d153ef55332cb9350c545c4cad7b3b96f4c0a5e04abc0475aca9a2494dd0bf06010100bb47844ba03bc1969c891a1e37a8a99e1310d97835b5be102a13ddf1b84b3a7a4840fad85e9c6e272ab4a5e2d1afc31d0f2f6edb69d42dc73bd33bc93566a2f5b3a6c3f7468b951c623115a75f9e74d98369e4aa8f2be02b4ccbde2bd4c438a7cc780a035d0dbc5a5ff14f9761fc1068db76a5fceff260f5a1cd60d261c535af2676a2ca2e0cb2d15d
> EAP-Message = 0xc9ea0b7bf4dc7b16b042bed8
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x983a0f7a99381a9e70d1786f6677e705
> Finished request 11.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=141
> Cleaning up request 11 ID 0 with timestamp +49
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x983a0f7a99381a9e70d1786f6677e705
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x020200061500
> Message-Authenticator = 0x29ca321bf5207e566bdfbde431c392df
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 2 length 6
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] Received TLS ACK
> [ttls] ACK handshake fragment handler
> [ttls] eaptls_verify returned 1
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0103007e15800000046a4e10b776a37915fcf4f2dde3685940dbfea0542c5769819c4b948a1eaea41a55547f1fba0cd678ad5fd9868549d4ad9ba86131ccde39ca1a54e8d4ff6135f1da87c7649d577be682838374dc3922358785cbb92f67427b573e3447c30ec5f00758b9bda56bbde8b5b5f7af16030300040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x983a0f7a9a391a9e70d1786f6677e705
> Finished request 12.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=267
> Cleaning up request 12 ID 0 with timestamp +49
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x983a0f7a9a391a9e70d1786f6677e705
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x0203008415001603030046100000424104939c1ca8205736e62176faa470a2ddd4cc4732bdfb0a91a3c69756ff20227f99c8be39ae3ee90aef2cfd6ee33ee90a00d5a6009982426148bf7cf50eaaf9649c14030300010116030300280000000000000000cb752cedfefbb76538cb2a753067821926acc5a82e1587251a9ae55e49270d99
> Message-Authenticator = 0x48305bf93df8cdc7213e51a97981a74b
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 3 length 132
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] eaptls_verify returned 7
> [ttls] Done initial handshake
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0046]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0001]
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] <<< Unknown TLS version [length 0010]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0001]
> [ttls] TLS_accept: unknown state
> [ttls] >>> Unknown TLS version [length 0005]
> [ttls] >>> Unknown TLS version [length 0010]
> [ttls] TLS_accept: unknown state
> [ttls] TLS_accept: unknown state
> [ttls] (other): SSL negotiation finished successfully
> SSL Connection Established
> [ttls] eaptls_process returned 13
> ++[eap] = handled
> +} # group authenticate = handled
> Sending Access-Challenge of id 0 to 10.0.2.2 port 37101
> EAP-Message =
> 0x0104003d15800000003314030300010116030300280b1a10be1e4e65a7c37a795524033677856ba37e47405ca76d6d047a8119d2116f56dc72c6053901
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x983a0f7a9b3e1a9e70d1786f6677e705
> Finished request 13.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.0.2.2 port 37101, id=0,
> length=278
> Cleaning up request 13 ID 0 with timestamp +49
> User-Name = "anonymous"
> NAS-IP-Address = 10.0.0.1
> Called-Station-Id = "ac9e17bd7668"
> Calling-Station-Id = "2c0e3d040b41"
> NAS-Identifier = "ac9e17bd7668"
> NAS-Port = 14
> Framed-MTU = 1400
> State = 0x983a0f7a9b3e1a9e70d1786f6677e705
> NAS-Port-Type = Wireless-802.11
> EAP-Message =
> 0x0204008f15001703030084000000000000000181f59453f45ff9351d0eb09f8559ad492ab457ecade0e6c6c30f1a8e547e2dd5f00316175c390c1f26d1aaa61eaa1a25735804b47041bede97df420c9eef1e806739cc77f680dbca690661abb5c7e3d19a7dc4f892452d4a704a7f7bd4d89fd81f982735b50be5c35f6f0b45d340a01c9384319974ad53e68a8fcf73
> Message-Authenticator = 0x6f40d71d85b6f299fd688e265aa1ce7a
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +group authorize {
> ++[preprocess] = ok
> ++[chap] = noop
> ++[mschap] = noop
> ++[digest] = noop
> [suffix] No '@' in User-Name = "anonymous", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] = noop
> [eap] EAP packet type response id 4 length 143
> [eap] Continuing tunnel setup.
> ++[eap] = ok
> +} # group authorize = ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group authenticate {
> [eap] Request found, released from the list
> [eap] EAP/ttls
> [eap] processing type ttls
> [ttls] Authenticate
> [ttls] processing EAP-TLS
> [ttls] eaptls_verify returned 7
> [ttls] Done initial handshake
> [ttls] <<< Unknown TLS version [length 0005]
> [ttls] eaptls_process returned 7
> [ttls] Session established. Proceeding to decode tunneled attributes.
> [ttls] Tunneled challenge is incorrect
> [eap] Handler failed in EAP/ttls
> [eap] Failed in EAP select
> ++[eap] = invalid
> +} # group authenticate = invalid
> Failed to authenticate the user.
> Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client 10.0.2.2
> port 14 cli 2c0e3d040b41)
> Using Post-Auth-Type Reject
> # Executing group from file /etc/freeradius/sites-enabled/default
> +group REJECT {
> [eap] Reply already contained an EAP-Message, not inserting EAP-Failure
> ++[eap] = noop
> [attr_filter.access_reject] expand: %{User-Name} -> anonymous
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] = updated
> +} # group REJECT = updated
> Delaying reject of request 14 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 14
> Sending Access-Reject of id 0 to 10.0.2.2 port 37101
> EAP-Message = 0x04040004
> Message-Authenticator = 0x00000000000000000000000000000000
> Waking up in 4.9 seconds.
> Cleaning up request 14 ID 0 with timestamp +49
> Ready to process requests.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list