FR 3.0.21 on Debian Buster delivering strange cert+chain?
Martin Pauly
pauly at hrz.uni-marburg.de
Fri Jul 17 17:56:33 CEST 2020
Am 15.07.20 um 17:13 schrieb Alan DeKok:
> FreeRADIUS uses OpenSSL to implement all certificate handling. By switching versions of OpenSSL, you change the behaviour of certificate handling.
yes. I was able to narrow things down a bit.
1. Static openssl verify works
openssl verify -verbose -x509_strict -CAfile /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem -untrusted chain-telesec-global-root-ca2-without-rootcert.pem -verify_hostname radius.staff.uni-marburg.de cert-radius.staff.uni-marburg.de-telesec-root.pem
cert-radius.staff.uni-marburg.de-telesec-root.pem: OK
2. I fed the certs to openssl s_server and, on localhost used
openssl s_client -verify_hostname radius.staff.uni-marburg.de -x509_strict -CAfile /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem -connect :8008
==> OK, as expected (and every minor change breaks it)
3. eapol_test succeeds when I use EAP-TTLS/PAP
4. I called eapol_test against my working server (which carries the same cert) and against localhost for comparison
AFAICT, relevant diffs show from line 403 in both files (size of RADIUS packets) or 421 (size of EAP requests)
Files are attached for easier handling (some attachments seem to make it to the list) but are appended inline regardless
(password was a real one at the time of test, but changed after).
From my (pretty naive) point of view, it looks like the 11 Bytes missing from the EAP-Request-PEAP might spoil the game.
I might even have hit a rare corner case, e.g. Sven Hartge is using exactly the same combination of FR and libssl1.1 without problems.
(It's the buster-backports packages now. If needed, I will also try those from networkradius.com.)
Here's the server debug:
FreeRADIUS Version 3.0.21
Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/freeradius/3.0/dictionary
including configuration file /etc/freeradius/3.0/radiusd.conf
including configuration file /etc/freeradius/3.0/proxy.conf
including configuration file /etc/freeradius/3.0/clients.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_nagios.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_nagios.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_internal.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc-ukgm.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc-ukgm.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc-ukgm.conf
including configuration file /etc/freeradius/3.0/radius_shared_secret_wlc-ukgm.conf
including files in directory /etc/freeradius/3.0/mods-enabled/
including configuration file /etc/freeradius/3.0/mods-enabled/always
including configuration file /etc/freeradius/3.0/mods-enabled/attr_filter
including configuration file /etc/freeradius/3.0/mods-enabled/cache_eap
including configuration file /etc/freeradius/3.0/mods-enabled/chap
including configuration file /etc/freeradius/3.0/mods-enabled/detail
including configuration file /etc/freeradius/3.0/mods-enabled/detail.log
including configuration file /etc/freeradius/3.0/mods-enabled/digest
including configuration file /etc/freeradius/3.0/mods-enabled/dynamic_clients
including configuration file /etc/freeradius/3.0/mods-enabled/eap
including configuration file /etc/freeradius/3.0/certs/passphrase.conf
including configuration file /etc/freeradius/3.0/certs/passphrase.conf
including configuration file /etc/freeradius/3.0/mods-enabled/echo
including configuration file /etc/freeradius/3.0/mods-enabled/exec
including configuration file /etc/freeradius/3.0/mods-enabled/expiration
including configuration file /etc/freeradius/3.0/mods-enabled/expr
including configuration file /etc/freeradius/3.0/mods-enabled/files
including configuration file /etc/freeradius/3.0/mods-enabled/linelog
including configuration file /etc/freeradius/3.0/mods-enabled/logintime
including configuration file /etc/freeradius/3.0/mods-enabled/mschap
including configuration file /etc/freeradius/3.0/mods-enabled/ntlm_auth
including configuration file /etc/freeradius/3.0/mods-enabled/pap
including configuration file /etc/freeradius/3.0/mods-enabled/passwd
including configuration file /etc/freeradius/3.0/mods-enabled/preprocess
including configuration file /etc/freeradius/3.0/mods-enabled/radutmp
including configuration file /etc/freeradius/3.0/mods-enabled/realm
including configuration file /etc/freeradius/3.0/mods-enabled/replicate
including configuration file /etc/freeradius/3.0/mods-enabled/soh
including configuration file /etc/freeradius/3.0/mods-enabled/sradutmp
including configuration file /etc/freeradius/3.0/mods-enabled/unix
including configuration file /etc/freeradius/3.0/mods-enabled/unpack
including configuration file /etc/freeradius/3.0/mods-enabled/utf8
including configuration file /etc/freeradius/3.0/mods-enabled/ldap
including configuration file /etc/freeradius/3.0/ldap-password.conf
including files in directory /etc/freeradius/3.0/policy.d/
including configuration file /etc/freeradius/3.0/policy.d/abfab-tr
including configuration file /etc/freeradius/3.0/policy.d/accounting
including configuration file /etc/freeradius/3.0/policy.d/canonicalization
including configuration file /etc/freeradius/3.0/policy.d/control
including configuration file /etc/freeradius/3.0/policy.d/cui
including configuration file /etc/freeradius/3.0/policy.d/debug
including configuration file /etc/freeradius/3.0/policy.d/dhcp
including configuration file /etc/freeradius/3.0/policy.d/eap
including configuration file /etc/freeradius/3.0/policy.d/filter
including configuration file /etc/freeradius/3.0/policy.d/moonshot-targeted-ids
including configuration file /etc/freeradius/3.0/policy.d/operator-name
including configuration file /etc/freeradius/3.0/policy.d/rfc7542
including files in directory /etc/freeradius/3.0/sites-enabled/
including configuration file /etc/freeradius/3.0/sites-enabled/default
including configuration file /etc/freeradius/3.0/sites-enabled/inner-tunnel
main {
security {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 4096
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
realm staff.uni-marburg.de {
authhost = LOCAL
accthost = LOCAL
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client rst1 {
ipaddr = 137.248.9.18
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client rst2 {
ipaddr = 137.248.9.13
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client rsp1 {
ipaddr = 137.248.16.2
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client rsp2 {
ipaddr = 137.248.9.9
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client rsf1 {
ipaddr = 172.25.1.26
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client rsf2 {
ipaddr = 172.25.1.27
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client radius-dev {
ipaddr = 172.25.1.136
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client radius-old {
ipaddr = 172.25.1.160
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client pcrz1038 {
ipaddr = 137.248.3.11
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client nms-ersatz {
ipaddr = 137.248.3.5
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client nms {
ipaddr = 137.248.3.90
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client asrz01 {
ipaddr = 137.248.1.209
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client asrz04 {
ipaddr = 137.248.1.210
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client cvrzrz07 {
ipaddr = 137.248.1.213
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client cvrzrz08 {
ipaddr = 137.248.1.215
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc1 {
ipaddr = 192.168.80.1
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc2 {
ipaddr = 192.168.80.2
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc3 {
ipaddr = 192.168.80.3
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc4 {
ipaddr = 192.168.80.4
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc5 {
ipaddr = 192.168.80.5
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc6 {
ipaddr = 192.168.80.6
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc9 {
ipaddr = 137.248.16.99
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc16 {
ipaddr = 192.168.80.16
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc-ukgm-students {
ipaddr = 137.248.251.253
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc-ukgm-eduroam {
ipaddr = 137.248.237.253
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client wlc-ukgm-staff {
ipaddr = 137.248.253.253
require_message_authenticator = no
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 137.248.254.240/31 {
require_message_authenticator = no
secret = <<< secret >>>
shortname = "fw20001"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 137.248.254.240/31. Please fix your configuration
Support for old-style clients will be removed in a future release
Debugger not attached
systemd watchdog is disabled
# Creating Auth-Type = digest
# Creating Auth-Type = eap
/etc/freeradius/3.0/sites-enabled/default[509]: Duplicate Auth-Type 'eap'
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
# Creating Auth-Type = MS-CHAP
# Creating Auth-Type = LDAP
# Creating Auth-Type = eapoldca
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_always
# Loading module "reject" from file /etc/freeradius/3.0/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /etc/freeradius/3.0/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /etc/freeradius/3.0/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /etc/freeradius/3.0/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /etc/freeradius/3.0/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /etc/freeradius/3.0/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_attr_filter
# Loading module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/freeradius/3.0/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/freeradius/3.0/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/etc/freeradius/3.0/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/etc/freeradius/3.0/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
# Loaded module rlm_cache
# Loading module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
cache cache_eap {
driver = "rlm_cache_rbtree"
key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
ttl = 15
max_entries = 0
epoch = 0
add_stats = no
}
# Loaded module rlm_chap
# Loading module "chap" from file /etc/freeradius/3.0/mods-enabled/chap
# Loaded module rlm_detail
# Loading module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
detail {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y-%m-%d"
header = "%t"
permissions = 416
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
detail auth_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
detail reply_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
detail post_proxy_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_digest
# Loading module "digest" from file /etc/freeradius/3.0/mods-enabled/digest
# Loaded module rlm_dynamic_clients
# Loading module "dynamic_clients" from file /etc/freeradius/3.0/mods-enabled/dynamic_clients
# Loaded module rlm_eap
# Loading module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
# Loading module "eapoldca" from file /etc/freeradius/3.0/mods-enabled/eap
eap eapoldca {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
# Loaded module rlm_exec
# Loading module "echo" from file /etc/freeradius/3.0/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loading module "exec" from file /etc/freeradius/3.0/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_expiration
# Loading module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
# Loaded module rlm_expr
# Loading module "expr" from file /etc/freeradius/3.0/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module rlm_files
# Loading module "files" from file /etc/freeradius/3.0/mods-enabled/files
files {
filename = "/etc/freeradius/3.0/mods-config/files/authorize"
acctusersfile = "/etc/freeradius/3.0/mods-config/files/accounting"
preproxy_usersfile = "/etc/freeradius/3.0/mods-config/files/pre-proxy"
}
# Loaded module rlm_linelog
# Loading module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
linelog {
filename = "/var/log/freeradius/linelog"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{reply:Packet-Type}:-default}"
}
# Loading module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/freeradius/linelog-accounting"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_logintime
# Loading module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_mschap
# Loading module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loading module "ntlm_auth" from file /etc/freeradius/3.0/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_pap
# Loading module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
pap {
normalise = yes
}
# Loaded module rlm_passwd
# Loading module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
# Loaded module rlm_preprocess
# Loading module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/freeradius/3.0/mods-config/preprocess/huntgroups"
hints = "/etc/freeradius/3.0/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_radutmp
# Loading module "radutmp" from file /etc/freeradius/3.0/mods-enabled/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_realm
# Loading module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Loading module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loading module "bangpath" from file /etc/freeradius/3.0/mods-enabled/realm
realm bangpath {
format = "prefix"
delimiter = "!"
ignore_default = no
ignore_null = no
}
# Loading module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Loading module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_replicate
# Loading module "replicate" from file /etc/freeradius/3.0/mods-enabled/replicate
# Loaded module rlm_soh
# Loading module "soh" from file /etc/freeradius/3.0/mods-enabled/soh
soh {
dhcp = yes
}
# Loading module "sradutmp" from file /etc/freeradius/3.0/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/freeradius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_unix
# Loading module "unix" from file /etc/freeradius/3.0/mods-enabled/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Creating attribute Unix-Group
# Loaded module rlm_unpack
# Loading module "unpack" from file /etc/freeradius/3.0/mods-enabled/unpack
# Loaded module rlm_utf8
# Loading module "utf8" from file /etc/freeradius/3.0/mods-enabled/utf8
# Loaded module rlm_ldap
# Loading module "ldap" from file /etc/freeradius/3.0/mods-enabled/ldap
ldap {
server = "ldaps://ldap01.hrz.uni-marburg.de:636"
identity = "uid=radius,ou=Proxy,o=Universitaet Marburg,c=DE"
password = <<< secret >>>
sasl {
}
user {
scope = "sub"
access_positive = yes
sasl {
}
}
group {
scope = "sub"
name_attribute = "cn"
cacheable_name = no
cacheable_dn = no
allow_dangling_group_ref = no
}
client {
scope = "sub"
base_dn = ""
}
profile {
}
options {
ldap_debug = 40
chase_referrals = yes
rebind = yes
net_timeout = 1
res_timeout = 20
srv_timelimit = 20
idle = 60
probes = 3
interval = 3
}
tls {
ca_file = "/etc/ssl/certs/ca-certificates.crt"
start_tls = no
}
}
Creating attribute LDAP-Group
instantiate {
}
# Instantiating module "reject" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "fail" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "ok" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "handled" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "invalid" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "userlock" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "notfound" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "noop" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "updated" from file /etc/freeradius/3.0/mods-enabled/always
# Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/3.0/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/3.0/mods-config/attr_filter/accounting_response
# Instantiating module "cache_eap" from file /etc/freeradius/3.0/mods-enabled/cache_eap
rlm_cache (cache_eap): Driver rlm_cache_rbtree (module rlm_cache_rbtree) loaded and linked
# Instantiating module "detail" from file /etc/freeradius/3.0/mods-enabled/detail
# Instantiating module "auth_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
# Instantiating module "reply_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
# Instantiating module "pre_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file /etc/freeradius/3.0/mods-enabled/detail.log
# Instantiating module "eap" from file /etc/freeradius/3.0/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/freeradius/3.0/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/3.0/certs/key-radius.staff.uni-marburg.de-telesec-root.pem"
certificate_file = "/etc/freeradius/3.0/certs/cert-radius.staff.uni-marburg.de-telesec-root.pem"
ca_file = "/etc/freeradius/3.0/certs/chain-telesec-global-root-ca2-without-rootcert.pem"
private_key_password = <<< secret >>>
dh_file = "/etc/freeradius/3.0/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
tls_max_version = ""
tls_min_version = "1.0"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
The configuration allows TLS 1.0 and/or TLS 1.1. We STRONGLY recommned using only TLS 1.2 for security
Please set: tls_min_version = "1.2"
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "peap"
copy_request_to_tunnel = yes
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "eapoldca" from file /etc/freeradius/3.0/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/freeradius/3.0/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/3.0/certs/wifi-outdated-please-contact-helpdesk-key-t-telesec.pem"
certificate_file = "/etc/freeradius/3.0/certs/wifi-outdated-please-contact-helpdesk-crt-t-telesec.pem"
ca_file = "/etc/freeradius/3.0/certs/chain-telesec-global-root-ca2-without-rootcert.pem"
private_key_password = <<< secret >>>
dh_file = "/etc/freeradius/3.0/certs/dh"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
tls_max_version = ""
tls_min_version = "1.0"
cache {
enable = yes
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
The configuration allows TLS 1.0 and/or TLS 1.1. We STRONGLY recommned using only TLS 1.2 for security
Please set: tls_min_version = "1.2"
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "peap"
copy_request_to_tunnel = yes
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "expiration" from file /etc/freeradius/3.0/mods-enabled/expiration
# Instantiating module "files" from file /etc/freeradius/3.0/mods-enabled/files
reading pairlist file /etc/freeradius/3.0/mods-config/files/authorize
reading pairlist file /etc/freeradius/3.0/mods-config/files/accounting
reading pairlist file /etc/freeradius/3.0/mods-config/files/pre-proxy
# Instantiating module "linelog" from file /etc/freeradius/3.0/mods-enabled/linelog
# Instantiating module "log_accounting" from file /etc/freeradius/3.0/mods-enabled/linelog
# Instantiating module "logintime" from file /etc/freeradius/3.0/mods-enabled/logintime
# Instantiating module "mschap" from file /etc/freeradius/3.0/mods-enabled/mschap
rlm_mschap (mschap): using internal authentication
# Instantiating module "pap" from file /etc/freeradius/3.0/mods-enabled/pap
# Instantiating module "etc_passwd" from file /etc/freeradius/3.0/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Instantiating module "preprocess" from file /etc/freeradius/3.0/mods-enabled/preprocess
reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/huntgroups
reading pairlist file /etc/freeradius/3.0/mods-config/preprocess/hints
# Instantiating module "IPASS" from file /etc/freeradius/3.0/mods-enabled/realm
# Instantiating module "suffix" from file /etc/freeradius/3.0/mods-enabled/realm
# Instantiating module "bangpath" from file /etc/freeradius/3.0/mods-enabled/realm
# Instantiating module "realmpercent" from file /etc/freeradius/3.0/mods-enabled/realm
# Instantiating module "ntdomain" from file /etc/freeradius/3.0/mods-enabled/realm
# Instantiating module "ldap" from file /etc/freeradius/3.0/mods-enabled/ldap
rlm_ldap: libldap vendor: OpenLDAP, version: 20447
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}}"
}
post-auth {
reference = "."
}
rlm_ldap (ldap): Initialising connection pool
pool {
start = 5
min = 1
max = 64
spare = 3
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 1
spread = no
}
rlm_ldap (ldap): Opening additional connection (0), 1 of 64 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (1), 1 of 63 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (2), 1 of 62 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (3), 1 of 61 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
rlm_ldap (ldap): Opening additional connection (4), 1 of 60 pending slots used
rlm_ldap (ldap): Connecting to ldaps://ldap01.hrz.uni-marburg.de:636 ldaps://ldap02.hrz.uni-marburg.de:636 ldaps://ldap03.hrz.uni-marburg.de:636 ldaps://ldap04.hrz.uni-marburg.de:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/3.0/radiusd.conf
} # server
server default { # from file /etc/freeradius/3.0/sites-enabled/default
# Loading authenticate {...}
# Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
# Loading preacct {...}
# Loading accounting {...}
# Loading post-auth {...}
} # server default
server inner-tunnel { # from file /etc/freeradius/3.0/sites-enabled/inner-tunnel
# Loading authenticate {...}
# Loading authorize {...}
# Loading session {...}
# Loading post-proxy {...}
# Loading post-auth {...}
} # server inner-tunnel
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Ready to process requests
(0) Received Access-Request Id 0 from 127.0.0.1:54785 to 127.0.0.1:1812 length 170
(0) User-Name = "eduroam at staff.uni-marburg.de"
(0) NAS-IP-Address = 127.0.0.1
(0) Calling-Station-Id = "02-00-00-00-00-01"
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Connect-Info = "CONNECT 11Mbps 802.11b"
(0) EAP-Message = 0x0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
(0) Message-Authenticator = 0x81ddb8137f9474dc6947af682fe43ecf
(0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ /@\./) {
(0) if (&User-Name =~ /@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "eduroam at staff.uni-marburg.de"
(0) suffix: Found realm "staff.uni-marburg.de"
(0) suffix: Adding Stripped-User-Name = "eduroam"
(0) suffix: Adding Realm = "staff.uni-marburg.de"
(0) suffix: Authentication realm is LOCAL
(0) [suffix] = ok
(0) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(0) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") -> TRUE
(0) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(0) eap: Peer sent EAP Response (code 2) ID 0 length 33
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") = ok
(0) ... skipping else: Preceding "if" was taken
(0) files: users: Matched entry DEFAULT at line 144
(0) [files] = ok
rlm_ldap (ldap): Reserved connection (0)
(0) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(0) ldap: --> (uid=eduroam)
(0) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(0) ldap: Waiting for search result...
(0) ldap: Search returned no results
rlm_ldap (ldap): Released connection (0)
(0) [ldap] = notfound
(0) if ((ok || updated) && User-Password) {
(0) if ((ok || updated) && User-Password) -> FALSE
(0) [expiration] = noop
(0) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(0) [pap] = noop
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 1 length 22
(0) eap: EAP session adding &reply:State = 0x3ffd102b3ffc1410
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0) Sent Access-Challenge Id 0 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(0) EAP-Message = 0x010100160410efee8720800c176c2fb09b9337d05c84
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x3ffd102b3ffc1410126802d44a64f382
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 1 from 127.0.0.1:54785 to 127.0.0.1:1812 length 161
(1) User-Name = "eduroam at staff.uni-marburg.de"
(1) NAS-IP-Address = 127.0.0.1
(1) Calling-Station-Id = "02-00-00-00-00-01"
(1) Framed-MTU = 1400
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) Connect-Info = "CONNECT 11Mbps 802.11b"
(1) EAP-Message = 0x020100060319
(1) State = 0x3ffd102b3ffc1410126802d44a64f382
(1) Message-Authenticator = 0x2ab22dd32ccee2543713aab5d7e0956e
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "eduroam at staff.uni-marburg.de"
(1) suffix: Found realm "staff.uni-marburg.de"
(1) suffix: Adding Stripped-User-Name = "eduroam"
(1) suffix: Adding Realm = "staff.uni-marburg.de"
(1) suffix: Authentication realm is LOCAL
(1) [suffix] = ok
(1) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(1) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") -> TRUE
(1) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(1) eap: Peer sent EAP Response (code 2) ID 1 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) } # if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") = updated
(1) ... skipping else: Preceding "if" was taken
(1) files: users: Matched entry DEFAULT at line 144
(1) [files] = ok
rlm_ldap (ldap): Reserved connection (1)
(1) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(1) ldap: --> (uid=eduroam)
(1) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(1) ldap: Waiting for search result...
(1) ldap: Search returned no results
rlm_ldap (ldap): Released connection (1)
(1) [ldap] = notfound
(1) if ((ok || updated) && User-Password) {
(1) if ((ok || updated) && User-Password) -> FALSE
(1) [expiration] = noop
(1) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) authenticate {
(1) eap: Expiring EAP session with state 0x3ffd102b3ffc1410
(1) eap: Finished EAP session with state 0x3ffd102b3ffc1410
(1) eap: Previous EAP request found for state 0x3ffd102b3ffc1410, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Initiating new TLS session
(1) eap_peap: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 2 length 6
(1) eap: EAP session adding &reply:State = 0x3ffd102b3eff0910
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(1) Sent Access-Challenge Id 1 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(1) EAP-Message = 0x010200061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x3ffd102b3eff0910126802d44a64f382
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 2 from 127.0.0.1:54785 to 127.0.0.1:1812 length 349
(2) User-Name = "eduroam at staff.uni-marburg.de"
(2) NAS-IP-Address = 127.0.0.1
(2) Calling-Station-Id = "02-00-00-00-00-01"
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) Connect-Info = "CONNECT 11Mbps 802.11b"
(2) EAP-Message = 0x020200c21980000000b816030100b3010000af0303cb33f4997795f031ca50216b08d2f495c9d102a431152262fa2b830080dfe1c2000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(2) State = 0x3ffd102b3eff0910126802d44a64f382
(2) Message-Authenticator = 0x672b5d086125c27f41eff44e51fb1d2f
(2) session-state: No cached attributes
(2) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ /@\./) {
(2) if (&User-Name =~ /@\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "eduroam at staff.uni-marburg.de"
(2) suffix: Found realm "staff.uni-marburg.de"
(2) suffix: Adding Stripped-User-Name = "eduroam"
(2) suffix: Adding Realm = "staff.uni-marburg.de"
(2) suffix: Authentication realm is LOCAL
(2) [suffix] = ok
(2) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(2) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") -> TRUE
(2) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(2) eap: Peer sent EAP Response (code 2) ID 2 length 194
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") = ok
(2) ... skipping else: Preceding "if" was taken
(2) files: users: Matched entry DEFAULT at line 144
(2) [files] = ok
rlm_ldap (ldap): Reserved connection (2)
(2) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(2) ldap: --> (uid=eduroam)
(2) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(2) ldap: Waiting for search result...
(2) ldap: Search returned no results
rlm_ldap (ldap): Released connection (2)
(2) [ldap] = notfound
(2) if ((ok || updated) && User-Password) {
(2) if ((ok || updated) && User-Password) -> FALSE
(2) [expiration] = noop
(2) [logintime] = noop
(2) [pap] = noop
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) authenticate {
(2) eap: Expiring EAP session with state 0x3ffd102b3eff0910
(2) eap: Finished EAP session with state 0x3ffd102b3eff0910
(2) eap: Previous EAP request found for state 0x3ffd102b3eff0910, released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer indicated complete TLS record size will be 184 bytes
(2) eap_peap: Got complete TLS record (184 bytes)
(2) eap_peap: [eaptls verify] = length included
(2) eap_peap: (other): before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: <<< recv TLS 1.3 [length 00b3]
(2) eap_peap: TLS_accept: SSLv3/TLS read client hello
(2) eap_peap: >>> send TLS 1.2 [length 005d]
(2) eap_peap: TLS_accept: SSLv3/TLS write server hello
(2) eap_peap: >>> send TLS 1.2 [length 0dbb]
(2) eap_peap: TLS_accept: SSLv3/TLS write certificate
(2) eap_peap: >>> send TLS 1.2 [length 014d]
(2) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(2) eap_peap: >>> send TLS 1.2 [length 0004]
(2) eap_peap: TLS_accept: SSLv3/TLS write server done
(2) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(2) eap_peap: TLS - In Handshake Phase
(2) eap_peap: TLS - got 3965 bytes of data
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 3 length 1004
(2) eap: EAP session adding &reply:State = 0x3ffd102b3dfe0910
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(2) Sent Access-Challenge Id 2 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(2) EAP-Message = 0x010303ec19c000000f7d160303005d0200005903031babee68b932de94d9dc6b071e883e48240205691912b348ccf0e191438d416920cf570836d7d8bbe723307dec476f68cd3ea1b6974822dec7a2b4b70266791e94c030000011ff01000100000b000403000102001700001603030dbb0b000db7000db40007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x3ffd102b3dfe0910126802d44a64f382
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 3 from 127.0.0.1:54785 to 127.0.0.1:1812 length 161
(3) User-Name = "eduroam at staff.uni-marburg.de"
(3) NAS-IP-Address = 127.0.0.1
(3) Calling-Station-Id = "02-00-00-00-00-01"
(3) Framed-MTU = 1400
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) Connect-Info = "CONNECT 11Mbps 802.11b"
(3) EAP-Message = 0x020300061900
(3) State = 0x3ffd102b3dfe0910126802d44a64f382
(3) Message-Authenticator = 0x495246aafd0192e66df81f4290b4b411
(3) session-state: No cached attributes
(3) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /@\./) {
(3) if (&User-Name =~ /@\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "eduroam at staff.uni-marburg.de"
(3) suffix: Found realm "staff.uni-marburg.de"
(3) suffix: Adding Stripped-User-Name = "eduroam"
(3) suffix: Adding Realm = "staff.uni-marburg.de"
(3) suffix: Authentication realm is LOCAL
(3) [suffix] = ok
(3) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(3) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") -> TRUE
(3) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(3) eap: Peer sent EAP Response (code 2) ID 3 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") = ok
(3) ... skipping else: Preceding "if" was taken
(3) files: users: Matched entry DEFAULT at line 144
(3) [files] = ok
rlm_ldap (ldap): Reserved connection (3)
(3) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(3) ldap: --> (uid=eduroam)
(3) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(3) ldap: Waiting for search result...
(3) ldap: Search returned no results
rlm_ldap (ldap): Released connection (3)
(3) [ldap] = notfound
(3) if ((ok || updated) && User-Password) {
(3) if ((ok || updated) && User-Password) -> FALSE
(3) [expiration] = noop
(3) [logintime] = noop
(3) [pap] = noop
(3) } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) authenticate {
(3) eap: Expiring EAP session with state 0x3ffd102b3dfe0910
(3) eap: Finished EAP session with state 0x3ffd102b3dfe0910
(3) eap: Previous EAP request found for state 0x3ffd102b3dfe0910, released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer ACKed our handshake fragment
(3) eap_peap: [eaptls verify] = request
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 4 length 1000
(3) eap: EAP session adding &reply:State = 0x3ffd102b3cf90910
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(3) Sent Access-Challenge Id 3 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(3) EAP-Message = 0x010403e819406166662e756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b06010505073002863d687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x3ffd102b3cf90910126802d44a64f382
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 4 from 127.0.0.1:54785 to 127.0.0.1:1812 length 161
(4) User-Name = "eduroam at staff.uni-marburg.de"
(4) NAS-IP-Address = 127.0.0.1
(4) Calling-Station-Id = "02-00-00-00-00-01"
(4) Framed-MTU = 1400
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) Connect-Info = "CONNECT 11Mbps 802.11b"
(4) EAP-Message = 0x020400061900
(4) State = 0x3ffd102b3cf90910126802d44a64f382
(4) Message-Authenticator = 0x9e6aaf716ad1138d6a111e1b78b2273c
(4) session-state: No cached attributes
(4) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ /@\./) {
(4) if (&User-Name =~ /@\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "eduroam at staff.uni-marburg.de"
(4) suffix: Found realm "staff.uni-marburg.de"
(4) suffix: Adding Stripped-User-Name = "eduroam"
(4) suffix: Adding Realm = "staff.uni-marburg.de"
(4) suffix: Authentication realm is LOCAL
(4) [suffix] = ok
(4) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(4) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") -> TRUE
(4) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(4) eap: Peer sent EAP Response (code 2) ID 4 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") = ok
(4) ... skipping else: Preceding "if" was taken
(4) files: users: Matched entry DEFAULT at line 144
(4) [files] = ok
rlm_ldap (ldap): Reserved connection (4)
(4) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(4) ldap: --> (uid=eduroam)
(4) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(4) ldap: Waiting for search result...
(4) ldap: Search returned no results
rlm_ldap (ldap): Released connection (4)
(4) [ldap] = notfound
(4) if ((ok || updated) && User-Password) {
(4) if ((ok || updated) && User-Password) -> FALSE
(4) [expiration] = noop
(4) [logintime] = noop
(4) [pap] = noop
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) authenticate {
(4) eap: Expiring EAP session with state 0x3ffd102b3cf90910
(4) eap: Finished EAP session with state 0x3ffd102b3cf90910
(4) eap: Previous EAP request found for state 0x3ffd102b3cf90910, released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer ACKed our handshake fragment
(4) eap_peap: [eaptls verify] = request
(4) eap_peap: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 5 length 1000
(4) eap: EAP session adding &reply:State = 0x3ffd102b3bf80910
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found. Ignoring.
(4) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(4) Sent Access-Challenge Id 4 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(4) EAP-Message = 0x010503e81940169be707d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x3ffd102b3bf80910126802d44a64f382
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 5 from 127.0.0.1:54785 to 127.0.0.1:1812 length 161
(5) User-Name = "eduroam at staff.uni-marburg.de"
(5) NAS-IP-Address = 127.0.0.1
(5) Calling-Station-Id = "02-00-00-00-00-01"
(5) Framed-MTU = 1400
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) Connect-Info = "CONNECT 11Mbps 802.11b"
(5) EAP-Message = 0x020500061900
(5) State = 0x3ffd102b3bf80910126802d44a64f382
(5) Message-Authenticator = 0x45e6e2d362a4fa1fe2abaf2b4ac385ad
(5) session-state: No cached attributes
(5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "eduroam at staff.uni-marburg.de"
(5) suffix: Found realm "staff.uni-marburg.de"
(5) suffix: Adding Stripped-User-Name = "eduroam"
(5) suffix: Adding Realm = "staff.uni-marburg.de"
(5) suffix: Authentication realm is LOCAL
(5) [suffix] = ok
(5) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(5) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") -> TRUE
(5) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(5) eap: Peer sent EAP Response (code 2) ID 5 length 6
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") = ok
(5) ... skipping else: Preceding "if" was taken
(5) files: users: Matched entry DEFAULT at line 144
(5) [files] = ok
rlm_ldap (ldap): Reserved connection (0)
(5) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(5) ldap: --> (uid=eduroam)
(5) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(5) ldap: Waiting for search result...
(5) ldap: Search returned no results
rlm_ldap (ldap): Released connection (0)
(5) [ldap] = notfound
(5) if ((ok || updated) && User-Password) {
(5) if ((ok || updated) && User-Password) -> FALSE
(5) [expiration] = noop
(5) [logintime] = noop
(5) [pap] = noop
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) authenticate {
(5) eap: Expiring EAP session with state 0x3ffd102b3bf80910
(5) eap: Finished EAP session with state 0x3ffd102b3bf80910
(5) eap: Previous EAP request found for state 0x3ffd102b3bf80910, released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: Peer ACKed our handshake fragment
(5) eap_peap: [eaptls verify] = request
(5) eap_peap: [eaptls process] = handled
(5) eap: Sending EAP Request (code 1) ID 6 length 989
(5) eap: EAP session adding &reply:State = 0x3ffd102b3afb0910
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found. Ignoring.
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) Sent Access-Challenge Id 5 from 127.0.0.1:1812 to 127.0.0.1:54785 length 0
(5) EAP-Message = 0x010603dd1900873081843040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f7
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x3ffd102b3afb0910126802d44a64f382
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 6 from 127.0.0.1:54785 to 127.0.0.1:1812 length 172
(6) User-Name = "eduroam at staff.uni-marburg.de"
(6) NAS-IP-Address = 127.0.0.1
(6) Calling-Station-Id = "02-00-00-00-00-01"
(6) Framed-MTU = 1400
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) Connect-Info = "CONNECT 11Mbps 802.11b"
(6) EAP-Message = 0x0206001119800000000715030300020230
(6) State = 0x3ffd102b3afb0910126802d44a64f382
(6) Message-Authenticator = 0xb45cf99857b492d1b9e414ca47c02c4c
(6) session-state: No cached attributes
(6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: Looking up realm "staff.uni-marburg.de" for User-Name = "eduroam at staff.uni-marburg.de"
(6) suffix: Found realm "staff.uni-marburg.de"
(6) suffix: Adding Stripped-User-Name = "eduroam"
(6) suffix: Adding Realm = "staff.uni-marburg.de"
(6) suffix: Authentication realm is LOCAL
(6) [suffix] = ok
(6) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(6) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") -> TRUE
(6) if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") {
(6) eap: Peer sent EAP Response (code 2) ID 6 length 17
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # if ( &User-Name == "eduroam at staff.uni-marburg.de" || &User-Name == "cat-connectivity-test at staff.uni-marburg.de" || &User-Name == "@staff.uni-marburg.de") = ok
(6) ... skipping else: Preceding "if" was taken
(6) files: users: Matched entry DEFAULT at line 144
(6) [files] = ok
rlm_ldap (ldap): Reserved connection (1)
(6) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(6) ldap: --> (uid=eduroam)
(6) ldap: Performing search in "ou=people,ou=staff,ou=Accounts,o=Universitaet Marburg,c=DE" with filter "(uid=eduroam)", scope "sub"
(6) ldap: Waiting for search result...
(6) ldap: Search returned no results
rlm_ldap (ldap): Released connection (1)
(6) [ldap] = notfound
(6) if ((ok || updated) && User-Password) {
(6) if ((ok || updated) && User-Password) -> FALSE
(6) [expiration] = noop
(6) [logintime] = noop
(6) [pap] = noop
(6) } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0x3ffd102b3afb0910
(6) eap: Finished EAP session with state 0x3ffd102b3afb0910
(6) eap: Previous EAP request found for state 0x3ffd102b3afb0910, released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: Peer indicated complete TLS record size will be 7 bytes
(6) eap_peap: Got complete TLS record (7 bytes)
(6) eap_peap: [eaptls verify] = length included
(6) eap_peap: <<< recv TLS 1.2 [length 0002]
(6) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
(6) eap_peap: TLS_accept: Need to read more data: error
(6) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
(6) eap_peap: TLS - In Handshake Phase
(6) eap_peap: TLS - Application data.
(6) eap_peap: ERROR: TLS failed during operation
(6) eap_peap: ERROR: [eaptls process] = fail
(6) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed
(6) eap: Sending EAP Failure (code 4) ID 6 length 4
(6) eap: Failed in EAP select
(6) [eap] = invalid
(6) } # authenticate = invalid
(6) Failed to authenticate the user
(6) Using Post-Auth-Type Reject
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) Post-Auth-Type REJECT {
(6) attr_filter.access_reject: EXPAND %{User-Name}
(6) attr_filter.access_reject: --> eduroam at staff.uni-marburg.de
(6) attr_filter.access_reject: Matched entry DEFAULT at line 11
(6) [attr_filter.access_reject] = updated
(6) [eap] = noop
(6) policy remove_reply_message_if_eap {
(6) if (&reply:EAP-Message && &reply:Reply-Message) {
(6) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(6) else {
(6) [noop] = noop
(6) } # else = noop
(6) } # policy remove_reply_message_if_eap = noop
(6) } # Post-Auth-Type REJECT = updated
(6) Login incorrect (eap_peap: TLS Alert read:fatal:unknown CA): [eduroam at staff.uni-marburg.de] (from client localhost port 0 cli 02-00-00-00-00-01)
(6) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(6) Sending delayed response
(6) Sent Access-Reject Id 6 from 127.0.0.1:1812 to 127.0.0.1:54785 length 44
(6) EAP-Message = 0x04060004
(6) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
::::::::::::::
eapol-peap-fail.txt
::::::::::::::
Reading configuration file 'peap-mschapv2.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=12):
65 78 61 6d 70 6c 65 2d 53 53 49 44 example-SSID
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
anonymous_identity - hexdump_ascii(len=28):
65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e eduroam at staff.un
69 2d 6d 61 72 62 75 72 67 2e 64 65 i-marburg.de
password - hexdump_ascii(len=8):
6e 6e 71 65 63 79 21 33 nnqecy!3
phase2 - hexdump_ascii(len=21):
61 75 74 68 3d 4d 53 43 48 41 50 56 32 20 72 65 auth=MSCHAPV2 re
74 72 79 3d 30 try=0
ca_cert - hexdump_ascii(len=47):
2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 54 /etc/ssl/certs/T
2d 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 -TeleSec_GlobalR
6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 70 65 6d oot_Class_2.pem
Priority group 0
id=0 ssid='example-SSID'
Authentication server 127.0.0.1:1812
RADIUS local address: 127.0.0.1:39492
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=28):
65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e eduroam at staff.un
69 2d 6d 61 72 62 75 72 67 2e 64 65 i-marburg.de
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=33)
TX EAP -> RADIUS - hexdump(len=33): 02 00 00 21 01 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=28): 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=170
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=35
Value: 0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
Attribute 80 (Message-Authenticator) length=18
Value: 20bb9b3d7cd7d92343c8f99959601fad
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
Attribute 79 (EAP-Message) length=24
Value: 01010016041022b9694882c970fa14db9c560cd1e5b5
Attribute 80 (Message-Authenticator) length=18
Value: d5983042ba2890d2cc8f718d6e609b99
Attribute 24 (State) length=18
Value: 435995b343589192a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020100060319
Attribute 24 (State) length=18
Value: 435995b343589192a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: d28f469bf815eca41b2c30517f57dd51
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
Attribute 79 (EAP-Message) length=8
Value: 010200061920
Attribute 80 (Message-Authenticator) length=18
Value: 57dcc09150305a658943b7513f9b7aea
Attribute 24 (State) length=18
Value: 435995b3425b8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 ee ee 57 b5 52 be fa 72 cc c9 fa 0e af 21 fc 32 de 72 10 76 1a 8e fb 2f a4 92 14 0c 78 ae 42 37 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7da06100
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 02 00 c2 19 80 00 00 00 b8 16 03 01 00 b3 01 00 00 af 03 03 ee ee 57 b5 52 be fa 72 cc c9 fa 0e af 21 fc 32 de 72 10 76 1a 8e fb 2f a4 92 14 0c 78 ae 42 37 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=349
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=196
Value: 020200c21980000000b816030100b3010000af0303eeee57b552befa72ccc9fa0eaf21fc32de7210761a8efb2fa492140c78ae4237000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
Attribute 24 (State) length=18
Value: 435995b3425b8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: 8f8cbb5013fb0d917c0f82885de42077
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1068
Attribute 79 (EAP-Message) length=255
Value: 010303ec19c000000f7d160303005d020000590303cf6b62763d2d652a6e33f1e01aadf1ea11057f46f7565456f0dda42ecda7790b20273e861829c300da9e83811ba75dd5bbcc7a2467593152b60f070530d1a4eccec030000011ff01000100000b000403000102001700001603030dbb0b000db7000db40007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e31
Attribute 79 (EAP-Message) length=255
Value: 10300e060355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110300e06035504070c074d61726275726731263024060355040a0c1d5068696c697070732d556e69766572736974616574204d6172627572673124302206035504030c1b7261646975732e73746166662e756e692d6d6172627572672e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100e0d72a32
Attribute 79 (EAP-Message) length=255
Value: 19e77d16b4da30aa1ad81b6e519d843b76fe3da287b3b8813842f4d2bcd87f4cc2b7e74761e143483c3365e86c31291183286f98e179b96d2546931095e30fa88477642f81bdbdb8f2cd7472f355ad50e54bbf99a8ee6bfd40bad341f459eb299769f3318b453b0220cd316e7bf1b0ad042d9eed645c5a33221eb3ea45be78ed8bc5d1a5e689f3f1570096c13eb9f3db5b13af2178c10a538035b01104d623814079bc702298eaab4e73677f4d35b59098086cb0d6db67a4ad516dd13470c5c63f22a4a8d509d137c053106d714329b69873d983a187aaf54dd97f4038d0209ae4459197197b8810c21e2f5f2e83a3d228d3cb9164bf0f1354cccd1702
Attribute 79 (EAP-Message) length=247
Value: 03010001a38204663082046230570603551d200450304e3008060667810c010202300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c0101043010060e2b0601040181ad21822c010104073010060e2b0601040181ad21822c0201040730090603551d1304023000300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604145574a493dac77f8255c70d792c0b3cb0ccd89ae8301f0603551d230418301680146b3a988bf9f25389dae0adb2321e091fe8aa3b7430260603551d11041f301d821b7261646975732e7374
Attribute 80 (Message-Authenticator) length=18
Value: f62dd97a708a82709d8b1fc41e5126a4
Attribute 24 (State) length=18
Value: 435995b3415a8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=1004) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 3965
SSL: Need 2971 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f6920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 03 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020300061900
Attribute 24 (State) length=18
Value: 435995b3415a8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: bc676995a8ef8593bba0b31424a82925
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010403e819406166662e756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b0601050507300286
Attribute 79 (EAP-Message) length=255
Value: 3d687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274308201f5060a2b06010401d679020402048201e5048201e101df007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000172992ab1b200000403004830460221008dc4c351d9a68797636d58471e392be1508f341e36ba2798f872ea536e8c265c022100ef
Attribute 79 (EAP-Message) length=255
Value: 04f9ce54d1736f5ae748e20e1d023ebe57cacfe53fa16c03a604f3863d1f8600760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d4700000172992ab2e10000040300473045022100cb21983d40376aebb1b98c451d073cb9ca9358a55a120472541a7a12732a419f022047e8e27ca0939bda9ec7fb81c50de38a819023ab5e10b79fbc3d455188f8f71d0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000172992ab1d6000004030046304402206befe7e5d02cafc2de40e98c8da2094b6610ec1c5a135f63055cd0bf2635a582022076f60bbe0a6a07f7cd63fe73694a38
Attribute 79 (EAP-Message) length=243
Value: 39a46fd80a937e033669ae8021fdd3b8e20075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000172992ab2b9000004030046304402200b8f563e1cfe01f0ef34d4b31baa910d79583705f436ea1976b608915a374f50022062159a00bf971f6588fb0b7dcdd6d0eb9d11d028bad25b2d2d8eeca9ab3f768c300d06092a864886f70d01010b0500038201010064daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d398619046ed421aa916bcb9b05b493bcc66fe9ab90cc59f9fe5e333a78993f40b52c5c62c5ea213b19a7a303896b227674d1695fa41c6ec6fc30db64145
Attribute 80 (Message-Authenticator) length=18
Value: d3a021376b937456766566b25b350c87
Attribute 24 (State) length=18
Value: 435995b3405d8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 1977 bytes more input data
SSL: Building ACK (type=25 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f69f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020400061900
Attribute 24 (State) length=18
Value: 435995b3405d8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: c2ebf58043fee3c391d844aa65e1d692
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010503e81940169be707d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a75
Attribute 79 (EAP-Message) length=255
Value: 7220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136303532343131333834305a170d3331303232323233353935395a30818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b49
Attribute 79 (EAP-Message) length=255
Value: 3125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e6720434130820122300d06092a864886f70d01010105000382010f003082010a02820101009d3b791c47de1f86cbc669d7109e39d7d9a230db721c057f295f4b68f1ad19d64ce16b1bb10b7fa1abe07b8b8bd82dce6e883a10ee57e51e7f045136ebba706d63a0be962e40e1d1834c663d1c6469e59ba4ad72ae6839518779cc17d3ae2f5d63714b397aeb42a797906905bf90ffa44070bd03e7bf9e18881f9f99884d0e478d485f659910d2d92a49edc1b92d1d9f12cb15d33f7f1e542f3aae9357a77e78cad54ae21ae5ed417d535fc8b32af58a30aced1705
Attribute 79 (EAP-Message) length=243
Value: 243fb6a00b07fd4d1a9a0352a0369cde248765e4e7fac796732414cdd0e81b689e1859ae767ef7d10a783c874bb037cf53ca3a3810f3cb476d8c643d3c5a454abaca807cb8f3e7a74c4ccd0203010001a38202053082020130120603551d130101ff040830060101ff020101300e0603551d0f0101ff04040302010630290603551d2004223020300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c010104301d0603551d0e041604146b3a988bf9f25389dae0adb2321e091fe8aa3b74301f0603551d2304183016801493e3d83226dad5f14aa5914ae0ea4be2a20ccfe130818f0603551d1f0481
Attribute 80 (Message-Authenticator) length=18
Value: f60d7481dc3f8e9ccf59f474503190f2
Attribute 24 (State) length=18
Value: 435995b3475c8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 983 bytes more input data
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f6920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 05 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020500061900
Attribute 24 (State) length=18
Value: 435995b3475c8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: e95a9242c326c75b3c2d522f42530945
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1053 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=1053
Attribute 79 (EAP-Message) length=255
Value: 010603dd1900873081843040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c
Attribute 79 (EAP-Message) length=255
Value: 6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010b05000382010100817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3ff3f8df6b3877892c8db5ad3ec7f294cda006aebacca8b1ad3308b6248662364c786e50f0d56e608d4f523143974675f062e46e6651c142316750e549e7391ecb9fca8648de0814ff154b2b669ba0389f00cefda7ebd17f572dc84c5fdc101197
Attribute 79 (EAP-Message) length=255
Value: 3e9604025c84a829396c94fc1092067b9eeed846b41bb5030c38d9dcb0a93f71060bb2030733c28d486325253c7a7b576ef78a0538efb8a0ae2ff4db07d55b8418c1a9b84bce6c901a82e4b93dfa77f1d21f3302bf53e776f9dc2625416f2fa61bfaa41390fa7c7ed90b605decbfca41a061fb114929d8a82d7515d84a18ea16ef5534221a138d06160303014d0c00014903001741042fabe879bcb1f3dc44a62ad2e9a11b610d94d362467d1366e2e3bac49b816cb7758959213264b03c7082288c4d599c19f0654ee414f2b5e95a650be8c9233455080401009a85c1d4feaa5e9a7e4e7875498d285ffba94211acc115c36efa314f1ceb232d6c08ed
Attribute 79 (EAP-Message) length=232
Value: c7ee4e171bc58f159921a2f630ac19ace24c695344ed82fcbc44689948a9a1aa72b3c54b69f821b20d5087e012b52a90671050b69d41ac54816d8023dd7826358282068e2345b96511433828d38f406df4ed996cd3526a350a388b8e3abb18110f2bbfba50134bab39343bc8e9bd6687ade9759be6b10767e7394e5489db8962f40f99bae6a136710f135a2abaadc3d6f0f8497298468cc13cb36a0df9a21bfcb9227da5a12401b7cf5d0f2fa0626738832da8a15cad6d054a26056bb69ae1c65bfa3477b9eba39d9cbbf1019aaaf600894a475607643ce5c792c0112516030300040e000000
Attribute 80 (Message-Authenticator) length=18
Value: 5776c55e1b5f43ea9529f642343037ab
Attribute 24 (State) length=18
Value: 435995b3465f8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=989) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=989) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 5d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=93): 02 00 00 59 03 03 cf 6b 62 76 3d 2d 65 2a 6e 33 f1 e0 1a ad f1 ea 11 05 7f 46 f7 56 54 56 f0 dd a4 2e cd a7 79 0b 20 27 3e 86 18 29 c3 00 da 9e 83 81 1b a7 5d d5 bb cc 7a 24 67 59 31 52 b6 0f 07 05 30 d1 a4 ec ce c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 0d bb
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=3515): 0b 00 0d b7 00 0d b4 00 07 fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06
TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 1 for '/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA'
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA' err='unable to get local issuer certificate'
EAP: Status notification: remote certificate verification (param=unable to get local issuer certificate)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 15 03 03 00 02
OpenSSL: TX ver=0x303 content_type=21 (alert/)
OpenSSL: Message - hexdump(len=2): 02 30
SSL: (where=0x4008 ret=0x230)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
EAP: Status notification: local TLS alert (param=unknown CA)
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in error
OpenSSL: openssl_handshake - SSL_connect error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
SSL: 7 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: Failed - tls_out available to report error (len=7)
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP-PEAP: TLS processing failed
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL eapRespData=0x55fb7da0fe80
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=17)
TX EAP -> RADIUS - hexdump(len=17): 02 06 00 11 19 80 00 00 00 07 15 03 03 00 02 02 30
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=172
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=19
Value: 0206001119800000000715030300020230
Attribute 24 (State) length=18
Value: 435995b3465f8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: 2e2a919bf391cd046ef9fb7a6d5c1c87
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 44 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=6 length=44
Attribute 79 (EAP-Message) length=6
Value: 04060004
Attribute 80 (Message-Authenticator) length=18
Value: 450f6adf5bc192db81ccf5c9727b5384
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=4 id=6 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=0
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
::::::::::::::
eapol-peap-ok.txt
::::::::::::::
Reading configuration file 'peap-mschapv2.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=12):
65 78 61 6d 70 6c 65 2d 53 53 49 44 example-SSID
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
anonymous_identity - hexdump_ascii(len=28):
65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e eduroam at staff.un
69 2d 6d 61 72 62 75 72 67 2e 64 65 i-marburg.de
password - hexdump_ascii(len=8):
6e 6e 71 65 63 79 21 33 nnqecy!3
phase2 - hexdump_ascii(len=21):
61 75 74 68 3d 4d 53 43 48 41 50 56 32 20 72 65 auth=MSCHAPV2 re
74 72 79 3d 30 try=0
ca_cert - hexdump_ascii(len=47):
2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 54 /etc/ssl/certs/T
2d 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 -TeleSec_GlobalR
6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 70 65 6d oot_Class_2.pem
Priority group 0
id=0 ssid='example-SSID'
Authentication server 172.25.1.26:1812
RADIUS local address: 172.25.1.136:52428
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=28):
65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e eduroam at staff.un
69 2d 6d 61 72 62 75 72 67 2e 64 65 i-marburg.de
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=33)
TX EAP -> RADIUS - hexdump(len=33): 02 00 00 21 01 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=28): 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=170
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=35
Value: 0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
Attribute 80 (Message-Authenticator) length=18
Value: ce6c3dfe8375b0d4abd66b940eeb7970
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
Attribute 79 (EAP-Message) length=24
Value: 0101001604101a46c87f913c34524f452a0f479e3e78
Attribute 80 (Message-Authenticator) length=18
Value: 818d83eb716ffddd67a6610f232a2b3b
Attribute 24 (State) length=18
Value: 8659d3ba8658d7742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020100060319
Attribute 24 (State) length=18
Value: 8659d3ba8658d7742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 4b5726271fd8adb577958ab16496d479
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
Attribute 79 (EAP-Message) length=8
Value: 010200061920
Attribute 80 (Message-Authenticator) length=18
Value: 6d97b01d9d5a561b5b2b819b4427f3d4
Attribute 24 (State) length=18
Value: 8659d3ba875bca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e52100
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 02 00 c2 19 80 00 00 00 b8 16 03 01 00 b3 01 00 00 af 03 03 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=349
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=196
Value: 020200c21980000000b816030100b3010000af0303d198d0e87c5eb9659c57aa92b125e93fe5f0e5b392b57bf53cf3f5d05cf434a9000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
Attribute 24 (State) length=18
Value: 8659d3ba875bca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 7d2196129fec839f52a4e147213f6ded
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1068
Attribute 79 (EAP-Message) length=255
Value: 010303ec19c0000014921603030059020000550303b2e5269df7dbd65205bb613bfcd477a0a40d013bbf5ecd6341b80325558b769120fc4e2c413e1af6801508d908ee88d0f1fcb9dd044acbf3b0805a012a6125868ec03000000dff01000100000b00040300010216030312d40b0012d00012cd0007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e06
Attribute 79 (EAP-Message) length=255
Value: 0355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110300e06035504070c074d61726275726731263024060355040a0c1d5068696c697070732d556e69766572736974616574204d6172627572673124302206035504030c1b7261646975732e73746166662e756e692d6d6172627572672e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100e0d72a3219e77d16
Attribute 79 (EAP-Message) length=255
Value: b4da30aa1ad81b6e519d843b76fe3da287b3b8813842f4d2bcd87f4cc2b7e74761e143483c3365e86c31291183286f98e179b96d2546931095e30fa88477642f81bdbdb8f2cd7472f355ad50e54bbf99a8ee6bfd40bad341f459eb299769f3318b453b0220cd316e7bf1b0ad042d9eed645c5a33221eb3ea45be78ed8bc5d1a5e689f3f1570096c13eb9f3db5b13af2178c10a538035b01104d623814079bc702298eaab4e73677f4d35b59098086cb0d6db67a4ad516dd13470c5c63f22a4a8d509d137c053106d714329b69873d983a187aaf54dd97f4038d0209ae4459197197b8810c21e2f5f2e83a3d228d3cb9164bf0f1354cccd170203010001
Attribute 79 (EAP-Message) length=247
Value: a38204663082046230570603551d200450304e3008060667810c010202300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c0101043010060e2b0601040181ad21822c010104073010060e2b0601040181ad21822c0201040730090603551d1304023000300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604145574a493dac77f8255c70d792c0b3cb0ccd89ae8301f0603551d230418301680146b3a988bf9f25389dae0adb2321e091fe8aa3b7430260603551d11041f301d821b7261646975732e73746166662e
Attribute 80 (Message-Authenticator) length=18
Value: b25525362d0369b4547aa9a8426dd9df
Attribute 24 (State) length=18
Value: 8659d3ba845aca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=1004) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 5266
SSL: Need 4272 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 03 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020300061900
Attribute 24 (State) length=18
Value: 8659d3ba845aca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: ce25df95abdf403068ff07da116e1da7
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010403e81940756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b06010505073002863d687474
Attribute 79 (EAP-Message) length=255
Value: 703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274308201f5060a2b06010401d679020402048201e5048201e101df007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000172992ab1b200000403004830460221008dc4c351d9a68797636d58471e392be1508f341e36ba2798f872ea536e8c265c022100ef04f9ce54
Attribute 79 (EAP-Message) length=255
Value: d1736f5ae748e20e1d023ebe57cacfe53fa16c03a604f3863d1f8600760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d4700000172992ab2e10000040300473045022100cb21983d40376aebb1b98c451d073cb9ca9358a55a120472541a7a12732a419f022047e8e27ca0939bda9ec7fb81c50de38a819023ab5e10b79fbc3d455188f8f71d0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000172992ab1d6000004030046304402206befe7e5d02cafc2de40e98c8da2094b6610ec1c5a135f63055cd0bf2635a582022076f60bbe0a6a07f7cd63fe73694a3839a46fd8
Attribute 79 (EAP-Message) length=243
Value: 0a937e033669ae8021fdd3b8e20075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000172992ab2b9000004030046304402200b8f563e1cfe01f0ef34d4b31baa910d79583705f436ea1976b608915a374f50022062159a00bf971f6588fb0b7dcdd6d0eb9d11d028bad25b2d2d8eeca9ab3f768c300d06092a864886f70d01010b0500038201010064daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d398619046ed421aa916bcb9b05b493bcc66fe9ab90cc59f9fe5e333a78993f40b52c5c62c5ea213b19a7a303896b227674d1695fa41c6ec6fc30db64145169be707
Attribute 80 (Message-Authenticator) length=18
Value: 11a544ac90eb3c7a3733a7356931411a
Attribute 24 (State) length=18
Value: 8659d3ba855dca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 3278 bytes more input data
SSL: Building ACK (type=25 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e429f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020400061900
Attribute 24 (State) length=18
Value: 8659d3ba855dca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 7c9317044c6b99f78c24b26128946d87
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010503e81940d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f
Attribute 79 (EAP-Message) length=255
Value: 6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136303532343131333834305a170d3331303232323233353935395a30818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b4931253023
Attribute 79 (EAP-Message) length=255
Value: 06035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e6720434130820122300d06092a864886f70d01010105000382010f003082010a02820101009d3b791c47de1f86cbc669d7109e39d7d9a230db721c057f295f4b68f1ad19d64ce16b1bb10b7fa1abe07b8b8bd82dce6e883a10ee57e51e7f045136ebba706d63a0be962e40e1d1834c663d1c6469e59ba4ad72ae6839518779cc17d3ae2f5d63714b397aeb42a797906905bf90ffa44070bd03e7bf9e18881f9f99884d0e478d485f659910d2d92a49edc1b92d1d9f12cb15d33f7f1e542f3aae9357a77e78cad54ae21ae5ed417d535fc8b32af58a30aced1705243fb6a0
Attribute 79 (EAP-Message) length=243
Value: 0b07fd4d1a9a0352a0369cde248765e4e7fac796732414cdd0e81b689e1859ae767ef7d10a783c874bb037cf53ca3a3810f3cb476d8c643d3c5a454abaca807cb8f3e7a74c4ccd0203010001a38202053082020130120603551d130101ff040830060101ff020101300e0603551d0f0101ff04040302010630290603551d2004223020300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c010104301d0603551d0e041604146b3a988bf9f25389dae0adb2321e091fe8aa3b74301f0603551d2304183016801493e3d83226dad5f14aa5914ae0ea4be2a20ccfe130818f0603551d1f048187308184
Attribute 80 (Message-Authenticator) length=18
Value: 090faf01a6f95d53f72ef76d7abae7d8
Attribute 24 (State) length=18
Value: 8659d3ba825cca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 2284 bytes more input data
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 05 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020500061900
Attribute 24 (State) length=18
Value: 8659d3ba825cca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: d7bfc13e1af4a4380c56a62708fe45e9
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010603e819403040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c
Attribute 79 (EAP-Message) length=255
Value: 2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010b05000382010100817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3ff3f8df6b3877892c8db5ad3ec7f294cda006aebacca8b1ad3308b6248662364c786e50f0d56e608d4f523143974675f062e46e6651c142316750e549e7391ecb9fca8648de0814ff154b2b669ba0389f00cefda7ebd17f572dc84c5fdc1011973e960402
Attribute 79 (EAP-Message) length=255
Value: 5c84a829396c94fc1092067b9eeed846b41bb5030c38d9dcb0a93f71060bb2030733c28d486325253c7a7b576ef78a0538efb8a0ae2ff4db07d55b8418c1a9b84bce6c901a82e4b93dfa77f1d21f3302bf53e776f9dc2625416f2fa61bfaa41390fa7c7ed90b605decbfca41a061fb114929d8a82d7515d84a18ea16ef5534221a138d0600051630820512308203faa003020102020900e30bd5f8af25d981300d06092a864886f70d01010b0500308182310b3009060355040613024445312b3029060355040a0c22542d53797374656d7320456e746572707269736520536572766963657320476d6248311f301d060355040b0c16542d5379737465
Attribute 79 (EAP-Message) length=243
Value: 6d732054727573742043656e7465723125302306035504030c1c542d54656c6553656320476c6f62616c526f6f7420436c6173732032301e170d3136303232323133333832325a170d3331303232323233353935395a308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032308201
Attribute 80 (Message-Authenticator) length=18
Value: eecee037160991e0b79e1a5170f78106
Attribute 24 (State) length=18
Value: 8659d3ba835fca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 1290 bytes more input data
SSL: Building ACK (type=25 id=6 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 06 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020600061900
Attribute 24 (State) length=18
Value: 8659d3ba835fca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 5187338561c66f96db1a5a1cbd9df715
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010703e8194022300d06092a864886f70d01010105000382010f003082010a0282010100cb60d7ff66a141cdd2fa87978a73ab994dea67395aa1608047154e8c95b2e5cfced3574b8dcef8566c15557607ea46fdc80345633e70d4ab5480b1239cbe3728a909ff055d180fc4989937b320f666781787c29d0ecc4a32e7169dae0e8d297907002054dc155f4a96d778b634d3c174b59de9bfc0774deabd5907e05a2f6c3ca500dc35bd650d8f7f326df25a6a4b6201eeac38345945364905da78ca6a6d5bc0816b11ccd23ca88bf8711aca3be280dd16b4677a8b36ea4e91293db3515cada80cbe9d34e3d10d178375c4391eb0940b12f1d5698e25f4b8
Attribute 79 (EAP-Message) length=255
Value: 3d2bbfc08ec31e3ba5bf5510ab2aae17975e33cec8f3f40907e3028631466b01c5100c11c759e90203010001a382017430820170300e0603551d0f0101ff040403020106301d0603551d0e0416041493e3d83226dad5f14aa5914ae0ea4be2a20ccfe1301f0603551d23041830168014bf5920360079a0a0226b8cd5f261d2b82ccb824a30120603551d130101ff040830060101ff02010230330603551d20042c302a300f060d2b0601040181ad21822c010104300d060b2b0601040181ad21822c1e3008060667810c010202304c0603551d1f044530433041a03fa03d863b687474703a2f2f706b69303333362e74656c657365632e64652f726c2f
Attribute 79 (EAP-Message) length=255
Value: 54656c655365635f476c6f62616c526f6f745f436c6173735f322e63726c30818606082b06010505070101047a3078302c06082b060105050730018620687474703a2f2f6f637370303333362e74656c657365632e64652f6f63737072304806082b06010505073002863c687474703a2f2f706b69303333362e74656c657365632e64652f6372742f54656c655365635f476c6f62616c526f6f745f436c6173735f322e636572300d06092a864886f70d01010b05000382010100870bff3e029b65c8562dd63b9a988b714fdaba29aa21f9462ef5b2a40fae11387938b30e74ba765d9ee818829662db4c33e8ddf96adf32bd2c4c4760557fe7746bb4
Attribute 79 (EAP-Message) length=243
Value: 2c83d8796bb6b74d500b6607b5edb397adeaee7f30e699fd22e2724d3e845beef9cf99ea7fd752392eac9800447e693bbf75eed00b3b1acde5f70f226c4784f6a547a0fdd01a347dadd23d77b3eef4d74dffc3e8e5924f593e9047104ab08558c06f7ff8aeed08429e1ed4df142e4d8fbc9e94c3e7edf618f83c49e726a8a736d82cde22cd8b82d8d978e25512a33b8744b6110bd50c52af698c0f06dfd0a2538b57987bcffd0724f4fcbdc3fd4a9202971bf2b7b6cf658a1aa2b5721939160303014d0c00014903001741043f348c03eef602bc9e551e112b34e82b21642652fd2b7d7a64140bb503ce57dc5fb58a843e
Attribute 80 (Message-Authenticator) length=18
Value: 3f6dd5a9203b712894f93ef94bc0eab3
Attribute 24 (State) length=18
Value: 8659d3ba805eca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=7 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 296 bytes more input data
SSL: Building ACK (type=25 id=7 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 07 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020700061900
Attribute 24 (State) length=18
Value: 8659d3ba805eca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: ca615203bd5ee12536f26ca0fe352778
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 362 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=362
Attribute 79 (EAP-Message) length=255
Value: 0108012e190002ef707384347579fe668737fdbe6673ad209e4e2ceb8ae29e3d860401010028eb55440cbbb2adb28ac4e6f8c79e4ccf480f59ffdb87dd64f1cf669ddcd18526cc20d1648e971f4b293798f5d11a6638cb969448bae94e3a2277268f6fcd2952b476875097af194b17f5c218d406b5b0f0e29c9bef7038e5056c7e94c389c03025920520a378ae1528991aadd3b325a46212b0475b6cff869c1093509c92d6b5fe5338154b05a80285c3aec33ef29aa602499c6cab36c9a63915d098d088448d4762d2aeecb5da6a03733081e38b40e90d8a952163b2c584d896c43a470c1992053af97600e49062fed4d7c805aef915973deef5e6338d
Attribute 79 (EAP-Message) length=51
Value: 6bb9c35b11991705f6ce36c104e30a421639c2d484f47e76569fd9607e5aefa694d8b48b18034b2216030300040e000000
Attribute 80 (Message-Authenticator) length=18
Value: 99bdaf20f10d24deaad75377cf048117
Attribute 24 (State) length=18
Value: 8659d3ba8151ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=8 len=302) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=8 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=302) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=89): 02 00 00 55 03 03 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91 20 fc 4e 2c 41 3e 1a f6 80 15 08 d9 08 ee 88 d0 f1 fc b9 dd 04 4a cb f3 b0 80 5a 01 2a 61 25 86 8e c0 30 00 00 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 12 d4
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=4820): 0b 00 12 d0 00 12 cd 00 07 fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06 00 05 16 30 82 05 12 30 82 03 fa a0 03 02 01 02 02 09 00 e3 0b d5 f8 af 25 d9 81 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 82 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 2b 30 29 06 03 55 04 0a 0c 22 54 2d 53 79 73 74 65 6d 73 20 45 6e 74 65 72 70 72 69 73 65 20 53 65 72 76 69 63 65 73 20 47 6d 62 48 31 1f 30 1d 06 03 55 04 0b 0c 16 54 2d 53 79 73 74 65 6d 73 20 54 72 75 73 74 20 43 65 6e 74 65 72 31 25 30 23 06 03 55 04 03 0c 1c 54 2d 54 65 6c 65 53 65 63 20 47 6c 6f 62 61 6c 52 6f 6f 74 20 43 6c 61 73 73 20 32 30 1e 17 0d 31 36 30 32 32 32 31 33 33 38 32 32 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 cb 60 d7 ff 66 a1 41 cd d2 fa 87 97 8a 73 ab 99 4d ea 67 39 5a a1 60 80 47 15 4e 8c 95 b2 e5 cf ce d3 57 4b 8d ce f8 56 6c 15 55 76 07 ea 46 fd c8 03 45 63 3e 70 d4 ab 54 80 b1 23 9c be 37 28 a9 09 ff 05 5d 18 0f c4 98 99 37 b3 20 f6 66 78 17 87 c2 9d 0e cc 4a 32 e7 16 9d ae 0e 8d 29 79 07 00 20 54 dc 15 5f 4a 96 d7 78 b6 34 d3 c1 74 b5 9d e9 bf c0 77 4d ea bd 59 07 e0 5a 2f 6c 3c a5 00 dc 35 bd 65 0d 8f 7f 32 6d f2 5a 6a 4b 62 01 ee ac 38 34 59 45 36 49 05 da 78 ca 6a 6d 5b c0 81 6b 11 cc d2 3c a8 8b f8 71 1a ca 3b e2 80 dd 16 b4 67 7a 8b 36 ea 4e 91 29 3d b3 51 5c ad a8 0c be 9d 34 e3 d1 0d 17 83 75 c4 39 1e b0 94 0b 12 f1 d5 69 8e 25 f4 b8 3d 2b bf c0 8e c3 1e 3b a5 bf 55 10 ab 2a ae 17 97 5e 33 ce c8 f3 f4 09 07 e3 02 86 31 46 6b 01 c5 10 0c 11 c7 59 e9 02 03 01 00 01 a3 82 01 74 30 82 01 70 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 1d 06 03 55 1d 0e 04 16 04 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 bf 59 20 36 00 79 a0 a0 22 6b 8c d5 f2 61 d2 b8 2c cb 82 4a 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 02 30 33 06 03 55 1d 20 04 2c 30 2a 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 08 06 06 67 81 0c 01 02 02 30 4c 06 03 55 1d 1f 04 45 30 43 30 41 a0 3f a0 3d 86 3b 68 74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 72 6c 2f 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 63 72 6c 30 81 86 06 08 2b 06 01 05 05 07 01 01 04 7a 30 78 30 2c 06 08 2b 06 01 05 05 07 30 01 86 20 68 74 74 70 3a 2f 2f 6f 63 73 70 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 6f 63 73 70 72 30 48 06 08 2b 06 01 05 05 07 30 02 86 3c 68 74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 63 72 74 2f 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 63 65 72 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 87 0b ff 3e 02 9b 65 c8 56 2d d6 3b 9a 98 8b 71 4f da ba 29 aa 21 f9 46 2e f5 b2 a4 0f ae 11 38 79 38 b3 0e 74 ba 76 5d 9e e8 18 82 96 62 db 4c 33 e8 dd f9 6a df 32 bd 2c 4c 47 60 55 7f e7 74 6b b4 2c 83 d8 79 6b b6 b7 4d 50 0b 66 07 b5 ed b3 97 ad ea ee 7f 30 e6 99 fd 22 e2 72 4d 3e 84 5b ee f9 cf 99 ea 7f d7 52 39 2e ac 98 00 44 7e 69 3b bf 75 ee d0 0b 3b 1a cd e5 f7 0f 22 6c 47 84 f6 a5 47 a0 fd d0 1a 34 7d ad d2 3d 77 b3 ee f4 d7 4d ff c3 e8 e5 92 4f 59 3e 90 47 10 4a b0 85 58 c0 6f 7f f8 ae ed 08 42 9e 1e d4 df 14 2e 4d 8f bc 9e 94 c3 e7 ed f6 18 f8 3c 49 e7 26 a8 a7 36 d8 2c de 22 cd 8b 82 d8 d9 78 e2 55 12 a3 3b 87 44 b6 11 0b d5 0c 52 af 69 8c 0f 06 df d0 a2 53 8b 57 98 7b cf fd 07 24 f4 fc bd c3 fd 4a 92 02 97 1b f2 b7 b6 cf 65 8a 1a a2 b5 72 19 39
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=3 buf='/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2'
CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2' hash=91e2f5788d5810eba7ba58737de1548a8ecacd014598bc0b143e041b17052552
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=2 buf='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2'
CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2' hash=f660b0c256481cb2bfc67661c1ea8feee395b7141bcac36c36e04d08cd9e1582
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA' hash=1257aac2f4eeac6ca4942c2c83f0b67b41a3b47120c4d53429929513acad468c
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=DE/ST=Hessen/L=Marburg/O=Philipps-Universitaet Marburg/CN=radius.staff.uni-marburg.de'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=DE/ST=Hessen/L=Marburg/O=Philipps-Universitaet Marburg/CN=radius.staff.uni-marburg.de' hash=512277ef02d375ca58703510df80e8f4b61302fd68d66d022c693e6db3313cbb
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:radius.staff.uni-marburg.de
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 4d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=333): 0c 00 01 49 03 00 17 41 04 3f 34 8c 03 ee f6 02 bc 9e 55 1e 11 2b 34 e8 2b 21 64 26 52 fd 2b 7d 7a 64 14 0b b5 03 ce 57 dc 5f b5 8a 84 3e 02 ef 70 73 84 34 75 79 fe 66 87 37 fd be 66 73 ad 20 9e 4e 2c eb 8a e2 9e 3d 86 04 01 01 00 28 eb 55 44 0c bb b2 ad b2 8a c4 e6 f8 c7 9e 4c cf 48 0f 59 ff db 87 dd 64 f1 cf 66 9d dc d1 85 26 cc 20 d1 64 8e 97 1f 4b 29 37 98 f5 d1 1a 66 38 cb 96 94 48 ba e9 4e 3a 22 77 26 8f 6f cd 29 52 b4 76 87 50 97 af 19 4b 17 f5 c2 18 d4 06 b5 b0 f0 e2 9c 9b ef 70 38 e5 05 6c 7e 94 c3 89 c0 30 25 92 05 20 a3 78 ae 15 28 99 1a ad d3 b3 25 a4 62 12 b0 47 5b 6c ff 86 9c 10 93 50 9c 92 d6 b5 fe 53 38 15 4b 05 a8 02 85 c3 ae c3 3e f2 9a a6 02 49 9c 6c ab 36 c9 a6 39 15 d0 98 d0 88 44 8d 47 62 d2 ae ec b5 da 6a 03 73 30 81 e3 8b 40 e9 0d 8a 95 21 63 b2 c5 84 d8 96 c4 3a 47 0c 19 92 05 3a f9 76 00 e4 90 62 fe d4 d7 c8 05 ae f9 15 97 3d ee f5 e6 33 8d 6b b9 c3 5b 11 99 17 05 f6 ce 36 c1 04 e3 0a 42 16 39 c2 d4 84 f4 7e 76 56 9f d9 60 7e 5a ef a6 94 d8 b4 8b 18 03 4b 22
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 46
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=70): 10 00 00 42 41 04 98 2c f7 43 80 c6 25 d2 90 a2 f9 3b 67 df 23 80 4e 90 5e a6 39 6d bd 58 62 3f 2b 02 b0 46 b5 81 33 9a 88 b0 1d 81 f1 c9 53 86 21 f3 29 69 b9 a7 85 4f fc 96 b3 bc 2d bc 0e 86 1f e9 5d d4 5b 09
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c a6 57 5d 83 83 15 03 1e 94 fc 7c 24
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 126 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 126 bytes left to be sent out (of total 126 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e61b80
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=136)
TX EAP -> RADIUS - hexdump(len=136): 02 08 00 88 19 80 00 00 00 7e 16 03 03 00 46 10 00 00 42 41 04 98 2c f7 43 80 c6 25 d2 90 a2 f9 3b 67 df 23 80 4e 90 5e a6 39 6d bd 58 62 3f 2b 02 b0 46 b5 81 33 9a 88 b0 1d 81 f1 c9 53 86 21 f3 29 69 b9 a7 85 4f fc 96 b3 bc 2d bc 0e 86 1f e9 5d d4 5b 09 14 03 03 00 01 01 16 03 03 00 28 97 f0 4f 51 5c 98 88 f1 e0 91 05 9a ae 08 50 c6 15 b1 ab 04 5b ea cc e4 c3 c3 14 6f c6 cf 97 c5 5f 95 2e be 53 31 67 75
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=291
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=138
Value: 0208008819800000007e1603030046100000424104982cf74380c625d290a2f93b67df23804e905ea6396dbd58623f2b02b046b581339a88b01d81f1c9538621f32969b9a7854ffc96b3bc2dbc0e861fe95dd45b09140303000101160303002897f04f515c9888f1e091059aae0850c615b1ab045beacce4c3c3146fc6cf97c55f952ebe53316775
Attribute 24 (State) length=18
Value: 8659d3ba8151ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 30028ae566eea4672a1dcf8c16956301
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 115 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=8 length=115
Attribute 79 (EAP-Message) length=59
Value: 0109003919001403030001011603030028067f683ed7acc49822377aa7d5659fb1476cb22afc56a8ee019ab953255b9e5d8d3bf4af26cb4795
Attribute 80 (Message-Authenticator) length=18
Value: 172370a9074fc31973f95ad07b1c6f8c
Attribute 24 (State) length=18
Value: 8659d3ba8e50ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=9 len=57) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=9 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=57) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c fd 18 63 f8 1c 09 cd 26 ea cb 06 7d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1.2
SSL: No data to be sent out
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62 8f 20 7f 8e cb 7a 3b cf d5 57 ff d1 6f f4 99 ca 0f e7 8e 1c 06 3f 52 cb 57 a1 30 22 e9 12 70 18
EAP-PEAP: Derived Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
SSL: Building ACK (type=25 id=9 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e60790
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 09 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020900061900
Attribute 24 (State) length=18
Value: 8659d3ba8e50ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 7047b90ce0863c8f4f90167805a96d0a
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 98 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=9 length=98
Attribute 79 (EAP-Message) length=42
Value: 010a00281900170303001d067f683ed7acc499c6036298f33413dcf7800ace54109a8faa988a718c
Attribute 80 (Message-Authenticator) length=18
Value: ac7fb0da8b9be78740319956a6320633
Attribute 24 (State) length=18
Value: 8659d3ba8f53ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=10 len=40) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=10 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=40) - Flags 0x00
EAP-PEAP: received 34 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1d
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 0a 00 05 01
EAP-PEAP: received Phase 2: code=1 identifier=10 length=5
EAP-PEAP: Phase 2 Request: type=1
EAP: using real identity - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 0a 00 0b 01 70 61 75 6c 79 31
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1f
SSL: 36 bytes left to be sent out (of total 36 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e52d90
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=42)
TX EAP -> RADIUS - hexdump(len=42): 02 0a 00 2a 19 00 17 03 03 00 1f 97 f0 4f 51 5c 98 88 f2 86 27 a7 7f 27 b9 4f b2 d7 a9 12 9f 26 0b 11 84 da 87 6f 15 16 e5 05
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=10 length=197
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=44
Value: 020a002a1900170303001f97f04f515c9888f28627a77f27b94fb2d7a9129f260b1184da876f1516e505
Attribute 24 (State) length=18
Value: 8659d3ba8f53ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: b9d45d4aebaa4fa144b0f2f5d14005d8
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 132 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=10 length=132
Attribute 79 (EAP-Message) length=76
Value: 010b004a1900170303003f067f683ed7acc49a963bf310f166bb6e05658debb7fa1b483ec014422a51fecc233ac4b13d8cb49ab6092de1b97e3c96eaa06765e5cb0f04173e1c27e4c2a0
Attribute 80 (Message-Authenticator) length=18
Value: 2d0a4c8ec3029ca21ff5578012a37acb
Attribute 24 (State) length=18
Value: 8659d3ba8c52ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=11 len=74) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=11 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=74) - Flags 0x00
EAP-PEAP: received 68 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 3f
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=39): 1a 01 0b 00 26 10 f5 06 91 30 b0 13 c7 9a 9c d7 cb 5a 69 62 37 b6 66 72 65 65 72 61 64 69 75 73 2d 33 2e 30 2e 31 37
EAP-PEAP: received Phase 2: code=1 identifier=11 length=43
EAP-PEAP: Phase 2 Request: type=26
EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26
EAP-MSCHAPV2: RX identifier 11 mschapv2_id 11
EAP-MSCHAPV2: Received challenge
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=17):
66 72 65 65 72 61 64 69 75 73 2d 33 2e 30 2e 31 freeradius-3.0.1
37 7
EAP-MSCHAPV2: Generating Challenge Response
Get randomness: len=16 entropy=0
random from os_get_random - hexdump(len=16): a4 ff 00 d4 e2 1f 54 5c ec c0 ba 6a 9f 70 0d 40
random_mix_pool - hexdump(len=20): 0d b9 b1 bf 70 7c bd fa 8b 8c 0a 46 d8 96 87 a4 8e 89 0d 7d
random from internal pool - hexdump(len=16): 52 c7 66 0a bf 85 ed d3 d8 c1 5b 8c 5d 36 f0 8e
mixed random - hexdump(len=16): f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce
MSCHAPV2: Identity - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
MSCHAPV2: Username - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
MSCHAPV2: auth_challenge - hexdump(len=16): f5 06 91 30 b0 13 c7 9a 9c d7 cb 5a 69 62 37 b6
MSCHAPV2: peer_challenge - hexdump(len=16): f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce
MSCHAPV2: username - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
MSCHAPV2: password - hexdump_ascii(len=8):
6e 6e 71 65 63 79 21 33 nnqecy!3
MSCHAPV2: NT Response - hexdump(len=24): 61 e7 61 8f cd 9f 01 40 2e bb ec 65 34 17 9f f3 7e 96 84 62 7d 91 cd c8
MSCHAPV2: Auth Response - hexdump(len=20): 09 ab a3 3f a2 6d 1b b1 f6 70 33 ce 8c ff 64 36 df e7 35 8c
MSCHAPV2: Master Key - hexdump(len=16): 16 25 54 9e a5 b3 90 c1 1c ef b6 23 1c 70 ff dc
EAP-MSCHAPV2: TX identifier 11 mschapv2_id 11 (response)
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=65): 02 0b 00 41 1a 02 0b 00 3c 31 f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce 00 00 00 00 00 00 00 00 61 e7 61 8f cd 9f 01 40 2e bb ec 65 34 17 9f f3 7e 96 84 62 7d 91 cd c8 00 70 61 75 6c 79 31
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 55
SSL: 90 bytes left to be sent out (of total 90 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e56700
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=96)
TX EAP -> RADIUS - hexdump(len=96): 02 0b 00 60 19 00 17 03 03 00 55 97 f0 4f 51 5c 98 88 f3 dc 08 fe e0 ee 0c 43 62 c1 4e 44 fe aa 80 f6 6d a7 87 4c c7 0c e5 46 2c bc c8 b5 2b 24 76 d0 a5 17 69 f6 d1 de d0 95 e6 8d d8 16 4f 5f 31 1e 25 88 04 22 64 5b 3a 32 2b 14 a8 b3 77 f4 56 f8 51 a2 f5 88 60 c6 e7 55 b8 67 a8 d6 98 f8
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=11 length=251
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=98
Value: 020b00601900170303005597f04f515c9888f3dc08fee0ee0c4362c14e44feaa80f66da7874cc70ce5462cbcc8b52b2476d0a51769f6d1ded095e68dd8164f5f311e25880422645b3a322b14a8b377f456f851a2f58860c6e755b867a8d698f8
Attribute 24 (State) length=18
Value: 8659d3ba8c52ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 11c3720d2caab731d117c53199084405
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 140 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=11 length=140
Attribute 79 (EAP-Message) length=84
Value: 010c005219001703030047067f683ed7acc49b39940e6f006c1b0793edb7bb35da05601fcfd4b139d2beaa479187016a551559c1a2945f4e1b4d7354c40e3675c8fcc24e58c3e364fae42fe3e36372ed1904
Attribute 80 (Message-Authenticator) length=18
Value: 4c10ca5ac697777128a9100a86de68a3
Attribute 24 (State) length=18
Value: 8659d3ba8d55ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=12 len=82) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=12 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=82) - Flags 0x00
EAP-PEAP: received 76 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 47
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 1a 03 0b 00 2e 53 3d 30 39 41 42 41 33 33 46 41 32 36 44 31 42 42 31 46 36 37 30 33 33 43 45 38 43 46 46 36 34 33 36 44 46 45 37 33 35 38 43
EAP-PEAP: received Phase 2: code=1 identifier=12 length=51
EAP-PEAP: Phase 2 Request: type=26
EAP-MSCHAPV2: RX identifier 12 mschapv2_id 11
EAP-MSCHAPV2: Received success
EAP-MSCHAPV2: Success message - hexdump_ascii(len=0):
EAP-MSCHAPV2: Authentication succeeded
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): 02 0c 00 06 1a 03
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1a
SSL: 31 bytes left to be sent out (of total 31 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e56db0
EAP: Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=37)
TX EAP -> RADIUS - hexdump(len=37): 02 0c 00 25 19 00 17 03 03 00 1a 97 f0 4f 51 5c 98 88 f4 c4 3f 0b 50 9a fc 98 5c 90 e3 f7 e9 e1 04 45 8f 0d 06
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=12 length=192
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=39
Value: 020c00251900170303001a97f04f515c9888f4c43f0b509afc985c90e3f7e9e104458f0d06
Attribute 24 (State) length=18
Value: 8659d3ba8d55ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: ae55c5d02a3ac9490a9a31f5d53bf144
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 104 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=12 length=104
Attribute 79 (EAP-Message) length=48
Value: 010d002e19001703030023067f683ed7acc49cd72b975db3f7928ba098a01c63e0d1efefb16ba6305ac40cd70159
Attribute 80 (Message-Authenticator) length=18
Value: b6afe4336efc43ec0db0aa0ecb28e230
Attribute 24 (State) length=18
Value: 8659d3ba8a54ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=13 len=46) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=13 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=46) - Flags 0x00
EAP-PEAP: received 40 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 23
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 0d 00 0b 21 80 03 00 02 00 01
EAP-PEAP: received Phase 2: code=1 identifier=13 length=11
EAP-PEAP: Phase 2 Request: type=33
EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01
EAP-TLV: Result TLV - hexdump(len=2): 00 01
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 0d 00 0b 21 80 03 00 02 00 01
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 23
SSL: 40 bytes left to be sent out (of total 40 bytes)
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC eapRespData=0x562514e42570
EAP: Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=46)
TX EAP -> RADIUS - hexdump(len=46): 02 0d 00 2e 19 00 17 03 03 00 23 97 f0 4f 51 5c 98 88 f5 e9 9e 92 20 a3 70 45 2f cb cf 3f af d5 a3 e9 11 a9 2f 31 d7 d1 0d 49 3c e4 5c ea
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=13 length=201
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=48
Value: 020d002e1900170303002397f04f515c9888f5e99e9220a370452fcbcf3fafd5a3e911a92f31d7d10d493ce45cea
Attribute 24 (State) length=18
Value: 8659d3ba8a54ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 53237c64906b0574d3e87f75cda2a333
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 198 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=13 length=198
Attribute 26 (Vendor-Specific) length=58
Value: 000001371134e41c6a1a2f89b23c43c861e8e07df5c13873f44c536338c0c6d993fba3d58730fde680a64287d7f7c4c1c60c61345f2645b8
Attribute 26 (Vendor-Specific) length=58
Value: 000001371034ee6317f76bf680abb816c7662f95ac60db4ec4c708838d80a8a0f3ef54ad95ed46f03273847bbcaa16a85365eb5020e8d549
Attribute 79 (EAP-Message) length=6
Value: 030d0004
Attribute 80 (Message-Authenticator) length=18
Value: 3e8ff511f1fcf108a58ff23691775d2d
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 1 (User-Name) length=8
Value: 'pauly1'
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): 8f 20 7f 8e cb 7a 3b cf d5 57 ff d1 6f f4 99 ca 0f e7 8e 1c 06 3f 52 cb 57 a1 30 22 e9 12 70 18
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62
decapsulated EAP packet (code=3 id=13 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
Cancelling authentication timeout
State: DISCONNECTED -> COMPLETED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1 mismatch: 0
SUCCESS
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
-------------- next part --------------
Reading configuration file 'peap-mschapv2.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=12):
65 78 61 6d 70 6c 65 2d 53 53 49 44 example-SSID
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
anonymous_identity - hexdump_ascii(len=28):
65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e eduroam at staff.un
69 2d 6d 61 72 62 75 72 67 2e 64 65 i-marburg.de
password - hexdump_ascii(len=8):
6e 6e 71 65 63 79 21 33 nnqecy!3
phase2 - hexdump_ascii(len=21):
61 75 74 68 3d 4d 53 43 48 41 50 56 32 20 72 65 auth=MSCHAPV2 re
74 72 79 3d 30 try=0
ca_cert - hexdump_ascii(len=47):
2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 54 /etc/ssl/certs/T
2d 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 -TeleSec_GlobalR
6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 70 65 6d oot_Class_2.pem
Priority group 0
id=0 ssid='example-SSID'
Authentication server 127.0.0.1:1812
RADIUS local address: 127.0.0.1:39492
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=28):
65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e eduroam at staff.un
69 2d 6d 61 72 62 75 72 67 2e 64 65 i-marburg.de
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=33)
TX EAP -> RADIUS - hexdump(len=33): 02 00 00 21 01 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=28): 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=170
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=35
Value: 0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
Attribute 80 (Message-Authenticator) length=18
Value: 20bb9b3d7cd7d92343c8f99959601fad
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
Attribute 79 (EAP-Message) length=24
Value: 01010016041022b9694882c970fa14db9c560cd1e5b5
Attribute 80 (Message-Authenticator) length=18
Value: d5983042ba2890d2cc8f718d6e609b99
Attribute 24 (State) length=18
Value: 435995b343589192a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.02 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020100060319
Attribute 24 (State) length=18
Value: 435995b343589192a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: d28f469bf815eca41b2c30517f57dd51
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
Attribute 79 (EAP-Message) length=8
Value: 010200061920
Attribute 80 (Message-Authenticator) length=18
Value: 57dcc09150305a658943b7513f9b7aea
Attribute 24 (State) length=18
Value: 435995b3425b8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 ee ee 57 b5 52 be fa 72 cc c9 fa 0e af 21 fc 32 de 72 10 76 1a 8e fb 2f a4 92 14 0c 78 ae 42 37 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7da06100
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 02 00 c2 19 80 00 00 00 b8 16 03 01 00 b3 01 00 00 af 03 03 ee ee 57 b5 52 be fa 72 cc c9 fa 0e af 21 fc 32 de 72 10 76 1a 8e fb 2f a4 92 14 0c 78 ae 42 37 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=349
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=196
Value: 020200c21980000000b816030100b3010000af0303eeee57b552befa72ccc9fa0eaf21fc32de7210761a8efb2fa492140c78ae4237000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
Attribute 24 (State) length=18
Value: 435995b3425b8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: 8f8cbb5013fb0d917c0f82885de42077
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1068
Attribute 79 (EAP-Message) length=255
Value: 010303ec19c000000f7d160303005d020000590303cf6b62763d2d652a6e33f1e01aadf1ea11057f46f7565456f0dda42ecda7790b20273e861829c300da9e83811ba75dd5bbcc7a2467593152b60f070530d1a4eccec030000011ff01000100000b000403000102001700001603030dbb0b000db7000db40007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e31
Attribute 79 (EAP-Message) length=255
Value: 10300e060355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110300e06035504070c074d61726275726731263024060355040a0c1d5068696c697070732d556e69766572736974616574204d6172627572673124302206035504030c1b7261646975732e73746166662e756e692d6d6172627572672e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100e0d72a32
Attribute 79 (EAP-Message) length=255
Value: 19e77d16b4da30aa1ad81b6e519d843b76fe3da287b3b8813842f4d2bcd87f4cc2b7e74761e143483c3365e86c31291183286f98e179b96d2546931095e30fa88477642f81bdbdb8f2cd7472f355ad50e54bbf99a8ee6bfd40bad341f459eb299769f3318b453b0220cd316e7bf1b0ad042d9eed645c5a33221eb3ea45be78ed8bc5d1a5e689f3f1570096c13eb9f3db5b13af2178c10a538035b01104d623814079bc702298eaab4e73677f4d35b59098086cb0d6db67a4ad516dd13470c5c63f22a4a8d509d137c053106d714329b69873d983a187aaf54dd97f4038d0209ae4459197197b8810c21e2f5f2e83a3d228d3cb9164bf0f1354cccd1702
Attribute 79 (EAP-Message) length=247
Value: 03010001a38204663082046230570603551d200450304e3008060667810c010202300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c0101043010060e2b0601040181ad21822c010104073010060e2b0601040181ad21822c0201040730090603551d1304023000300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604145574a493dac77f8255c70d792c0b3cb0ccd89ae8301f0603551d230418301680146b3a988bf9f25389dae0adb2321e091fe8aa3b7430260603551d11041f301d821b7261646975732e7374
Attribute 80 (Message-Authenticator) length=18
Value: f62dd97a708a82709d8b1fc41e5126a4
Attribute 24 (State) length=18
Value: 435995b3415a8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=1004) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 3965
SSL: Need 2971 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f6920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 03 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020300061900
Attribute 24 (State) length=18
Value: 435995b3415a8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: bc676995a8ef8593bba0b31424a82925
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010403e819406166662e756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b0601050507300286
Attribute 79 (EAP-Message) length=255
Value: 3d687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274308201f5060a2b06010401d679020402048201e5048201e101df007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000172992ab1b200000403004830460221008dc4c351d9a68797636d58471e392be1508f341e36ba2798f872ea536e8c265c022100ef
Attribute 79 (EAP-Message) length=255
Value: 04f9ce54d1736f5ae748e20e1d023ebe57cacfe53fa16c03a604f3863d1f8600760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d4700000172992ab2e10000040300473045022100cb21983d40376aebb1b98c451d073cb9ca9358a55a120472541a7a12732a419f022047e8e27ca0939bda9ec7fb81c50de38a819023ab5e10b79fbc3d455188f8f71d0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000172992ab1d6000004030046304402206befe7e5d02cafc2de40e98c8da2094b6610ec1c5a135f63055cd0bf2635a582022076f60bbe0a6a07f7cd63fe73694a38
Attribute 79 (EAP-Message) length=243
Value: 39a46fd80a937e033669ae8021fdd3b8e20075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000172992ab2b9000004030046304402200b8f563e1cfe01f0ef34d4b31baa910d79583705f436ea1976b608915a374f50022062159a00bf971f6588fb0b7dcdd6d0eb9d11d028bad25b2d2d8eeca9ab3f768c300d06092a864886f70d01010b0500038201010064daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d398619046ed421aa916bcb9b05b493bcc66fe9ab90cc59f9fe5e333a78993f40b52c5c62c5ea213b19a7a303896b227674d1695fa41c6ec6fc30db64145
Attribute 80 (Message-Authenticator) length=18
Value: d3a021376b937456766566b25b350c87
Attribute 24 (State) length=18
Value: 435995b3405d8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 1977 bytes more input data
SSL: Building ACK (type=25 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f69f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020400061900
Attribute 24 (State) length=18
Value: 435995b3405d8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: c2ebf58043fee3c391d844aa65e1d692
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010503e81940169be707d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a75
Attribute 79 (EAP-Message) length=255
Value: 7220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136303532343131333834305a170d3331303232323233353935395a30818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b49
Attribute 79 (EAP-Message) length=255
Value: 3125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e6720434130820122300d06092a864886f70d01010105000382010f003082010a02820101009d3b791c47de1f86cbc669d7109e39d7d9a230db721c057f295f4b68f1ad19d64ce16b1bb10b7fa1abe07b8b8bd82dce6e883a10ee57e51e7f045136ebba706d63a0be962e40e1d1834c663d1c6469e59ba4ad72ae6839518779cc17d3ae2f5d63714b397aeb42a797906905bf90ffa44070bd03e7bf9e18881f9f99884d0e478d485f659910d2d92a49edc1b92d1d9f12cb15d33f7f1e542f3aae9357a77e78cad54ae21ae5ed417d535fc8b32af58a30aced1705
Attribute 79 (EAP-Message) length=243
Value: 243fb6a00b07fd4d1a9a0352a0369cde248765e4e7fac796732414cdd0e81b689e1859ae767ef7d10a783c874bb037cf53ca3a3810f3cb476d8c643d3c5a454abaca807cb8f3e7a74c4ccd0203010001a38202053082020130120603551d130101ff040830060101ff020101300e0603551d0f0101ff04040302010630290603551d2004223020300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c010104301d0603551d0e041604146b3a988bf9f25389dae0adb2321e091fe8aa3b74301f0603551d2304183016801493e3d83226dad5f14aa5914ae0ea4be2a20ccfe130818f0603551d1f0481
Attribute 80 (Message-Authenticator) length=18
Value: f60d7481dc3f8e9ccf59f474503190f2
Attribute 24 (State) length=18
Value: 435995b3475c8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 983 bytes more input data
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x55fb7d9f6920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 05 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020500061900
Attribute 24 (State) length=18
Value: 435995b3475c8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: e95a9242c326c75b3c2d522f42530945
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1053 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=1053
Attribute 79 (EAP-Message) length=255
Value: 010603dd1900873081843040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c
Attribute 79 (EAP-Message) length=255
Value: 6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010b05000382010100817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3ff3f8df6b3877892c8db5ad3ec7f294cda006aebacca8b1ad3308b6248662364c786e50f0d56e608d4f523143974675f062e46e6651c142316750e549e7391ecb9fca8648de0814ff154b2b669ba0389f00cefda7ebd17f572dc84c5fdc101197
Attribute 79 (EAP-Message) length=255
Value: 3e9604025c84a829396c94fc1092067b9eeed846b41bb5030c38d9dcb0a93f71060bb2030733c28d486325253c7a7b576ef78a0538efb8a0ae2ff4db07d55b8418c1a9b84bce6c901a82e4b93dfa77f1d21f3302bf53e776f9dc2625416f2fa61bfaa41390fa7c7ed90b605decbfca41a061fb114929d8a82d7515d84a18ea16ef5534221a138d06160303014d0c00014903001741042fabe879bcb1f3dc44a62ad2e9a11b610d94d362467d1366e2e3bac49b816cb7758959213264b03c7082288c4d599c19f0654ee414f2b5e95a650be8c9233455080401009a85c1d4feaa5e9a7e4e7875498d285ffba94211acc115c36efa314f1ceb232d6c08ed
Attribute 79 (EAP-Message) length=232
Value: c7ee4e171bc58f159921a2f630ac19ace24c695344ed82fcbc44689948a9a1aa72b3c54b69f821b20d5087e012b52a90671050b69d41ac54816d8023dd7826358282068e2345b96511433828d38f406df4ed996cd3526a350a388b8e3abb18110f2bbfba50134bab39343bc8e9bd6687ade9759be6b10767e7394e5489db8962f40f99bae6a136710f135a2abaadc3d6f0f8497298468cc13cb36a0df9a21bfcb9227da5a12401b7cf5d0f2fa0626738832da8a15cad6d054a26056bb69ae1c65bfa3477b9eba39d9cbbf1019aaaf600894a475607643ce5c792c0112516030300040e000000
Attribute 80 (Message-Authenticator) length=18
Value: 5776c55e1b5f43ea9529f642343037ab
Attribute 24 (State) length=18
Value: 435995b3465f8c92a34ccd3791eea009
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=989) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=989) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 5d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=93): 02 00 00 59 03 03 cf 6b 62 76 3d 2d 65 2a 6e 33 f1 e0 1a ad f1 ea 11 05 7f 46 f7 56 54 56 f0 dd a4 2e cd a7 79 0b 20 27 3e 86 18 29 c3 00 da 9e 83 81 1b a7 5d d5 bb cc 7a 24 67 59 31 52 b6 0f 07 05 30 d1 a4 ec ce c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 0d bb
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=3515): 0b 00 0d b7 00 0d b4 00 07 fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06
TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 1 for '/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA'
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA' err='unable to get local issuer certificate'
EAP: Status notification: remote certificate verification (param=unable to get local issuer certificate)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 15 03 03 00 02
OpenSSL: TX ver=0x303 content_type=21 (alert/)
OpenSSL: Message - hexdump(len=2): 02 30
SSL: (where=0x4008 ret=0x230)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
EAP: Status notification: local TLS alert (param=unknown CA)
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in error
OpenSSL: openssl_handshake - SSL_connect error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
SSL: 7 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: Failed - tls_out available to report error (len=7)
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP-PEAP: TLS processing failed
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL eapRespData=0x55fb7da0fe80
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=17)
TX EAP -> RADIUS - hexdump(len=17): 02 06 00 11 19 80 00 00 00 07 15 03 03 00 02 02 30
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=172
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=19
Value: 0206001119800000000715030300020230
Attribute 24 (State) length=18
Value: 435995b3465f8c92a34ccd3791eea009
Attribute 80 (Message-Authenticator) length=18
Value: 2e2a919bf391cd046ef9fb7a6d5c1c87
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 44 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=6 length=44
Attribute 79 (EAP-Message) length=6
Value: 04060004
Attribute 80 (Message-Authenticator) length=18
Value: 450f6adf5bc192db81ccf5c9727b5384
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=4 id=6 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=0
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
-------------- next part --------------
Reading configuration file 'peap-mschapv2.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=12):
65 78 61 6d 70 6c 65 2d 53 53 49 44 example-SSID
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
anonymous_identity - hexdump_ascii(len=28):
65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e eduroam at staff.un
69 2d 6d 61 72 62 75 72 67 2e 64 65 i-marburg.de
password - hexdump_ascii(len=8):
6e 6e 71 65 63 79 21 33 nnqecy!3
phase2 - hexdump_ascii(len=21):
61 75 74 68 3d 4d 53 43 48 41 50 56 32 20 72 65 auth=MSCHAPV2 re
74 72 79 3d 30 try=0
ca_cert - hexdump_ascii(len=47):
2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 54 /etc/ssl/certs/T
2d 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 -TeleSec_GlobalR
6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 70 65 6d oot_Class_2.pem
Priority group 0
id=0 ssid='example-SSID'
Authentication server 172.25.1.26:1812
RADIUS local address: 172.25.1.136:52428
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=28):
65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e eduroam at staff.un
69 2d 6d 61 72 62 75 72 67 2e 64 65 i-marburg.de
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=33)
TX EAP -> RADIUS - hexdump(len=33): 02 00 00 21 01 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=28): 65 64 75 72 6f 61 6d 40 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=170
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=35
Value: 0200002101656475726f616d4073746166662e756e692d6d6172627572672e6465
Attribute 80 (Message-Authenticator) length=18
Value: ce6c3dfe8375b0d4abd66b940eeb7970
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
Attribute 79 (EAP-Message) length=24
Value: 0101001604101a46c87f913c34524f452a0f479e3e78
Attribute 80 (Message-Authenticator) length=18
Value: 818d83eb716ffddd67a6610f232a2b3b
Attribute 24 (State) length=18
Value: 8659d3ba8658d7742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020100060319
Attribute 24 (State) length=18
Value: 8659d3ba8658d7742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 4b5726271fd8adb577958ab16496d479
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 64 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=64
Attribute 79 (EAP-Message) length=8
Value: 010200061920
Attribute 80 (Message-Authenticator) length=18
Value: 6d97b01d9d5a561b5b2b819b4427f3d4
Attribute 24 (State) length=18
Value: 8659d3ba875bca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e52100
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 02 00 c2 19 80 00 00 00 b8 16 03 01 00 b3 01 00 00 af 03 03 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=349
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=196
Value: 020200c21980000000b816030100b3010000af0303d198d0e87c5eb9659c57aa92b125e93fe5f0e5b392b57bf53cf3f5d05cf434a9000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
Attribute 24 (State) length=18
Value: 8659d3ba875bca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 7d2196129fec839f52a4e147213f6ded
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1068 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1068
Attribute 79 (EAP-Message) length=255
Value: 010303ec19c0000014921603030059020000550303b2e5269df7dbd65205bb613bfcd477a0a40d013bbf5ecd6341b80325558b769120fc4e2c413e1af6801508d908ee88d0f1fcb9dd044acbf3b0805a012a6125868ec03000000dff01000100000b00040300010216030312d40b0012d00012cd0007fe308207fa308206e2a003020102020c22ff0567818198c00178abea300d06092a864886f70d01010b050030818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e06
Attribute 79 (EAP-Message) length=255
Value: 0355040b0c0744464e2d504b493125302306035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e67204341301e170d3230303630393133303030395a170d3232303931313133303030395a307e310b3009060355040613024445310f300d06035504080c0648657373656e3110300e06035504070c074d61726275726731263024060355040a0c1d5068696c697070732d556e69766572736974616574204d6172627572673124302206035504030c1b7261646975732e73746166662e756e692d6d6172627572672e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100e0d72a3219e77d16
Attribute 79 (EAP-Message) length=255
Value: b4da30aa1ad81b6e519d843b76fe3da287b3b8813842f4d2bcd87f4cc2b7e74761e143483c3365e86c31291183286f98e179b96d2546931095e30fa88477642f81bdbdb8f2cd7472f355ad50e54bbf99a8ee6bfd40bad341f459eb299769f3318b453b0220cd316e7bf1b0ad042d9eed645c5a33221eb3ea45be78ed8bc5d1a5e689f3f1570096c13eb9f3db5b13af2178c10a538035b01104d623814079bc702298eaab4e73677f4d35b59098086cb0d6db67a4ad516dd13470c5c63f22a4a8d509d137c053106d714329b69873d983a187aaf54dd97f4038d0209ae4459197197b8810c21e2f5f2e83a3d228d3cb9164bf0f1354cccd170203010001
Attribute 79 (EAP-Message) length=247
Value: a38204663082046230570603551d200450304e3008060667810c010202300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c0101043010060e2b0601040181ad21822c010104073010060e2b0601040181ad21822c0201040730090603551d1304023000300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030206082b06010505070301301d0603551d0e041604145574a493dac77f8255c70d792c0b3cb0ccd89ae8301f0603551d230418301680146b3a988bf9f25389dae0adb2321e091fe8aa3b7430260603551d11041f301d821b7261646975732e73746166662e
Attribute 80 (Message-Authenticator) length=18
Value: b25525362d0369b4547aa9a8426dd9df
Attribute 24 (State) length=18
Value: 8659d3ba845aca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=1004) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1004) - Flags 0xc0
SSL: TLS Message Length: 5266
SSL: Need 4272 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 03 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020300061900
Attribute 24 (State) length=18
Value: 8659d3ba845aca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: ce25df95abdf403068ff07da116e1da7
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010403e81940756e692d6d6172627572672e646530818d0603551d1f048185308182303fa03da03b8639687474703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c303fa03da03b8639687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f63726c2f636163726c2e63726c3081db06082b060105050701010481ce3081cb303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304906082b06010505073002863d687474
Attribute 79 (EAP-Message) length=255
Value: 703a2f2f636470312e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274304906082b06010505073002863d687474703a2f2f636470322e7063612e64666e2e64652f64666e2d63612d676c6f62616c2d67322f7075622f6361636572742f6361636572742e637274308201f5060a2b06010401d679020402048201e5048201e101df007700bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000172992ab1b200000403004830460221008dc4c351d9a68797636d58471e392be1508f341e36ba2798f872ea536e8c265c022100ef04f9ce54
Attribute 79 (EAP-Message) length=255
Value: d1736f5ae748e20e1d023ebe57cacfe53fa16c03a604f3863d1f8600760046a555eb75fa912030b5a28969f4f37d112c4174befd49b885abf2fc70fe6d4700000172992ab2e10000040300473045022100cb21983d40376aebb1b98c451d073cb9ca9358a55a120472541a7a12732a419f022047e8e27ca0939bda9ec7fb81c50de38a819023ab5e10b79fbc3d455188f8f71d0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000172992ab1d6000004030046304402206befe7e5d02cafc2de40e98c8da2094b6610ec1c5a135f63055cd0bf2635a582022076f60bbe0a6a07f7cd63fe73694a3839a46fd8
Attribute 79 (EAP-Message) length=243
Value: 0a937e033669ae8021fdd3b8e20075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000172992ab2b9000004030046304402200b8f563e1cfe01f0ef34d4b31baa910d79583705f436ea1976b608915a374f50022062159a00bf971f6588fb0b7dcdd6d0eb9d11d028bad25b2d2d8eeca9ab3f768c300d06092a864886f70d01010b0500038201010064daeebb8fe3dedcd5de2e605133b23996eaa15f87d585d398619046ed421aa916bcb9b05b493bcc66fe9ab90cc59f9fe5e333a78993f40b52c5c62c5ea213b19a7a303896b227674d1695fa41c6ec6fc30db64145169be707
Attribute 80 (Message-Authenticator) length=18
Value: 11a544ac90eb3c7a3733a7356931411a
Attribute 24 (State) length=18
Value: 8659d3ba855dca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 3278 bytes more input data
SSL: Building ACK (type=25 id=4 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e429f0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020400061900
Attribute 24 (State) length=18
Value: 8659d3ba855dca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 7c9317044c6b99f78c24b26128946d87
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010503e81940d1b0c2aadf3ae929833698e036e102053f75fe2fa385b8fbe9acca86c813ad0482fbc2633fa4e597dcf5f8db83a6de79efb612964b798def929285842f3dc628e4868ebc9b3a7eeb75b10eb72e0230225eb017d437e6983a35bc4e15e15c07e63f2124b5af9f50f861445bc2111da8eec482322cd775795203375dc30819d7c14ace621f57996f8e6a728a62ad21b69aa99f0e5e6bd6261837d967af89bb4a003baa5caa1254fd0005b0308205ac30820494a00302010202071b63bad01e2c3d300d06092a864886f70d01010b0500308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f
Attribute 79 (EAP-Message) length=255
Value: 6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032301e170d3136303532343131333834305a170d3331303232323233353935395a30818d310b300906035504061302444531453043060355040a0c3c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b0c0744464e2d504b4931253023
Attribute 79 (EAP-Message) length=255
Value: 06035504030c1c44464e2d56657265696e20476c6f62616c2049737375696e6720434130820122300d06092a864886f70d01010105000382010f003082010a02820101009d3b791c47de1f86cbc669d7109e39d7d9a230db721c057f295f4b68f1ad19d64ce16b1bb10b7fa1abe07b8b8bd82dce6e883a10ee57e51e7f045136ebba706d63a0be962e40e1d1834c663d1c6469e59ba4ad72ae6839518779cc17d3ae2f5d63714b397aeb42a797906905bf90ffa44070bd03e7bf9e18881f9f99884d0e478d485f659910d2d92a49edc1b92d1d9f12cb15d33f7f1e542f3aae9357a77e78cad54ae21ae5ed417d535fc8b32af58a30aced1705243fb6a0
Attribute 79 (EAP-Message) length=243
Value: 0b07fd4d1a9a0352a0369cde248765e4e7fac796732414cdd0e81b689e1859ae767ef7d10a783c874bb037cf53ca3a3810f3cb476d8c643d3c5a454abaca807cb8f3e7a74c4ccd0203010001a38202053082020130120603551d130101ff040830060101ff020101300e0603551d0f0101ff04040302010630290603551d2004223020300d060b2b0601040181ad21822c1e300f060d2b0601040181ad21822c010104301d0603551d0e041604146b3a988bf9f25389dae0adb2321e091fe8aa3b74301f0603551d2304183016801493e3d83226dad5f14aa5914ae0ea4be2a20ccfe130818f0603551d1f048187308184
Attribute 80 (Message-Authenticator) length=18
Value: 090faf01a6f95d53f72ef76d7abae7d8
Attribute 24 (State) length=18
Value: 8659d3ba825cca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 2284 bytes more input data
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 05 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020500061900
Attribute 24 (State) length=18
Value: 8659d3ba825cca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: d7bfc13e1af4a4380c56a62708fe45e9
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010603e819403040a03ea03c863a687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3040a03ea03c863a687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f63726c2f636163726c2e63726c3081dd06082b060105050701010481d03081cd303306082b060105050730018627687474703a2f2f6f6373702e7063612e64666e2e64652f4f4353502d5365727665722f4f435350304a06082b06010505073002863e687474703a2f2f636470312e7063612e64666e2e64652f676c6f62616c
Attribute 79 (EAP-Message) length=255
Value: 2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274304a06082b06010505073002863e687474703a2f2f636470322e7063612e64666e2e64652f676c6f62616c2d726f6f742d67322d63612f7075622f6361636572742f6361636572742e637274300d06092a864886f70d01010b05000382010100817845a44ea47f0e55f009b16a3e78cc6835a91cf3959e3ff3f8df6b3877892c8db5ad3ec7f294cda006aebacca8b1ad3308b6248662364c786e50f0d56e608d4f523143974675f062e46e6651c142316750e549e7391ecb9fca8648de0814ff154b2b669ba0389f00cefda7ebd17f572dc84c5fdc1011973e960402
Attribute 79 (EAP-Message) length=255
Value: 5c84a829396c94fc1092067b9eeed846b41bb5030c38d9dcb0a93f71060bb2030733c28d486325253c7a7b576ef78a0538efb8a0ae2ff4db07d55b8418c1a9b84bce6c901a82e4b93dfa77f1d21f3302bf53e776f9dc2625416f2fa61bfaa41390fa7c7ed90b605decbfca41a061fb114929d8a82d7515d84a18ea16ef5534221a138d0600051630820512308203faa003020102020900e30bd5f8af25d981300d06092a864886f70d01010b0500308182310b3009060355040613024445312b3029060355040a0c22542d53797374656d7320456e746572707269736520536572766963657320476d6248311f301d060355040b0c16542d5379737465
Attribute 79 (EAP-Message) length=243
Value: 6d732054727573742043656e7465723125302306035504030c1c542d54656c6553656320476c6f62616c526f6f7420436c6173732032301e170d3136303232323133333832325a170d3331303232323233353935395a308195310b300906035504061302444531453043060355040a133c56657265696e207a757220466f6572646572756e672065696e65732044657574736368656e20466f72736368756e67736e65747a657320652e20562e3110300e060355040b130744464e2d504b49312d302b0603550403132444464e2d56657265696e2043657274696669636174696f6e20417574686f726974792032308201
Attribute 80 (Message-Authenticator) length=18
Value: eecee037160991e0b79e1a5170f78106
Attribute 24 (State) length=18
Value: 8659d3ba835fca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 1290 bytes more input data
SSL: Building ACK (type=25 id=6 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 06 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020600061900
Attribute 24 (State) length=18
Value: 8659d3ba835fca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 5187338561c66f96db1a5a1cbd9df715
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1064 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=1064
Attribute 79 (EAP-Message) length=255
Value: 010703e8194022300d06092a864886f70d01010105000382010f003082010a0282010100cb60d7ff66a141cdd2fa87978a73ab994dea67395aa1608047154e8c95b2e5cfced3574b8dcef8566c15557607ea46fdc80345633e70d4ab5480b1239cbe3728a909ff055d180fc4989937b320f666781787c29d0ecc4a32e7169dae0e8d297907002054dc155f4a96d778b634d3c174b59de9bfc0774deabd5907e05a2f6c3ca500dc35bd650d8f7f326df25a6a4b6201eeac38345945364905da78ca6a6d5bc0816b11ccd23ca88bf8711aca3be280dd16b4677a8b36ea4e91293db3515cada80cbe9d34e3d10d178375c4391eb0940b12f1d5698e25f4b8
Attribute 79 (EAP-Message) length=255
Value: 3d2bbfc08ec31e3ba5bf5510ab2aae17975e33cec8f3f40907e3028631466b01c5100c11c759e90203010001a382017430820170300e0603551d0f0101ff040403020106301d0603551d0e0416041493e3d83226dad5f14aa5914ae0ea4be2a20ccfe1301f0603551d23041830168014bf5920360079a0a0226b8cd5f261d2b82ccb824a30120603551d130101ff040830060101ff02010230330603551d20042c302a300f060d2b0601040181ad21822c010104300d060b2b0601040181ad21822c1e3008060667810c010202304c0603551d1f044530433041a03fa03d863b687474703a2f2f706b69303333362e74656c657365632e64652f726c2f
Attribute 79 (EAP-Message) length=255
Value: 54656c655365635f476c6f62616c526f6f745f436c6173735f322e63726c30818606082b06010505070101047a3078302c06082b060105050730018620687474703a2f2f6f637370303333362e74656c657365632e64652f6f63737072304806082b06010505073002863c687474703a2f2f706b69303333362e74656c657365632e64652f6372742f54656c655365635f476c6f62616c526f6f745f436c6173735f322e636572300d06092a864886f70d01010b05000382010100870bff3e029b65c8562dd63b9a988b714fdaba29aa21f9462ef5b2a40fae11387938b30e74ba765d9ee818829662db4c33e8ddf96adf32bd2c4c4760557fe7746bb4
Attribute 79 (EAP-Message) length=243
Value: 2c83d8796bb6b74d500b6607b5edb397adeaee7f30e699fd22e2724d3e845beef9cf99ea7fd752392eac9800447e693bbf75eed00b3b1acde5f70f226c4784f6a547a0fdd01a347dadd23d77b3eef4d74dffc3e8e5924f593e9047104ab08558c06f7ff8aeed08429e1ed4df142e4d8fbc9e94c3e7edf618f83c49e726a8a736d82cde22cd8b82d8d978e25512a33b8744b6110bd50c52af698c0f06dfd0a2538b57987bcffd0724f4fcbdc3fd4a9202971bf2b7b6cf658a1aa2b5721939160303014d0c00014903001741043f348c03eef602bc9e551e112b34e82b21642652fd2b7d7a64140bb503ce57dc5fb58a843e
Attribute 80 (Message-Authenticator) length=18
Value: 3f6dd5a9203b712894f93ef94bc0eab3
Attribute 24 (State) length=18
Value: 8659d3ba805eca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=7 len=1000) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1000) - Flags 0x40
SSL: Need 296 bytes more input data
SSL: Building ACK (type=25 id=7 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e42920
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 07 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020700061900
Attribute 24 (State) length=18
Value: 8659d3ba805eca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: ca615203bd5ee12536f26ca0fe352778
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 362 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=362
Attribute 79 (EAP-Message) length=255
Value: 0108012e190002ef707384347579fe668737fdbe6673ad209e4e2ceb8ae29e3d860401010028eb55440cbbb2adb28ac4e6f8c79e4ccf480f59ffdb87dd64f1cf669ddcd18526cc20d1648e971f4b293798f5d11a6638cb969448bae94e3a2277268f6fcd2952b476875097af194b17f5c218d406b5b0f0e29c9bef7038e5056c7e94c389c03025920520a378ae1528991aadd3b325a46212b0475b6cff869c1093509c92d6b5fe5338154b05a80285c3aec33ef29aa602499c6cab36c9a63915d098d088448d4762d2aeecb5da6a03733081e38b40e90d8a952163b2c584d896c43a470c1992053af97600e49062fed4d7c805aef915973deef5e6338d
Attribute 79 (EAP-Message) length=51
Value: 6bb9c35b11991705f6ce36c104e30a421639c2d484f47e76569fd9607e5aefa694d8b48b18034b2216030300040e000000
Attribute 80 (Message-Authenticator) length=18
Value: 99bdaf20f10d24deaad75377cf048117
Attribute 24 (State) length=18
Value: 8659d3ba8151ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=8 len=302) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=8 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=302) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=89): 02 00 00 55 03 03 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91 20 fc 4e 2c 41 3e 1a f6 80 15 08 d9 08 ee 88 d0 f1 fc b9 dd 04 4a cb f3 b0 80 5a 01 2a 61 25 86 8e c0 30 00 00 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 12 d4
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=4820): 0b 00 12 d0 00 12 cd 00 07 fe 30 82 07 fa 30 82 06 e2 a0 03 02 01 02 02 0c 22 ff 05 67 81 81 98 c0 01 78 ab ea 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 1e 17 0d 32 30 30 36 30 39 31 33 30 30 30 39 5a 17 0d 32 32 30 39 31 31 31 33 30 30 30 39 5a 30 7e 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 0f 30 0d 06 03 55 04 08 0c 06 48 65 73 73 65 6e 31 10 30 0e 06 03 55 04 07 0c 07 4d 61 72 62 75 72 67 31 26 30 24 06 03 55 04 0a 0c 1d 50 68 69 6c 69 70 70 73 2d 55 6e 69 76 65 72 73 69 74 61 65 74 20 4d 61 72 62 75 72 67 31 24 30 22 06 03 55 04 03 0c 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e0 d7 2a 32 19 e7 7d 16 b4 da 30 aa 1a d8 1b 6e 51 9d 84 3b 76 fe 3d a2 87 b3 b8 81 38 42 f4 d2 bc d8 7f 4c c2 b7 e7 47 61 e1 43 48 3c 33 65 e8 6c 31 29 11 83 28 6f 98 e1 79 b9 6d 25 46 93 10 95 e3 0f a8 84 77 64 2f 81 bd bd b8 f2 cd 74 72 f3 55 ad 50 e5 4b bf 99 a8 ee 6b fd 40 ba d3 41 f4 59 eb 29 97 69 f3 31 8b 45 3b 02 20 cd 31 6e 7b f1 b0 ad 04 2d 9e ed 64 5c 5a 33 22 1e b3 ea 45 be 78 ed 8b c5 d1 a5 e6 89 f3 f1 57 00 96 c1 3e b9 f3 db 5b 13 af 21 78 c1 0a 53 80 35 b0 11 04 d6 23 81 40 79 bc 70 22 98 ea ab 4e 73 67 7f 4d 35 b5 90 98 08 6c b0 d6 db 67 a4 ad 51 6d d1 34 70 c5 c6 3f 22 a4 a8 d5 09 d1 37 c0 53 10 6d 71 43 29 b6 98 73 d9 83 a1 87 aa f5 4d d9 7f 40 38 d0 20 9a e4 45 91 97 19 7b 88 10 c2 1e 2f 5f 2e 83 a3 d2 28 d3 cb 91 64 bf 0f 13 54 cc cd 17 02 03 01 00 01 a3 82 04 66 30 82 04 62 30 57 06 03 55 1d 20 04 50 30 4e 30 08 06 06 67 81 0c 01 02 02 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 07 30 10 06 0e 2b 06 01 04 01 81 ad 21 82 2c 02 01 04 07 30 09 06 03 55 1d 13 04 02 30 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 1d 06 03 55 1d 0e 04 16 04 14 55 74 a4 93 da c7 7f 82 55 c7 0d 79 2c 0b 3c b0 cc d8 9a e8 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 72 61 64 69 75 73 2e 73 74 61 66 66 2e 75 6e 69 2d 6d 61 72 62 75 72 67 2e 64 65 30 81 8d 06 03 55 1d 1f 04 81 85 30 81 82 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 3f a0 3d a0 3b 86 39 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 db 06 08 2b 06 01 05 05 07 01 01 04 81 ce 30 81 cb 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 49 06 08 2b 06 01 05 05 07 30 02 86 3d 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 64 66 6e 2d 63 61 2d 67 6c 6f 62 61 6c 2d 67 32 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 82 01 f5 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 82 01 e5 04 82 01 e1 01 df 00 77 00 bb d9 df bc 1f 8a 71 b5 93 94 23 97 aa 92 7b 47 38 57 95 0a ab 52 e8 1a 90 96 64 36 8e 1e d1 85 00 00 01 72 99 2a b1 b2 00 00 04 03 00 48 30 46 02 21 00 8d c4 c3 51 d9 a6 87 97 63 6d 58 47 1e 39 2b e1 50 8f 34 1e 36 ba 27 98 f8 72 ea 53 6e 8c 26 5c 02 21 00 ef 04 f9 ce 54 d1 73 6f 5a e7 48 e2 0e 1d 02 3e be 57 ca cf e5 3f a1 6c 03 a6 04 f3 86 3d 1f 86 00 76 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70 fe 6d 47 00 00 01 72 99 2a b2 e1 00 00 04 03 00 47 30 45 02 21 00 cb 21 98 3d 40 37 6a eb b1 b9 8c 45 1d 07 3c b9 ca 93 58 a5 5a 12 04 72 54 1a 7a 12 73 2a 41 9f 02 20 47 e8 e2 7c a0 93 9b da 9e c7 fb 81 c5 0d e3 8a 81 90 23 ab 5e 10 b7 9f bc 3d 45 51 88 f8 f7 1d 00 75 00 6f 53 76 ac 31 f0 31 19 d8 99 00 a4 51 15 ff 77 15 1c 11 d9 02 c1 00 29 06 8d b2 08 9a 37 d9 13 00 00 01 72 99 2a b1 d6 00 00 04 03 00 46 30 44 02 20 6b ef e7 e5 d0 2c af c2 de 40 e9 8c 8d a2 09 4b 66 10 ec 1c 5a 13 5f 63 05 5c d0 bf 26 35 a5 82 02 20 76 f6 0b be 0a 6a 07 f7 cd 63 fe 73 69 4a 38 39 a4 6f d8 0a 93 7e 03 36 69 ae 80 21 fd d3 b8 e2 00 75 00 55 81 d4 c2 16 90 36 01 4a ea 0b 9b 57 3c 53 f0 c0 e4 38 78 70 25 08 17 2f a3 aa 1d 07 13 d3 0c 00 00 01 72 99 2a b2 b9 00 00 04 03 00 46 30 44 02 20 0b 8f 56 3e 1c fe 01 f0 ef 34 d4 b3 1b aa 91 0d 79 58 37 05 f4 36 ea 19 76 b6 08 91 5a 37 4f 50 02 20 62 15 9a 00 bf 97 1f 65 88 fb 0b 7d cd d6 d0 eb 9d 11 d0 28 ba d2 5b 2d 2d 8e ec a9 ab 3f 76 8c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 64 da ee bb 8f e3 de dc d5 de 2e 60 51 33 b2 39 96 ea a1 5f 87 d5 85 d3 98 61 90 46 ed 42 1a a9 16 bc b9 b0 5b 49 3b cc 66 fe 9a b9 0c c5 9f 9f e5 e3 33 a7 89 93 f4 0b 52 c5 c6 2c 5e a2 13 b1 9a 7a 30 38 96 b2 27 67 4d 16 95 fa 41 c6 ec 6f c3 0d b6 41 45 16 9b e7 07 d1 b0 c2 aa df 3a e9 29 83 36 98 e0 36 e1 02 05 3f 75 fe 2f a3 85 b8 fb e9 ac ca 86 c8 13 ad 04 82 fb c2 63 3f a4 e5 97 dc f5 f8 db 83 a6 de 79 ef b6 12 96 4b 79 8d ef 92 92 85 84 2f 3d c6 28 e4 86 8e bc 9b 3a 7e eb 75 b1 0e b7 2e 02 30 22 5e b0 17 d4 37 e6 98 3a 35 bc 4e 15 e1 5c 07 e6 3f 21 24 b5 af 9f 50 f8 61 44 5b c2 11 1d a8 ee c4 82 32 2c d7 75 79 52 03 37 5d c3 08 19 d7 c1 4a ce 62 1f 57 99 6f 8e 6a 72 8a 62 ad 21 b6 9a a9 9f 0e 5e 6b d6 26 18 37 d9 67 af 89 bb 4a 00 3b aa 5c aa 12 54 fd 00 05 b0 30 82 05 ac 30 82 04 94 a0 03 02 01 02 02 07 1b 63 ba d0 1e 2c 3d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 1e 17 0d 31 36 30 35 32 34 31 31 33 38 34 30 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 8d 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 0c 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 0c 07 44 46 4e 2d 50 4b 49 31 25 30 23 06 03 55 04 03 0c 1c 44 46 4e 2d 56 65 72 65 69 6e 20 47 6c 6f 62 61 6c 20 49 73 73 75 69 6e 67 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9d 3b 79 1c 47 de 1f 86 cb c6 69 d7 10 9e 39 d7 d9 a2 30 db 72 1c 05 7f 29 5f 4b 68 f1 ad 19 d6 4c e1 6b 1b b1 0b 7f a1 ab e0 7b 8b 8b d8 2d ce 6e 88 3a 10 ee 57 e5 1e 7f 04 51 36 eb ba 70 6d 63 a0 be 96 2e 40 e1 d1 83 4c 66 3d 1c 64 69 e5 9b a4 ad 72 ae 68 39 51 87 79 cc 17 d3 ae 2f 5d 63 71 4b 39 7a eb 42 a7 97 90 69 05 bf 90 ff a4 40 70 bd 03 e7 bf 9e 18 88 1f 9f 99 88 4d 0e 47 8d 48 5f 65 99 10 d2 d9 2a 49 ed c1 b9 2d 1d 9f 12 cb 15 d3 3f 7f 1e 54 2f 3a ae 93 57 a7 7e 78 ca d5 4a e2 1a e5 ed 41 7d 53 5f c8 b3 2a f5 8a 30 ac ed 17 05 24 3f b6 a0 0b 07 fd 4d 1a 9a 03 52 a0 36 9c de 24 87 65 e4 e7 fa c7 96 73 24 14 cd d0 e8 1b 68 9e 18 59 ae 76 7e f7 d1 0a 78 3c 87 4b b0 37 cf 53 ca 3a 38 10 f3 cb 47 6d 8c 64 3d 3c 5a 45 4a ba ca 80 7c b8 f3 e7 a7 4c 4c cd 02 03 01 00 01 a3 82 02 05 30 82 02 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 01 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 29 06 03 55 1d 20 04 22 30 20 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 1d 06 03 55 1d 0e 04 16 04 14 6b 3a 98 8b f9 f2 53 89 da e0 ad b2 32 1e 09 1f e8 aa 3b 74 30 1f 06 03 55 1d 23 04 18 30 16 80 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 81 8f 06 03 55 1d 1f 04 81 87 30 81 84 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 40 a0 3e a0 3c 86 3a 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 72 6c 2f 63 61 63 72 6c 2e 63 72 6c 30 81 dd 06 08 2b 06 01 05 05 07 01 01 04 81 d0 30 81 cd 30 33 06 08 2b 06 01 05 05 07 30 01 86 27 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 4f 43 53 50 2d 53 65 72 76 65 72 2f 4f 43 53 50 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 31 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 63 64 70 32 2e 70 63 61 2e 64 66 6e 2e 64 65 2f 67 6c 6f 62 61 6c 2d 72 6f 6f 74 2d 67 32 2d 63 61 2f 70 75 62 2f 63 61 63 65 72 74 2f 63 61 63 65 72 74 2e 63 72 74 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 81 78 45 a4 4e a4 7f 0e 55 f0 09 b1 6a 3e 78 cc 68 35 a9 1c f3 95 9e 3f f3 f8 df 6b 38 77 89 2c 8d b5 ad 3e c7 f2 94 cd a0 06 ae ba cc a8 b1 ad 33 08 b6 24 86 62 36 4c 78 6e 50 f0 d5 6e 60 8d 4f 52 31 43 97 46 75 f0 62 e4 6e 66 51 c1 42 31 67 50 e5 49 e7 39 1e cb 9f ca 86 48 de 08 14 ff 15 4b 2b 66 9b a0 38 9f 00 ce fd a7 eb d1 7f 57 2d c8 4c 5f dc 10 11 97 3e 96 04 02 5c 84 a8 29 39 6c 94 fc 10 92 06 7b 9e ee d8 46 b4 1b b5 03 0c 38 d9 dc b0 a9 3f 71 06 0b b2 03 07 33 c2 8d 48 63 25 25 3c 7a 7b 57 6e f7 8a 05 38 ef b8 a0 ae 2f f4 db 07 d5 5b 84 18 c1 a9 b8 4b ce 6c 90 1a 82 e4 b9 3d fa 77 f1 d2 1f 33 02 bf 53 e7 76 f9 dc 26 25 41 6f 2f a6 1b fa a4 13 90 fa 7c 7e d9 0b 60 5d ec bf ca 41 a0 61 fb 11 49 29 d8 a8 2d 75 15 d8 4a 18 ea 16 ef 55 34 22 1a 13 8d 06 00 05 16 30 82 05 12 30 82 03 fa a0 03 02 01 02 02 09 00 e3 0b d5 f8 af 25 d9 81 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 82 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 2b 30 29 06 03 55 04 0a 0c 22 54 2d 53 79 73 74 65 6d 73 20 45 6e 74 65 72 70 72 69 73 65 20 53 65 72 76 69 63 65 73 20 47 6d 62 48 31 1f 30 1d 06 03 55 04 0b 0c 16 54 2d 53 79 73 74 65 6d 73 20 54 72 75 73 74 20 43 65 6e 74 65 72 31 25 30 23 06 03 55 04 03 0c 1c 54 2d 54 65 6c 65 53 65 63 20 47 6c 6f 62 61 6c 52 6f 6f 74 20 43 6c 61 73 73 20 32 30 1e 17 0d 31 36 30 32 32 32 31 33 33 38 32 32 5a 17 0d 33 31 30 32 32 32 32 33 35 39 35 39 5a 30 81 95 31 0b 30 09 06 03 55 04 06 13 02 44 45 31 45 30 43 06 03 55 04 0a 13 3c 56 65 72 65 69 6e 20 7a 75 72 20 46 6f 65 72 64 65 72 75 6e 67 20 65 69 6e 65 73 20 44 65 75 74 73 63 68 65 6e 20 46 6f 72 73 63 68 75 6e 67 73 6e 65 74 7a 65 73 20 65 2e 20 56 2e 31 10 30 0e 06 03 55 04 0b 13 07 44 46 4e 2d 50 4b 49 31 2d 30 2b 06 03 55 04 03 13 24 44 46 4e 2d 56 65 72 65 69 6e 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 20 32 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 cb 60 d7 ff 66 a1 41 cd d2 fa 87 97 8a 73 ab 99 4d ea 67 39 5a a1 60 80 47 15 4e 8c 95 b2 e5 cf ce d3 57 4b 8d ce f8 56 6c 15 55 76 07 ea 46 fd c8 03 45 63 3e 70 d4 ab 54 80 b1 23 9c be 37 28 a9 09 ff 05 5d 18 0f c4 98 99 37 b3 20 f6 66 78 17 87 c2 9d 0e cc 4a 32 e7 16 9d ae 0e 8d 29 79 07 00 20 54 dc 15 5f 4a 96 d7 78 b6 34 d3 c1 74 b5 9d e9 bf c0 77 4d ea bd 59 07 e0 5a 2f 6c 3c a5 00 dc 35 bd 65 0d 8f 7f 32 6d f2 5a 6a 4b 62 01 ee ac 38 34 59 45 36 49 05 da 78 ca 6a 6d 5b c0 81 6b 11 cc d2 3c a8 8b f8 71 1a ca 3b e2 80 dd 16 b4 67 7a 8b 36 ea 4e 91 29 3d b3 51 5c ad a8 0c be 9d 34 e3 d1 0d 17 83 75 c4 39 1e b0 94 0b 12 f1 d5 69 8e 25 f4 b8 3d 2b bf c0 8e c3 1e 3b a5 bf 55 10 ab 2a ae 17 97 5e 33 ce c8 f3 f4 09 07 e3 02 86 31 46 6b 01 c5 10 0c 11 c7 59 e9 02 03 01 00 01 a3 82 01 74 30 82 01 70 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 1d 06 03 55 1d 0e 04 16 04 14 93 e3 d8 32 26 da d5 f1 4a a5 91 4a e0 ea 4b e2 a2 0c cf e1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 bf 59 20 36 00 79 a0 a0 22 6b 8c d5 f2 61 d2 b8 2c cb 82 4a 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 02 30 33 06 03 55 1d 20 04 2c 30 2a 30 0f 06 0d 2b 06 01 04 01 81 ad 21 82 2c 01 01 04 30 0d 06 0b 2b 06 01 04 01 81 ad 21 82 2c 1e 30 08 06 06 67 81 0c 01 02 02 30 4c 06 03 55 1d 1f 04 45 30 43 30 41 a0 3f a0 3d 86 3b 68 74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 72 6c 2f 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 63 72 6c 30 81 86 06 08 2b 06 01 05 05 07 01 01 04 7a 30 78 30 2c 06 08 2b 06 01 05 05 07 30 01 86 20 68 74 74 70 3a 2f 2f 6f 63 73 70 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 6f 63 73 70 72 30 48 06 08 2b 06 01 05 05 07 30 02 86 3c 68 74 74 70 3a 2f 2f 70 6b 69 30 33 33 36 2e 74 65 6c 65 73 65 63 2e 64 65 2f 63 72 74 2f 54 65 6c 65 53 65 63 5f 47 6c 6f 62 61 6c 52 6f 6f 74 5f 43 6c 61 73 73 5f 32 2e 63 65 72 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 87 0b ff 3e 02 9b 65 c8 56 2d d6 3b 9a 98 8b 71 4f da ba 29 aa 21 f9 46 2e f5 b2 a4 0f ae 11 38 79 38 b3 0e 74 ba 76 5d 9e e8 18 82 96 62 db 4c 33 e8 dd f9 6a df 32 bd 2c 4c 47 60 55 7f e7 74 6b b4 2c 83 d8 79 6b b6 b7 4d 50 0b 66 07 b5 ed b3 97 ad ea ee 7f 30 e6 99 fd 22 e2 72 4d 3e 84 5b ee f9 cf 99 ea 7f d7 52 39 2e ac 98 00 44 7e 69 3b bf 75 ee d0 0b 3b 1a cd e5 f7 0f 22 6c 47 84 f6 a5 47 a0 fd d0 1a 34 7d ad d2 3d 77 b3 ee f4 d7 4d ff c3 e8 e5 92 4f 59 3e 90 47 10 4a b0 85 58 c0 6f 7f f8 ae ed 08 42 9e 1e d4 df 14 2e 4d 8f bc 9e 94 c3 e7 ed f6 18 f8 3c 49 e7 26 a8 a7 36 d8 2c de 22 cd 8b 82 d8 d9 78 e2 55 12 a3 3b 87 44 b6 11 0b d5 0c 52 af 69 8c 0f 06 df d0 a2 53 8b 57 98 7b cf fd 07 24 f4 fc bd c3 fd 4a 92 02 97 1b f2 b7 b6 cf 65 8a 1a a2 b5 72 19 39
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=3 buf='/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2'
CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2' hash=91e2f5788d5810eba7ba58737de1548a8ecacd014598bc0b143e041b17052552
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=2 buf='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2'
CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2' hash=f660b0c256481cb2bfc67661c1ea8feee395b7141bcac36c36e04d08cd9e1582
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Global Issuing CA' hash=1257aac2f4eeac6ca4942c2c83f0b67b41a3b47120c4d53429929513acad468c
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=DE/ST=Hessen/L=Marburg/O=Philipps-Universitaet Marburg/CN=radius.staff.uni-marburg.de'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=DE/ST=Hessen/L=Marburg/O=Philipps-Universitaet Marburg/CN=radius.staff.uni-marburg.de' hash=512277ef02d375ca58703510df80e8f4b61302fd68d66d022c693e6db3313cbb
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:radius.staff.uni-marburg.de
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 4d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=333): 0c 00 01 49 03 00 17 41 04 3f 34 8c 03 ee f6 02 bc 9e 55 1e 11 2b 34 e8 2b 21 64 26 52 fd 2b 7d 7a 64 14 0b b5 03 ce 57 dc 5f b5 8a 84 3e 02 ef 70 73 84 34 75 79 fe 66 87 37 fd be 66 73 ad 20 9e 4e 2c eb 8a e2 9e 3d 86 04 01 01 00 28 eb 55 44 0c bb b2 ad b2 8a c4 e6 f8 c7 9e 4c cf 48 0f 59 ff db 87 dd 64 f1 cf 66 9d dc d1 85 26 cc 20 d1 64 8e 97 1f 4b 29 37 98 f5 d1 1a 66 38 cb 96 94 48 ba e9 4e 3a 22 77 26 8f 6f cd 29 52 b4 76 87 50 97 af 19 4b 17 f5 c2 18 d4 06 b5 b0 f0 e2 9c 9b ef 70 38 e5 05 6c 7e 94 c3 89 c0 30 25 92 05 20 a3 78 ae 15 28 99 1a ad d3 b3 25 a4 62 12 b0 47 5b 6c ff 86 9c 10 93 50 9c 92 d6 b5 fe 53 38 15 4b 05 a8 02 85 c3 ae c3 3e f2 9a a6 02 49 9c 6c ab 36 c9 a6 39 15 d0 98 d0 88 44 8d 47 62 d2 ae ec b5 da 6a 03 73 30 81 e3 8b 40 e9 0d 8a 95 21 63 b2 c5 84 d8 96 c4 3a 47 0c 19 92 05 3a f9 76 00 e4 90 62 fe d4 d7 c8 05 ae f9 15 97 3d ee f5 e6 33 8d 6b b9 c3 5b 11 99 17 05 f6 ce 36 c1 04 e3 0a 42 16 39 c2 d4 84 f4 7e 76 56 9f d9 60 7e 5a ef a6 94 d8 b4 8b 18 03 4b 22
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 46
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=70): 10 00 00 42 41 04 98 2c f7 43 80 c6 25 d2 90 a2 f9 3b 67 df 23 80 4e 90 5e a6 39 6d bd 58 62 3f 2b 02 b0 46 b5 81 33 9a 88 b0 1d 81 f1 c9 53 86 21 f3 29 69 b9 a7 85 4f fc 96 b3 bc 2d bc 0e 86 1f e9 5d d4 5b 09
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c a6 57 5d 83 83 15 03 1e 94 fc 7c 24
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 126 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 126 bytes left to be sent out (of total 126 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e61b80
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=136)
TX EAP -> RADIUS - hexdump(len=136): 02 08 00 88 19 80 00 00 00 7e 16 03 03 00 46 10 00 00 42 41 04 98 2c f7 43 80 c6 25 d2 90 a2 f9 3b 67 df 23 80 4e 90 5e a6 39 6d bd 58 62 3f 2b 02 b0 46 b5 81 33 9a 88 b0 1d 81 f1 c9 53 86 21 f3 29 69 b9 a7 85 4f fc 96 b3 bc 2d bc 0e 86 1f e9 5d d4 5b 09 14 03 03 00 01 01 16 03 03 00 28 97 f0 4f 51 5c 98 88 f1 e0 91 05 9a ae 08 50 c6 15 b1 ab 04 5b ea cc e4 c3 c3 14 6f c6 cf 97 c5 5f 95 2e be 53 31 67 75
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=291
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=138
Value: 0208008819800000007e1603030046100000424104982cf74380c625d290a2f93b67df23804e905ea6396dbd58623f2b02b046b581339a88b01d81f1c9538621f32969b9a7854ffc96b3bc2dbc0e861fe95dd45b09140303000101160303002897f04f515c9888f1e091059aae0850c615b1ab045beacce4c3c3146fc6cf97c55f952ebe53316775
Attribute 24 (State) length=18
Value: 8659d3ba8151ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 30028ae566eea4672a1dcf8c16956301
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 115 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=8 length=115
Attribute 79 (EAP-Message) length=59
Value: 0109003919001403030001011603030028067f683ed7acc49822377aa7d5659fb1476cb22afc56a8ee019ab953255b9e5d8d3bf4af26cb4795
Attribute 80 (Message-Authenticator) length=18
Value: 172370a9074fc31973f95ad07b1c6f8c
Attribute 24 (State) length=18
Value: 8659d3ba8e50ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=9 len=57) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=9 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=57) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c fd 18 63 f8 1c 09 cd 26 ea cb 06 7d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1.2
SSL: No data to be sent out
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62 8f 20 7f 8e cb 7a 3b cf d5 57 ff d1 6f f4 99 ca 0f e7 8e 1c 06 3f 52 cb 57 a1 30 22 e9 12 70 18
EAP-PEAP: Derived Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
SSL: Building ACK (type=25 id=9 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e60790
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 09 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=161
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 020900061900
Attribute 24 (State) length=18
Value: 8659d3ba8e50ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 7047b90ce0863c8f4f90167805a96d0a
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 98 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=9 length=98
Attribute 79 (EAP-Message) length=42
Value: 010a00281900170303001d067f683ed7acc499c6036298f33413dcf7800ace54109a8faa988a718c
Attribute 80 (Message-Authenticator) length=18
Value: ac7fb0da8b9be78740319956a6320633
Attribute 24 (State) length=18
Value: 8659d3ba8f53ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=10 len=40) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=10 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=40) - Flags 0x00
EAP-PEAP: received 34 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1d
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 0a 00 05 01
EAP-PEAP: received Phase 2: code=1 identifier=10 length=5
EAP-PEAP: Phase 2 Request: type=1
EAP: using real identity - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 0a 00 0b 01 70 61 75 6c 79 31
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1f
SSL: 36 bytes left to be sent out (of total 36 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e52d90
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=42)
TX EAP -> RADIUS - hexdump(len=42): 02 0a 00 2a 19 00 17 03 03 00 1f 97 f0 4f 51 5c 98 88 f2 86 27 a7 7f 27 b9 4f b2 d7 a9 12 9f 26 0b 11 84 da 87 6f 15 16 e5 05
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=10 length=197
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=44
Value: 020a002a1900170303001f97f04f515c9888f28627a77f27b94fb2d7a9129f260b1184da876f1516e505
Attribute 24 (State) length=18
Value: 8659d3ba8f53ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: b9d45d4aebaa4fa144b0f2f5d14005d8
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 132 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=10 length=132
Attribute 79 (EAP-Message) length=76
Value: 010b004a1900170303003f067f683ed7acc49a963bf310f166bb6e05658debb7fa1b483ec014422a51fecc233ac4b13d8cb49ab6092de1b97e3c96eaa06765e5cb0f04173e1c27e4c2a0
Attribute 80 (Message-Authenticator) length=18
Value: 2d0a4c8ec3029ca21ff5578012a37acb
Attribute 24 (State) length=18
Value: 8659d3ba8c52ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=11 len=74) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=11 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=74) - Flags 0x00
EAP-PEAP: received 68 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 3f
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=39): 1a 01 0b 00 26 10 f5 06 91 30 b0 13 c7 9a 9c d7 cb 5a 69 62 37 b6 66 72 65 65 72 61 64 69 75 73 2d 33 2e 30 2e 31 37
EAP-PEAP: received Phase 2: code=1 identifier=11 length=43
EAP-PEAP: Phase 2 Request: type=26
EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26
EAP-MSCHAPV2: RX identifier 11 mschapv2_id 11
EAP-MSCHAPV2: Received challenge
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=17):
66 72 65 65 72 61 64 69 75 73 2d 33 2e 30 2e 31 freeradius-3.0.1
37 7
EAP-MSCHAPV2: Generating Challenge Response
Get randomness: len=16 entropy=0
random from os_get_random - hexdump(len=16): a4 ff 00 d4 e2 1f 54 5c ec c0 ba 6a 9f 70 0d 40
random_mix_pool - hexdump(len=20): 0d b9 b1 bf 70 7c bd fa 8b 8c 0a 46 d8 96 87 a4 8e 89 0d 7d
random from internal pool - hexdump(len=16): 52 c7 66 0a bf 85 ed d3 d8 c1 5b 8c 5d 36 f0 8e
mixed random - hexdump(len=16): f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce
MSCHAPV2: Identity - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
MSCHAPV2: Username - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
MSCHAPV2: auth_challenge - hexdump(len=16): f5 06 91 30 b0 13 c7 9a 9c d7 cb 5a 69 62 37 b6
MSCHAPV2: peer_challenge - hexdump(len=16): f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce
MSCHAPV2: username - hexdump_ascii(len=6):
70 61 75 6c 79 31 pauly1
MSCHAPV2: password - hexdump_ascii(len=8):
6e 6e 71 65 63 79 21 33 nnqecy!3
MSCHAPV2: NT Response - hexdump(len=24): 61 e7 61 8f cd 9f 01 40 2e bb ec 65 34 17 9f f3 7e 96 84 62 7d 91 cd c8
MSCHAPV2: Auth Response - hexdump(len=20): 09 ab a3 3f a2 6d 1b b1 f6 70 33 ce 8c ff 64 36 df e7 35 8c
MSCHAPV2: Master Key - hexdump(len=16): 16 25 54 9e a5 b3 90 c1 1c ef b6 23 1c 70 ff dc
EAP-MSCHAPV2: TX identifier 11 mschapv2_id 11 (response)
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=65): 02 0b 00 41 1a 02 0b 00 3c 31 f6 38 66 de 5d 9a b9 8f 34 01 e1 e6 c2 46 fd ce 00 00 00 00 00 00 00 00 61 e7 61 8f cd 9f 01 40 2e bb ec 65 34 17 9f f3 7e 96 84 62 7d 91 cd c8 00 70 61 75 6c 79 31
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 55
SSL: 90 bytes left to be sent out (of total 90 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e56700
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=96)
TX EAP -> RADIUS - hexdump(len=96): 02 0b 00 60 19 00 17 03 03 00 55 97 f0 4f 51 5c 98 88 f3 dc 08 fe e0 ee 0c 43 62 c1 4e 44 fe aa 80 f6 6d a7 87 4c c7 0c e5 46 2c bc c8 b5 2b 24 76 d0 a5 17 69 f6 d1 de d0 95 e6 8d d8 16 4f 5f 31 1e 25 88 04 22 64 5b 3a 32 2b 14 a8 b3 77 f4 56 f8 51 a2 f5 88 60 c6 e7 55 b8 67 a8 d6 98 f8
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=11 length=251
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=98
Value: 020b00601900170303005597f04f515c9888f3dc08fee0ee0c4362c14e44feaa80f66da7874cc70ce5462cbcc8b52b2476d0a51769f6d1ded095e68dd8164f5f311e25880422645b3a322b14a8b377f456f851a2f58860c6e755b867a8d698f8
Attribute 24 (State) length=18
Value: 8659d3ba8c52ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 11c3720d2caab731d117c53199084405
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 140 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=11 length=140
Attribute 79 (EAP-Message) length=84
Value: 010c005219001703030047067f683ed7acc49b39940e6f006c1b0793edb7bb35da05601fcfd4b139d2beaa479187016a551559c1a2945f4e1b4d7354c40e3675c8fcc24e58c3e364fae42fe3e36372ed1904
Attribute 80 (Message-Authenticator) length=18
Value: 4c10ca5ac697777128a9100a86de68a3
Attribute 24 (State) length=18
Value: 8659d3ba8d55ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=12 len=82) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=12 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=82) - Flags 0x00
EAP-PEAP: received 76 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 47
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 1a 03 0b 00 2e 53 3d 30 39 41 42 41 33 33 46 41 32 36 44 31 42 42 31 46 36 37 30 33 33 43 45 38 43 46 46 36 34 33 36 44 46 45 37 33 35 38 43
EAP-PEAP: received Phase 2: code=1 identifier=12 length=51
EAP-PEAP: Phase 2 Request: type=26
EAP-MSCHAPV2: RX identifier 12 mschapv2_id 11
EAP-MSCHAPV2: Received success
EAP-MSCHAPV2: Success message - hexdump_ascii(len=0):
EAP-MSCHAPV2: Authentication succeeded
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): 02 0c 00 06 1a 03
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 1a
SSL: 31 bytes left to be sent out (of total 31 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x562514e56db0
EAP: Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=37)
TX EAP -> RADIUS - hexdump(len=37): 02 0c 00 25 19 00 17 03 03 00 1a 97 f0 4f 51 5c 98 88 f4 c4 3f 0b 50 9a fc 98 5c 90 e3 f7 e9 e1 04 45 8f 0d 06
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=12 length=192
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=39
Value: 020c00251900170303001a97f04f515c9888f4c43f0b509afc985c90e3f7e9e104458f0d06
Attribute 24 (State) length=18
Value: 8659d3ba8d55ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: ae55c5d02a3ac9490a9a31f5d53bf144
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 104 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=12 length=104
Attribute 79 (EAP-Message) length=48
Value: 010d002e19001703030023067f683ed7acc49cd72b975db3f7928ba098a01c63e0d1efefb16ba6305ac40cd70159
Attribute 80 (Message-Authenticator) length=18
Value: b6afe4336efc43ec0db0aa0ecb28e230
Attribute 24 (State) length=18
Value: 8659d3ba8a54ca742ac5b4f76ef4e085
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=13 len=46) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=13 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=46) - Flags 0x00
EAP-PEAP: received 40 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 23
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 0d 00 0b 21 80 03 00 02 00 01
EAP-PEAP: received Phase 2: code=1 identifier=13 length=11
EAP-PEAP: Phase 2 Request: type=33
EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01
EAP-TLV: Result TLV - hexdump(len=2): 00 01
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 0d 00 0b 21 80 03 00 02 00 01
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 23
SSL: 40 bytes left to be sent out (of total 40 bytes)
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC eapRespData=0x562514e42570
EAP: Session-Id - hexdump(len=65): 19 d1 98 d0 e8 7c 5e b9 65 9c 57 aa 92 b1 25 e9 3f e5 f0 e5 b3 92 b5 7b f5 3c f3 f5 d0 5c f4 34 a9 b2 e5 26 9d f7 db d6 52 05 bb 61 3b fc d4 77 a0 a4 0d 01 3b bf 5e cd 63 41 b8 03 25 55 8b 76 91
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=46)
TX EAP -> RADIUS - hexdump(len=46): 02 0d 00 2e 19 00 17 03 03 00 23 97 f0 4f 51 5c 98 88 f5 e9 9e 92 20 a3 70 45 2f cb cf 3f af d5 a3 e9 11 a9 2f 31 d7 d1 0d 49 3c e4 5c ea
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=13 length=201
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=48
Value: 020d002e1900170303002397f04f515c9888f5e99e9220a370452fcbcf3fafd5a3e911a92f31d7d10d493ce45cea
Attribute 24 (State) length=18
Value: 8659d3ba8a54ca742ac5b4f76ef4e085
Attribute 80 (Message-Authenticator) length=18
Value: 53237c64906b0574d3e87f75cda2a333
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 198 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=13 length=198
Attribute 26 (Vendor-Specific) length=58
Value: 000001371134e41c6a1a2f89b23c43c861e8e07df5c13873f44c536338c0c6d993fba3d58730fde680a64287d7f7c4c1c60c61345f2645b8
Attribute 26 (Vendor-Specific) length=58
Value: 000001371034ee6317f76bf680abb816c7662f95ac60db4ec4c708838d80a8a0f3ef54ad95ed46f03273847bbcaa16a85365eb5020e8d549
Attribute 79 (EAP-Message) length=6
Value: 030d0004
Attribute 80 (Message-Authenticator) length=18
Value: 3e8ff511f1fcf108a58ff23691775d2d
Attribute 1 (User-Name) length=30
Value: 'eduroam at staff.uni-marburg.de'
Attribute 1 (User-Name) length=8
Value: 'pauly1'
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): 8f 20 7f 8e cb 7a 3b cf d5 57 ff d1 6f f4 99 ca 0f e7 8e 1c 06 3f 52 cb 57 a1 30 22 e9 12 70 18
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62
decapsulated EAP packet (code=3 id=13 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
Cancelling authentication timeout
State: DISCONNECTED -> COMPLETED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): 05 22 33 06 67 ad b2 a1 93 f7 07 13 87 e0 f1 39 85 ba a8 23 4c bf fc b9 f7 76 84 7d d8 d5 dd 62
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1 mismatch: 0
SUCCESS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5391 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200717/f1344ef6/attachment-0001.bin>
More information about the Freeradius-Users
mailing list