MS-CHAP2-Request is rejected
william steen
wjsteen at talktalk.net
Mon May 20 10:45:44 CEST 2019
First time using freeradius, attempting to setup freeradius server on a RPi to create a testing environment for WPA2 Enterprise use on an IoT device. Any help to understand where I am going wrong gratefully received.
Included below is the debug output on startup and when an attempt to connect using PEAP-MSCHAPv2 using just username and password (no certificate). The startup contains a few warnings which I assume are not material. The login debug has an error MS-CHAP2-Response is incorrect which comes after a WARNING: Auth-Type already set. Not setting to PAP?
FreeRADIUS Version 3.0.12
[/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
[/etc/freeradius/3.0/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
Ready to process requests
Below is what debug output when trying to connect to the WAP.
(0) Received Access-Request Id 37 from 192.168.1.38:52437 to 192.168.1.33:1812 length 172
(0) User-Name = "particle"
(0) NAS-IP-Address = 192.168.1.38
(0) NAS-Identifier = "b4fbe4c348ab"
(0) NAS-Port = 0
(0) Called-Station-Id = "B4-FB-E4-C4-48-AB:Armorwpa2"
(0) Calling-Station-Id = "E0-4F-43-36-B1-F1"
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) Connect-Info = "CONNECT 0Mbps 802.11b"
(0) EAP-Message = 0x0205000d017061727469636c65
(0) Message-Authenticator = 0x3d7c5462881eb85ae3c3e8b1e7f2dcd8
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "particle", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 5 length 13
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 6 length 22
(0) eap: EAP session adding &reply:State = 0x792e584479285c88
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) Sent Access-Challenge Id 37 from 192.168.1.33:1812 to 192.168.1.38:52437 length 0
(0) EAP-Message = 0x0106001604101e0a216dfaac8434a1e13f61d8e18c5f
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x792e584479285c88d729d5f4b5ba04a4
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 38 from 192.168.1.38:52437 to 192.168.1.33:1812 length 183
(1) User-Name = "particle"
(1) NAS-IP-Address = 192.168.1.38
(1) NAS-Identifier = "b4fbe4c348ab"
(1) NAS-Port = 0
(1) Called-Station-Id = "B4-FB-E4-C4-48-AB:Armorwpa2"
(1) Calling-Station-Id = "E0-4F-43-36-B1-F1"
(1) Framed-MTU = 1400
(1) NAS-Port-Type = Wireless-802.11
(1) Connect-Info = "CONNECT 0Mbps 802.11b"
(1) EAP-Message = 0x020600060319
(1) State = 0x792e584479285c88d729d5f4b5ba04a4
(1) Message-Authenticator = 0x81a3bc304acaf36767e74474836e1265
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "particle", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 6 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) files: users: Matched entry particle at line 1
(1) [files] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap: WARNING: Auth-Type already set. Not setting to PAP
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x792e584479285c88
(1) eap: Finished EAP session with state 0x792e584479285c88
(1) eap: Previous EAP request found for state 0x792e584479285c88, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Initiating new EAP-TLS session
(1) eap_peap: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 7 length 6
(1) eap: EAP session adding &reply:State = 0x792e584478294188
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Sent Access-Challenge Id 38 from 192.168.1.33:1812 to 192.168.1.38:52437 length 0
(1) EAP-Message = 0x010700061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x792e584478294188d729d5f4b5ba04a4
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 39 from 192.168.1.38:52437 to 192.168.1.33:1812 length 273
(2) User-Name = "particle"
(2) NAS-IP-Address = 192.168.1.38
(2) NAS-Identifier = "b4fbe4c348ab"
(2) NAS-Port = 0
(2) Called-Station-Id = "B4-FB-E4-C4-48-AB:Armorwpa2"
(2) Calling-Station-Id = "E0-4F-43-36-B1-F1"
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) Connect-Info = "CONNECT 0Mbps 802.11b"
(2) EAP-Message = 0x0207006019800000005616030300510100004d030300000013d1a5ed06c133a6582eb8f8b59713a271b38c51af54d5ef2e0cc8b6d6000004003c002f01000020000a000400020017000b00020100000d000e000c020102030301030304010403
(2) State = 0x792e584478294188d729d5f4b5ba04a4
(2) Message-Authenticator = 0xbf54c5bcfb0c4aae623b313a7cec24bf
(2) session-state: No cached attributes
(2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /@\./) {
(2) if (&User-Name =~ /@\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "particle", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 7 length 96
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x792e584478294188
(2) eap: Finished EAP session with state 0x792e584478294188
(2) eap: Previous EAP request found for state 0x792e584478294188, released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer indicated complete TLS record size will be 86 bytes
(2) eap_peap: Got complete TLS record (86 bytes)
(2) eap_peap: [eaptls verify] = length included
(2) eap_peap: (other): before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: <<< recv TLS 1.2 [length 0051]
(2) eap_peap: TLS_accept: SSLv3/TLS read client hello
(2) eap_peap: >>> send TLS 1.2 [length 002a]
(2) eap_peap: TLS_accept: SSLv3/TLS write server hello
(2) eap_peap: >>> send TLS 1.2 [length 02f1]
(2) eap_peap: TLS_accept: SSLv3/TLS write certificate
(2) eap_peap: >>> send TLS 1.2 [length 0004]
(2) eap_peap: TLS_accept: SSLv3/TLS write server done
(2) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(2) eap_peap: In SSL Handshake Phase
(2) eap_peap: In SSL Accept mode
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 8 length 820
(2) eap: EAP session adding &reply:State = 0x792e58447b264188
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) Sent Access-Challenge Id 39 from 192.168.1.33:1812 to 192.168.1.38:52437 length 0
(2) EAP-Message = 0x010803341900160303002a0200002603035010c628e6c3e571ecdfcb7ed14e02f944e131af1f1483cff17b618c02935b4200003c0016030302f10b0002ed0002ea0002e7308202e3308201cba003020102020900a170e33eaa8a04e7300d06092a864886f70d01010b0500301b3119301706035504030c
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x792e58447b264188d729d5f4b5ba04a4
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 40 from 192.168.1.38:52437 to 192.168.1.33:1812 length 547
(3) User-Name = "particle"
(3) NAS-IP-Address = 192.168.1.38
(3) NAS-Identifier = "b4fbe4c348ab"
(3) NAS-Port = 0
(3) Called-Station-Id = "B4-FB-E4-C4-48-AB:Armorwpa2"
(3) Calling-Station-Id = "E0-4F-43-36-B1-F1"
(3) Framed-MTU = 1400
(3) NAS-Port-Type = Wireless-802.11
(3) Connect-Info = "CONNECT 0Mbps 802.11b"
(3) EAP-Message = 0x02080170198000000166160303010610000102010070ac8a7222a41f5fab40c2a114f343932b699e7629ee25a0ef96616b1582f4e105812e9efb79e3696823f69a931188eeb04bd2f4d9b67869db2d585364c2515a1d44414cc41bc6d87ba8df2ad36e6ba1e57e10fbeb14fc76837d57b50d95a780dc67
(3) State = 0x792e58447b264188d729d5f4b5ba04a4
(3) Message-Authenticator = 0xe80722a96c83d29962b7c6216f7a1b24
(3) session-state: No cached attributes
(3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /@\./) {
(3) if (&User-Name =~ /@\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "particle", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 8 length 368
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0x792e58447b264188
(3) eap: Finished EAP session with state 0x792e58447b264188
(3) eap: Previous EAP request found for state 0x792e58447b264188, released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer indicated complete TLS record size will be 358 bytes
(3) eap_peap: Got complete TLS record (358 bytes)
(3) eap_peap: [eaptls verify] = length included
(3) eap_peap: TLS_accept: SSLv3/TLS write server done
(3) eap_peap: <<< recv TLS 1.2 [length 0106]
(3) eap_peap: TLS_accept: SSLv3/TLS read client key exchange
(3) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec
(3) eap_peap: <<< recv TLS 1.2 [length 0010]
(3) eap_peap: TLS_accept: SSLv3/TLS read finished
(3) eap_peap: >>> send TLS 1.2 [length 0001]
(3) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec
(3) eap_peap: >>> send TLS 1.2 [length 0010]
(3) eap_peap: TLS_accept: SSLv3/TLS write finished
(3) eap_peap: (other): SSL negotiation finished successfully
(3) eap_peap: SSL Connection Established
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 9 length 97
(3) eap: EAP session adding &reply:State = 0x792e58447a274188
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) Sent Access-Challenge Id 40 from 192.168.1.33:1812 to 192.168.1.38:52437 length 0
(3) EAP-Message = 0x0109006119001403030001011603030050e4ccfeb29d521f23bceec5b5a6d2086989af54bf30c104ebd10fcadeda3e144e401aeac50e2f2d6fb28711841f9bff03cac82c6e94eb8082d4da10ef0950f6eae7f637b23f93d14e28952fa0735e8273
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x792e58447a274188d729d5f4b5ba04a4
(3) Finished request
Waking up in 4.8 seconds.
(4) Received Access-Request Id 41 from 192.168.1.38:52437 to 192.168.1.33:1812 length 183
(4) User-Name = "particle"
(4) NAS-IP-Address = 192.168.1.38
(4) NAS-Identifier = "b4fbe4c348ab"
(4) NAS-Port = 0
(4) Called-Station-Id = "B4-FB-E4-C4-48-AB:Armorwpa2"
(4) Calling-Station-Id = "E0-4F-43-36-B1-F1"
(4) Framed-MTU = 1400
(4) NAS-Port-Type = Wireless-802.11
(4) Connect-Info = "CONNECT 0Mbps 802.11b"
(4) EAP-Message = 0x020900061900
(4) State = 0x792e58447a274188d729d5f4b5ba04a4
(4) Message-Authenticator = 0x95b4fe0eef8a5368d718ba97543624d1
(4) session-state: No cached attributes
(4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ /@\./) {
(4) if (&User-Name =~ /@\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "particle", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) eap: Peer sent EAP Response (code 2) ID 9 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0x792e58447a274188
(4) eap: Finished EAP session with state 0x792e58447a274188
(4) eap: Previous EAP request found for state 0x792e58447a274188, released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer ACKed our handshake fragment. handshake is finished
(4) eap_peap: [eaptls verify] = success
(4) eap_peap: [eaptls process] = success
(4) eap_peap: Session established. Decoding tunneled attributes
(4) eap_peap: PEAP state TUNNEL ESTABLISHED
(4) eap: Sending EAP Request (code 1) ID 10 length 75
(4) eap: EAP session adding &reply:State = 0x792e58447d244188
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found. Ignoring.
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) Sent Access-Challenge Id 41 from 192.168.1.33:1812 to 192.168.1.38:52437 length 0
(4) EAP-Message = 0x010a004b19001703030040876f919e5b6f69b08d7d8082925085f96d9d4dc5d287be8a2220d788f3d81410117ac9b30cfe5bf1fdbd3fa127a1c59c9f43f811e9a1ed62184e6b52111b2cc9
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x792e58447d244188d729d5f4b5ba04a4
(4) Finished request
Waking up in 4.8 seconds.
(5) Received Access-Request Id 42 from 192.168.1.38:52437 to 192.168.1.33:1812 length 252
(5) User-Name = "particle"
(5) NAS-IP-Address = 192.168.1.38
(5) NAS-Identifier = "b4fbe4c348ab"
(5) NAS-Port = 0
(5) Called-Station-Id = "B4-FB-E4-C4-48-AB:Armorwpa2"
(5) Calling-Station-Id = "E0-4F-43-36-B1-F1"
(5) Framed-MTU = 1400
(5) NAS-Port-Type = Wireless-802.11
(5) Connect-Info = "CONNECT 0Mbps 802.11b"
(5) EAP-Message = 0x020a004b19001703030040fdcdeff9a7da7077eb3784b51917dbb3f4b705b340e03a3feaf97f3de31941cb2864a9b7a6363f305b5c239727284a9e38bf34deab83141d8393bbc165f2cee7
(5) State = 0x792e58447d244188d729d5f4b5ba04a4
(5) Message-Authenticator = 0x16e198c5d18d50d6db5da8dc8ea94e23
(5) session-state: No cached attributes
(5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "particle", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 10 length 75
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0x792e58447d244188
(5) eap: Finished EAP session with state 0x792e58447d244188
(5) eap: Previous EAP request found for state 0x792e58447d244188, released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: [eaptls verify] = ok
(5) eap_peap: Done initial handshake
(5) eap_peap: [eaptls process] = ok
(5) eap_peap: Session established. Decoding tunneled attributes
(5) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(5) eap_peap: Identity - particle
(5) eap_peap: Got inner identity 'particle'
(5) eap_peap: Setting default EAP type for tunneled EAP session
(5) eap_peap: Got tunneled request
(5) eap_peap: EAP-Message = 0x020a000d017061727469636c65
(5) eap_peap: Setting User-Name to particle
(5) eap_peap: Sending tunneled request to inner-tunnel
(5) eap_peap: EAP-Message = 0x020a000d017061727469636c65
(5) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(5) eap_peap: User-Name = "particle"
(5) Virtual server inner-tunnel received request
(5) EAP-Message = 0x020a000d017061727469636c65
(5) FreeRADIUS-Proxied-To = 127.0.0.1
(5) User-Name = "particle"
(5) WARNING: Outer and inner identities are the same. User privacy is compromised.
(5) server inner-tunnel {
(5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [chap] = noop
(5) [mschap] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "particle", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) update control {
(5) &Proxy-To-Realm := LOCAL
(5) } # update control = noop
(5) eap: Peer sent EAP Response (code 2) ID 10 length 13
(5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(5) authenticate {
(5) eap: Peer sent packet with method EAP Identity (1)
(5) eap: Calling submodule eap_mschapv2 to process data
(5) eap_mschapv2: Issuing Challenge
(5) eap: Sending EAP Request (code 1) ID 11 length 43
(5) eap: EAP session adding &reply:State = 0x9ed5137a9ede0992
(5) [eap] = handled
(5) } # authenticate = handled
(5) } # server inner-tunnel
(5) Virtual server sending reply
(5) EAP-Message = 0x010b002b1a010b002610add748736b59d05b7cac342e03bc00fa667265657261646975732d332e302e3132
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x9ed5137a9ede099241d17dbdaa28bbf3
(5) eap_peap: Got tunneled reply code 11
(5) eap_peap: EAP-Message = 0x010b002b1a010b002610add748736b59d05b7cac342e03bc00fa667265657261646975732d332e302e3132
(5) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(5) eap_peap: State = 0x9ed5137a9ede099241d17dbdaa28bbf3
(5) eap_peap: Got tunneled reply RADIUS code 11
(5) eap_peap: EAP-Message = 0x010b002b1a010b002610add748736b59d05b7cac342e03bc00fa667265657261646975732d332e302e3132
(5) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(5) eap_peap: State = 0x9ed5137a9ede099241d17dbdaa28bbf3
(5) eap_peap: Got tunneled Access-Challenge
(5) eap: Sending EAP Request (code 1) ID 11 length 107
(5) eap: EAP session adding &reply:State = 0x792e58447c254188
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found. Ignoring.
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) Sent Access-Challenge Id 42 from 192.168.1.33:1812 to 192.168.1.38:52437 length 0
(5) EAP-Message = 0x010b006b19001703030060427e72f2a75ff426efd53ee1f42bf29ba4aae389d83bc4b7e8f1257e772430ede3cb69944b24e4f7b6280ffa62e224b27be20c2c641b0fbf6a77cab9ef38ba1f47e79470ecca8368ca25beda56349c1e21e3d49b1db8bc2bd749aab8bf3aa3cb
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x792e58447c254188d729d5f4b5ba04a4
(5) Finished request
Waking up in 4.7 seconds.
(6) Received Access-Request Id 43 from 192.168.1.38:52437 to 192.168.1.33:1812 length 300
(6) User-Name = "particle"
(6) NAS-IP-Address = 192.168.1.38
(6) NAS-Identifier = "b4fbe4c348ab"
(6) NAS-Port = 0
(6) Called-Station-Id = "B4-FB-E4-C4-48-AB:Armorwpa2"
(6) Calling-Station-Id = "E0-4F-43-36-B1-F1"
(6) Framed-MTU = 1400
(6) NAS-Port-Type = Wireless-802.11
(6) Connect-Info = "CONNECT 0Mbps 802.11b"
(6) EAP-Message = 0x020b007b19001703030070fdcdeff9a7da7077eb3784b51917dbb344ede7b63a9b0f5b11eb7701e504139b09564427efbb43c2ec17f8b42b4124f8fbfc5b440c1c050ff8aa9b8badfaedf539c727f4dfa655815cc469a0812b494ea16db3c4e1ffb49720bdf58408642e7387e7d103393cc91e2db29818
(6) State = 0x792e58447c254188d729d5f4b5ba04a4
(6) Message-Authenticator = 0x9d932302c8a3d3979d08ad610dcc59e7
(6) session-state: No cached attributes
(6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "particle", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 11 length 123
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0x9ed5137a9ede0992
(6) eap: Finished EAP session with state 0x792e58447c254188
(6) eap: Previous EAP request found for state 0x792e58447c254188, released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: [eaptls verify] = ok
(6) eap_peap: Done initial handshake
(6) eap_peap: [eaptls process] = ok
(6) eap_peap: Session established. Decoding tunneled attributes
(6) eap_peap: PEAP state phase2
(6) eap_peap: EAP method MSCHAPv2 (26)
(6) eap_peap: Got tunneled request
(6) eap_peap: EAP-Message = 0x020b00431a020b003e313f35b2f66fb9de0bdb693df43f40afd200000000000000005984d1f879ab5fb509b4d544552cb8d100815e7b9445e381007061727469636c65
(6) eap_peap: Setting User-Name to particle
(6) eap_peap: Sending tunneled request to inner-tunnel
(6) eap_peap: EAP-Message = 0x020b00431a020b003e313f35b2f66fb9de0bdb693df43f40afd200000000000000005984d1f879ab5fb509b4d544552cb8d100815e7b9445e381007061727469636c65
(6) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(6) eap_peap: User-Name = "particle"
(6) eap_peap: State = 0x9ed5137a9ede099241d17dbdaa28bbf3
(6) Virtual server inner-tunnel received request
(6) EAP-Message = 0x020b00431a020b003e313f35b2f66fb9de0bdb693df43f40afd200000000000000005984d1f879ab5fb509b4d544552cb8d100815e7b9445e381007061727469636c65
(6) FreeRADIUS-Proxied-To = 127.0.0.1
(6) User-Name = "particle"
(6) State = 0x9ed5137a9ede099241d17dbdaa28bbf3
(6) WARNING: Outer and inner identities are the same. User privacy is compromised.
(6) server inner-tunnel {
(6) session-state: No cached attributes
(6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [chap] = noop
(6) [mschap] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "particle", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) update control {
(6) &Proxy-To-Realm := LOCAL
(6) } # update control = noop
(6) eap: Peer sent EAP Response (code 2) ID 11 length 67
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6) [eap] = updated
(6) files: users: Matched entry particle at line 1
(6) [files] = ok
(6) [expiration] = noop
(6) [logintime] = noop
(6) pap: WARNING: Auth-Type already set. Not setting to PAP
(6) [pap] = noop
(6) } # authorize = updated
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(6) authenticate {
(6) eap: Expiring EAP session with state 0x9ed5137a9ede0992
(6) eap: Finished EAP session with state 0x9ed5137a9ede0992
(6) eap: Previous EAP request found for state 0x9ed5137a9ede0992, released from the list
(6) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(6) eap: Calling submodule eap_mschapv2 to process data
(6) eap_mschapv2: # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(6) eap_mschapv2: authenticate {
(6) mschap: Found Cleartext-Password, hashing to create NT-Password
(6) mschap: Found Cleartext-Password, hashing to create LM-Password
(6) mschap: Creating challenge hash with username: particle
(6) mschap: Client is using MS-CHAPv2
(6) mschap: ERROR: MS-CHAP2-Response is incorrect
(6) [mschap] = reject
(6) } # authenticate = reject
(6) eap: Sending EAP Failure (code 4) ID 11 length 4
(6) eap: Freeing handler
(6) [eap] = reject
(6) } # authenticate = reject
(6) Failed to authenticate the user
(6) Using Post-Auth-Type Reject
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
(6) Post-Auth-Type REJECT {
(6) attr_filter.access_reject: EXPAND %{User-Name}
(6) attr_filter.access_reject: --> particle
(6) attr_filter.access_reject: Matched entry DEFAULT at line 11
(6) [attr_filter.access_reject] = updated
(6) update outer.session-state {
(6) &Module-Failure-Message := &request:Module-Failure-Message -> 'mschap: MS-CHAP2-Response is incorrect'
(6) } # update outer.session-state = noop
(6) } # Post-Auth-Type REJECT = updated
(6) } # server inner-tunnel
(6) Virtual server sending reply
(6) MS-CHAP-Error = "\013E=691 R=1 C=7e3c197e14ea1c252b48f6f0f1769c48 V=3 M=Authentication failed"
(6) EAP-Message = 0x040b0004
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap: Got tunneled reply code 3
(6) eap_peap: MS-CHAP-Error = "\013E=691 R=1 C=7e3c197e14ea1c252b48f6f0f1769c48 V=3 M=Authentication failed"
(6) eap_peap: EAP-Message = 0x040b0004
(6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap: Got tunneled reply RADIUS code 3
(6) eap_peap: MS-CHAP-Error = "\013E=691 R=1 C=7e3c197e14ea1c252b48f6f0f1769c48 V=3 M=Authentication failed"
(6) eap_peap: EAP-Message = 0x040b0004
(6) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(6) eap_peap: Tunneled authentication was rejected
(6) eap_peap: FAILURE
(6) eap: Sending EAP Request (code 1) ID 12 length 75
(6) eap: EAP session adding &reply:State = 0x792e58447f224188
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) Post-Auth-Type sub-section not found. Ignoring.
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) session-state: Saving cached attributes
(6) Module-Failure-Message := "mschap: MS-CHAP2-Response is incorrect"
(6) Sent Access-Challenge Id 43 from 192.168.1.33:1812 to 192.168.1.38:52437 length 0
(6) EAP-Message = 0x010c004b190017030300400c78fe983c5dd192db59da8240896c96033a7305a8f101405d8d1c04a6b8b77542214f016ab70bfe1a2c9039ff65e7c215f722faedc84912623688cb283b2cbd
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x792e58447f224188d729d5f4b5ba04a4
(6) Finished request
Waking up in 4.7 seconds.
(7) Received Access-Request Id 44 from 192.168.1.38:52437 to 192.168.1.33:1812 length 252
(7) User-Name = "particle"
(7) NAS-IP-Address = 192.168.1.38
(7) NAS-Identifier = "b4fbe4c348ab"
(7) NAS-Port = 0
(7) Called-Station-Id = "B4-FB-E4-C4-48-AB:Armorwpa2"
(7) Calling-Station-Id = "E0-4F-43-36-B1-F1"
(7) Framed-MTU = 1400
(7) NAS-Port-Type = Wireless-802.11
(7) Connect-Info = "CONNECT 0Mbps 802.11b"
(7) EAP-Message = 0x020c004b19001703030040fdcdeff9a7da7077eb3784b51917dbb315f7e335a9c8a19767c1033ff9329c5f037450eba6f2eb7a9b9347ed8606cef0ce75ae3f03a9518a7ecf3c4b642716ea
(7) State = 0x792e58447f224188d729d5f4b5ba04a4
(7) Message-Authenticator = 0xc6525ab028d9d5e9459c8d3d25442ff7
(7) Restoring &session-state
(7) &session-state:Module-Failure-Message := "mschap: MS-CHAP2-Response is incorrect"
(7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /@\./) {
(7) if (&User-Name =~ /@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "particle", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 12 length 75
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0x792e58447f224188
(7) eap: Finished EAP session with state 0x792e58447f224188
(7) eap: Previous EAP request found for state 0x792e58447f224188, released from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: [eaptls verify] = ok
(7) eap_peap: Done initial handshake
(7) eap_peap: [eaptls process] = ok
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state send tlv failure
(7) eap_peap: Received EAP-TLV response
(7) eap_peap: The users session was previously rejected: returning reject (again.)
(7) eap_peap: This means you need to read the PREVIOUS messages in the debug output
(7) eap_peap: to find out the reason why the user was rejected
(7) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you
(7) eap_peap: what went wrong, and how to fix the problem
(7) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed
(7) eap: Sending EAP Failure (code 4) ID 12 length 4
(7) eap: Failed in EAP select
(7) [eap] = invalid
(7) } # authenticate = invalid
(7) Failed to authenticate the user
(7) Using Post-Auth-Type Reject
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) Post-Auth-Type REJECT {
(7) attr_filter.access_reject: EXPAND %{User-Name}
(7) attr_filter.access_reject: --> particle
(7) attr_filter.access_reject: Matched entry DEFAULT at line 11
(7) [attr_filter.access_reject] = updated
(7) [eap] = noop
(7) policy remove_reply_message_if_eap {
(7) if (&reply:EAP-Message && &reply:Reply-Message) {
(7) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(7) else {
(7) [noop] = noop
(7) } # else = noop
(7) } # policy remove_reply_message_if_eap = noop
(7) } # Post-Auth-Type REJECT = updated
(7) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(7) Sending delayed response
(7) Sent Access-Reject Id 44 from 192.168.1.33:1812 to 192.168.1.38:52437 length 44
(7) EAP-Message = 0x040c0004
(7) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
(0) Cleaning up request packet ID 37 with timestamp +37
(1) Cleaning up request packet ID 38 with timestamp +37
(2) Cleaning up request packet ID 39 with timestamp +37
Waking up in 0.1 seconds.
(3) Cleaning up request packet ID 40 with timestamp +37
(4) Cleaning up request packet ID 41 with timestamp +37
(5) Cleaning up request packet ID 42 with timestamp +37
(6) Cleaning up request packet ID 43 with timestamp +37
(7) Cleaning up request packet ID 44 with timestamp +37
Thanks in advance for any help.
Will
wjsteen at talktalk.net
More information about the Freeradius-Users
mailing list