PMK Mismatch when testing EAP TEAP TLS
Ma, Zhihao
zma at akamai.com
Thu Feb 13 03:12:52 UTC 2025
Hi,
I met a strange issue saying PMK mismatch when testing EAP TEAP TLS with eapol_test on FreeRADIUS 3.2.7
I was keeping most of the configuration file untouched.
The only 3 configuration files modified are
clients - I added another user /password based on my IP
mschap - I enabled use_mppe_keys (which is required by TEAP MSCHAPv2)
eap - Uncommented several key options in eap teap section
Here is the eapol_test conf:
network={
ssid="UConnect"
key_mgmt=IEEE8021X
eap=TEAP
phase1="teap_compat=freeradius,tls_disable_tlsv1_0=1,tls_disable_tlsv1_1=1"
pac_file=""
anonymous_identity="anonymous"
identity="mailto:user at example.org"
phase2="autheap=TLS"
ca_cert="/etc/freeradius/certs/ca.der"
ca_cert2="/etc/freeradius/certs/ca.pem"
client_cert2="/etc/freeradius/certs/client.pem"
private_key2="/etc/freeradius/certs/client.key"
private_key2_passwd="whatever"
}
Since there are several TEAP tests added this version are done by eapol_test, I believe it’s probably I didn't config FreeRADIUS correctly.
Could someone look at it and point out the correct way to do TEAP TLS ?
Thanks!
Here is the debugging info (and configuration)
root at debian-freeradius:/etc/freeradius# freeradius -X
FreeRADIUS Version 3.2.7
Copyright (C) 1999-2023 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/freeradius/dictionary
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/mods-enabled/
including configuration file /etc/freeradius/mods-enabled/detail.log
including configuration file /etc/freeradius/mods-enabled/attr_filter
including configuration file /etc/freeradius/mods-enabled/mschap
including configuration file /etc/freeradius/mods-enabled/unpack
including configuration file /etc/freeradius/mods-enabled/date
including configuration file /etc/freeradius/mods-enabled/pap
including configuration file /etc/freeradius/mods-enabled/detail
including configuration file /etc/freeradius/mods-enabled/totp
including configuration file /etc/freeradius/mods-enabled/passwd
including configuration file /etc/freeradius/mods-enabled/expr
including configuration file /etc/freeradius/mods-enabled/preprocess
including configuration file /etc/freeradius/mods-enabled/realm
including configuration file /etc/freeradius/mods-enabled/expiration
including configuration file /etc/freeradius/mods-enabled/linelog
including configuration file /etc/freeradius/mods-enabled/ntlm_auth
including configuration file /etc/freeradius/mods-enabled/sradutmp
including configuration file /etc/freeradius/mods-enabled/proxy_rate_limit
including configuration file /etc/freeradius/mods-enabled/logintime
including configuration file /etc/freeradius/mods-enabled/always
including configuration file /etc/freeradius/mods-enabled/replicate
including configuration file /etc/freeradius/mods-enabled/echo
including configuration file /etc/freeradius/mods-enabled/soh
including configuration file /etc/freeradius/mods-enabled/chap
including configuration file /etc/freeradius/mods-enabled/dynamic_clients
including configuration file /etc/freeradius/mods-enabled/files
including configuration file /etc/freeradius/mods-enabled/exec
including configuration file /etc/freeradius/mods-enabled/unix
including configuration file /etc/freeradius/mods-enabled/digest
including configuration file /etc/freeradius/mods-enabled/radutmp
including configuration file /etc/freeradius/mods-enabled/utf8
including configuration file /etc/freeradius/mods-enabled/eap
including files in directory /etc/freeradius/policy.d/
including configuration file /etc/freeradius/policy.d/accounting
including configuration file /etc/freeradius/policy.d/control
including configuration file /etc/freeradius/policy.d/operator-name
including configuration file /etc/freeradius/policy.d/debug
including configuration file /etc/freeradius/policy.d/dhcp
including configuration file /etc/freeradius/policy.d/rfc7542
including configuration file /etc/freeradius/policy.d/filter
including configuration file /etc/freeradius/policy.d/moonshot-targeted-ids
including configuration file /etc/freeradius/policy.d/abfab-tr
including configuration file /etc/freeradius/policy.d/cui
including configuration file /etc/freeradius/policy.d/canonicalization
including configuration file /etc/freeradius/policy.d/eap
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
main {
security {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
proxy_dedup_window = 1
cleanup_delay = 5
max_requests = 16384
max_fds = 512
postauth_client_lost = no
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
require_message_authenticator = "auto"
limit_proxy_state = "auto"
}
unlang {
group_stop_return = no
policy_stop_return = no
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
nonblock = no
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 900
}
}
Shared secret for client localhost is short, and likely can be broken by an attacker.
client localhost_ipv6 {
ipv6addr = ::1
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Shared secret for client localhost_ipv6 is short, and likely can be broken by an attacker.
client int {
ipaddr = 192.168.4.151
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Shared secret for client int is short, and likely can be broken by an attacker.
Debugger not attached
Configuration version: bdc0-a492-b81c-432e
systemd watchdog is disabled
# Creating Auth-Type = mschap
# Creating Auth-Type = eap
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
# Creating Auth-Type = MS-CHAP
# Creating Auth-Type = digest
# Creating Autz-Type = New-TLS-Connection
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_detail
# Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
detail auth_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
detail reply_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
detail post_proxy_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_attr_filter
# Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.coa" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.coa {
filename = "/etc/freeradius/mods-config/attr_filter/coa"
key = "%{User-Name}"
relaxed = no
}
# Loaded module rlm_mschap
# Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p 8125 -a 127.0.0.1 -t 5000 -- --mac=11:11:11:11:11:11 --request-nt-key --allow-mschapv2 --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_unpack
# Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
# Loaded module rlm_date
# Loading module "date" from file /etc/freeradius/mods-enabled/date
date {
format = "%b %e %Y %H:%M:%S %Z"
utc = no
}
# Loading module "wispr2date" from file /etc/freeradius/mods-enabled/date
date wispr2date {
format = "%Y-%m-%dT%H:%M:%S"
utc = no
}
# Loaded module rlm_pap
# Loading module "pap" from file /etc/freeradius/mods-enabled/pap
pap {
normalise = yes
}
# Loading module "detail" from file /etc/freeradius/mods-enabled/detail
detail {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_totp
# Loading module "totp" from file /etc/freeradius/mods-enabled/totp
totp {
time_step = 30
otp_length = 6
lookback_steps = 1
lookback_interval = 30
lookforward_steps = 0
}
# Loaded module rlm_passwd
# Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
# Loaded module rlm_expr
# Loading module "expr" from file /etc/freeradius/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module rlm_preprocess
# Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
hints = "/etc/freeradius/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_realm
# Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loading module "bangpath" from file /etc/freeradius/mods-enabled/realm
realm bangpath {
format = "prefix"
delimiter = "!"
ignore_default = no
ignore_null = no
}
# Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_expiration
# Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration
# Loaded module rlm_linelog
# Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
linelog {
filename = "/var/log/freeradius/linelog"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{reply:Packet-Type}:-default}"
}
# Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/freeradius/linelog-accounting"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_exec
# Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_radutmp
# Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/freeradius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_proxy_rate_limit
# Loading module "proxy_rate_limit" from file /etc/freeradius/mods-enabled/proxy_rate_limit
proxy_rate_limit {
max_entries = 2048
idle_timeout = 10
num_subtables = 256
window = 1
}
# Loaded module rlm_logintime
# Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_always
# Loading module "reject" from file /etc/freeradius/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /etc/freeradius/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /etc/freeradius/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /etc/freeradius/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /etc/freeradius/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /etc/freeradius/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /etc/freeradius/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /etc/freeradius/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /etc/freeradius/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_replicate
# Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate
# Loading module "echo" from file /etc/freeradius/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loaded module rlm_soh
# Loading module "soh" from file /etc/freeradius/mods-enabled/soh
soh {
dhcp = yes
}
# Loaded module rlm_chap
# Loading module "chap" from file /etc/freeradius/mods-enabled/chap
# Loaded module rlm_dynamic_clients
# Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients
# Loaded module rlm_files
# Loading module "files" from file /etc/freeradius/mods-enabled/files
files {
filename = "/etc/freeradius/mods-config/files/authorize"
acctusersfile = "/etc/freeradius/mods-config/files/accounting"
preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
}
# Loading module "exec" from file /etc/freeradius/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_unix
# Loading module "unix" from file /etc/freeradius/mods-enabled/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Creating attribute Unix-Group
# Loaded module rlm_digest
# Loading module "digest" from file /etc/freeradius/mods-enabled/digest
# Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_utf8
# Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
# Loaded module rlm_eap
# Loading module "eap" from file /etc/freeradius/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
max_eap_type = 52
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
dedup_key = ""
}
instantiate {
}
# Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
# Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
# Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
# Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response
# Instantiating module "attr_filter.coa" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/coa
# Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
# Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
# Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
# Instantiating module "totp" from file /etc/freeradius/mods-enabled/totp
# Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
reading pairlist file /etc/freeradius/mods-config/preprocess/hints
# Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "bangpath" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
# Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog
# Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
# Instantiating module "proxy_rate_limit" from file /etc/freeradius/mods-enabled/proxy_rate_limit
# Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime
# Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
# Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
# Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
# Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
# Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
# Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always
# Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always
# Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
# Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
# Instantiating module "files" from file /etc/freeradius/mods-enabled/files
reading pairlist file /etc/freeradius/mods-config/files/authorize
reading pairlist file /etc/freeradius/mods-config/files/accounting
reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
# Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.pem"
certificate_file = "/etc/freeradius/certs/server.pem"
ca_file = "/etc/freeradius/certs/ca.pem"
private_key_password = <<< secret >>>
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
ca_path_reload_interval = 0
cipher_list = "DEFAULT"
cipher_server_preference = no
reject_unknown_intermediate_ca = no
ecdh_curve = ""
tls_max_version = "1.2"
tls_min_version = "1.2"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = http://127.0.0.1/ocsp/
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Linked to sub-module rlm_eap_fast
fast {
tls = "tls-common"
default_eap_type = "mschapv2"
virtual_server = "inner-tunnel"
cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2"
require_client_cert = no
pac_lifetime = 604800
authority_identity = "1234"
pac_opaque_key = "0123456789abcdef0123456789ABCDEF"
copy_request_to_tunnel = no
use_tunneled_reply = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_teap
teap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
require_client_cert = no
authority_identity = "1234"
virtual_server = "inner-tunnel"
identity_types = "user"
user_eap_type = "tls"
machine_eap_type = "tls"
}
tls: Using cached TLS configuration from previous invocation
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
} # server
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
# Loading authenticate {...}
Compiling Auth-Type PAP for attr Auth-Type
Compiling Auth-Type CHAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading post-proxy {...}
# Loading post-auth {...}
# Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/sites-enabled/inner-tunnel:366
Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
} # server inner-tunnel
server default { # from file /etc/freeradius/sites-enabled/default
# Loading authenticate {...}
Compiling Auth-Type PAP for attr Auth-Type
Compiling Auth-Type CHAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Loading authorize {...}
Compiling Autz-Type New-TLS-Connection for attr Autz-Type
# Loading preacct {...}
# Loading accounting {...}
# Loading post-auth {...}
Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type
} # server default
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 900
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 49507
Listening on proxy address :: port 48593
Ready to process requests
(0) Received Access-Request Id 0 from 192.168.4.151:48174 to 192.168.4.151:1812 length 160
(0) Message-Authenticator = 0xc938b5ec4719f3cb4f38776ab8243bac
(0) User-Name = "anonymous"
(0) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Connect-Info = "CONNECT 11Mbps 802.11b"
(0) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(0) NAS-IP-Address = 192.168.4.20
(0) EAP-Message = 0x025d000e01616e6f6e796d6f7573
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ mailto:/@\./) {
(0) if (&User-Name =~ mailto:/@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 93 length 14
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Using default_eap_type = MD5
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 94 length 22
(0) eap: EAP session adding &reply:State = 0x6501da9e655fde03
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 0 from 192.168.4.151:1812 to 192.168.4.151:48174 length 80
(0) EAP-Message = 0x015e001604103f9a6c780e20a2ce97b652c4f8ec438e
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x6501da9e655fde03dd76d824d918a37a
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 1 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170
(1) Message-Authenticator = 0x29df9753dac0a17e614ec7d921f2799c
(1) User-Name = "anonymous"
(1) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(1) Framed-MTU = 1400
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) Connect-Info = "CONNECT 11Mbps 802.11b"
(1) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(1) NAS-IP-Address = 192.168.4.20
(1) EAP-Message = 0x025e00060337
(1) State = 0x6501da9e655fde03dd76d824d918a37a
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ mailto:/@\./) {
(1) if (&User-Name =~ mailto:/@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 94 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) [files] = noop
(1) [expiration] = noop
(1) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) authenticate {
(1) eap: Removing EAP session with state 0x6501da9e655fde03
(1) eap: Previous EAP request found for state 0x6501da9e655fde03, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type TEAP (55)
(1) eap: Found compatible type in NAK - EAP-Type = TEAP
(1) eap: Calling submodule eap_teap to process data
(1) eap_teap: (TLS) TEAP -Initiating new session
(1) eap_teap: Setting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type = User
(1) eap: Sending EAP Request (code 1) ID 95 length 18
(1) eap: EAP session adding &reply:State = 0x6501da9e645eed03
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) session-state: Saving cached attributes
(1) Framed-MTU = 974
(1) FreeRADIUS-EAP-TEAP-Identity-Type := User
(1) Sent Access-Challenge Id 1 from 192.168.4.151:1812 to 192.168.4.151:48174 length 76
(1) EAP-Message = 0x015f00123731000000080001000431323334
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x6501da9e645eed03dd76d824d918a37a
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 2 from 192.168.4.151:48174 to 192.168.4.151:1812 length 358
(2) Message-Authenticator = 0x2a6f6c950df89f514c76e62f7965e649
(2) User-Name = "anonymous"
(2) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) Connect-Info = "CONNECT 11Mbps 802.11b"
(2) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(2) NAS-IP-Address = 192.168.4.20
(2) EAP-Message = 0x025f00c2370116030100b7010000b30303b3adab7fc0e5482660e9972dac89632138d4686b47b0a00a24fe95f30515ed93000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000052000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(2) State = 0x6501da9e645eed03dd76d824d918a37a
(2) Restoring &session-state
(2) &session-state:Framed-MTU = 974
(2) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(2) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ mailto:/@\./) {
(2) if (&User-Name =~ mailto:/@\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 95 length 194
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/sites-enabled/default
(2) authenticate {
(2) eap: Removing EAP session with state 0x6501da9e645eed03
(2) eap: Previous EAP request found for state 0x6501da9e645eed03, released from the list
(2) eap: Peer sent packet with method EAP TEAP (55)
(2) eap: Calling submodule eap_teap to process data
(2) eap_teap: Authenticate
(2) eap_teap: (TLS) EAP Done initial handshake
(2) eap_teap: (TLS) TEAP - Handshake state - before SSL initialization
(2) eap_teap: (TLS) TEAP - Handshake state - Server before SSL initialization
(2) eap_teap: (TLS) TEAP - Handshake state - Server before SSL initialization
(2) eap_teap: (TLS) TEAP - recv TLS 1.3 Handshake, ClientHello
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read client hello
(2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerHello
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server hello
(2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, Certificate
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write certificate
(2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write key exchange
(2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server done
(2) eap_teap: (TLS) TEAP - Server : Need to read more data: SSLv3/TLS write server done
(2) eap_teap: (TLS) TEAP - In Handshake Phase
(2) eap: Sending EAP Request (code 1) ID 96 length 984
(2) eap: EAP session adding &reply:State = 0x6501da9e6761ed03
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file /etc/freeradius/sites-enabled/default
(2) Challenge { ... } # empty sub-section is ignored
(2) session-state: Saving cached attributes
(2) Framed-MTU = 974
(2) FreeRADIUS-EAP-TEAP-Identity-Type := User
(2) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(2) Sent Access-Challenge Id 2 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1048
(2) EAP-Message = 0x016003d837c100000ac6160303003d0200003903038f2da11ae8e4a9d2008d944ffa08071b7500ca3a0f7d150cf6877a5d06b8bd4800c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x6501da9e6761ed03dd76d824d918a37a
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 3 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170
(3) Message-Authenticator = 0x903dc237de7c9b8695484a34ea240185
(3) User-Name = "anonymous"
(3) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(3) Framed-MTU = 1400
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) Connect-Info = "CONNECT 11Mbps 802.11b"
(3) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(3) NAS-IP-Address = 192.168.4.20
(3) EAP-Message = 0x026000063701
(3) State = 0x6501da9e6761ed03dd76d824d918a37a
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 974
(3) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(3) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ mailto:/@\./) {
(3) if (&User-Name =~ mailto:/@\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 96 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/sites-enabled/default
(3) authenticate {
(3) eap: Removing EAP session with state 0x6501da9e6761ed03
(3) eap: Previous EAP request found for state 0x6501da9e6761ed03, released from the list
(3) eap: Peer sent packet with method EAP TEAP (55)
(3) eap: Calling submodule eap_teap to process data
(3) eap_teap: Authenticate
(3) eap_teap: (TLS) Peer ACKed our handshake fragment
(3) eap: Sending EAP Request (code 1) ID 97 length 980
(3) eap: EAP session adding &reply:State = 0x6501da9e6660ed03
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file /etc/freeradius/sites-enabled/default
(3) Challenge { ... } # empty sub-section is ignored
(3) session-state: Saving cached attributes
(3) Framed-MTU = 974
(3) FreeRADIUS-EAP-TEAP-Identity-Type := User
(3) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(3) Sent Access-Challenge Id 3 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1044
(3) EAP-Message = 0x016103d43741a332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x6501da9e6660ed03dd76d824d918a37a
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 4 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170
(4) Message-Authenticator = 0x4d13af065dc545684c8ff755999fea16
(4) User-Name = "anonymous"
(4) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(4) Framed-MTU = 1400
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) Connect-Info = "CONNECT 11Mbps 802.11b"
(4) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(4) NAS-IP-Address = 192.168.4.20
(4) EAP-Message = 0x026100063701
(4) State = 0x6501da9e6660ed03dd76d824d918a37a
(4) Restoring &session-state
(4) &session-state:Framed-MTU = 974
(4) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(4) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ mailto:/@\./) {
(4) if (&User-Name =~ mailto:/@\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) eap: Peer sent EAP Response (code 2) ID 97 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/sites-enabled/default
(4) authenticate {
(4) eap: Removing EAP session with state 0x6501da9e6660ed03
(4) eap: Previous EAP request found for state 0x6501da9e6660ed03, released from the list
(4) eap: Peer sent packet with method EAP TEAP (55)
(4) eap: Calling submodule eap_teap to process data
(4) eap_teap: Authenticate
(4) eap_teap: (TLS) Peer ACKed our handshake fragment
(4) eap: Sending EAP Request (code 1) ID 98 length 816
(4) eap: EAP session adding &reply:State = 0x6501da9e6163ed03
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file /etc/freeradius/sites-enabled/default
(4) Challenge { ... } # empty sub-section is ignored
(4) session-state: Saving cached attributes
(4) Framed-MTU = 974
(4) FreeRADIUS-EAP-TEAP-Identity-Type := User
(4) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(4) Sent Access-Challenge Id 4 from 192.168.4.151:1812 to 192.168.4.151:48174 length 880
(4) EAP-Message = 0x0162033037010c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100b1fbfdd99b0946e14a71a6cc445581bb32d6a317d4c99d466f16982e189d83025d9cad8425a759d7e745eded6eec71ab3ce454c4f767868117d8d328ac44f63bc8984dc7a2447d1f405b614363101942d640f17b4fbe4566fba6d0c31970a84b413e9d863f214640e61f93de5504f2ed558348c54bb93828b44a14d4404b63ec96
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x6501da9e6163ed03dd76d824d918a37a
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 5 from 192.168.4.151:48174 to 192.168.4.151:1812 length 263
(5) Message-Authenticator = 0xac942cbe3238ab49d9798f0793b2bf92
(5) User-Name = "anonymous"
(5) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(5) Framed-MTU = 1400
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) Connect-Info = "CONNECT 11Mbps 802.11b"
(5) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(5) NAS-IP-Address = 192.168.4.20
(5) EAP-Message = 0x026200633701160303002510000021203fdb36c42c178b84fb58dbc273b166922e8e5f78966a110c0867144c60054f7d1403030001011603030028c3e8e09ec857321f4dacfdf4ade4ab6e51f32cd7df5e5343ab2476c138ced4518bbca591da913216
(5) State = 0x6501da9e6163ed03dd76d824d918a37a
(5) Restoring &session-state
(5) &session-state:Framed-MTU = 974
(5) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(5) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ mailto:/@\./) {
(5) if (&User-Name =~ mailto:/@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 98 length 99
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/sites-enabled/default
(5) authenticate {
(5) eap: Removing EAP session with state 0x6501da9e6163ed03
(5) eap: Previous EAP request found for state 0x6501da9e6163ed03, released from the list
(5) eap: Peer sent packet with method EAP TEAP (55)
(5) eap: Calling submodule eap_teap to process data
(5) eap_teap: Authenticate
(5) eap_teap: (TLS) EAP Done initial handshake
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server done
(5) eap_teap: (TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read client key exchange
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read change cipher spec
(5) eap_teap: (TLS) TEAP - recv TLS 1.2 Handshake, Finished
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read finished
(5) eap_teap: (TLS) TEAP - send TLS 1.2 ChangeCipherSpec
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write change cipher spec
(5) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, Finished
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write finished
(5) eap_teap: (TLS) TEAP - Handshake state - SSL negotiation finished successfully
(5) eap_teap: (TLS) TEAP - Connection Established
(5) eap_teap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(5) eap_teap: TLS-Session-Version = "TLS 1.2"
(5) eap: Sending EAP Request (code 1) ID 99 length 57
(5) eap: EAP session adding &reply:State = 0x6501da9e6062ed03
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /etc/freeradius/sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) session-state: Saving cached attributes
(5) Framed-MTU = 974
(5) FreeRADIUS-EAP-TEAP-Identity-Type := User
(5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(5) TLS-Session-Version = "TLS 1.2"
(5) Sent Access-Challenge Id 5 from 192.168.4.151:1812 to 192.168.4.151:48174 length 115
(5) EAP-Message = 0x0163003937011403030001011603030028288983a38fe43b638f42770f5543607f0558b5ec34693ea104c35ec383476e8483bd43497710874d
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x6501da9e6062ed03dd76d824d918a37a
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 6 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170
(6) Message-Authenticator = 0x6043b27893fa00ef96c925d17ad0af71
(6) User-Name = "anonymous"
(6) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(6) Framed-MTU = 1400
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) Connect-Info = "CONNECT 11Mbps 802.11b"
(6) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(6) NAS-IP-Address = 192.168.4.20
(6) EAP-Message = 0x026300063701
(6) State = 0x6501da9e6062ed03dd76d824d918a37a
(6) Restoring &session-state
(6) &session-state:Framed-MTU = 974
(6) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6) &session-state:TLS-Session-Version = "TLS 1.2"
(6) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ mailto:/@\./) {
(6) if (&User-Name =~ mailto:/@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 99 length 6
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/sites-enabled/default
(6) authenticate {
(6) eap: Removing EAP session with state 0x6501da9e6062ed03
(6) eap: Previous EAP request found for state 0x6501da9e6062ed03, released from the list
(6) eap: Peer sent packet with method EAP TEAP (55)
(6) eap: Calling submodule eap_teap to process data
(6) eap_teap: Authenticate
(6) eap_teap: (TLS) Peer ACKed our handshake fragment. handshake is finished
(6) eap_teap: Session established. Proceeding to decode tunneled attributes
(6) eap_teap: Phase 2: Using authenticated provisioning
(6) eap_teap: Phase 2: Sending Identity-Type = User
(6) eap_teap: Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += User
(6) eap_teap: Phase 2: Sending EAP-Identity
(6) eap: Sending EAP Request (code 1) ID 100 length 50
(6) eap: EAP session adding &reply:State = 0x6501da9e6365ed03
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /etc/freeradius/sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) session-state: Saving cached attributes
(6) Framed-MTU = 974
(6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6) TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 6 from 192.168.4.151:1812 to 192.168.4.151:48174 length 108
(6) EAP-Message = 0x0164003237011703030027288983a38fe43b64a59087aba7cf508c7e0a35e94014fc7224e15fb13dbf6c1b14d1cf07d454d7
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x6501da9e6365ed03dd76d824d918a37a
(6) Finished request
Waking up in 4.9 seconds.
(7) Received Access-Request Id 7 from 192.168.4.151:48174 to 192.168.4.151:1812 length 230
(7) Message-Authenticator = 0xf411907430aea9ad5d123ca2c73ab728
(7) User-Name = "anonymous"
(7) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(7) Framed-MTU = 1400
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) Connect-Info = "CONNECT 11Mbps 802.11b"
(7) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(7) NAS-IP-Address = 192.168.4.20
(7) EAP-Message = 0x0264004237011703030037c3e8e09ec85732202b5aef90ad91c43706696aa3b3d9f443f88d5152e88906a531d52f11c5088917083131b526354f25a333b38af14f4b
(7) State = 0x6501da9e6365ed03dd76d824d918a37a
(7) Restoring &session-state
(7) &session-state:Framed-MTU = 974
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(7) &session-state:TLS-Session-Version = "TLS 1.2"
(7) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ mailto:/@\./) {
(7) if (&User-Name =~ mailto:/@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 100 length 66
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/sites-enabled/default
(7) authenticate {
(7) eap: Removing EAP session with state 0x6501da9e6365ed03
(7) eap: Previous EAP request found for state 0x6501da9e6365ed03, released from the list
(7) eap: Peer sent packet with method EAP TEAP (55)
(7) eap: Calling submodule eap_teap to process data
(7) eap_teap: Authenticate
(7) eap_teap: (TLS) EAP Done initial handshake
(7) eap_teap: Session established. Proceeding to decode tunneled attributes
(7) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(7) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026400150175736572406578616d706c652e6f7267
(7) eap_teap: FreeRADIUS-EAP-TEAP-Identity-Type = User
(7) eap_teap: Phase 2: Got tunneled request
(7) eap_teap: EAP-Message = 0x026400150175736572406578616d706c652e6f7267
(7) eap_teap: FreeRADIUS-EAP-TEAP-Identity-Type = User
(7) eap_teap: Phase 2: Got tunneled identity of mailto:user at example.org
(7) eap_teap: Phase 2: Authentication
(7) eap_teap: Phase 2: Setting User EAP-Type = TLS from TEAP configuration user_eap_type
(7) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = TLS
(7) Virtual server inner-tunnel received request
(7) EAP-Message = 0x026400150175736572406578616d706c652e6f7267
(7) FreeRADIUS-EAP-TEAP-Identity-Type = User
(7) FreeRADIUS-Proxied-To = 127.0.0.1
(7) User-Name = mailto:user at example.org
(7) server inner-tunnel {
(7) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ mailto:/@\./) {
(7) if (&User-Name =~ mailto:/@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [chap] = noop
(7) [mschap] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(7) suffix: No such realm "example.org"
(7) [suffix] = noop
(7) update control {
(7) &Proxy-To-Realm := LOCAL
(7) } # update control = noop
(7) eap: Peer sent EAP Response (code 2) ID 100 length 21
(7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(7) authenticate {
(7) eap: Peer sent packet with method EAP Identity (1)
(7) eap: Found &control:EAP-Type = TLS
(7) eap: Calling submodule eap_tls to process data
(7) eap_tls: (TLS) TLS -Initiating new session
(7) eap_tls: (TLS) TLS - Setting verify mode to require certificate from client
(7) eap: Sending EAP Request (code 1) ID 101 length 6
(7) eap: EAP session adding &reply:State = 0x83bbfe7083def355
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) Post-Auth-Type sub-section not found. Ignoring.
(7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(7) session-state: Saving cached attributes
(7) Framed-MTU = 911
(7) } # server inner-tunnel
(7) Virtual server sending reply
(7) EAP-Message = 0x016500060d20
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x83bbfe7083def355f9cbfc53fdd80b9e
(7) eap_teap: Phase 2: Stage Authentication
(7) eap_teap: Phase 2: Got tunneled Access-Challenge
(7) eap: Sending EAP Request (code 1) ID 101 length 45
(7) eap: EAP session adding &reply:State = 0x6501da9e6264ed03
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) # Executing group from file /etc/freeradius/sites-enabled/default
(7) Challenge { ... } # empty sub-section is ignored
(7) session-state: Saving cached attributes
(7) Framed-MTU = 974
(7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 7 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103
(7) EAP-Message = 0x0165002d37011703030022288983a38fe43b655c66480b9f0b485d46c7fb024fa8c21d117c66f781d04cdb8fda
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x6501da9e6264ed03dd76d824d918a37a
(7) Finished request
Waking up in 4.9 seconds.
(8) Received Access-Request Id 8 from 192.168.4.151:48174 to 192.168.4.151:1812 length 393
(8) Message-Authenticator = 0xe493082daabdc7c517d0a060a4f96aa0
(8) User-Name = "anonymous"
(8) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(8) Framed-MTU = 1400
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) Connect-Info = "CONNECT 11Mbps 802.11b"
(8) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(8) NAS-IP-Address = 192.168.4.20
(8) EAP-Message = 0x026500e5370117030300dac3e8e09ec8573221ff5f3d2756322ea06fb91d2a1b72e648b54bf42d9d1580e06a257a30e172b54228a431231bbeea32e57684e705f879f873480e405c3a1265867b5f5b32db50e7d551716a63705c1fbc18c72251659d211059c8e4adeb75281f39eb763a99e4ba417b1eaa8f55bcda987203eb5b43e5029569b8b94b9e78523cdbf81316a2d06fcd5be7659becd909cbfad247090bfb8e46dfb9c9f8b3123813edbaae2dcd83508012235b1b46fb703623396bf1c7fd1a7948aa5a8bcbee89a4e0ce6589127264bc803f38fd1294bb7efca5de74dac5b65910
(8) State = 0x6501da9e6264ed03dd76d824d918a37a
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 974
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8) &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ mailto:/@\./) {
(8) if (&User-Name =~ mailto:/@\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [preprocess] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) eap: Peer sent EAP Response (code 2) ID 101 length 229
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/freeradius/sites-enabled/default
(8) authenticate {
(8) eap: Removing EAP session with state 0x6501da9e6264ed03
(8) eap: Previous EAP request found for state 0x6501da9e6264ed03, released from the list
(8) eap: Peer sent packet with method EAP TEAP (55)
(8) eap: Calling submodule eap_teap to process data
(8) eap_teap: Authenticate
(8) eap_teap: (TLS) EAP Done initial handshake
(8) eap_teap: Session established. Proceeding to decode tunneled attributes
(8) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(8) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(8) eap_teap: Phase 2: Got tunneled request
(8) eap_teap: EAP-Message = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(8) eap_teap: Phase 2: Authentication
(8) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(8) Virtual server inner-tunnel received request
(8) EAP-Message = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = mailto:user at example.org
(8) State = 0x83bbfe7083def355f9cbfc53fdd80b9e
(8) server inner-tunnel {
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 911
(8) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ mailto:/@\./) {
(8) if (&User-Name =~ mailto:/@\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [chap] = noop
(8) [mschap] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(8) suffix: No such realm "example.org"
(8) [suffix] = noop
(8) update control {
(8) &Proxy-To-Realm := LOCAL
(8) } # update control = noop
(8) eap: Peer sent EAP Response (code 2) ID 101 length 190
(8) eap: No EAP Start, assuming it's an on-going EAP conversation
(8) [eap] = updated
(8) [files] = noop
(8) [expiration] = noop
(8) [logintime] = noop
(8) [pap] = noop
(8) } # authorize = updated
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(8) authenticate {
(8) eap: Removing EAP session with state 0x83bbfe7083def355
(8) eap: Previous EAP request found for state 0x83bbfe7083def355, released from the list
(8) eap: Peer sent packet with method EAP TLS (13)
(8) eap: Calling submodule eap_tls to process data
(8) eap_tls: (TLS) EAP Got final fragment (184 bytes) total 184
(8) eap_tls: WARNING: (TLS) EAP Total received record fragments (184 bytes), does not equal expected expected data length (0 bytes)
(8) eap_tls: (TLS) EAP Done initial handshake
(8) eap_tls: (TLS) TLS - Handshake state - before SSL initialization
(8) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(8) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(8) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client hello
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerHello
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server hello
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Certificate
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write certificate
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write key exchange
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, CertificateRequest
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write certificate request
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done
(8) eap_tls: (TLS) TLS - Server : Need to read more data: SSLv3/TLS write server done
(8) eap_tls: (TLS) TLS - In Handshake Phase
(8) eap: Sending EAP Request (code 1) ID 102 length 917
(8) eap: EAP session adding &reply:State = 0x83bbfe7082ddf355
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(8) session-state: Saving cached attributes
(8) Framed-MTU = 911
(8) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(8) } # server inner-tunnel
(8) Virtual server sending reply
(8) EAP-Message = 0x016603950dc000000b97160303003d020000390303ba214b95cbecbeb54093ec803db277546647a37d1b61584271afd9461326b21300c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x83bbfe7082ddf355f9cbfc53fdd80b9e
(8) eap_teap: Phase 2: Stage Authentication
(8) eap_teap: Phase 2: Got tunneled Access-Challenge
(8) eap: Sending EAP Request (code 1) ID 102 length 956
(8) eap: EAP session adding &reply:State = 0x6501da9e6d67ed03
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) # Executing group from file /etc/freeradius/sites-enabled/default
(8) Challenge { ... } # empty sub-section is ignored
(8) session-state: Saving cached attributes
(8) Framed-MTU = 974
(8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8) TLS-Session-Version = "TLS 1.2"
(8) Sent Access-Challenge Id 8 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020
(8) EAP-Message = 0x016603bc370117030303b1288983a38fe43b6691525344bcb7cf514e89621ce2b1b61b0f554412fde0bf91b4506e4585b5b4e84081284289e86d317e8c5d1033a6091e99aee31cfdd8b0c67e72f5a5e699016f419eb846770c281d5c4ec3795ef50d98d6cc455070c2715f68f6f256db9fac7b2638958a98a09998f66bc89e7e11eee57d1c848f941c7542c994abbce3ecaf5dbbc32b0c770f17043a887b9e1510a8254002334f321aa3f1a61a0aa0da5896f44cd206c03a7fca26e79b602259f94e52b45cb06fc1cef7b42a577c120f847f2f1f14bab6a3144d75a82f8a62e40d8b9936b8fa22826fd0ae751363100ab7235b6bed0d109d9f1e72add3ae167a94d8375a683beed2962ef11a3d6fa9fe0424a67e9d5a815274699a65ff686c73d22af88575da413514cd68bf49da39c61bc8a74b5022f92bf406ed62fe687413efbd7baf39600cb60ecdd2704b7e7bce64b2ef25c65eeb62ca089e8542b530da1879104d9949aa87afd30f7e56678ead260b498d6a62b8
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x6501da9e6d67ed03dd76d824d918a37a
(8) Finished request
Waking up in 4.9 seconds.
(9) Received Access-Request Id 9 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209
(9) Message-Authenticator = 0x341b277c653c83befd143024adf91a2e
(9) User-Name = "anonymous"
(9) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(9) Framed-MTU = 1400
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) Connect-Info = "CONNECT 11Mbps 802.11b"
(9) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(9) NAS-IP-Address = 192.168.4.20
(9) EAP-Message = 0x0266002d37011703030022c3e8e09ec85732223bb25a901590a06f1c4ea0d73474ff23e8e8b43a23bd4a5d2b58
(9) State = 0x6501da9e6d67ed03dd76d824d918a37a
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 974
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(9) &session-state:TLS-Session-Version = "TLS 1.2"
(9) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ mailto:/@\./) {
(9) if (&User-Name =~ mailto:/@\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent EAP Response (code 2) ID 102 length 45
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/freeradius/sites-enabled/default
(9) authenticate {
(9) eap: Removing EAP session with state 0x6501da9e6d67ed03
(9) eap: Previous EAP request found for state 0x6501da9e6d67ed03, released from the list
(9) eap: Peer sent packet with method EAP TEAP (55)
(9) eap: Calling submodule eap_teap to process data
(9) eap_teap: Authenticate
(9) eap_teap: (TLS) EAP Done initial handshake
(9) eap_teap: Session established. Proceeding to decode tunneled attributes
(9) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(9) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026600060d00
(9) eap_teap: Phase 2: Got tunneled request
(9) eap_teap: EAP-Message = 0x026600060d00
(9) eap_teap: Phase 2: Authentication
(9) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(9) Virtual server inner-tunnel received request
(9) EAP-Message = 0x026600060d00
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = mailto:user at example.org
(9) State = 0x83bbfe7082ddf355f9cbfc53fdd80b9e
(9) server inner-tunnel {
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 911
(9) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(9) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ mailto:/@\./) {
(9) if (&User-Name =~ mailto:/@\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [chap] = noop
(9) [mschap] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(9) suffix: No such realm "example.org"
(9) [suffix] = noop
(9) update control {
(9) &Proxy-To-Realm := LOCAL
(9) } # update control = noop
(9) eap: Peer sent EAP Response (code 2) ID 102 length 6
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) [files] = noop
(9) [expiration] = noop
(9) [logintime] = noop
(9) [pap] = noop
(9) } # authorize = updated
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(9) authenticate {
(9) eap: Removing EAP session with state 0x83bbfe7082ddf355
(9) eap: Previous EAP request found for state 0x83bbfe7082ddf355, released from the list
(9) eap: Peer sent packet with method EAP TLS (13)
(9) eap: Calling submodule eap_tls to process data
(9) eap_tls: (TLS) Peer ACKed our handshake fragment
(9) eap: Sending EAP Request (code 1) ID 103 length 917
(9) eap: EAP session adding &reply:State = 0x83bbfe7081dcf355
(9) [eap] = handled
(9) } # authenticate = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(9) session-state: Saving cached attributes
(9) Framed-MTU = 911
(9) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(9) } # server inner-tunnel
(9) Virtual server sending reply
(9) EAP-Message = 0x016703950dc000000b972ae3260d8b01f1452de49cc0fb89eeab041571329b014eeb1461987ee823c2df88bb071075e42483679c72df85707c0837b10ed529cc9815ba6114b63fbe6605b8602ba332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d657768657265311530
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x83bbfe7081dcf355f9cbfc53fdd80b9e
(9) eap_teap: Phase 2: Stage Authentication
(9) eap_teap: Phase 2: Got tunneled Access-Challenge
(9) eap: Sending EAP Request (code 1) ID 103 length 956
(9) eap: EAP session adding &reply:State = 0x6501da9e6c66ed03
(9) [eap] = handled
(9) } # authenticate = handled
(9) Using Post-Auth-Type Challenge
(9) # Executing group from file /etc/freeradius/sites-enabled/default
(9) Challenge { ... } # empty sub-section is ignored
(9) session-state: Saving cached attributes
(9) Framed-MTU = 974
(9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(9) TLS-Session-Version = "TLS 1.2"
(9) Sent Access-Challenge Id 9 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020
(9) EAP-Message = 0x016703bc370117030303b1288983a38fe43b676f3510dd2f99d961a692c8b8ca1e61c671fd90ad8f09a71923d4d81d04fcf0cbce7ed698e4ee18d01deaf98aa08340130e516fee5db19942bcafae8e75c49f8579ad7b6ef0553990b2e09148b8b23f3eb85974afb400efa78c26c779f5e0bad11e31117cd9858bff84893b0bfbd2982eb4267b4602ce4bb46b8610dca107dacaed309b153ef8dc4925da3c81a09e1755cbac3e67be7eee4cbc2ed6142665bb204fceb4ef581e096e9f48370ca734dd13efe2d4ff098c3ca8c712f5053e103f96bda1ccc56bd0bfd859a2be9300049c0298b188805570ea13fabed97f9e6bddf401b6a484f936ddb70ce48f9531d1444c52c4893bb262155f028261c7ab0e34602dbc93f13220134b4d6ecce22415f7d33204ee1dcfd2f1d098cc264436a0224963302f802ffdc4850a1a74e4b6aae277ddd4fe6b1eeb15355c99cb6c98dc07ed87e5d1874de5b9ab0fe2f716e26565a4bafd0b1fab8775213b45115448d2b3f11af1f5cb
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x6501da9e6c66ed03dd76d824d918a37a
(9) Finished request
Waking up in 4.9 seconds.
(10) Received Access-Request Id 10 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209
(10) Message-Authenticator = 0x9705583f9f8b83b90430dc98ef7e0c92
(10) User-Name = "anonymous"
(10) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(10) Framed-MTU = 1400
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) Connect-Info = "CONNECT 11Mbps 802.11b"
(10) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(10) NAS-IP-Address = 192.168.4.20
(10) EAP-Message = 0x0267002d37011703030022c3e8e09ec857322347843392ec555ed58705a8c389e3c5d592fbc9b0b4d6fadb35a7
(10) State = 0x6501da9e6c66ed03dd76d824d918a37a
(10) Restoring &session-state
(10) &session-state:Framed-MTU = 974
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(10) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(10) &session-state:TLS-Session-Version = "TLS 1.2"
(10) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(10) authorize {
(10) policy filter_username {
(10) if (&User-Name) {
(10) if (&User-Name) -> TRUE
(10) if (&User-Name) {
(10) if (&User-Name =~ / /) {
(10) if (&User-Name =~ / /) -> FALSE
(10) if (&User-Name =~ /@[^@]*@/ ) {
(10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(10) if (&User-Name =~ /\.\./ ) {
(10) if (&User-Name =~ /\.\./ ) -> FALSE
(10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(10) if (&User-Name =~ /\.$/) {
(10) if (&User-Name =~ /\.$/) -> FALSE
(10) if (&User-Name =~ mailto:/@\./) {
(10) if (&User-Name =~ mailto:/@\./) -> FALSE
(10) } # if (&User-Name) = notfound
(10) } # policy filter_username = notfound
(10) [preprocess] = ok
(10) [chap] = noop
(10) [mschap] = noop
(10) [digest] = noop
(10) suffix: Checking for suffix after "@"
(10) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(10) suffix: No such realm "NULL"
(10) [suffix] = noop
(10) eap: Peer sent EAP Response (code 2) ID 103 length 45
(10) eap: Continuing tunnel setup
(10) [eap] = ok
(10) } # authorize = ok
(10) Found Auth-Type = eap
(10) # Executing group from file /etc/freeradius/sites-enabled/default
(10) authenticate {
(10) eap: Removing EAP session with state 0x6501da9e6c66ed03
(10) eap: Previous EAP request found for state 0x6501da9e6c66ed03, released from the list
(10) eap: Peer sent packet with method EAP TEAP (55)
(10) eap: Calling submodule eap_teap to process data
(10) eap_teap: Authenticate
(10) eap_teap: (TLS) EAP Done initial handshake
(10) eap_teap: Session established. Proceeding to decode tunneled attributes
(10) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(10) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026700060d00
(10) eap_teap: Phase 2: Got tunneled request
(10) eap_teap: EAP-Message = 0x026700060d00
(10) eap_teap: Phase 2: Authentication
(10) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(10) Virtual server inner-tunnel received request
(10) EAP-Message = 0x026700060d00
(10) FreeRADIUS-Proxied-To = 127.0.0.1
(10) User-Name = mailto:user at example.org
(10) State = 0x83bbfe7081dcf355f9cbfc53fdd80b9e
(10) server inner-tunnel {
(10) Restoring &session-state
(10) &session-state:Framed-MTU = 911
(10) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(10) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(10) authorize {
(10) policy filter_username {
(10) if (&User-Name) {
(10) if (&User-Name) -> TRUE
(10) if (&User-Name) {
(10) if (&User-Name =~ / /) {
(10) if (&User-Name =~ / /) -> FALSE
(10) if (&User-Name =~ /@[^@]*@/ ) {
(10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(10) if (&User-Name =~ /\.\./ ) {
(10) if (&User-Name =~ /\.\./ ) -> FALSE
(10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(10) if (&User-Name =~ /\.$/) {
(10) if (&User-Name =~ /\.$/) -> FALSE
(10) if (&User-Name =~ mailto:/@\./) {
(10) if (&User-Name =~ mailto:/@\./) -> FALSE
(10) } # if (&User-Name) = notfound
(10) } # policy filter_username = notfound
(10) [chap] = noop
(10) [mschap] = noop
(10) suffix: Checking for suffix after "@"
(10) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(10) suffix: No such realm "example.org"
(10) [suffix] = noop
(10) update control {
(10) &Proxy-To-Realm := LOCAL
(10) } # update control = noop
(10) eap: Peer sent EAP Response (code 2) ID 103 length 6
(10) eap: No EAP Start, assuming it's an on-going EAP conversation
(10) [eap] = updated
(10) [files] = noop
(10) [expiration] = noop
(10) [logintime] = noop
(10) [pap] = noop
(10) } # authorize = updated
(10) Found Auth-Type = eap
(10) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(10) authenticate {
(10) eap: Removing EAP session with state 0x83bbfe7081dcf355
(10) eap: Previous EAP request found for state 0x83bbfe7081dcf355, released from the list
(10) eap: Peer sent packet with method EAP TLS (13)
(10) eap: Calling submodule eap_tls to process data
(10) eap_tls: (TLS) Peer ACKed our handshake fragment
(10) eap: Sending EAP Request (code 1) ID 104 length 917
(10) eap: EAP session adding &reply:State = 0x83bbfe7080d3f355
(10) [eap] = handled
(10) } # authenticate = handled
(10) Using Post-Auth-Type Challenge
(10) Post-Auth-Type sub-section not found. Ignoring.
(10) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(10) session-state: Saving cached attributes
(10) Framed-MTU = 911
(10) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(10) } # server inner-tunnel
(10) Virtual server sending reply
(10) EAP-Message = 0x016803950dc000000b970001e84c31b4245d2331c09109f5028cc5415a74fcfca10203010001a38201423082013e301d0603551d0e04160414a68b8782fdf060ffecd2f37fe80fa76de241a3523081d30603551d230481cb3081c88014a68b8782fdf060ffecd2f37fe80fa76de241a352a18199a48196308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0x83bbfe7080d3f355f9cbfc53fdd80b9e
(10) eap_teap: Phase 2: Stage Authentication
(10) eap_teap: Phase 2: Got tunneled Access-Challenge
(10) eap: Sending EAP Request (code 1) ID 104 length 956
(10) eap: EAP session adding &reply:State = 0x6501da9e6f69ed03
(10) [eap] = handled
(10) } # authenticate = handled
(10) Using Post-Auth-Type Challenge
(10) # Executing group from file /etc/freeradius/sites-enabled/default
(10) Challenge { ... } # empty sub-section is ignored
(10) session-state: Saving cached attributes
(10) Framed-MTU = 974
(10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(10) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(10) TLS-Session-Version = "TLS 1.2"
(10) Sent Access-Challenge Id 10 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020
(10) EAP-Message = 0x016803bc370117030303b1288983a38fe43b686cc3923e3b9fb14213934cdc23208df3166cfa3d840b7ee94440fe99eb8eceab7625a871abacba6a28fd8e7e87799d14a716bec497840dbb43b4bcab9e359083276d71eeb99e8bcef1312e2871a1ad8ec140406a944ef5e8e4709acab032451f35f81f8b71439a4bbf827a5c49abb23c1a50a2014c2e31e0e66817b57f9603eabaa8129e98623e6686047bd66bc06ca9c80dd3755afff566091b82131c793c30806df05578c97e97caf280333e5591705bb64ba14e61fc72ddf6b5bbcaf5172e4eaec22829dee1a95574cbdda828222828ffbfc223056ace415664c69afc576752ff611b2972470840560d85fc0439d6a7ca2c989d679134bababeb8e393731b7fbb38d8962d625fe6c00c66c600b8cc575f918e16b190d3683abab85d713055dfa833983cf81224b063a41ad248fe5d9f5f63ad89325ac6511e9b2443f929f4e1ffa773a8820d8fa7cfe99fe4d487a64504760d058fb2b1a3afe574ade7806aab2997e8
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0x6501da9e6f69ed03dd76d824d918a37a
(10) Finished request
Waking up in 4.9 seconds.
(11) Received Access-Request Id 11 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209
(11) Message-Authenticator = 0x9ac9345816cb81e705eb3a1e47b13e36
(11) User-Name = "anonymous"
(11) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(11) Framed-MTU = 1400
(11) NAS-Port-Type = Wireless-802.11
(11) Service-Type = Framed-User
(11) Connect-Info = "CONNECT 11Mbps 802.11b"
(11) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(11) NAS-IP-Address = 192.168.4.20
(11) EAP-Message = 0x0268002d37011703030022c3e8e09ec857322498d8442dc5ad05a2f4ddf4647b90abad9f337078372d3905d8ff
(11) State = 0x6501da9e6f69ed03dd76d824d918a37a
(11) Restoring &session-state
(11) &session-state:Framed-MTU = 974
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(11) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(11) &session-state:TLS-Session-Version = "TLS 1.2"
(11) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(11) authorize {
(11) policy filter_username {
(11) if (&User-Name) {
(11) if (&User-Name) -> TRUE
(11) if (&User-Name) {
(11) if (&User-Name =~ / /) {
(11) if (&User-Name =~ / /) -> FALSE
(11) if (&User-Name =~ /@[^@]*@/ ) {
(11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(11) if (&User-Name =~ /\.\./ ) {
(11) if (&User-Name =~ /\.\./ ) -> FALSE
(11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(11) if (&User-Name =~ /\.$/) {
(11) if (&User-Name =~ /\.$/) -> FALSE
(11) if (&User-Name =~ mailto:/@\./) {
(11) if (&User-Name =~ mailto:/@\./) -> FALSE
(11) } # if (&User-Name) = notfound
(11) } # policy filter_username = notfound
(11) [preprocess] = ok
(11) [chap] = noop
(11) [mschap] = noop
(11) [digest] = noop
(11) suffix: Checking for suffix after "@"
(11) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(11) suffix: No such realm "NULL"
(11) [suffix] = noop
(11) eap: Peer sent EAP Response (code 2) ID 104 length 45
(11) eap: Continuing tunnel setup
(11) [eap] = ok
(11) } # authorize = ok
(11) Found Auth-Type = eap
(11) # Executing group from file /etc/freeradius/sites-enabled/default
(11) authenticate {
(11) eap: Removing EAP session with state 0x6501da9e6f69ed03
(11) eap: Previous EAP request found for state 0x6501da9e6f69ed03, released from the list
(11) eap: Peer sent packet with method EAP TEAP (55)
(11) eap: Calling submodule eap_teap to process data
(11) eap_teap: Authenticate
(11) eap_teap: (TLS) EAP Done initial handshake
(11) eap_teap: Session established. Proceeding to decode tunneled attributes
(11) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(11) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026800060d00
(11) eap_teap: Phase 2: Got tunneled request
(11) eap_teap: EAP-Message = 0x026800060d00
(11) eap_teap: Phase 2: Authentication
(11) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(11) Virtual server inner-tunnel received request
(11) EAP-Message = 0x026800060d00
(11) FreeRADIUS-Proxied-To = 127.0.0.1
(11) User-Name = mailto:user at example.org
(11) State = 0x83bbfe7080d3f355f9cbfc53fdd80b9e
(11) server inner-tunnel {
(11) Restoring &session-state
(11) &session-state:Framed-MTU = 911
(11) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(11) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(11) authorize {
(11) policy filter_username {
(11) if (&User-Name) {
(11) if (&User-Name) -> TRUE
(11) if (&User-Name) {
(11) if (&User-Name =~ / /) {
(11) if (&User-Name =~ / /) -> FALSE
(11) if (&User-Name =~ /@[^@]*@/ ) {
(11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(11) if (&User-Name =~ /\.\./ ) {
(11) if (&User-Name =~ /\.\./ ) -> FALSE
(11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(11) if (&User-Name =~ /\.$/) {
(11) if (&User-Name =~ /\.$/) -> FALSE
(11) if (&User-Name =~ mailto:/@\./) {
(11) if (&User-Name =~ mailto:/@\./) -> FALSE
(11) } # if (&User-Name) = notfound
(11) } # policy filter_username = notfound
(11) [chap] = noop
(11) [mschap] = noop
(11) suffix: Checking for suffix after "@"
(11) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(11) suffix: No such realm "example.org"
(11) [suffix] = noop
(11) update control {
(11) &Proxy-To-Realm := LOCAL
(11) } # update control = noop
(11) eap: Peer sent EAP Response (code 2) ID 104 length 6
(11) eap: No EAP Start, assuming it's an on-going EAP conversation
(11) [eap] = updated
(11) [files] = noop
(11) [expiration] = noop
(11) [logintime] = noop
(11) [pap] = noop
(11) } # authorize = updated
(11) Found Auth-Type = eap
(11) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(11) authenticate {
(11) eap: Removing EAP session with state 0x83bbfe7080d3f355
(11) eap: Previous EAP request found for state 0x83bbfe7080d3f355, released from the list
(11) eap: Peer sent packet with method EAP TLS (13)
(11) eap: Calling submodule eap_tls to process data
(11) eap_tls: (TLS) Peer ACKed our handshake fragment
(11) eap: Sending EAP Request (code 1) ID 105 length 256
(11) eap: EAP session adding &reply:State = 0x83bbfe7087d2f355
(11) [eap] = handled
(11) } # authenticate = handled
(11) Using Post-Auth-Type Challenge
(11) Post-Auth-Type sub-section not found. Ignoring.
(11) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(11) session-state: Saving cached attributes
(11) Framed-MTU = 911
(11) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(11) } # server inner-tunnel
(11) Virtual server sending reply
(11) EAP-Message = 0x016901000d8000000b97e0cc1e80c018f46b6e2235f72bf34331e15d16840d806580bd98437816030300cc0d0000c8030102400028040305030603080708080809080a080b08040805080604010501060103030301030204020502060200980096308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747916030300040e000000
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) State = 0x83bbfe7087d2f355f9cbfc53fdd80b9e
(11) eap_teap: Phase 2: Stage Authentication
(11) eap_teap: Phase 2: Got tunneled Access-Challenge
(11) eap: Sending EAP Request (code 1) ID 105 length 295
(11) eap: EAP session adding &reply:State = 0x6501da9e6e68ed03
(11) [eap] = handled
(11) } # authenticate = handled
(11) Using Post-Auth-Type Challenge
(11) # Executing group from file /etc/freeradius/sites-enabled/default
(11) Challenge { ... } # empty sub-section is ignored
(11) session-state: Saving cached attributes
(11) Framed-MTU = 974
(11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(11) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(11) TLS-Session-Version = "TLS 1.2"
(11) Sent Access-Challenge Id 11 from 192.168.4.151:1812 to 192.168.4.151:48174 length 355
(11) EAP-Message = 0x016901273701170303011c288983a38fe43b697cf24cb85b76b334af65851f85500de18ca6eff47f27cdf3cfc5301bea8ec3317bfacfb7c2edbd3548fe81461493984f84cbe7859b0717fc3f6aa585dbfa3101bb3d26e58fb8bbb12ea6b564229aef50c1ad0dbca675e09a9a23ec436d6b7604197008d0f8ef5ec3de9da81956e4b67cf966f05da7833b26bb8fb3981f5a49761d451dc65bb9dd56aaeb5c5ff1d20794c0574e79ef47d496051a0d4515fc19dc87d331687e3cbdce934cde5c80bc2d1e9813270404cd6b95278c093c6ccec51514cfcaa8027737a2563787b92eccd4b3f62119ffb1de791606e2406b18c121d76ea8c87a129b3f2043c9835cfe66c7e9547a4a4131c1b57c606d4891b505330cdd04093cc3ec8a6532dc7131d66337847097632f
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) State = 0x6501da9e6e68ed03dd76d824d918a37a
(11) Finished request
Waking up in 4.9 seconds.
(12) Received Access-Request Id 12 from 192.168.4.151:48174 to 192.168.4.151:1812 length 1521
(12) Message-Authenticator = 0x64422557b5ce8dc6386d2b81b05bb36a
(12) User-Name = "anonymous"
(12) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(12) Framed-MTU = 1400
(12) NAS-Port-Type = Wireless-802.11
(12) Service-Type = Framed-User
(12) Connect-Info = "CONNECT 11Mbps 802.11b"
(12) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(12) NAS-IP-Address = 192.168.4.20
(12) EAP-Message = 0x0269054337011703030538c3e8e09ec857322581d9fe2625bad205da0536046608acee0e124d9547a88e13806875cfb5ac0b8c0044353c3c9e16d7ac66c1e5a4ad0c60cd19003b4372aceb23a71e440abbabb4bca3c689ee785f8e4c67b43ff27bf7e9865dce58a8d2b0f92a4f5034ae1307365609c47a936fdeebf37350a558c4ea4ca6437b92dca372792f324c57a4791243592a6a08d7e2e07e7c7446201a5e986714040aedc4d65e1945a3595abaa7398861537b247dee04a7c28023c17a9a521bb608595a6581426fd15154b7cd66db0d9d3798d21d99051e150d15bd7c4c47c8fdd4001ff81f672600f5237bbd6d2b457d33ca09e5b77928cc17da7b95044a356d101ebd2a0efae598999804f249e88c77e659b7619594eac2d2a803cf659221d4525447d83e409da2e43a828c772a5fb6251bc8802e271385033cbac49cf021ba56f2f524105575d50d83d391c161654aea43e000924b1fc4c6478e4f1aedf879ef12ceeee9b9678e16fc3a2c12b440725c195c
(12) State = 0x6501da9e6e68ed03dd76d824d918a37a
(12) Restoring &session-state
(12) &session-state:Framed-MTU = 974
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(12) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(12) &session-state:TLS-Session-Version = "TLS 1.2"
(12) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(12) authorize {
(12) policy filter_username {
(12) if (&User-Name) {
(12) if (&User-Name) -> TRUE
(12) if (&User-Name) {
(12) if (&User-Name =~ / /) {
(12) if (&User-Name =~ / /) -> FALSE
(12) if (&User-Name =~ /@[^@]*@/ ) {
(12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(12) if (&User-Name =~ /\.\./ ) {
(12) if (&User-Name =~ /\.\./ ) -> FALSE
(12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(12) if (&User-Name =~ /\.$/) {
(12) if (&User-Name =~ /\.$/) -> FALSE
(12) if (&User-Name =~ mailto:/@\./) {
(12) if (&User-Name =~ mailto:/@\./) -> FALSE
(12) } # if (&User-Name) = notfound
(12) } # policy filter_username = notfound
(12) [preprocess] = ok
(12) [chap] = noop
(12) [mschap] = noop
(12) [digest] = noop
(12) suffix: Checking for suffix after "@"
(12) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(12) suffix: No such realm "NULL"
(12) [suffix] = noop
(12) eap: Peer sent EAP Response (code 2) ID 105 length 1347
(12) eap: Continuing tunnel setup
(12) [eap] = ok
(12) } # authorize = ok
(12) Found Auth-Type = eap
(12) # Executing group from file /etc/freeradius/sites-enabled/default
(12) authenticate {
(12) eap: Removing EAP session with state 0x6501da9e6e68ed03
(12) eap: Previous EAP request found for state 0x6501da9e6e68ed03, released from the list
(12) eap: Peer sent packet with method EAP TEAP (55)
(12) eap: Calling submodule eap_teap to process data
(12) eap_teap: Authenticate
(12) eap_teap: (TLS) EAP Done initial handshake
(12) eap_teap: Session established. Proceeding to decode tunneled attributes
(12) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(12) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886
(12) eap_teap: Phase 2: Got tunneled request
(12) eap_teap: EAP-Message = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886f70d0101010500038201
(12) eap_teap: Phase 2: Authentication
(12) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(12) Virtual server inner-tunnel received request
(12) EAP-Message = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886f70d0101010500038201
(12) FreeRADIUS-Proxied-To = 127.0.0.1
(12) User-Name = mailto:user at example.org
(12) State = 0x83bbfe7087d2f355f9cbfc53fdd80b9e
(12) server inner-tunnel {
(12) Restoring &session-state
(12) &session-state:Framed-MTU = 911
(12) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(12) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(12) authorize {
(12) policy filter_username {
(12) if (&User-Name) {
(12) if (&User-Name) -> TRUE
(12) if (&User-Name) {
(12) if (&User-Name =~ / /) {
(12) if (&User-Name =~ / /) -> FALSE
(12) if (&User-Name =~ /@[^@]*@/ ) {
(12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(12) if (&User-Name =~ /\.\./ ) {
(12) if (&User-Name =~ /\.\./ ) -> FALSE
(12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(12) if (&User-Name =~ /\.$/) {
(12) if (&User-Name =~ /\.$/) -> FALSE
(12) if (&User-Name =~ mailto:/@\./) {
(12) if (&User-Name =~ mailto:/@\./) -> FALSE
(12) } # if (&User-Name) = notfound
(12) } # policy filter_username = notfound
(12) [chap] = noop
(12) [mschap] = noop
(12) suffix: Checking for suffix after "@"
(12) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(12) suffix: No such realm "example.org"
(12) [suffix] = noop
(12) update control {
(12) &Proxy-To-Realm := LOCAL
(12) } # update control = noop
(12) eap: Peer sent EAP Response (code 2) ID 105 length 1308
(12) eap: No EAP Start, assuming it's an on-going EAP conversation
(12) [eap] = updated
(12) [files] = noop
(12) [expiration] = noop
(12) [logintime] = noop
(12) [pap] = noop
(12) } # authorize = updated
(12) Found Auth-Type = eap
(12) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(12) authenticate {
(12) eap: Removing EAP session with state 0x83bbfe7087d2f355
(12) eap: Previous EAP request found for state 0x83bbfe7087d2f355, released from the list
(12) eap: Peer sent packet with method EAP TLS (13)
(12) eap: Calling submodule eap_tls to process data
(12) eap_tls: (TLS) EAP Peer says that the final record size will be 2703 bytes
(12) eap_tls: (TLS) EAP Expecting 3 fragments
(12) eap_tls: (TLS) EAP Got first TLS fragment (1298 bytes). Peer says more fragments will follow
(12) eap_tls: (TLS) EAP ACKing fragment, the peer should send more data.
(12) eap: Sending EAP Request (code 1) ID 106 length 6
(12) eap: EAP session adding &reply:State = 0x83bbfe7086d1f355
(12) [eap] = handled
(12) } # authenticate = handled
(12) Using Post-Auth-Type Challenge
(12) Post-Auth-Type sub-section not found. Ignoring.
(12) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(12) session-state: Saving cached attributes
(12) Framed-MTU = 911
(12) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(12) } # server inner-tunnel
(12) Virtual server sending reply
(12) EAP-Message = 0x016a00060d00
(12) Message-Authenticator = 0x00000000000000000000000000000000
(12) State = 0x83bbfe7086d1f355f9cbfc53fdd80b9e
(12) eap_teap: Phase 2: Stage Authentication
(12) eap_teap: Phase 2: Got tunneled Access-Challenge
(12) eap: Sending EAP Request (code 1) ID 106 length 45
(12) eap: EAP session adding &reply:State = 0x6501da9e696bed03
(12) [eap] = handled
(12) } # authenticate = handled
(12) Using Post-Auth-Type Challenge
(12) # Executing group from file /etc/freeradius/sites-enabled/default
(12) Challenge { ... } # empty sub-section is ignored
(12) session-state: Saving cached attributes
(12) Framed-MTU = 974
(12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(12) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(12) TLS-Session-Version = "TLS 1.2"
(12) Sent Access-Challenge Id 12 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103
(12) EAP-Message = 0x016a002d37011703030022288983a38fe43b6a79a9a1be241b2c5021aeee1b135efc1cc4a65f4a314b530ec830
(12) Message-Authenticator = 0x00000000000000000000000000000000
(12) State = 0x6501da9e696bed03dd76d824d918a37a
(12) Finished request
Waking up in 4.9 seconds.
(13) Received Access-Request Id 13 from 192.168.4.151:48174 to 192.168.4.151:1812 length 1517
(13) Message-Authenticator = 0x014d0f204d5a230240c2986adda2b8ec
(13) User-Name = "anonymous"
(13) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(13) Framed-MTU = 1400
(13) NAS-Port-Type = Wireless-802.11
(13) Service-Type = Framed-User
(13) Connect-Info = "CONNECT 11Mbps 802.11b"
(13) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(13) NAS-IP-Address = 192.168.4.20
(13) EAP-Message = 0x026a053f37011703030534c3e8e09ec857322636dd17021da30376098fc2f063fa72f2ee104df85d62e59bce062047bd575f2a9c39ab48cce77019e355b0b0193a1cca9971a3340a8a6130d2a91acf2035cc9ee71ec81aff29bd1e291dcbea8cf0f31ece4412f780c474737ca1170c2201c4ba99deca187900c71b833c7d29d0b321ee75310b2c7c65d85505f9ea65c7aefd8ec3ab6bce5692d577939c7b5f7df2bdc56507b4327a0c357eddf1fc657215bc3cec811088324f787f36e7ad611ab458ba56c913dc38c3871c7541c96d33764a44953d34486b6e98b6383e593d7f8a5492ec6fd8653c6825f805d07e26bc3850ddba54fb5eafdc8cca9f5623ad0dbe9c3c558d580fb9cd841e3e6f3c8fc02f1ae8ab2cb1e4d6114e7d11343e76dbfe0f5f4b027ab72bcbeda0e4103d77a7a21d8825f4d9954c739c29016a0d2ce45a9ec6ef3d5ba9c0e63d2c13dbe028a6b51515b087b59f8410a53c38fc02b485f1ba60c0a658ccbaf092a7295f4036f4c69a51778b444f
(13) State = 0x6501da9e696bed03dd76d824d918a37a
(13) Restoring &session-state
(13) &session-state:Framed-MTU = 974
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(13) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(13) &session-state:TLS-Session-Version = "TLS 1.2"
(13) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(13) authorize {
(13) policy filter_username {
(13) if (&User-Name) {
(13) if (&User-Name) -> TRUE
(13) if (&User-Name) {
(13) if (&User-Name =~ / /) {
(13) if (&User-Name =~ / /) -> FALSE
(13) if (&User-Name =~ /@[^@]*@/ ) {
(13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(13) if (&User-Name =~ /\.\./ ) {
(13) if (&User-Name =~ /\.\./ ) -> FALSE
(13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(13) if (&User-Name =~ /\.$/) {
(13) if (&User-Name =~ /\.$/) -> FALSE
(13) if (&User-Name =~ mailto:/@\./) {
(13) if (&User-Name =~ mailto:/@\./) -> FALSE
(13) } # if (&User-Name) = notfound
(13) } # policy filter_username = notfound
(13) [preprocess] = ok
(13) [chap] = noop
(13) [mschap] = noop
(13) [digest] = noop
(13) suffix: Checking for suffix after "@"
(13) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(13) suffix: No such realm "NULL"
(13) [suffix] = noop
(13) eap: Peer sent EAP Response (code 2) ID 106 length 1343
(13) eap: Continuing tunnel setup
(13) [eap] = ok
(13) } # authorize = ok
(13) Found Auth-Type = eap
(13) # Executing group from file /etc/freeradius/sites-enabled/default
(13) authenticate {
(13) eap: Removing EAP session with state 0x6501da9e696bed03
(13) eap: Previous EAP request found for state 0x6501da9e696bed03, released from the list
(13) eap: Peer sent packet with method EAP TEAP (55)
(13) eap: Calling submodule eap_teap to process data
(13) eap_teap: Authenticate
(13) eap_teap: (TLS) EAP Done initial handshake
(13) eap_teap: Session established. Proceeding to decode tunneled attributes
(13) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(13) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c206
(13) eap_teap: Phase 2: Got tunneled request
(13) eap_teap: EAP-Message = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f53
(13) eap_teap: Phase 2: Authentication
(13) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(13) Virtual server inner-tunnel received request
(13) EAP-Message = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f53
(13) FreeRADIUS-Proxied-To = 127.0.0.1
(13) User-Name = mailto:user at example.org
(13) State = 0x83bbfe7086d1f355f9cbfc53fdd80b9e
(13) server inner-tunnel {
(13) Restoring &session-state
(13) &session-state:Framed-MTU = 911
(13) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(13) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(13) authorize {
(13) policy filter_username {
(13) if (&User-Name) {
(13) if (&User-Name) -> TRUE
(13) if (&User-Name) {
(13) if (&User-Name =~ / /) {
(13) if (&User-Name =~ / /) -> FALSE
(13) if (&User-Name =~ /@[^@]*@/ ) {
(13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(13) if (&User-Name =~ /\.\./ ) {
(13) if (&User-Name =~ /\.\./ ) -> FALSE
(13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(13) if (&User-Name =~ /\.$/) {
(13) if (&User-Name =~ /\.$/) -> FALSE
(13) if (&User-Name =~ mailto:/@\./) {
(13) if (&User-Name =~ mailto:/@\./) -> FALSE
(13) } # if (&User-Name) = notfound
(13) } # policy filter_username = notfound
(13) [chap] = noop
(13) [mschap] = noop
(13) suffix: Checking for suffix after "@"
(13) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(13) suffix: No such realm "example.org"
(13) [suffix] = noop
(13) update control {
(13) &Proxy-To-Realm := LOCAL
(13) } # update control = noop
(13) eap: Peer sent EAP Response (code 2) ID 106 length 1304
(13) eap: No EAP Start, assuming it's an on-going EAP conversation
(13) [eap] = updated
(13) [files] = noop
(13) [expiration] = noop
(13) [logintime] = noop
(13) [pap] = noop
(13) } # authorize = updated
(13) Found Auth-Type = eap
(13) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(13) authenticate {
(13) eap: Removing EAP session with state 0x83bbfe7086d1f355
(13) eap: Previous EAP request found for state 0x83bbfe7086d1f355, released from the list
(13) eap: Peer sent packet with method EAP TLS (13)
(13) eap: Calling submodule eap_tls to process data
(13) eap_tls: (TLS) EAP Got additional fragment (1298 bytes). Peer says more fragments will follow
(13) eap_tls: (TLS) EAP ACKing fragment, the peer should send more data.
(13) eap: Sending EAP Request (code 1) ID 107 length 6
(13) eap: EAP session adding &reply:State = 0x83bbfe7085d0f355
(13) [eap] = handled
(13) } # authenticate = handled
(13) Using Post-Auth-Type Challenge
(13) Post-Auth-Type sub-section not found. Ignoring.
(13) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(13) session-state: Saving cached attributes
(13) Framed-MTU = 911
(13) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(13) } # server inner-tunnel
(13) Virtual server sending reply
(13) EAP-Message = 0x016b00060d00
(13) Message-Authenticator = 0x00000000000000000000000000000000
(13) State = 0x83bbfe7085d0f355f9cbfc53fdd80b9e
(13) eap_teap: Phase 2: Stage Authentication
(13) eap_teap: Phase 2: Got tunneled Access-Challenge
(13) eap: Sending EAP Request (code 1) ID 107 length 45
(13) eap: EAP session adding &reply:State = 0x6501da9e686aed03
(13) [eap] = handled
(13) } # authenticate = handled
(13) Using Post-Auth-Type Challenge
(13) # Executing group from file /etc/freeradius/sites-enabled/default
(13) Challenge { ... } # empty sub-section is ignored
(13) session-state: Saving cached attributes
(13) Framed-MTU = 974
(13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(13) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(13) TLS-Session-Version = "TLS 1.2"
(13) Sent Access-Challenge Id 13 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103
(13) EAP-Message = 0x016b002d37011703030022288983a38fe43b6b7205fb27447f6a361e2f8e1cd2f189d85ab5f239e621e22d2f9b
(13) Message-Authenticator = 0x00000000000000000000000000000000
(13) State = 0x6501da9e686aed03dd76d824d918a37a
(13) Finished request
Waking up in 4.9 seconds.
(14) Received Access-Request Id 14 from 192.168.4.151:48174 to 192.168.4.151:1812 length 316
(14) Message-Authenticator = 0x9df89c02b33d950e479313932c0f1bdc
(14) User-Name = "anonymous"
(14) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(14) Framed-MTU = 1400
(14) NAS-Port-Type = Wireless-802.11
(14) Service-Type = Framed-User
(14) Connect-Info = "CONNECT 11Mbps 802.11b"
(14) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(14) NAS-IP-Address = 192.168.4.20
(14) EAP-Message = 0x026b00983701170303008dc3e8e09ec8573227f8993884d8f1261f6a6cb279e25242f64242a24b3bccc055d10b91fa67e2f271a1f7cd2c22a94f7889a5c44bc42aca8702a48b81037b1ff5fbb1da07852c358e91f8e6c5531383b07a2a16e68dcec00f03d59ad74ce779887259789bd9389eb3c2c97c963655ad797879d1c8153c7460d3db3ce9169d7c7bbc235ce038cf71e41441c10859
(14) State = 0x6501da9e686aed03dd76d824d918a37a
(14) Restoring &session-state
(14) &session-state:Framed-MTU = 974
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(14) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(14) &session-state:TLS-Session-Version = "TLS 1.2"
(14) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(14) authorize {
(14) policy filter_username {
(14) if (&User-Name) {
(14) if (&User-Name) -> TRUE
(14) if (&User-Name) {
(14) if (&User-Name =~ / /) {
(14) if (&User-Name =~ / /) -> FALSE
(14) if (&User-Name =~ /@[^@]*@/ ) {
(14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(14) if (&User-Name =~ /\.\./ ) {
(14) if (&User-Name =~ /\.\./ ) -> FALSE
(14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(14) if (&User-Name =~ /\.$/) {
(14) if (&User-Name =~ /\.$/) -> FALSE
(14) if (&User-Name =~ mailto:/@\./) {
(14) if (&User-Name =~ mailto:/@\./) -> FALSE
(14) } # if (&User-Name) = notfound
(14) } # policy filter_username = notfound
(14) [preprocess] = ok
(14) [chap] = noop
(14) [mschap] = noop
(14) [digest] = noop
(14) suffix: Checking for suffix after "@"
(14) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(14) suffix: No such realm "NULL"
(14) [suffix] = noop
(14) eap: Peer sent EAP Response (code 2) ID 107 length 152
(14) eap: Continuing tunnel setup
(14) [eap] = ok
(14) } # authorize = ok
(14) Found Auth-Type = eap
(14) # Executing group from file /etc/freeradius/sites-enabled/default
(14) authenticate {
(14) eap: Removing EAP session with state 0x6501da9e686aed03
(14) eap: Previous EAP request found for state 0x6501da9e686aed03, released from the list
(14) eap: Peer sent packet with method EAP TEAP (55)
(14) eap: Calling submodule eap_teap to process data
(14) eap_teap: Authenticate
(14) eap_teap: (TLS) EAP Done initial handshake
(14) eap_teap: Session established. Proceeding to decode tunneled attributes
(14) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(14) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f
(14) eap_teap: Phase 2: Got tunneled request
(14) eap_teap: EAP-Message = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f
(14) eap_teap: Phase 2: Authentication
(14) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(14) Virtual server inner-tunnel received request
(14) EAP-Message = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f
(14) FreeRADIUS-Proxied-To = 127.0.0.1
(14) User-Name = mailto:user at example.org
(14) State = 0x83bbfe7085d0f355f9cbfc53fdd80b9e
(14) server inner-tunnel {
(14) Restoring &session-state
(14) &session-state:Framed-MTU = 911
(14) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(14) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(14) authorize {
(14) policy filter_username {
(14) if (&User-Name) {
(14) if (&User-Name) -> TRUE
(14) if (&User-Name) {
(14) if (&User-Name =~ / /) {
(14) if (&User-Name =~ / /) -> FALSE
(14) if (&User-Name =~ /@[^@]*@/ ) {
(14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(14) if (&User-Name =~ /\.\./ ) {
(14) if (&User-Name =~ /\.\./ ) -> FALSE
(14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(14) if (&User-Name =~ /\.$/) {
(14) if (&User-Name =~ /\.$/) -> FALSE
(14) if (&User-Name =~ mailto:/@\./) {
(14) if (&User-Name =~ mailto:/@\./) -> FALSE
(14) } # if (&User-Name) = notfound
(14) } # policy filter_username = notfound
(14) [chap] = noop
(14) [mschap] = noop
(14) suffix: Checking for suffix after "@"
(14) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(14) suffix: No such realm "example.org"
(14) [suffix] = noop
(14) update control {
(14) &Proxy-To-Realm := LOCAL
(14) } # update control = noop
(14) eap: Peer sent EAP Response (code 2) ID 107 length 113
(14) eap: No EAP Start, assuming it's an on-going EAP conversation
(14) [eap] = updated
(14) [files] = noop
(14) [expiration] = noop
(14) [logintime] = noop
(14) [pap] = noop
(14) } # authorize = updated
(14) Found Auth-Type = eap
(14) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(14) authenticate {
(14) eap: Removing EAP session with state 0x83bbfe7085d0f355
(14) eap: Previous EAP request found for state 0x83bbfe7085d0f355, released from the list
(14) eap: Peer sent packet with method EAP TLS (13)
(14) eap: Calling submodule eap_tls to process data
(14) eap_tls: (TLS) EAP Got final fragment (107 bytes) total 2703
(14) eap_tls: (TLS) EAP Done initial handshake
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done
(14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Certificate
(14) eap_tls: (TLS) TLS - Creating attributes from 2 certificate in chain
(14) eap_tls: TLS-Cert-Serial := "07c1092ab93c84caf4a4cebe5ffd49c091f025b2"
(14) eap_tls: TLS-Cert-Expiration := "250413112228Z"
(14) eap_tls: TLS-Cert-Valid-Since := "250212112228Z"
(14) eap_tls: TLS-Cert-Subject := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority"
(14) eap_tls: TLS-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority"
(14) eap_tls: TLS-Cert-Common-Name := "Example Certificate Authority"
(14) eap_tls: TLS-Cert-CRL-Distribution-Points += http://www.example.org/example_ca.crl
(14) eap_tls: (TLS) TLS - Creating attributes from 1 certificate in chain
(14) eap_tls: TLS-Client-Cert-Serial := "02"
(14) eap_tls: TLS-Client-Cert-Expiration := "250413112229Z"
(14) eap_tls: TLS-Client-Cert-Valid-Since := "250212112229Z"
(14) eap_tls: TLS-Client-Cert-Subject := "/C=FR/ST=Radius/O=Example mailto:Inc./CN=user at example.org/emailAddress=user at example.org"
(14) eap_tls: TLS-Client-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority"
(14) eap_tls: TLS-Client-Cert-Common-Name := mailto:user at example.org
(14) eap_tls: TLS-Client-Cert-CRL-Distribution-Points += http://www.example.com/example_ca.crl
(14) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage += "TLS Web Client Authentication"
(14) eap_tls: TLS-Client-Cert-X509v3-Subject-Key-Identifier += "C0:D4:19:99:E9:00:1D:48:E9:00:1A:54:49:BC:DE:99:F6:3B:D7:15"
(14) eap_tls: TLS-Client-Cert-X509v3-Authority-Key-Identifier += "A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52"
(14) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage-OID += "1.3.6.1.5.5.7.3.2"
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client certificate
(14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client key exchange
(14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read certificate verify
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read change cipher spec
(14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Finished
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read finished
(14) eap_tls: (TLS) TLS - send TLS 1.2 ChangeCipherSpec
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write change cipher spec
(14) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Finished
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write finished
(14) eap_tls: (TLS) TLS - Handshake state - SSL negotiation finished successfully
(14) eap_tls: (TLS) TLS - Connection Established
(14) eap_tls: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(14) eap_tls: TLS-Session-Version = "TLS 1.2"
(14) eap: Sending EAP Request (code 1) ID 108 length 61
(14) eap: EAP session adding &reply:State = 0x83bbfe7084d7f355
(14) [eap] = handled
(14) } # authenticate = handled
(14) Using Post-Auth-Type Challenge
(14) Post-Auth-Type sub-section not found. Ignoring.
(14) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(14) session-state: Saving cached attributes
(14) Framed-MTU = 911
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Certificate"
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange"
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify"
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Finished"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 ChangeCipherSpec"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Finished"
(14) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(14) TLS-Session-Version = "TLS 1.2"
(14) } # server inner-tunnel
(14) Virtual server sending reply
(14) EAP-Message = 0x016c003d0d8000000033140303000101160303002847c8eebd55963cb54e9efba792027375f7e3584ab6d14ddb9fa827af0df9e0dd4d0378470c2ae2a9
(14) Message-Authenticator = 0x00000000000000000000000000000000
(14) State = 0x83bbfe7084d7f355f9cbfc53fdd80b9e
(14) eap_teap: Phase 2: Stage Authentication
(14) eap_teap: Phase 2: Got tunneled Access-Challenge
(14) eap: Sending EAP Request (code 1) ID 108 length 100
(14) eap: EAP session adding &reply:State = 0x6501da9e6b6ded03
(14) [eap] = handled
(14) } # authenticate = handled
(14) Using Post-Auth-Type Challenge
(14) # Executing group from file /etc/freeradius/sites-enabled/default
(14) Challenge { ... } # empty sub-section is ignored
(14) session-state: Saving cached attributes
(14) Framed-MTU = 974
(14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(14) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(14) TLS-Session-Version = "TLS 1.2"
(14) Sent Access-Challenge Id 14 from 192.168.4.151:1812 to 192.168.4.151:48174 length 158
(14) EAP-Message = 0x016c006437011703030059288983a38fe43b6c0b28c9559df65d77f0ad9a4099487ea9a750debdcad8fb27c3f5611a45c94405adba48567e89d0ff604c2192eaafe13c1292b50b5d0e53c250a687ff04862d670715871479770df466480f319183b0cdf5
(14) Message-Authenticator = 0x00000000000000000000000000000000
(14) State = 0x6501da9e6b6ded03dd76d824d918a37a
(14) Finished request
Waking up in 4.9 seconds.
(15) Received Access-Request Id 15 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209
(15) Message-Authenticator = 0xa40374886e256fec561e9328c05e4109
(15) User-Name = "anonymous"
(15) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(15) Framed-MTU = 1400
(15) NAS-Port-Type = Wireless-802.11
(15) Service-Type = Framed-User
(15) Connect-Info = "CONNECT 11Mbps 802.11b"
(15) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(15) NAS-IP-Address = 192.168.4.20
(15) EAP-Message = 0x026c002d37011703030022c3e8e09ec8573228e3ba6b0bdebfd4f5e62ad0259b38077c11c3cbf850c31c9818b3
(15) State = 0x6501da9e6b6ded03dd76d824d918a37a
(15) Restoring &session-state
(15) &session-state:Framed-MTU = 974
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(15) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(15) &session-state:TLS-Session-Version = "TLS 1.2"
(15) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(15) authorize {
(15) policy filter_username {
(15) if (&User-Name) {
(15) if (&User-Name) -> TRUE
(15) if (&User-Name) {
(15) if (&User-Name =~ / /) {
(15) if (&User-Name =~ / /) -> FALSE
(15) if (&User-Name =~ /@[^@]*@/ ) {
(15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(15) if (&User-Name =~ /\.\./ ) {
(15) if (&User-Name =~ /\.\./ ) -> FALSE
(15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(15) if (&User-Name =~ /\.$/) {
(15) if (&User-Name =~ /\.$/) -> FALSE
(15) if (&User-Name =~ mailto:/@\./) {
(15) if (&User-Name =~ mailto:/@\./) -> FALSE
(15) } # if (&User-Name) = notfound
(15) } # policy filter_username = notfound
(15) [preprocess] = ok
(15) [chap] = noop
(15) [mschap] = noop
(15) [digest] = noop
(15) suffix: Checking for suffix after "@"
(15) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(15) suffix: No such realm "NULL"
(15) [suffix] = noop
(15) eap: Peer sent EAP Response (code 2) ID 108 length 45
(15) eap: Continuing tunnel setup
(15) [eap] = ok
(15) } # authorize = ok
(15) Found Auth-Type = eap
(15) # Executing group from file /etc/freeradius/sites-enabled/default
(15) authenticate {
(15) eap: Removing EAP session with state 0x6501da9e6b6ded03
(15) eap: Previous EAP request found for state 0x6501da9e6b6ded03, released from the list
(15) eap: Peer sent packet with method EAP TEAP (55)
(15) eap: Calling submodule eap_teap to process data
(15) eap_teap: Authenticate
(15) eap_teap: (TLS) EAP Done initial handshake
(15) eap_teap: Session established. Proceeding to decode tunneled attributes
(15) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(15) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026c00060d00
(15) eap_teap: Phase 2: Got tunneled request
(15) eap_teap: EAP-Message = 0x026c00060d00
(15) eap_teap: Phase 2: Authentication
(15) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(15) Virtual server inner-tunnel received request
(15) EAP-Message = 0x026c00060d00
(15) FreeRADIUS-Proxied-To = 127.0.0.1
(15) User-Name = mailto:user at example.org
(15) State = 0x83bbfe7084d7f355f9cbfc53fdd80b9e
(15) server inner-tunnel {
(15) Restoring &session-state
(15) &session-state:Framed-MTU = 911
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Certificate"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Finished"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 ChangeCipherSpec"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Finished"
(15) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(15) &session-state:TLS-Session-Version = "TLS 1.2"
(15) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(15) authorize {
(15) policy filter_username {
(15) if (&User-Name) {
(15) if (&User-Name) -> TRUE
(15) if (&User-Name) {
(15) if (&User-Name =~ / /) {
(15) if (&User-Name =~ / /) -> FALSE
(15) if (&User-Name =~ /@[^@]*@/ ) {
(15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(15) if (&User-Name =~ /\.\./ ) {
(15) if (&User-Name =~ /\.\./ ) -> FALSE
(15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(15) if (&User-Name =~ /\.$/) {
(15) if (&User-Name =~ /\.$/) -> FALSE
(15) if (&User-Name =~ mailto:/@\./) {
(15) if (&User-Name =~ mailto:/@\./) -> FALSE
(15) } # if (&User-Name) = notfound
(15) } # policy filter_username = notfound
(15) [chap] = noop
(15) [mschap] = noop
(15) suffix: Checking for suffix after "@"
(15) suffix: Looking up realm "example.org" for User-Name = mailto:user at example.org
(15) suffix: No such realm "example.org"
(15) [suffix] = noop
(15) update control {
(15) &Proxy-To-Realm := LOCAL
(15) } # update control = noop
(15) eap: Peer sent EAP Response (code 2) ID 108 length 6
(15) eap: No EAP Start, assuming it's an on-going EAP conversation
(15) [eap] = updated
(15) [files] = noop
(15) [expiration] = noop
(15) [logintime] = noop
(15) [pap] = noop
(15) } # authorize = updated
(15) Found Auth-Type = eap
(15) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(15) authenticate {
(15) eap: Removing EAP session with state 0x83bbfe7084d7f355
(15) eap: Previous EAP request found for state 0x83bbfe7084d7f355, released from the list
(15) eap: Peer sent packet with method EAP TLS (13)
(15) eap: Calling submodule eap_tls to process data
(15) eap_tls: (TLS) Peer ACKed our handshake fragment. handshake is finished
(15) eap: Sending EAP Success (code 3) ID 108 length 4
(15) eap: Freeing handler
(15) [eap] = ok
(15) } # authenticate = ok
(15) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
(15) post-auth {
(15) if (0) {
(15) if (0) -> FALSE
(15) } # post-auth = noop
(15) } # server inner-tunnel
(15) Virtual server sending reply
(15) MS-MPPE-Recv-Key = 0xab1734be08884816a508c6f44b0c058c010d7dda183e4229f47c2e309e815db7
(15) MS-MPPE-Send-Key = 0x3159245319546b368ede956416028f60f9d76da1ae58b8326650d9bae3485d0e
(15) EAP-MSK = 0xab1734be08884816a508c6f44b0c058c010d7dda183e4229f47c2e309e815db73159245319546b368ede956416028f60f9d76da1ae58b8326650d9bae3485d0e
(15) EAP-EMSK = 0x457028b49ae6c786baac050a6809b14781896214d356eaba00d8c0394b81b484f128973365a45fa304ae62b5432b8b67b3a09e74bec7f9c360ae80d4b73fce8d
(15) EAP-Session-Id = 0x0da18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28ba214b95cbecbeb54093ec803db277546647a37d1b61584271afd9461326b213
(15) EAP-Message = 0x036c0004
(15) Message-Authenticator = 0x00000000000000000000000000000000
(15) User-Name = mailto:user at example.org
(15) eap_teap: Phase 2: Stage Authentication
(15) eap_teap: Phase 2: Got tunneled Access-Accept
(15) eap_teap: Phase 2: Intermediate-Result = Success
(15) eap_teap: Phase 2: Sending Cryptobinding
(15) eap_teap: Phase 2: Calculating ICMK for round (j = 1)
(15) eap_teap: Phase 2: All inner authentications have succeeded
(15) eap_teap: Phase 2: Result = Success
(15) eap: Sending EAP Request (code 1) ID 109 length 127
(15) eap: EAP session adding &reply:State = 0x6501da9e6a6ced03
(15) [eap] = handled
(15) } # authenticate = handled
(15) Using Post-Auth-Type Challenge
(15) # Executing group from file /etc/freeradius/sites-enabled/default
(15) Challenge { ... } # empty sub-section is ignored
(15) session-state: Saving cached attributes
(15) Framed-MTU = 974
(15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(15) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(15) TLS-Session-Version = "TLS 1.2"
(15) Sent Access-Challenge Id 15 from 192.168.4.151:1812 to 192.168.4.151:48174 length 185
(15) EAP-Message = 0x016d007f37011703030074288983a38fe43b6db4f6b522f0efe64022ddb91fda06f70c560b3ae9c0cc272dc4248c2a1a071cb7ec6cde1b5b0a509cd05c2e7aaa7026d0b6634ed9574ee1d144e163c0f9a01474d48c94c86591752dcb0d4c8213997f31ea238f4c069ef531579e70f435d4b89e99c28626b4dcbcc31992492b
(15) Message-Authenticator = 0x00000000000000000000000000000000
(15) State = 0x6501da9e6a6ced03dd76d824d918a37a
(15) Finished request
Waking up in 4.9 seconds.
(16) Received Access-Request Id 16 from 192.168.4.151:48174 to 192.168.4.151:1812 length 291
(16) Message-Authenticator = 0xd7189876b0b6015b5824181f72f99123
(16) User-Name = "anonymous"
(16) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(16) Framed-MTU = 1400
(16) NAS-Port-Type = Wireless-802.11
(16) Service-Type = Framed-User
(16) Connect-Info = "CONNECT 11Mbps 802.11b"
(16) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(16) NAS-IP-Address = 192.168.4.20
(16) EAP-Message = 0x026d007f37011703030074c3e8e09ec857322934547269863913f691df2d96857220aed084f6f6009911df2e6f55df705d83e3f1938831bd3fe40eef1054ea9be393d4032379fb937ed297379ee7d2e4493d41d9ec9829c1bc82ee4c41f810c836f96fa9edeea2b046c639fda3d3f328a93294cd3195fb9dd3865b21b8bd1e
(16) State = 0x6501da9e6a6ced03dd76d824d918a37a
(16) Restoring &session-state
(16) &session-state:Framed-MTU = 974
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(16) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(16) &session-state:TLS-Session-Version = "TLS 1.2"
(16) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(16) authorize {
(16) policy filter_username {
(16) if (&User-Name) {
(16) if (&User-Name) -> TRUE
(16) if (&User-Name) {
(16) if (&User-Name =~ / /) {
(16) if (&User-Name =~ / /) -> FALSE
(16) if (&User-Name =~ /@[^@]*@/ ) {
(16) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(16) if (&User-Name =~ /\.\./ ) {
(16) if (&User-Name =~ /\.\./ ) -> FALSE
(16) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(16) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(16) if (&User-Name =~ /\.$/) {
(16) if (&User-Name =~ /\.$/) -> FALSE
(16) if (&User-Name =~ mailto:/@\./) {
(16) if (&User-Name =~ mailto:/@\./) -> FALSE
(16) } # if (&User-Name) = notfound
(16) } # policy filter_username = notfound
(16) [preprocess] = ok
(16) [chap] = noop
(16) [mschap] = noop
(16) [digest] = noop
(16) suffix: Checking for suffix after "@"
(16) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(16) suffix: No such realm "NULL"
(16) [suffix] = noop
(16) eap: Peer sent EAP Response (code 2) ID 109 length 127
(16) eap: Continuing tunnel setup
(16) [eap] = ok
(16) } # authorize = ok
(16) Found Auth-Type = eap
(16) # Executing group from file /etc/freeradius/sites-enabled/default
(16) authenticate {
(16) eap: Removing EAP session with state 0x6501da9e6a6ced03
(16) eap: Previous EAP request found for state 0x6501da9e6a6ced03, released from the list
(16) eap: Peer sent packet with method EAP TEAP (55)
(16) eap: Calling submodule eap_teap to process data
(16) eap_teap: Authenticate
(16) eap_teap: (TLS) EAP Done initial handshake
(16) eap_teap: Session established. Proceeding to decode tunneled attributes
(16) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(16) eap_teap: FreeRADIUS-EAP-TEAP-Intermediate-Result = Success
(16) eap_teap: FreeRADIUS-EAP-TEAP-Result = Success
(16) eap_teap: FreeRADIUS-EAP-TEAP-Crypto-Binding = 0x0001013102d60ab4c0b469590ebcb606ba04c14498e8384e848fd102f93e03c5da855d2ddd71031af74465d8ba7c029d747f50f30daed36d3c70056f802f8a7f78742b4164a8e857d44f35cf
(16) eap: Sending EAP Success (code 3) ID 109 length 4
(16) eap: Freeing handler
(16) [eap] = ok
(16) } # authenticate = ok
(16) # Executing section post-auth from file /etc/freeradius/sites-enabled/default
(16) post-auth {
(16) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
(16) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE
(16) update {
(16) &reply::Framed-MTU += &session-state:Framed-MTU[*] -> 974
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerHello'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, Certificate'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.2 Handshake, Finished'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 ChangeCipherSpec'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, Finished'
(16) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES256-GCM-SHA384'
(16) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2'
(16) } # update = noop
(16) [exec] = noop
(16) policy remove_reply_message_if_eap {
(16) if (&reply:EAP-Message && &reply:Reply-Message) {
(16) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(16) else {
(16) [noop] = noop
(16) } # else = noop
(16) } # policy remove_reply_message_if_eap = noop
(16) if (EAP-Key-Name && &reply:EAP-Session-Id) {
(16) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE
(16) } # post-auth = noop
(16) Sent Access-Accept Id 16 from 192.168.4.151:1812 to 192.168.4.151:48174 length 177
(16) MS-MPPE-Recv-Key = 0xee59aa95cffe96ce43dec130a01484acdd7222baa3cd822bf0eb9da56be2e489
(16) MS-MPPE-Send-Key = 0x8e09c39543cbd159100a92a24f70edfe6d089fb9ce28d459539fe48fc1c9f427
(16) EAP-Message = 0x036d0004
(16) Message-Authenticator = 0x00000000000000000000000000000000
(16) User-Name = "anonymous"
(16) Framed-MTU += 974
(16) Finished request
Waking up in 4.9 seconds.
------------------------------------------------------------------------------------------------------------------
Here is the log of TEAP TLS from eapol_test:
root at debian-freeradius:~/wpa_supplicant-2.11# /usr/local/bin/eapol_test -c teap_user.conf -s secret -a 192.168.4.151 -M de:ad:be:ef:42:42 -N 30:s:00:11:22:33:44:55:UConnect -N4:x:c0a80414
Reading configuration file 'teap_user.conf'
Line: 1 - start of a new network block
ssid - hexdump_ascii(len=8):
55 43 6f 6e 6e 65 63 74 UConnect
key_mgmt: 0x8
eap methods - hexdump(len=16): 00 00 00 00 37 00 00 00 00 00 00 00 00 00 00 00
phase1 - hexdump_ascii(len=66):
74 65 61 70 5f 63 6f 6d 70 61 74 3d 66 72 65 65 teap_compat=free
72 61 64 69 75 73 2c 74 6c 73 5f 64 69 73 61 62 radius,tls_disab
6c 65 5f 74 6c 73 76 31 5f 30 3d 31 2c 74 6c 73 le_tlsv1_0=1,tls
5f 64 69 73 61 62 6c 65 5f 74 6c 73 76 31 5f 31 _disable_tlsv1_1
3d 31 =1
pac_file - hexdump_ascii(len=0):
anonymous_identity - hexdump_ascii(len=9):
61 6e 6f 6e 79 6d 6f 75 73 anonymous
identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 mailto:user at example.org
phase2 - hexdump_ascii(len=11):
61 75 74 68 65 61 70 3d 54 4c 53 autheap=TLS
ca_cert - hexdump_ascii(len=28):
2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/
63 65 72 74 73 2f 63 61 2e 64 65 72 certs/ca.der
ca_cert2 - hexdump_ascii(len=28):
2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/
63 65 72 74 73 2f 63 61 2e 70 65 6d certs/ca.pem
client_cert2 - hexdump_ascii(len=32):
2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/
63 65 72 74 73 2f 63 6c 69 65 6e 74 2e 70 65 6d certs/client.pem
private_key2 - hexdump_ascii(len=32):
2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/
63 65 72 74 73 2f 63 6c 69 65 6e 74 2e 6b 65 79 certs/client.key
private_key2_passwd - hexdump_ascii(len=8):
77 68 61 74 65 76 65 72 whatever
Priority group 0
id=0 ssid='UConnect'
Authentication server 192.168.4.151:1812
RADIUS local address: 192.168.4.151:48174
ENGINE: Loading builtin engines
ENGINE: Loading builtin engines
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=93 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=9):
61 6e 6f 6e 79 6d 6f 75 73 anonymous
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=14)
TX EAP -> RADIUS - hexdump(len=14): 02 5d 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=9): 61 6e 6f 6e 79 6d 6f 75 73
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=160
Attribute 80 (Message-Authenticator) length=18
Value: c938b5ec4719f3cb4f38776ab8243bac
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=16
Value: 025d000e01616e6f6e796d6f7573
RADIUS: Send 160 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
Attribute 80 (Message-Authenticator) length=18
Value: 151cc4c4d2e9b64c942bf5233651ea0c
Attribute 79 (EAP-Message) length=24
Value: 015e001604103f9a6c780e20a2ce97b652c4f8ec438e
Attribute 24 (State) length=18
Value: 6501da9e655fde03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=94 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=94 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 37
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 5e 00 06 03 37
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=170
Attribute 80 (Message-Authenticator) length=18
Value: 29df9753dac0a17e614ec7d921f2799c
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=8
Value: 025e00060337
Attribute 24 (State) length=18
Value: 6501da9e655fde03dd76d824d918a37a
RADIUS: Send 170 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 76 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=76
Attribute 80 (Message-Authenticator) length=18
Value: 6a4862edf13113214f7faa287c25a6fb
Attribute 79 (EAP-Message) length=20
Value: 015f00123731000000080001000431323334
Attribute 24 (State) length=18
Value: 6501da9e645eed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=95 len=18) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=95 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=55
EAP: Status notification: accept proposed method (param=TEAP)
EAP: Initialize selected EAP method: vendor 0 method 55 (TEAP)
TLS: Phase2 EAP types - hexdump(len=96): 00 00 00 00 04 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 34 00 00 00
TLS: using phase1 config options
OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:05800088:x509 certificate routines::no certificate or crl found
OpenSSL: tls_connection_ca_cert - loaded DER format CA certificate
EAP-TEAP: No PAC file '' - assume no PAC entries have been provisioned
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 55 (TEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=18) - Flags 0x31
EAP-TEAP: Start (server ver=1, own ver=1)
EAP-TEAP: Using TEAP version 1
EAP-TEAP: Start message payload - hexdump(len=12): 00 00 00 08 00 01 00 04 31 32 33 34
EAP-TEAP: Start message Outer TLVs - hexdump(len=8): 00 01 00 04 31 32 33 34
EAP-TEAP: Outer TLV: Type=1 Length=4
EAP-TEAP: Authority-ID - hexdump(len=4): 31 32 33 34
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x301 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b7
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=183): 01 00 00 b3 03 03 b3 ad ab 7f c0 e5 48 26 60 e9 97 2d ac 89 63 21 38 d4 68 6b 47 b0 a0 0a 24 fe 95 f3 05 15 ed 93 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 52 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 188 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 188 bytes left to be sent out (of total 188 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f64c20
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 5f 00 c2 37 01 16 03 01 00 b7 01 00 00 b3 03 03 b3 ad ab 7f c0 e5 48 26 60 e9 97 2d ac 89 63 21 38 d4 68 6b 47 b0 a0 0a 24 fe 95 f3 05 15 ed 93 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 52 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=358
Attribute 80 (Message-Authenticator) length=18
Value: 2a6f6c950df89f514c76e62f7965e649
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=196
Value: 025f00c2370116030100b7010000b30303b3adab7fc0e5482660e9972dac89632138d4686b47b0a00a24fe95f30515ed93000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000052000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
Attribute 24 (State) length=18
Value: 6501da9e645eed03dd76d824d918a37a
RADIUS: Send 358 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1048 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1048
Attribute 80 (Message-Authenticator) length=18
Value: 7ab1c01749d761b76dc804248d8f7774
Attribute 79 (EAP-Message) length=255
Value: 016003d837c100000ac6160303003d0200003903038f2da11ae8e4a9d2008d944ffa08071b7500ca3a0f7d150cf6877a5d06b8bd4800c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c65204365
Attribute 79 (EAP-Message) length=255
Value: 72746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b3edbbc6f0df4851e5e65706c955eff059f9889c6ce15d1252c933f5b7d84ef3fb2de818eb6060710e8bdb
Attribute 79 (EAP-Message) length=255
Value: 39634e238087e88ad274b4b497a9d5924dc5ce01fd1cce8096231211e0359e8ccecb78cd362ea5e64d59c0188ce8e55ff97ebdc5846323e6acf86c45006a98b69c5749df3574e3395119dfd31d42693a253acfcfb8fa95f00c4ef6e35e04a3380c5cf0fdf10bc4124ca2cb763c913e9d3bbe295cdb4f04bf9cf458b644b13cf23301b14f7f1e7c613a2d13b98b44d45f188c568594ad5951c80372f010fdac6eca6f78c94df8d9012d51dafa1e87e6584046bdfb3ad923e4e98edede4e401ad2d9580ac73859d3193bada2b33f9f09e18cc761d38d0203010001a381aa3081a730130603551d25040c300a06082b0601050507030130360603551d1f04
Attribute 79 (EAP-Message) length=227
Value: 2f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c30180603551d200411300f300d060b2b0601040182be68010302301d0603551d0e04160414c0f613a262ad5ee53e77fada04299eb081b1802d301f0603551d23041830168014a68b8782fdf060ffecd2f37fe80fa76de241a352300d06092a864886f70d01010b050003820101002ae3260d8b01f1452de49cc0fb89eeab041571329b014eeb1461987ee823c2df88bb071075e42483679c72df85707c0837b10ed529cc9815ba6114b63fbe6605b8602b
Attribute 24 (State) length=18
Value: 6501da9e6761ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=96 len=984) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=96 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=984) - Flags 0xc1
SSL: TLS Message Length: 2758
SSL: Need 1784 bytes more input data
SSL: Building ACK (type=55 id=96 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f5d460
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 60 00 06 37 01
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=170
Attribute 80 (Message-Authenticator) length=18
Value: 903dc237de7c9b8695484a34ea240185
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=8
Value: 026000063701
Attribute 24 (State) length=18
Value: 6501da9e6761ed03dd76d824d918a37a
RADIUS: Send 170 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1044 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1044
Attribute 80 (Message-Authenticator) length=18
Value: c52d4c7279d4f4c2db0eff6d68ad7287
Attribute 79 (EAP-Message) length=255
Value: 016103d43741a332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b
Attribute 79 (EAP-Message) length=255
Value: 3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232385a170d3235303431333131323232385a308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e
Attribute 79 (EAP-Message) length=255
Value: 3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351
Attribute 79 (EAP-Message) length=223
Value: c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f534b6f411ac1e20e0a3a30b49bcc3fa51058903aab26d2380399a1fdfc9753961f8eff7fd23ac3b69a975599b30001e84c31b4245d2331c09109f5028cc5415a74fcfca10203010001a38201423082013e301d0603551d0e04160414a68b8782fdf060ffecd2f37fe80fa76de241a3523081d30603551d230481cb3081c88014a68b8782fdf060ffecd2f37fe80fa76de241a352a18199a48196308193310b3009060355040613024652310f300d0603550408
Attribute 24 (State) length=18
Value: 6501da9e6660ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=97 len=980) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=97 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=980) - Flags 0x41
SSL: Need 810 bytes more input data
SSL: Building ACK (type=55 id=97 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f5d460
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 61 00 06 37 01
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=170
Attribute 80 (Message-Authenticator) length=18
Value: 4d13af065dc545684c8ff755999fea16
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=8
Value: 026100063701
Attribute 24 (State) length=18
Value: 6501da9e6660ed03dd76d824d918a37a
RADIUS: Send 170 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 880 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=880
Attribute 80 (Message-Authenticator) length=18
Value: 85072cc92d6cad07db05b0626508de28
Attribute 79 (EAP-Message) length=255
Value: 0162033037010c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100b1fbfdd99b0946
Attribute 79 (EAP-Message) length=255
Value: e14a71a6cc445581bb32d6a317d4c99d466f16982e189d83025d9cad8425a759d7e745eded6eec71ab3ce454c4f767868117d8d328ac44f63bc8984dc7a2447d1f405b614363101942d640f17b4fbe4566fba6d0c31970a84b413e9d863f214640e61f93de5504f2ed558348c54bb93828b44a14d4404b63ec9602566afd3cb791365eb9572cf69b14da2d40eda3d7d9c697942b70e886be0d967b1a8f88826535f2c6e56c3624ff7c3db9cfd65b3bcc628a0013a29d8af217af8b9966fa2dd828ebd4177ecdb6f2cd3dbb21e6c9337cdcb02885c58e46b4a16599640ca4504673701127b09e5d89aa1cecf087be1a5043d2498049a99aee1d16030301
Attribute 79 (EAP-Message) length=255
Value: 2c0c00012803001d202f3af9a5771ab2bab98cc5db3f6d9efdf4479fd3e35e9f42c9157459dfc9631d08040100060459f7b8432201b9d32f9a924a2192588715e3d4a716ffa75415c7a518025bf0143bbb03d7445421fafd08c2ad9b49c9c835f1dc7b04ef1d79814af7c6ff10f4e328b4ba9989c8ab738a6195d4ad898c078db5d10759b51749e8d7ea5b3d4ba8f394320c74bdfb713fd502cba50f356b2b5b6944ec630b0702332802bd74194a8025f2d459622393c8efe01e7c467b723ebfea4ed3a5c054361845eb51bf745eac97b8c8a689a969569ec92a6987b89e6a25c94ba8c9c711041fef2ce8e41e3b85bbece56a92f846c6672afb7e91ca
Attribute 79 (EAP-Message) length=59
Value: c21c0858279dc926b171dfd9346344a34ba081a860542b4ee433e676643ed2a94b82478d68d92929c31d4fe34e148edb16030300040e000000
Attribute 24 (State) length=18
Value: 6501da9e6163ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=98 len=816) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=98 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=816) - Flags 0x01
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 3d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=61): 02 00 00 39 03 03 8f 2d a1 1a e8 e4 a9 d2 00 8d 94 4f fa 08 07 1b 75 00 ca 3a 0f 7d 15 0c f6 87 7a 5d 06 b8 bd 48 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 09 45
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2373): 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d
OpenSSL: Peer certificate - depth 1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:c1:09:2a:b9:3c:84:ca:f4:a4:ce:be:5f:fd:49:c0:91:f0:25:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin at example.org, CN=Example Certificate Authority
Validity
Not Before: Feb 12 11:22:28 2025 GMT
Not After : Apr 13 11:22:28 2025 GMT
Subject: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin at example.org, CN=Example Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:12:9d:8a:d9:2c:9f:b1:d3:2e:68:1a:41:e4:
2e:27:39:37:16:95:69:93:8c:27:a6:84:3a:e9:d4:
86:28:69:a4:70:c1:5e:b0:91:b8:9c:bb:c6:1b:01:
3a:0f:a3:98:06:a6:c8:b7:d3:3e:89:68:c2:01:63:
29:be:59:cc:b4:fb:74:20:4f:4e:6d:02:45:c7:3d:
36:9e:7c:59:69:20:fe:10:98:52:42:a2:71:a5:ca:
e5:0e:f7:76:94:be:f9:c1:f5:ef:00:37:a3:70:81:
6e:13:f9:ce:6e:a2:98:ab:f3:de:cb:66:69:15:8f:
19:72:5b:ff:4f:52:30:7d:91:4b:ed:fc:40:86:56:
28:f6:60:ad:80:55:65:0a:b0:9c:93:51:c4:c7:25:
96:43:0d:ed:0a:88:83:87:64:26:b4:f7:f5:61:5b:
f2:d4:a4:f4:3d:d0:1f:a4:3d:3f:4e:53:21:c2:06:
24:88:ef:05:b2:f6:1e:2a:4f:53:4b:6f:41:1a:c1:
e2:0e:0a:3a:30:b4:9b:cc:3f:a5:10:58:90:3a:ab:
26:d2:38:03:99:a1:fd:fc:97:53:96:1f:8e:ff:7f:
d2:3a:c3:b6:9a:97:55:99:b3:00:01:e8:4c:31:b4:
24:5d:23:31:c0:91:09:f5:02:8c:c5:41:5a:74:fc:
fc:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
X509v3 Authority Key Identifier:
keyid:A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
DirName:/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority
serial:07:C1:09:2A:B9:3C:84:CA:F4:A4:CE:BE:5F:FD:49:C0:91:F0:25:B2
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.org/example_ca.crl
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
b1:fb:fd:d9:9b:09:46:e1:4a:71:a6:cc:44:55:81:bb:32:d6:
a3:17:d4:c9:9d:46:6f:16:98:2e:18:9d:83:02:5d:9c:ad:84:
25:a7:59:d7:e7:45:ed:ed:6e:ec:71:ab:3c:e4:54:c4:f7:67:
86:81:17:d8:d3:28:ac:44:f6:3b:c8:98:4d:c7:a2:44:7d:1f:
40:5b:61:43:63:10:19:42:d6:40:f1:7b:4f:be:45:66:fb:a6:
d0:c3:19:70:a8:4b:41:3e:9d:86:3f:21:46:40:e6:1f:93:de:
55:04:f2:ed:55:83:48:c5:4b:b9:38:28:b4:4a:14:d4:40:4b:
63:ec:96:02:56:6a:fd:3c:b7:91:36:5e:b9:57:2c:f6:9b:14:
da:2d:40:ed:a3:d7:d9:c6:97:94:2b:70:e8:86:be:0d:96:7b:
1a:8f:88:82:65:35:f2:c6:e5:6c:36:24:ff:7c:3d:b9:cf:d6:
5b:3b:cc:62:8a:00:13:a2:9d:8a:f2:17:af:8b:99:66:fa:2d:
d8:28:eb:d4:17:7e:cd:b6:f2:cd:3d:bb:21:e6:c9:33:7c:dc:
b0:28:85:c5:8e:46:b4:a1:65:99:64:0c:a4:50:46:73:70:11:
27:b0:9e:5d:89:aa:1c:ec:f0:87:be:1a:50:43:d2:49:80:49:
a9:9a:ee:1d
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority' hash=7808349207dba06be1fc23faa6a240c97900fd8a2c3d84118f10270e470f56b7
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority'
OpenSSL: Peer certificate - depth 0
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin at example.org, CN=Example Certificate Authority
Validity
Not Before: Feb 12 11:22:29 2025 GMT
Not After : Apr 13 11:22:29 2025 GMT
Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server mailto:Certificate/emailAddress=admin at example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b3:ed:bb:c6:f0:df:48:51:e5:e6:57:06:c9:55:
ef:f0:59:f9:88:9c:6c:e1:5d:12:52:c9:33:f5:b7:
d8:4e:f3:fb:2d:e8:18:eb:60:60:71:0e:8b:db:39:
63:4e:23:80:87:e8:8a:d2:74:b4:b4:97:a9:d5:92:
4d:c5:ce:01:fd:1c:ce:80:96:23:12:11:e0:35:9e:
8c:ce:cb:78:cd:36:2e:a5:e6:4d:59:c0:18:8c:e8:
e5:5f:f9:7e:bd:c5:84:63:23:e6:ac:f8:6c:45:00:
6a:98:b6:9c:57:49:df:35:74:e3:39:51:19:df:d3:
1d:42:69:3a:25:3a:cf:cf:b8:fa:95:f0:0c:4e:f6:
e3:5e:04:a3:38:0c:5c:f0:fd:f1:0b:c4:12:4c:a2:
cb:76:3c:91:3e:9d:3b:be:29:5c:db:4f:04:bf:9c:
f4:58:b6:44:b1:3c:f2:33:01:b1:4f:7f:1e:7c:61:
3a:2d:13:b9:8b:44:d4:5f:18:8c:56:85:94:ad:59:
51:c8:03:72:f0:10:fd:ac:6e:ca:6f:78:c9:4d:f8:
d9:01:2d:51:da:fa:1e:87:e6:58:40:46:bd:fb:3a:
d9:23:e4:e9:8e:de:de:4e:40:1a:d2:d9:58:0a:c7:
38:59:d3:19:3b:ad:a2:b3:3f:9f:09:e1:8c:c7:61:
d3:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.com/example_ca.crl
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.40808.1.3.2
X509v3 Subject Key Identifier:
C0:F6:13:A2:62:AD:5E:E5:3E:77:FA:DA:04:29:9E:B0:81:B1:80:2D
X509v3 Authority Key Identifier:
A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2a:e3:26:0d:8b:01:f1:45:2d:e4:9c:c0:fb:89:ee:ab:04:15:
71:32:9b:01:4e:eb:14:61:98:7e:e8:23:c2:df:88:bb:07:10:
75:e4:24:83:67:9c:72:df:85:70:7c:08:37:b1:0e:d5:29:cc:
98:15:ba:61:14:b6:3f:be:66:05:b8:60:2b:a3:32:fe:46:5d:
6c:a3:da:54:ce:41:06:65:61:70:71:3c:77:fb:30:13:d0:1c:
33:74:cb:86:ed:0c:b6:86:ab:87:81:36:ac:fe:cf:9f:6f:b2:
e0:76:cf:99:13:0f:df:b3:9e:ae:d1:e8:53:67:56:d0:95:72:
88:b8:29:ae:7b:44:66:18:fb:de:d5:40:de:38:5d:7a:53:00:
18:b7:53:7d:8d:4a:80:cb:c5:e7:67:48:75:2b:d1:e7:9e:8c:
fb:7c:7f:18:57:cf:32:78:dc:f3:f8:a5:3e:a4:9f:08:81:23:
c3:ec:71:1a:28:2e:e0:ab:37:b8:da:0d:b4:a8:3e:ec:4d:fc:
27:8f:ad:71:aa:ed:06:1a:0e:b0:e2:27:51:d1:be:58:72:07:
e3:22:a6:10:e5:d8:8a:7b:a0:b2:1c:b3:72:06:ad:d1:3e:48:
e4:87:a9:56:dd:65:dd:b4:e2:bd:9d:8a:d6:a8:0b:11:7a:14:
3e:12:46:3e
OpenSSL: Certificate Policy 1.3.6.1.4.1.40808.1.3.2
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin at example.org' hash=d90d58ad04e655b4e1aff7e32069fe5c3d0c3edd4f35e2092274b5055097136a
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin at example.org'
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 2c
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=300): 0c 00 01 28 03 00 1d 20 2f 3a f9 a5 77 1a b2 ba b9 8c c5 db 3f 6d 9e fd f4 47 9f d3 e3 5e 9f 42 c9 15 74 59 df c9 63 1d 08 04 01 00 06 04 59 f7 b8 43 22 01 b9 d3 2f 9a 92 4a 21 92 58 87 15 e3 d4 a7 16 ff a7 54 15 c7 a5 18 02 5b f0 14 3b bb 03 d7 44 54 21 fa fd 08 c2 ad 9b 49 c9 c8 35 f1 dc 7b 04 ef 1d 79 81 4a f7 c6 ff 10 f4 e3 28 b4 ba 99 89 c8 ab 73 8a 61 95 d4 ad 89 8c 07 8d b5 d1 07 59 b5 17 49 e8 d7 ea 5b 3d 4b a8 f3 94 32 0c 74 bd fb 71 3f d5 02 cb a5 0f 35 6b 2b 5b 69 44 ec 63 0b 07 02 33 28 02 bd 74 19 4a 80 25 f2 d4 59 62 23 93 c8 ef e0 1e 7c 46 7b 72 3e bf ea 4e d3 a5 c0 54 36 18 45 eb 51 bf 74 5e ac 97 b8 c8 a6 89 a9 69 56 9e c9 2a 69 87 b8 9e 6a 25 c9 4b a8 c9 c7 11 04 1f ef 2c e8 e4 1e 3b 85 bb ec e5 6a 92 f8 46 c6 67 2a fb 7e 91 ca c2 1c 08 58 27 9d c9 26 b1 71 df d9 34 63 44 a3 4b a0 81 a8 60 54 2b 4e e4 33 e6 76 64 3e d2 a9 4b 82 47 8d 68 d9 29 29 c3 1d 4f e3 4e 14 8e db
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 25
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=37): 10 00 00 21 20 3f db 36 c4 2c 17 8b 84 fb 58 db c2 73 b1 66 92 2e 8e 5f 78 96 6a 11 0c 08 67 14 4c 60 05 4f 7d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 6f bf 86 34 6f 24 32 54 81 16 df a7
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 93 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 93 bytes left to be sent out (of total 93 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f999e0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=99)
TX EAP -> RADIUS - hexdump(len=99): 02 62 00 63 37 01 16 03 03 00 25 10 00 00 21 20 3f db 36 c4 2c 17 8b 84 fb 58 db c2 73 b1 66 92 2e 8e 5f 78 96 6a 11 0c 08 67 14 4c 60 05 4f 7d 14 03 03 00 01 01 16 03 03 00 28 c3 e8 e0 9e c8 57 32 1f 4d ac fd f4 ad e4 ab 6e 51 f3 2c d7 df 5e 53 43 ab 24 76 c1 38 ce d4 51 8b bc a5 91 da 91 32 16
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=263
Attribute 80 (Message-Authenticator) length=18
Value: ac942cbe3238ab49d9798f0793b2bf92
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=101
Value: 026200633701160303002510000021203fdb36c42c178b84fb58dbc273b166922e8e5f78966a110c0867144c60054f7d1403030001011603030028c3e8e09ec857321f4dacfdf4ade4ab6e51f32cd7df5e5343ab2476c138ced4518bbca591da913216
Attribute 24 (State) length=18
Value: 6501da9e6163ed03dd76d824d918a37a
RADIUS: Send 263 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 115 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=115
Attribute 80 (Message-Authenticator) length=18
Value: 9ca1e640bda17e98b6ec87662235aa43
Attribute 79 (EAP-Message) length=59
Value: 0163003937011403030001011603030028288983a38fe43b638f42770f5543607f0558b5ec34693ea104c35ec383476e8483bd43497710874d
Attribute 24 (State) length=18
Value: 6501da9e6062ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=99 len=57) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=99 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=57) - Flags 0x01
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c c0 41 9f fe 54 fe 17 d3 7e 6b ab e4
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1.2
SSL: No data to be sent out
EAP-TEAP: TLS done, proceed to Phase 2
EAP-TEAP: TLS cipher suite 0xc030
EAP-TEAP: session_key_seed (S-IMCK[0]) - hexdump(len=40): be 01 98 da 56 38 7c 95 5f 03 2f a4 4a 06 47 15 80 64 8e d7 38 ef 8f fc f3 0c fa c8 73 4a 37 2a 9d ec 4b d8 89 d3 1f ff
SSL: Building ACK (type=55 id=99 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f952b0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 63 00 06 37 01
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=170
Attribute 80 (Message-Authenticator) length=18
Value: 6043b27893fa00ef96c925d17ad0af71
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=8
Value: 026300063701
Attribute 24 (State) length=18
Value: 6501da9e6062ed03dd76d824d918a37a
RADIUS: Send 170 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 108 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=108
Attribute 80 (Message-Authenticator) length=18
Value: f5c228a213b5a4bfdbf1384a68b6c04e
Attribute 79 (EAP-Message) length=52
Value: 0164003237011703030027288983a38fe43b64a59087aba7cf508c7e0a35e94014fc7224e15fb13dbf6c1b14d1cf07d454d7
Attribute 24 (State) length=18
Value: 6501da9e6365ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=100 len=50) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=100 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=50) - Flags 0x01
EAP-TEAP: Received 44 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 27
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=15): 00 02 00 02 00 01 80 09 00 05 01 64 00 05 01
EAP-TEAP: Received Phase 2: TLV type 2 (Identity-Type) length 2
EAP-TEAP: Identity-Type: 1
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 5 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=5): 01 64 00 05 01
TLS: Phase2 EAP types - hexdump(len=96): 00 00 00 00 04 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 34 00 00 00
EAP-TEAP: Phase 2 Request: type=0:1
EAP: using real identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 mailto:user at example.org
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Add Identity-Type TLV(Identity-Type=1)
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=31): 80 09 00 15 02 64 00 15 01 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 00 02 00 02 00 01
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 37
SSL: 60 bytes left to be sent out (of total 60 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f81b50
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=66)
TX EAP -> RADIUS - hexdump(len=66): 02 64 00 42 37 01 17 03 03 00 37 c3 e8 e0 9e c8 57 32 20 2b 5a ef 90 ad 91 c4 37 06 69 6a a3 b3 d9 f4 43 f8 8d 51 52 e8 89 06 a5 31 d5 2f 11 c5 08 89 17 08 31 31 b5 26 35 4f 25 a3 33 b3 8a f1 4f 4b
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=230
Attribute 80 (Message-Authenticator) length=18
Value: f411907430aea9ad5d123ca2c73ab728
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=68
Value: 0264004237011703030037c3e8e09ec85732202b5aef90ad91c43706696aa3b3d9f443f88d5152e88906a531d52f11c5088917083131b526354f25a333b38af14f4b
Attribute 24 (State) length=18
Value: 6501da9e6365ed03dd76d824d918a37a
RADIUS: Send 230 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 103 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=103
Attribute 80 (Message-Authenticator) length=18
Value: dacf01aecca7fb8a1420fe71994dde06
Attribute 79 (EAP-Message) length=47
Value: 0165002d37011703030022288983a38fe43b655c66480b9f0b485d46c7fb024fa8c21d117c66f781d04cdb8fda
Attribute 24 (State) length=18
Value: 6501da9e6264ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=101 len=45) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=101 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=45) - Flags 0x01
EAP-TEAP: Received 39 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 65 00 06 0d 20
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 65 00 06 0d 20
EAP-TEAP: Phase 2 Request: type=0:13
EAP-TEAP: Selected Phase 2 EAP vendor 0 method 13
TLS: using phase2 config options
TLS: Trusted root certificate(s) loaded
OpenSSL: SSL_use_certificate_chain_file --> OK
OpenSSL: tls_use_private_key_file (PEM) --> loaded
SSL: Private key loaded successfully
SSL: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x301 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=194): 80 09 00 be 02 65 00 be 0d 00 16 03 01 00 b3 01 00 00 af 03 03 a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 da
SSL: 223 bytes left to be sent out (of total 223 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f9c890
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=229)
TX EAP -> RADIUS - hexdump(len=229): 02 65 00 e5 37 01 17 03 03 00 da c3 e8 e0 9e c8 57 32 21 ff 5f 3d 27 56 32 2e a0 6f b9 1d 2a 1b 72 e6 48 b5 4b f4 2d 9d 15 80 e0 6a 25 7a 30 e1 72 b5 42 28 a4 31 23 1b be ea 32 e5 76 84 e7 05 f8 79 f8 73 48 0e 40 5c 3a 12 65 86 7b 5f 5b 32 db 50 e7 d5 51 71 6a 63 70 5c 1f bc 18 c7 22 51 65 9d 21 10 59 c8 e4 ad eb 75 28 1f 39 eb 76 3a 99 e4 ba 41 7b 1e aa 8f 55 bc da 98 72 03 eb 5b 43 e5 02 95 69 b8 b9 4b 9e 78 52 3c db f8 13 16 a2 d0 6f cd 5b e7 65 9b ec d9 09 cb fa d2 47 09 0b fb 8e 46 df b9 c9 f8 b3 12 38 13 ed ba ae 2d cd 83 50 80 12 23 5b 1b 46 fb 70 36 23 39 6b f1 c7 fd 1a 79 48 aa 5a 8b cb ee 89 a4 e0 ce 65 89 12 72 64 bc 80 3f 38 fd 12 94 bb 7e fc a5 de 74 da c5 b6 59 10
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=393
Attribute 80 (Message-Authenticator) length=18
Value: e493082daabdc7c517d0a060a4f96aa0
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=231
Value: 026500e5370117030300dac3e8e09ec8573221ff5f3d2756322ea06fb91d2a1b72e648b54bf42d9d1580e06a257a30e172b54228a431231bbeea32e57684e705f879f873480e405c3a1265867b5f5b32db50e7d551716a63705c1fbc18c72251659d211059c8e4adeb75281f39eb763a99e4ba417b1eaa8f55bcda987203eb5b43e5029569b8b94b9e78523cdbf81316a2d06fcd5be7659becd909cbfad247090bfb8e46dfb9c9f8b3123813edbaae2dcd83508012235b1b46fb703623396bf1c7fd1a7948aa5a8bcbee89a4e0ce6589127264bc803f38fd1294bb7efca5de74dac5b65910
Attribute 24 (State) length=18
Value: 6501da9e6264ed03dd76d824d918a37a
RADIUS: Send 393 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1020 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=8 length=1020
Attribute 80 (Message-Authenticator) length=18
Value: b2165d524c3c26ce1315cdcc36ed639a
Attribute 79 (EAP-Message) length=255
Value: 016603bc370117030303b1288983a38fe43b6691525344bcb7cf514e89621ce2b1b61b0f554412fde0bf91b4506e4585b5b4e84081284289e86d317e8c5d1033a6091e99aee31cfdd8b0c67e72f5a5e699016f419eb846770c281d5c4ec3795ef50d98d6cc455070c2715f68f6f256db9fac7b2638958a98a09998f66bc89e7e11eee57d1c848f941c7542c994abbce3ecaf5dbbc32b0c770f17043a887b9e1510a8254002334f321aa3f1a61a0aa0da5896f44cd206c03a7fca26e79b602259f94e52b45cb06fc1cef7b42a577c120f847f2f1f14bab6a3144d75a82f8a62e40d8b9936b8fa22826fd0ae751363100ab7235b6bed0d109d9f1e72add3
Attribute 79 (EAP-Message) length=255
Value: ae167a94d8375a683beed2962ef11a3d6fa9fe0424a67e9d5a815274699a65ff686c73d22af88575da413514cd68bf49da39c61bc8a74b5022f92bf406ed62fe687413efbd7baf39600cb60ecdd2704b7e7bce64b2ef25c65eeb62ca089e8542b530da1879104d9949aa87afd30f7e56678ead260b498d6a62b8100ec74e43e5de0b3caafe6a8eb22251089d2727bf70ae442ff47067ba08d99191c566cf1067ec9e5ed0bd82931794b58a98e953d2ee36795e9bbe4f030fc1534669054510d060a5f5ec7ca7adfcaa94b68f82fa82e7447f7d384acb93b0b03ca8d178b1741937dd125e9273222f98a21e75bb05df6f018f92d6387624197a9257b0ea
Attribute 79 (EAP-Message) length=255
Value: ff7e5b8a665dcb13dc1717b00ba7fc9dd6a948f9b2400896c622efbc798547e52537df38601441ece59cfd7d186591c7d0fc89fd0a2e288b905692d72731bd7933ad933fd7ba5ade01eb4b528246135832bb8a1146d3d511016b1d61e387534197d92c4ed536d649800263602edeb6e79e48e5bd0c19ab11fb9fbb78846de1e50407f5f310fd3ef4dfc7550fd9aa070b1d601ff197eee4a2c0ce80ce0895a00347a6d4ff5a03677029e3a8f931501f91c517d3a061611d9c6c4f3b9da57f04680acb3653bd132cbc047a609bf8322203e372b4be55aec4851aa1977cb01f0c442f5051bba67f7989340b124243e08b44216b8eba5e3f47bc349c01411e
Attribute 79 (EAP-Message) length=199
Value: 426259f595318b8b2bccd44458f39dc95f659d3b969793186305b44b4b7c332bc659c253b93b177c62db085a34db28a5b4ebdda793a5d077d5ff3e011fdc97681566e9aa6077d57d284943255bda653c55e6c5c488d14962beddcf42af2d317e922fa473fb73f67897bf4c7b2bc63ea48d6b553c68b786d2bfaa17d60f1a7942efaaa4f462d3305c3fb51289f3ab28be735ddfc560944df8b73d13d5a4cbd6845f0f9a534fa7f79aa4a926e722a68d12ed6330f3571f078cd3225ed3e0528df4cbdd5614ba
Attribute 24 (State) length=18
Value: 6501da9e6d67ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=102 len=956) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=102 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=956) - Flags 0x01
EAP-TEAP: Received 950 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 66 03 95 0d c0 00 00 0b 97 16 03 03 00 3d 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 09 45 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 66 03 95 0d c0 00 00 0b 97 16 03 03 00 3d 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 09 45 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=917) - Flags 0xc0
SSL: TLS Message Length: 2967
SSL: Need 2060 bytes more input data
SSL: Building ACK (type=13 id=102 ver=0)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 66 00 06 0d 00
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
SSL: 39 bytes left to be sent out (of total 39 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f707c0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=45)
TX EAP -> RADIUS - hexdump(len=45): 02 66 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 22 3b b2 5a 90 15 90 a0 6f 1c 4e a0 d7 34 74 ff 23 e8 e8 b4 3a 23 bd 4a 5d 2b 58
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=209
Attribute 80 (Message-Authenticator) length=18
Value: 341b277c653c83befd143024adf91a2e
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=47
Value: 0266002d37011703030022c3e8e09ec85732223bb25a901590a06f1c4ea0d73474ff23e8e8b43a23bd4a5d2b58
Attribute 24 (State) length=18
Value: 6501da9e6d67ed03dd76d824d918a37a
RADIUS: Send 209 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1020 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=9 length=1020
Attribute 80 (Message-Authenticator) length=18
Value: e733fb8a0afa0d6a714ffa250c31c0ab
Attribute 79 (EAP-Message) length=255
Value: 016703bc370117030303b1288983a38fe43b676f3510dd2f99d961a692c8b8ca1e61c671fd90ad8f09a71923d4d81d04fcf0cbce7ed698e4ee18d01deaf98aa08340130e516fee5db19942bcafae8e75c49f8579ad7b6ef0553990b2e09148b8b23f3eb85974afb400efa78c26c779f5e0bad11e31117cd9858bff84893b0bfbd2982eb4267b4602ce4bb46b8610dca107dacaed309b153ef8dc4925da3c81a09e1755cbac3e67be7eee4cbc2ed6142665bb204fceb4ef581e096e9f48370ca734dd13efe2d4ff098c3ca8c712f5053e103f96bda1ccc56bd0bfd859a2be9300049c0298b188805570ea13fabed97f9e6bddf401b6a484f936ddb70ce4
Attribute 79 (EAP-Message) length=255
Value: 8f9531d1444c52c4893bb262155f028261c7ab0e34602dbc93f13220134b4d6ecce22415f7d33204ee1dcfd2f1d098cc264436a0224963302f802ffdc4850a1a74e4b6aae277ddd4fe6b1eeb15355c99cb6c98dc07ed87e5d1874de5b9ab0fe2f716e26565a4bafd0b1fab8775213b45115448d2b3f11af1f5cb9e866301483eca43ae2cf3b0051ad5c778f9511e825f512842e976ff664e2f7f5b423c847670add812f91df6e6c2ae0646c86725bf2716bba3a34e4c9ed724c8686edae2be15b4b100fe2f0291dc9364522bc902ef3af80c43e6b69a75cd4f45a76a6fc64f66fa5e3f0ef85d17e08e3afc3e93159e72813e29892b00c1c5cd57cdd331
Attribute 79 (EAP-Message) length=255
Value: 4f90684bd9c12de8e039537351e1b6cb662ea886f79f1b09ec0106c9adb39b20358375d337c5e5161bf5a8aa56267bac207b329fa12e8e037917a1a739bdd2b54dcc971a7b2d12be647e33ecd400378199eed5bd8279c9a736b9fb14001f18a7e2296b6e04c78298b5254180f1efa0465302042ce2a3367819325228abd025a598137260863cfef6eec878180a586d87c7f1cd9869bcbe11f121fb9800d04923375f93c5609c70d08aecdb21e5849dbc16066b6da360d9c638c7e3591500e49dafe3bc6620f5d4d03f89c659969b6e9875c2e7d089d1894fa3a5b5093e845c8537f53df0d5e2bfb6bcdceb416442660756c142149a33886f80dea40332
Attribute 79 (EAP-Message) length=199
Value: b9a08392a2de0d8bec88530681b4ca41f66703002b3a14a9f83ae218f7dff8f5887ab109f744e213cf1b65d107f081003d429ac99dc318560ebd4ad82e4c117fdb09ca406672ebbb805d2772a9851cec1dec74c1702f378f85d0fc3aea568803811e44b8f1051a900876f922f3efe8630dfb9d5940ce0437dcd30402dd38515300c7285f8b2513d2086db9e0db03ec9a2303dfee90245092b3ee17d6a5a404951340e35793b2b347fc361236d9e21200b8806f34f2886e5a4b2e7a8a21374007405f2b5a1f
Attribute 24 (State) length=18
Value: 6501da9e6c66ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=103 len=956) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=103 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=956) - Flags 0x01
EAP-TEAP: Received 950 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 67 03 95 0d c0 00 00 0b 97 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 67 03 95 0d c0 00 00 0b 97 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=917) - Flags 0xc0
SSL: TLS Message Length: 2967
SSL: Need 1153 bytes more input data
SSL: Building ACK (type=13 id=103 ver=0)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 67 00 06 0d 00
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
SSL: 39 bytes left to be sent out (of total 39 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f70740
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=45)
TX EAP -> RADIUS - hexdump(len=45): 02 67 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 23 47 84 33 92 ec 55 5e d5 87 05 a8 c3 89 e3 c5 d5 92 fb c9 b0 b4 d6 fa db 35 a7
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=10 length=209
Attribute 80 (Message-Authenticator) length=18
Value: 9705583f9f8b83b90430dc98ef7e0c92
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=47
Value: 0267002d37011703030022c3e8e09ec857322347843392ec555ed58705a8c389e3c5d592fbc9b0b4d6fadb35a7
Attribute 24 (State) length=18
Value: 6501da9e6c66ed03dd76d824d918a37a
RADIUS: Send 209 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1020 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=10 length=1020
Attribute 80 (Message-Authenticator) length=18
Value: 9399598b3a5d8de6bcb4a3ba354acc90
Attribute 79 (EAP-Message) length=255
Value: 016803bc370117030303b1288983a38fe43b686cc3923e3b9fb14213934cdc23208df3166cfa3d840b7ee94440fe99eb8eceab7625a871abacba6a28fd8e7e87799d14a716bec497840dbb43b4bcab9e359083276d71eeb99e8bcef1312e2871a1ad8ec140406a944ef5e8e4709acab032451f35f81f8b71439a4bbf827a5c49abb23c1a50a2014c2e31e0e66817b57f9603eabaa8129e98623e6686047bd66bc06ca9c80dd3755afff566091b82131c793c30806df05578c97e97caf280333e5591705bb64ba14e61fc72ddf6b5bbcaf5172e4eaec22829dee1a95574cbdda828222828ffbfc223056ace415664c69afc576752ff611b297247084056
Attribute 79 (EAP-Message) length=255
Value: 0d85fc0439d6a7ca2c989d679134bababeb8e393731b7fbb38d8962d625fe6c00c66c600b8cc575f918e16b190d3683abab85d713055dfa833983cf81224b063a41ad248fe5d9f5f63ad89325ac6511e9b2443f929f4e1ffa773a8820d8fa7cfe99fe4d487a64504760d058fb2b1a3afe574ade7806aab2997e8f81a134b61a1ffad2565db10b366d0d4c44b50e4c6a61f9858c81d4714d3c9efc90ad5c5ef63bbb12e154742d19452bff0df88466a8b687632cfaab9bee5305b0caf3f8653e98a5c32fb10dfdc9f8899071380e310a943db607d4585d4d0e6e93e823eb468e380ca4e16e00cb49838440e38e94dcf380501bf24401a3ee1102297b3ac
Attribute 79 (EAP-Message) length=255
Value: d33fc98bc65fa73d39c2db7953f138488892d8d04fc9715221604dd0d771d5d68c1b9022e5b077a059454219a455b1e60cfd09db55f5702a63d2a59c9d1bc5b63705181454f834ef5d960a428de1947fb450c80f9b86838d3fe2d79efbc8ef48d6d50b954bce0786c4c3b5226791eb8c0a35d46930579610422b40554587224acff8a4f4acf20d0b5ec5708a836b4708d4e471ded18a2ce60826890c81a0fb6e34956feb1769ed91748614be2ef89d012acf9286e1093e94d807eca2ae33ff3bbe6c7bf155bc9dc735cfbfdabb5d8a57a8973e7d73612d86837634d76b2561fb0ed6a513dbfc8e6a8af12499b998e2acba1142b6cd3412c6403ada24df
Attribute 79 (EAP-Message) length=199
Value: 9b492cc0b760665b75b4a76840c3f274981a985096f053ce9b4ad0a2adf36b8e7eb4361c98f2ebedb74f605017456c906263b30992417850dac8f3d7eb7ed892a95c74e0d684b37e06bf57fa790f829099ef0857534f70f62cf8b69af0349a7e05c6bfd923a1d529a349703281e30e44c20da6a4395b7e9999338fd18668704a3465b0a30986853fc5f99e57b240eb5972cf7bab0406382e00fe38fd190076ad222aaa34567917f94383785e950186c975cb5f4d86891747a93cebbb8263e49f8406c16589
Attribute 24 (State) length=18
Value: 6501da9e6f69ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=104 len=956) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=104 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=956) - Flags 0x01
EAP-TEAP: Received 950 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 68 03 95 0d c0 00 00 0b 97 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 68 03 95 0d c0 00 00 0b 97 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=917) - Flags 0xc0
SSL: TLS Message Length: 2967
SSL: Need 246 bytes more input data
SSL: Building ACK (type=13 id=104 ver=0)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 68 00 06 0d 00
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
SSL: 39 bytes left to be sent out (of total 39 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f9b3e0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=45)
TX EAP -> RADIUS - hexdump(len=45): 02 68 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 24 98 d8 44 2d c5 ad 05 a2 f4 dd f4 64 7b 90 ab ad 9f 33 70 78 37 2d 39 05 d8 ff
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=11 length=209
Attribute 80 (Message-Authenticator) length=18
Value: 9ac9345816cb81e705eb3a1e47b13e36
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=47
Value: 0268002d37011703030022c3e8e09ec857322498d8442dc5ad05a2f4ddf4647b90abad9f337078372d3905d8ff
Attribute 24 (State) length=18
Value: 6501da9e6f69ed03dd76d824d918a37a
RADIUS: Send 209 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 355 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=11 length=355
Attribute 80 (Message-Authenticator) length=18
Value: da63f3a5e73778b5d2f3cddf37b319f5
Attribute 79 (EAP-Message) length=255
Value: 016901273701170303011c288983a38fe43b697cf24cb85b76b334af65851f85500de18ca6eff47f27cdf3cfc5301bea8ec3317bfacfb7c2edbd3548fe81461493984f84cbe7859b0717fc3f6aa585dbfa3101bb3d26e58fb8bbb12ea6b564229aef50c1ad0dbca675e09a9a23ec436d6b7604197008d0f8ef5ec3de9da81956e4b67cf966f05da7833b26bb8fb3981f5a49761d451dc65bb9dd56aaeb5c5ff1d20794c0574e79ef47d496051a0d4515fc19dc87d331687e3cbdce934cde5c80bc2d1e9813270404cd6b95278c093c6ccec51514cfcaa8027737a2563787b92eccd4b3f62119ffb1de791606e2406b18c121d76ea8c87a129b3f2043c9
Attribute 79 (EAP-Message) length=44
Value: 835cfe66c7e9547a4a4131c1b57c606d4891b505330cdd04093cc3ec8a6532dc7131d66337847097632f
Attribute 24 (State) length=18
Value: 6501da9e6e68ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=105 len=295) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=105 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=295) - Flags 0x01
EAP-TEAP: Received 289 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 01 1c
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=260): 80 09 01 00 01 69 01 00 0d 80 00 00 0b 97 e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78 16 03 03 00 cc 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 16 03 03 00 04 0e 00 00 00
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 256 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=256): 01 69 01 00 0d 80 00 00 0b 97 e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78 16 03 03 00 cc 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 16 03 03 00 04 0e 00 00 00
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=256) - Flags 0x80
SSL: TLS Message Length: 2967
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 3d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=61): 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 09 45
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2373): 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d
OpenSSL: Peer certificate - depth 1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:c1:09:2a:b9:3c:84:ca:f4:a4:ce:be:5f:fd:49:c0:91:f0:25:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin at example.org, CN=Example Certificate Authority
Validity
Not Before: Feb 12 11:22:28 2025 GMT
Not After : Apr 13 11:22:28 2025 GMT
Subject: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin at example.org, CN=Example Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:12:9d:8a:d9:2c:9f:b1:d3:2e:68:1a:41:e4:
2e:27:39:37:16:95:69:93:8c:27:a6:84:3a:e9:d4:
86:28:69:a4:70:c1:5e:b0:91:b8:9c:bb:c6:1b:01:
3a:0f:a3:98:06:a6:c8:b7:d3:3e:89:68:c2:01:63:
29:be:59:cc:b4:fb:74:20:4f:4e:6d:02:45:c7:3d:
36:9e:7c:59:69:20:fe:10:98:52:42:a2:71:a5:ca:
e5:0e:f7:76:94:be:f9:c1:f5:ef:00:37:a3:70:81:
6e:13:f9:ce:6e:a2:98:ab:f3:de:cb:66:69:15:8f:
19:72:5b:ff:4f:52:30:7d:91:4b:ed:fc:40:86:56:
28:f6:60:ad:80:55:65:0a:b0:9c:93:51:c4:c7:25:
96:43:0d:ed:0a:88:83:87:64:26:b4:f7:f5:61:5b:
f2:d4:a4:f4:3d:d0:1f:a4:3d:3f:4e:53:21:c2:06:
24:88:ef:05:b2:f6:1e:2a:4f:53:4b:6f:41:1a:c1:
e2:0e:0a:3a:30:b4:9b:cc:3f:a5:10:58:90:3a:ab:
26:d2:38:03:99:a1:fd:fc:97:53:96:1f:8e:ff:7f:
d2:3a:c3:b6:9a:97:55:99:b3:00:01:e8:4c:31:b4:
24:5d:23:31:c0:91:09:f5:02:8c:c5:41:5a:74:fc:
fc:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
X509v3 Authority Key Identifier:
keyid:A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
DirName:/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority
serial:07:C1:09:2A:B9:3C:84:CA:F4:A4:CE:BE:5F:FD:49:C0:91:F0:25:B2
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.org/example_ca.crl
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
b1:fb:fd:d9:9b:09:46:e1:4a:71:a6:cc:44:55:81:bb:32:d6:
a3:17:d4:c9:9d:46:6f:16:98:2e:18:9d:83:02:5d:9c:ad:84:
25:a7:59:d7:e7:45:ed:ed:6e:ec:71:ab:3c:e4:54:c4:f7:67:
86:81:17:d8:d3:28:ac:44:f6:3b:c8:98:4d:c7:a2:44:7d:1f:
40:5b:61:43:63:10:19:42:d6:40:f1:7b:4f:be:45:66:fb:a6:
d0:c3:19:70:a8:4b:41:3e:9d:86:3f:21:46:40:e6:1f:93:de:
55:04:f2:ed:55:83:48:c5:4b:b9:38:28:b4:4a:14:d4:40:4b:
63:ec:96:02:56:6a:fd:3c:b7:91:36:5e:b9:57:2c:f6:9b:14:
da:2d:40:ed:a3:d7:d9:c6:97:94:2b:70:e8:86:be:0d:96:7b:
1a:8f:88:82:65:35:f2:c6:e5:6c:36:24:ff:7c:3d:b9:cf:d6:
5b:3b:cc:62:8a:00:13:a2:9d:8a:f2:17:af:8b:99:66:fa:2d:
d8:28:eb:d4:17:7e:cd:b6:f2:cd:3d:bb:21:e6:c9:33:7c:dc:
b0:28:85:c5:8e:46:b4:a1:65:99:64:0c:a4:50:46:73:70:11:
27:b0:9e:5d:89:aa:1c:ec:f0:87:be:1a:50:43:d2:49:80:49:
a9:9a:ee:1d
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority' hash=7808349207dba06be1fc23faa6a240c97900fd8a2c3d84118f10270e470f56b7
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin at example.org/CN=Example Certificate Authority'
OpenSSL: Peer certificate - depth 0
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin at example.org, CN=Example Certificate Authority
Validity
Not Before: Feb 12 11:22:29 2025 GMT
Not After : Apr 13 11:22:29 2025 GMT
Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server mailto:Certificate/emailAddress=admin at example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b3:ed:bb:c6:f0:df:48:51:e5:e6:57:06:c9:55:
ef:f0:59:f9:88:9c:6c:e1:5d:12:52:c9:33:f5:b7:
d8:4e:f3:fb:2d:e8:18:eb:60:60:71:0e:8b:db:39:
63:4e:23:80:87:e8:8a:d2:74:b4:b4:97:a9:d5:92:
4d:c5:ce:01:fd:1c:ce:80:96:23:12:11:e0:35:9e:
8c:ce:cb:78:cd:36:2e:a5:e6:4d:59:c0:18:8c:e8:
e5:5f:f9:7e:bd:c5:84:63:23:e6:ac:f8:6c:45:00:
6a:98:b6:9c:57:49:df:35:74:e3:39:51:19:df:d3:
1d:42:69:3a:25:3a:cf:cf:b8:fa:95:f0:0c:4e:f6:
e3:5e:04:a3:38:0c:5c:f0:fd:f1:0b:c4:12:4c:a2:
cb:76:3c:91:3e:9d:3b:be:29:5c:db:4f:04:bf:9c:
f4:58:b6:44:b1:3c:f2:33:01:b1:4f:7f:1e:7c:61:
3a:2d:13:b9:8b:44:d4:5f:18:8c:56:85:94:ad:59:
51:c8:03:72:f0:10:fd:ac:6e:ca:6f:78:c9:4d:f8:
d9:01:2d:51:da:fa:1e:87:e6:58:40:46:bd:fb:3a:
d9:23:e4:e9:8e:de:de:4e:40:1a:d2:d9:58:0a:c7:
38:59:d3:19:3b:ad:a2:b3:3f:9f:09:e1:8c:c7:61:
d3:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.com/example_ca.crl
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.40808.1.3.2
X509v3 Subject Key Identifier:
C0:F6:13:A2:62:AD:5E:E5:3E:77:FA:DA:04:29:9E:B0:81:B1:80:2D
X509v3 Authority Key Identifier:
A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2a:e3:26:0d:8b:01:f1:45:2d:e4:9c:c0:fb:89:ee:ab:04:15:
71:32:9b:01:4e:eb:14:61:98:7e:e8:23:c2:df:88:bb:07:10:
75:e4:24:83:67:9c:72:df:85:70:7c:08:37:b1:0e:d5:29:cc:
98:15:ba:61:14:b6:3f:be:66:05:b8:60:2b:a3:32:fe:46:5d:
6c:a3:da:54:ce:41:06:65:61:70:71:3c:77:fb:30:13:d0:1c:
33:74:cb:86:ed:0c:b6:86:ab:87:81:36:ac:fe:cf:9f:6f:b2:
e0:76:cf:99:13:0f:df:b3:9e:ae:d1:e8:53:67:56:d0:95:72:
88:b8:29:ae:7b:44:66:18:fb:de:d5:40:de:38:5d:7a:53:00:
18:b7:53:7d:8d:4a:80:cb:c5:e7:67:48:75:2b:d1:e7:9e:8c:
fb:7c:7f:18:57:cf:32:78:dc:f3:f8:a5:3e:a4:9f:08:81:23:
c3:ec:71:1a:28:2e:e0:ab:37:b8:da:0d:b4:a8:3e:ec:4d:fc:
27:8f:ad:71:aa:ed:06:1a:0e:b0:e2:27:51:d1:be:58:72:07:
e3:22:a6:10:e5:d8:8a:7b:a0:b2:1c:b3:72:06:ad:d1:3e:48:
e4:87:a9:56:dd:65:dd:b4:e2:bd:9d:8a:d6:a8:0b:11:7a:14:
3e:12:46:3e
OpenSSL: Certificate Policy 1.3.6.1.4.1.40808.1.3.2
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin at example.org' hash=d90d58ad04e655b4e1aff7e32069fe5c3d0c3edd4f35e2092274b5055097136a
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin at example.org'
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 2c
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=300): 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 cc
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate request)
OpenSSL: Message - hexdump(len=204): 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate request
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 09 20
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2336): 0b 00 09 1c 00 09 19 00 04 15 30 82 04 11 30 82 02 f9 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 71 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 19 30 17 06 03 55 04 03 0c 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d6 7f 45 d2 d2 df ce 1f 6f ca 42 09 0d a7 9f a6 b1 fc 6e c7 f0 b0 fa 1b 74 1f 7f d9 07 d5 63 6a f2 01 78 17 2b 8c 97 53 b9 e7 35 f9 18 35 62 6e 91 13 8b 62 23 a5 87 22 d6 0f 03 65 5d 38 1b d4 b5 26 0b 12 ed 8b 53 15 62 52 ed 1b 66 27 91 74 7d 4b f8 06 d0 30 80 48 27 8f 89 78 65 ca 9c dd 38 cf 63 0d 79 be 59 ab c7 74 7f 28 df ce d6 37 48 98 3d 66 8d 61 80 7a b1 26 f6 98 f2 57 26 6a f3 37 7c 10 ce 2e ea 98 37 3f 2f 6e 99 c7 42 22 73 4c f1 12 90 9d 45 2a ad f8 fd 0d 91 7a f9 3f 8b 08 69 88 e2 f8 51 1b 7b 19 db 1b 42 ad 94 51 ba c5 8d e8 c5 e7 3f 50 ce e6 e9 cc b8 59 89 91 a7 f5 7a a0 24 b8 57 f6 a7 cd 36 95 bc 56 24 61 1e ff 31 44 2f 2d 62 bd 12 2e 41 3b ce 02 73 61 63 15 9e 44 fe 3b f6 bd 50 7a 82 bb 02 8d 38 cf 22 17 5c d5 ca 62 52 71 5b 39 9a 60 f7 5a 0d bd 02 03 01 00 01 a3 81 90 30 81 8d 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 c0 d4 19 99 e9 00 1d 48 e9 00 1a 54 49 bc de 99 f6 3b d7 15 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 52 65 81 90 45 d7 35 0b 01 fe cb db 63 d0 d7 05 4d 80 5d df 91 89 04 37 8f cf a2 1d 95 e4 99 e3 02 a5 a1 64 8e 63 a1 17 39 f3 e9 21 d5 34 42 d2 52 db ce 08 6f 00 92 b5 c8 61 aa b7 69 21 79 0f 6d 4d 93 fe 95 1a da e2 a7 57 fb d1 a0 57 8d 88 f0 3f 0b 7a dc dc 8e 18 b7 9b 55 6d e7 ab 72 38 7b bd f2 7a 91 e0 70 41 66 63 ef 98 37 14 5f ec 3a 66 d6 07 4a 2b 18 ef ad 3f 7d a1 c6 11 43 d6 2c dd df 28 b3 72 2f de 50 1c 2c b3 31 e8 e6 53 22 9d df f3 ae 49 39 d1 2b 39 7e 7a a2 87 e0 c6 56 aa fd 91 60 1c eb 61 5a cb 18 b1 ee 97 55 7a 0f d9 e9 c7 af 7f 87 cb d0 a4 b2 5d 97 da df 61 07 89 25 68 36 5b 22 c8 3b f2 c0 b0 54 d5 20 e6 4f aa 3c d3 53 61 16 fb 7f 84 10 91 ed 5a 93 ea eb b5 fb 65 a3 96 0d fc 3c f9 78 98 72 e9 97 81 e2 7d 52 fb ba e8 1f d0 81 a3 7e ea d7 d8 47 b3 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client certificate
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 25
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=37): 10 00 00 21 20 4c 05 94 96 1a 41 19 73 9d 26 73 0f 89 28 31 ae 7c 83 36 83 48 62 cf 67 93 01 b6 d5 b6 a3 0a 3b
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 08
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate verify)
OpenSSL: Message - hexdump(len=264): 0f 00 01 04 08 04 01 00 63 dc 96 0b c7 d6 e3 28 6d 0c c3 b2 6a 6e 6b 46 f3 84 9d 89 66 08 9f d9 ac 51 f5 2c ff f8 f8 16 e1 b3 5e f2 1b 2c 26 d5 be 33 4d e7 7e 60 f7 2e 38 7e c7 2d eb 27 99 ae 43 35 64 8c 3c 23 ee cc 7e a8 2c 74 64 3d 2e b5 75 b6 d4 bb c3 08 75 4f 45 0a df 06 5d c3 a9 d3 5f 34 37 3f a5 7f a0 02 5f 29 54 73 dd 45 2c 9b 71 ba e8 85 48 86 74 57 b2 78 2f 1f 7b 1b e4 bb 0c 7e 1a 3d 0a f6 d8 86 32 f1 48 22 80 e9 47 52 ae aa 86 66 89 ed 65 22 bc e3 10 78 7d ce bf 1e 85 b9 dc 8e 22 c8 f9 4c 2e 45 fb fa 7c 68 d6 84 0b fd 5b 48 0c c4 32 c0 2c c2 4c d9 32 38 79 f0 f2 8e bb 5d 0b a9 1a 9c a6 fa ea 32 e9 59 e3 0a 4f a3 72 2b 26 21 5e 80 4f 53 45 5a 5d 5b 8c 21 6d 23 a3 ca 29 2f af 03 be c4 4a 46 2e 3e 12 d2 7f 00 1f a5 e6 5d 69 d1 d9 d4 0c ff 10 9b 75 89 ab d5 58 1f 48 fd 09 76
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write certificate verify
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 69 5c e4 a4 ff 00 0b d8 45 25 ff 3e
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 2703 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 2703 bytes left to be sent out (of total 2703 bytes)
SSL: sending 1298 bytes, more fragments will follow
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=1312): 80 09 05 1c 02 69 05 1c 0d c0 00 00 0a 8f 16 03 03 09 20 0b 00 09 1c 00 09 19 00 04 15 30 82 04 11 30 82 02 f9 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 71 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 19 30 17 06 03 55 04 03 0c 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d6 7f 45 d2 d2 df ce 1f 6f ca 42 09 0d a7 9f a6 b1 fc 6e c7 f0 b0 fa 1b 74 1f 7f d9 07 d5 63 6a f2 01 78 17 2b 8c 97 53 b9 e7 35 f9 18 35 62 6e 91 13 8b 62 23 a5 87 22 d6 0f 03 65 5d 38 1b d4 b5 26 0b 12 ed 8b 53 15 62 52 ed 1b 66 27 91 74 7d 4b f8 06 d0 30 80 48 27 8f 89 78 65 ca 9c dd 38 cf 63 0d 79 be 59 ab c7 74 7f 28 df ce d6 37 48 98 3d 66 8d 61 80 7a b1 26 f6 98 f2 57 26 6a f3 37 7c 10 ce 2e ea 98 37 3f 2f 6e 99 c7 42 22 73 4c f1 12 90 9d 45 2a ad f8 fd 0d 91 7a f9 3f 8b 08 69 88 e2 f8 51 1b 7b 19 db 1b 42 ad 94 51 ba c5 8d e8 c5 e7 3f 50 ce e6 e9 cc b8 59 89 91 a7 f5 7a a0 24 b8 57 f6 a7 cd 36 95 bc 56 24 61 1e ff 31 44 2f 2d 62 bd 12 2e 41 3b ce 02 73 61 63 15 9e 44 fe 3b f6 bd 50 7a 82 bb 02 8d 38 cf 22 17 5c d5 ca 62 52 71 5b 39 9a 60 f7 5a 0d bd 02 03 01 00 01 a3 81 90 30 81 8d 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 c0 d4 19 99 e9 00 1d 48 e9 00 1a 54 49 bc de 99 f6 3b d7 15 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 52 65 81 90 45 d7 35 0b 01 fe cb db 63 d0 d7 05 4d 80 5d df 91 89 04 37 8f cf a2 1d 95 e4 99 e3 02 a5 a1 64 8e 63 a1 17 39 f3 e9 21 d5 34 42 d2 52 db ce 08 6f 00 92 b5 c8 61 aa b7 69 21 79 0f 6d 4d 93 fe 95 1a da e2 a7 57 fb d1 a0 57 8d 88 f0 3f 0b 7a dc dc 8e 18 b7 9b 55 6d e7 ab 72 38 7b bd f2 7a 91 e0 70 41 66 63 ef 98 37 14 5f ec 3a 66 d6 07 4a 2b 18 ef ad 3f 7d a1 c6 11 43 d6 2c dd df 28 b3 72 2f de 50 1c 2c b3 31 e8 e6 53 22 9d df f3 ae 49 39 d1 2b 39 7e 7a a2 87 e0 c6 56 aa fd 91 60 1c eb 61 5a cb 18 b1 ee 97 55 7a 0f d9 e9 c7 af 7f 87 cb d0 a4 b2 5d 97 da df 61 07 89 25 68 36 5b 22 c8 3b f2 c0 b0 54 d5 20 e6 4f aa 3c d3 53 61 16 fb 7f 84 10 91 ed 5a 93 ea eb b5 fb 65 a3 96 0d fc 3c f9 78 98 72 e9 97 81 e2 7d 52 fb ba e8 1f d0 81 a3 7e ea d7 d8 47 b3 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 05 38
SSL: 1341 bytes left to be sent out (of total 1341 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb0170
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=1347)
TX EAP -> RADIUS - hexdump(len=1347): 02 69 05 43 37 01 17 03 03 05 38 c3 e8 e0 9e c8 57 32 25 81 d9 fe 26 25 ba d2 05 da 05 36 04 66 08 ac ee 0e 12 4d 95 47 a8 8e 13 80 68 75 cf b5 ac 0b 8c 00 44 35 3c 3c 9e 16 d7 ac 66 c1 e5 a4 ad 0c 60 cd 19 00 3b 43 72 ac eb 23 a7 1e 44 0a bb ab b4 bc a3 c6 89 ee 78 5f 8e 4c 67 b4 3f f2 7b f7 e9 86 5d ce 58 a8 d2 b0 f9 2a 4f 50 34 ae 13 07 36 56 09 c4 7a 93 6f de eb f3 73 50 a5 58 c4 ea 4c a6 43 7b 92 dc a3 72 79 2f 32 4c 57 a4 79 12 43 59 2a 6a 08 d7 e2 e0 7e 7c 74 46 20 1a 5e 98 67 14 04 0a ed c4 d6 5e 19 45 a3 59 5a ba a7 39 88 61 53 7b 24 7d ee 04 a7 c2 80 23 c1 7a 9a 52 1b b6 08 59 5a 65 81 42 6f d1 51 54 b7 cd 66 db 0d 9d 37 98 d2 1d 99 05 1e 15 0d 15 bd 7c 4c 47 c8 fd d4 00 1f f8 1f 67 26 00 f5 23 7b bd 6d 2b 45 7d 33 ca 09 e5 b7 79 28 cc 17 da 7b 95 04 4a 35 6d 10 1e bd 2a 0e fa e5 98 99 98 04 f2 49 e8 8c 77 e6 59 b7 61 95 94 ea c2 d2 a8 03 cf 65 92 21 d4 52 54 47 d8 3e 40 9d a2 e4 3a 82 8c 77 2a 5f b6 25 1b c8 80 2e 27 13 85 03 3c ba c4 9c f0 21 ba 56 f2 f5 24 10 55 75 d5 0d 83 d3 91 c1 61 65 4a ea 43 e0 00 92 4b 1f c4 c6 47 8e 4f 1a ed f8 79 ef 12 ce ee e9 b9 67 8e 16 fc 3a 2c 12 b4 40 72 5c 19 5c ae 5e 89 59 71 ac 28 4e d5 ab c9 d4 29 fc ca 70 f0 8f a0 a3 e2 e1 fe 7e 71 77 6b 93 63 ca 25 65 22 bf bd 7b 86 f3 8f 3b 96 87 00 5d e0 59 70 7d e8 46 de 4e b4 26 16 59 9f ef c2 9e ea 8c ee da 73 22 10 09 de 50 f8 ae 42 4d 93 76 89 9b f8 45 46 a2 19 a0 24 8b 3d 67 c6 4b 19 42 b4 2a b1 f7 bb 4f 31 f7 0d 50 ca b8 d4 26 6e 94 4c 82 3a c8 f3 c2 e0 fd a7 26 39 94 ce 09 3f 5e d7 77 1e f8 77 42 e3 97 1c fb 7e 8d 2e 4b 19 7a 02 b5 31 9f e7 78 ef 41 45 9b f3 6a 3d 4b 22 dc 65 d8 67 68 29 e7 d6 82 8e 92 b9 2c 05 d4 d1 31 0f b8 87 a0 1c 40 37 f0 34 d4 22 5e 21 c3 d8 dd 81 eb 00 aa 97 4d 4a 75 c5 a3 99 f8 85 44 fd 46 aa f0 07 32 48 01 1c 32 cc ff 98 39 31 28 22 e3 f6 61 4a 2a 1e 08 f2 c1 f9 19 ce 82 09 c1 d2 80 92 e6 33 23 22 c1 95 1b a1 cc d9 99 02 49 36 a2 b7 c5 aa d4 cd fb f6 2c 9e 9a cf dc f3 70 b4 98 78 f1 44 00 8a f9 8c 3d a7 68 e2 63 28 a3 b7 21 c5 f7 a1 c1 4e b7 1e 5b 6d 58 b5 e3 1f 71 ad b5 62 dc 31 52 8c 57 7a 73 08 f6 82 79 e3 e2 8c 87 35 91 f6 21 52 7c 6b e1 59 11 c4 7d 86 9f d7 40 38 1d d8 a2 a4 b5 53 02 7e 79 67 86 01 f4 52 a8 72 ba b5 22 e6 4a ce 96 73 1a 92 05 3c c5 1e 7b 45 ab a2 1c a0 e3 8a ec 06 d0 a4 a1 b1 87 7d c3 f2 f0 5c 1f 0a 19 69 d8 11 b7 07 84 43 37 aa 33 10 fd 4a ee a5 81 a0 f6 95 3f ec 69 01 28 71 ea 58 23 c7 54 ff a7 f8 e5 d3 d6 5d 13 3c 1a 04 e0 a1 a4 eb 28 d9 2a 55 82 0d 88 8b 02 f2 e4 dc c5 d2 a7 69 db 9f 5e 86 ca c6 45 0a b2 74 9b 58 c0 7f 1d 76 67 e3 06 52 2b 7b d7 16 1c cb b0 c5 60 0a 04 25 d6 16 21 cc b4 10 43 ea 0e 8f aa 7f 17 15 59 49 60 f2 da 2b 41 b2 46 b4 54 52 52 00 38 f6 39 22 19 e8 95 cf d3 e8 b3 ad 00 ba b8 3e 69 5d 08 a5 22 75 87 5c 5a e3 5b 78 50 e2 ff 29 d0 e6 1e d7 fe 30 82 10 5e e8 d5 4d e4 f3 03 d9 31 f9 59 c9 b2 22 2e 98 57 c7 70 27 cb 9b 21 a4 0d e2 38 3f 70 11 a6 83 9a 7c 1d 98 5d bc fe 7c 08 15 d2 2c aa b4 81 05 b0 de 9f 38 fc 37 33 f1 19 10 ae 5b 89 b9 5d 0d 1d 4c 87 52 55 93 22 2b 8c 5d a3 2a 47 e5 f2 d6 9f 7e 39 e6 79 03 95 4f 68 01 4c 3c 89 e8 e8 51 e9 97 af bc 26 86 b0 b8 8b 11 44 25 8a ae ec f5 ca 41 fa f9 3c 2d 74 54 d0 f3 0d b1 92 e7 11 7e ca 8d 55 62 46 81 48 c2 38 f6 ef f8 8b 03 33 30 45 31 d5 59 ca 5b 61 58 27 94 b9 80 b0 bf 6c 6a 56 7e 6e b2 01 02 49 5a 0a 06 e1 ee 7a c3 12 d9 7e dd 66 57 30 3d ba 5c 39 9a 43 f8 55 a4 ea b1 25 65 9a 21 5c 97 bc 92 bd e8 6a 46 77 22 ac 1e 10 59 22 ec f3 08 a4 b3 65 04 d6 3d ea 6f 16 d2 7c b9 f6 42 e4 4a 88 b5 39 c8 5f 35 09 37 43 66 32 e9 9f 92 e7 62 3e 01 54 a6 e1 7c 88 aa c1 8e 9d e6 8d 34 3b ce b5 40 3f ae ae c0 08 0c 4a 69 a9 7a e9 9e c5 dc b1 3c ac 84 96 e7 5a 6f 57 96 f5 5e 75 f6 9a f4 39 75 c7 19 36 06 a2 69 52 c5 ae 88 c5 41 ca 60 6f 12 68 c4 fc d1 dd 5e 8a 39 eb bd 7f b1 a4 3f 2e 33 6f da 71 3e 0c 14 e9 36 ca 52 1e c5 dd c5 e0 7d f8 4e ae 47 ae 51 95 79 2b c7 f0 ec 7a be b1 68 c1 19 cd 2c 8e b2 df 0b df 29 d1 fe ef ff ac 8a eb 53 7a 95 d7 d5 d4 71 77 d9 ef 78 7b c8 1b 52 34 e2 22 52 af 3a 16 0a 23 ae ec b6 e0 f0 fa 39 89 71 50 65 56 8a 99 84 e6 80 13 50 7e 2c b1 cf c3
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=12 length=1521
Attribute 80 (Message-Authenticator) length=18
Value: 64422557b5ce8dc6386d2b81b05bb36a
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=255
Value: 0269054337011703030538c3e8e09ec857322581d9fe2625bad205da0536046608acee0e124d9547a88e13806875cfb5ac0b8c0044353c3c9e16d7ac66c1e5a4ad0c60cd19003b4372aceb23a71e440abbabb4bca3c689ee785f8e4c67b43ff27bf7e9865dce58a8d2b0f92a4f5034ae1307365609c47a936fdeebf37350a558c4ea4ca6437b92dca372792f324c57a4791243592a6a08d7e2e07e7c7446201a5e986714040aedc4d65e1945a3595abaa7398861537b247dee04a7c28023c17a9a521bb608595a6581426fd15154b7cd66db0d9d3798d21d99051e150d15bd7c4c47c8fdd4001ff81f672600f5237bbd6d2b457d33ca09e5b77928cc17
Attribute 79 (EAP-Message) length=255
Value: da7b95044a356d101ebd2a0efae598999804f249e88c77e659b7619594eac2d2a803cf659221d4525447d83e409da2e43a828c772a5fb6251bc8802e271385033cbac49cf021ba56f2f524105575d50d83d391c161654aea43e000924b1fc4c6478e4f1aedf879ef12ceeee9b9678e16fc3a2c12b440725c195cae5e895971ac284ed5abc9d429fcca70f08fa0a3e2e1fe7e71776b9363ca256522bfbd7b86f38f3b9687005de059707de846de4eb42616599fefc29eea8ceeda73221009de50f8ae424d9376899bf84546a219a0248b3d67c64b1942b42ab1f7bb4f31f70d50cab8d4266e944c823ac8f3c2e0fda7263994ce093f5ed7771ef87742e3
Attribute 79 (EAP-Message) length=255
Value: 971cfb7e8d2e4b197a02b5319fe778ef41459bf36a3d4b22dc65d8676829e7d6828e92b92c05d4d1310fb887a01c4037f034d4225e21c3d8dd81eb00aa974d4a75c5a399f88544fd46aaf0073248011c32ccff9839312822e3f6614a2a1e08f2c1f919ce8209c1d28092e6332322c1951ba1ccd999024936a2b7c5aad4cdfbf62c9e9acfdcf370b49878f144008af98c3da768e26328a3b721c5f7a1c14eb71e5b6d58b5e31f71adb562dc31528c577a7308f68279e3e28c873591f621527c6be15911c47d869fd740381dd8a2a4b553027e79678601f452a872bab522e64ace96731a92053cc51e7b45aba21ca0e38aec06d0a4a1b1877dc3f2f05c1f
Attribute 79 (EAP-Message) length=255
Value: 0a1969d811b707844337aa3310fd4aeea581a0f6953fec69012871ea5823c754ffa7f8e5d3d65d133c1a04e0a1a4eb28d92a55820d888b02f2e4dcc5d2a769db9f5e86cac6450ab2749b58c07f1d7667e306522b7bd7161ccbb0c5600a0425d61621ccb41043ea0e8faa7f1715594960f2da2b41b246b45452520038f6392219e895cfd3e8b3ad00bab83e695d08a52275875c5ae35b7850e2ff29d0e61ed7fe3082105ee8d54de4f303d931f959c9b2222e9857c77027cb9b21a40de2383f7011a6839a7c1d985dbcfe7c0815d22caab48105b0de9f38fc3733f11910ae5b89b95d0d1d4c87525593222b8c5da32a47e5f2d69f7e39e67903954f6801
Attribute 79 (EAP-Message) length=255
Value: 4c3c89e8e851e997afbc2686b0b88b1144258aaeecf5ca41faf93c2d7454d0f30db192e7117eca8d5562468148c238f6eff88b0333304531d559ca5b61582794b980b0bf6c6a567e6eb20102495a0a06e1ee7ac312d97edd6657303dba5c399a43f855a4eab125659a215c97bc92bde86a467722ac1e105922ecf308a4b36504d63dea6f16d27cb9f642e44a88b539c85f350937436632e99f92e7623e0154a6e17c88aac18e9de68d343bceb5403faeaec0080c4a69a97ae99ec5dcb13cac8496e75a6f5796f55e75f69af43975c7193606a26952c5ae88c541ca606f1268c4fcd1dd5e8a39ebbd7fb1a43f2e336fda713e0c14e936ca521ec5ddc5e0
Attribute 79 (EAP-Message) length=84
Value: 7df84eae47ae5195792bc7f0ec7abeb168c119cd2c8eb2df0bdf29d1feefffac8aeb537a95d7d5d47177d9ef787bc81b5234e22252af3a160a23aeecb6e0f0fa3989715065568a9984e68013507e2cb1cfc3
Attribute 24 (State) length=18
Value: 6501da9e6e68ed03dd76d824d918a37a
RADIUS: Send 1521 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 103 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=12 length=103
Attribute 80 (Message-Authenticator) length=18
Value: f54382ba149e5cb83a0afe04041ea48f
Attribute 79 (EAP-Message) length=47
Value: 016a002d37011703030022288983a38fe43b6a79a9a1be241b2c5021aeee1b135efc1cc4a65f4a314b530ec830
Attribute 24 (State) length=18
Value: 6501da9e696bed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=106 len=45) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=106 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=45) - Flags 0x01
EAP-TEAP: Received 39 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 6a 00 06 0d 00
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 6a 00 06 0d 00
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=6) - Flags 0x00
SSL: 1405 bytes left to be sent out (of total 2703 bytes)
SSL: sending 1298 bytes, more fragments will follow
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=1308): 80 09 05 18 02 6a 05 18 0d 40 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 00 25 10 00 00 21 20 4c 05 94 96 1a 41 19 73 9d 26 73 0f 89 28 31 ae 7c 83 36 83 48 62 cf 67 93 01 b6 d5 b6 a3 0a 3b 16 03 03 01 08 0f 00 01 04 08 04 01 00 63 dc 96 0b c7 d6 e3 28 6d 0c c3 b2 6a 6e 6b 46 f3 84 9d 89 66 08 9f d9 ac 51 f5 2c ff f8 f8 16 e1 b3 5e f2 1b 2c 26 d5 be 33 4d e7 7e 60 f7 2e 38 7e c7 2d eb 27 99 ae 43 35 64 8c 3c 23 ee cc 7e a8 2c 74 64 3d 2e b5 75 b6 d4 bb c3 08 75 4f 45 0a df 06 5d c3 a9 d3 5f 34 37 3f a5 7f a0 02 5f 29 54 73 dd 45 2c 9b 71 ba e8 85 48 86 74 57 b2 78 2f 1f 7b 1b e4 bb 0c 7e 1a 3d 0a f6 d8 86 32 f1 48 22 80 e9 47 52 ae aa 86 66 89 ed 65 22 bc e3 10 78 7d ce bf 1e 85 b9 dc 8e 22 c8 f9 4c 2e 45 fb fa 7c 68 d6 84 0b fd 5b 48 0c c4 32 c0 2c c2 4c d9 32 38 79 f0 f2 8e bb 5d 0b a9 1a 9c a6 fa ea 32 e9 59 e3 0a
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 05 34
SSL: 1337 bytes left to be sent out (of total 1337 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb8d90
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=1343)
TX EAP -> RADIUS - hexdump(len=1343): 02 6a 05 3f 37 01 17 03 03 05 34 c3 e8 e0 9e c8 57 32 26 36 dd 17 02 1d a3 03 76 09 8f c2 f0 63 fa 72 f2 ee 10 4d f8 5d 62 e5 9b ce 06 20 47 bd 57 5f 2a 9c 39 ab 48 cc e7 70 19 e3 55 b0 b0 19 3a 1c ca 99 71 a3 34 0a 8a 61 30 d2 a9 1a cf 20 35 cc 9e e7 1e c8 1a ff 29 bd 1e 29 1d cb ea 8c f0 f3 1e ce 44 12 f7 80 c4 74 73 7c a1 17 0c 22 01 c4 ba 99 de ca 18 79 00 c7 1b 83 3c 7d 29 d0 b3 21 ee 75 31 0b 2c 7c 65 d8 55 05 f9 ea 65 c7 ae fd 8e c3 ab 6b ce 56 92 d5 77 93 9c 7b 5f 7d f2 bd c5 65 07 b4 32 7a 0c 35 7e dd f1 fc 65 72 15 bc 3c ec 81 10 88 32 4f 78 7f 36 e7 ad 61 1a b4 58 ba 56 c9 13 dc 38 c3 87 1c 75 41 c9 6d 33 76 4a 44 95 3d 34 48 6b 6e 98 b6 38 3e 59 3d 7f 8a 54 92 ec 6f d8 65 3c 68 25 f8 05 d0 7e 26 bc 38 50 dd ba 54 fb 5e af dc 8c ca 9f 56 23 ad 0d be 9c 3c 55 8d 58 0f b9 cd 84 1e 3e 6f 3c 8f c0 2f 1a e8 ab 2c b1 e4 d6 11 4e 7d 11 34 3e 76 db fe 0f 5f 4b 02 7a b7 2b cb ed a0 e4 10 3d 77 a7 a2 1d 88 25 f4 d9 95 4c 73 9c 29 01 6a 0d 2c e4 5a 9e c6 ef 3d 5b a9 c0 e6 3d 2c 13 db e0 28 a6 b5 15 15 b0 87 b5 9f 84 10 a5 3c 38 fc 02 b4 85 f1 ba 60 c0 a6 58 cc ba f0 92 a7 29 5f 40 36 f4 c6 9a 51 77 8b 44 4f 99 4a 29 5f 5f 11 6f 4f 10 d1 cc 5c f9 99 39 28 df c1 e1 59 27 75 b5 e1 e2 81 71 5b fd 67 a5 80 c5 d7 60 15 62 fd 80 ae 7e 9e a7 93 b3 10 58 5b 84 f2 8f 21 98 3d fc a1 11 50 0b 72 17 94 5e c6 7e 54 dd 87 c3 f7 8a d2 a3 99 b0 c4 22 c3 0d 45 d9 51 eb f3 60 b3 cf 7b 52 7c cc c9 b3 62 f9 83 33 ff 15 07 86 a2 e5 33 58 86 58 ff 78 03 00 31 1d 42 d2 3d 19 c6 a3 75 0f 23 79 89 c1 9b d6 91 e3 97 dd 68 63 d5 27 44 b1 b2 da 6c c2 0f b4 51 d6 f1 2a 47 3e 98 d2 7b 4a f3 b1 c9 8b 98 d3 25 9c 8e 98 5f 7b 3b 1b 9a 31 92 3e a2 9d ad ab af ee 8e 50 44 7b 81 be fa 07 0f 11 37 d5 85 67 8a b9 a3 64 bf da c9 66 03 82 3a 2f aa 76 85 33 e7 4c d6 06 34 9e d7 bf 1f 6c 41 2d 95 96 d3 c9 04 a6 1d 0a 2d 8c 17 7d b1 54 cc 4a 2a 90 86 1e 55 ac 20 85 15 33 b4 23 1e 39 db 6c 77 fd ad 9d e8 a2 78 1a 20 d1 43 8b 04 fe 94 96 02 82 f7 1d f4 64 9a 9c 4a ef d4 5e 43 3f 01 a2 96 22 55 95 f3 60 f8 82 bb 15 9f 44 8e 2f 54 9d 75 6d dd 78 d8 7d de fc ff 72 5a aa 9e 5b a2 43 1b 99 49 86 79 f1 c6 d6 ee 69 93 e9 4b 8c 53 84 60 c2 f0 e9 24 de c9 50 5f 62 74 25 ec 30 ed af 42 8e 69 01 19 ba fe bb 73 ae 11 81 10 6a 13 8c 4c cc 98 b1 5b 2e d9 20 e1 5d 23 9d 8b aa 38 de c4 21 53 bb b9 26 a6 2f 52 db 59 df 96 42 a4 75 3c 44 75 50 f6 5e b4 c8 e7 1a 7d 5b 17 84 42 d7 92 05 59 1a 23 5d b4 6e 53 d4 88 40 48 8e 96 9a ee 72 4e 3e b7 ed 84 4b d2 b1 85 16 22 ad ab 8c 37 eb 17 50 c3 6f a6 17 10 fb 71 2d f6 2c ce 8b b5 83 d3 67 2b ba 01 3b 6a 17 1d 69 84 56 b4 dd 88 c6 71 8c 23 83 ab a0 a1 30 62 5b 8e ed 37 f5 a4 91 61 86 13 4f 80 44 7c 81 7a 94 16 c5 e8 c8 23 04 95 84 5f f5 4b 93 47 28 8c b8 5b 32 3f c5 94 bf 35 d5 33 30 d8 16 b8 7c e1 6b 39 ec 72 cf 3a 6d e7 d5 40 84 9b c2 00 eb cd 66 a4 4d a5 c6 10 de 91 de fb 5a a6 d9 68 fb a8 4a 48 96 64 f8 c5 a2 f3 0f 8d 26 d1 0d 20 5e 1b 18 73 cc bb 30 d0 8f e5 3d e3 8d 5b 40 14 7a 30 b6 b6 9b 5e 1e 87 1c 9e 61 63 a3 1c 00 f6 a9 a4 1e c4 1a 69 43 46 d4 97 6d d9 8d cd 12 ed 0d 5e e2 c9 f3 67 18 89 11 4c cd 06 b3 c2 74 a7 15 e5 23 ed 3d 64 32 19 56 50 8f 66 b9 75 31 c3 c4 b3 08 eb 46 d0 c8 fe 6a 16 70 ea dd a7 1a 15 a2 e3 98 c9 29 1f 61 6c d5 26 b9 6b 6d 52 25 9a cc 57 8f 7e e3 7a 11 c1 31 d3 5f ef 6c 63 8e e2 16 8e 1d 18 a7 ec c6 e7 64 20 d7 94 16 18 05 4b ae 69 4b 04 60 b5 44 58 17 0c c7 14 ca 30 09 51 6b e8 c8 10 24 c8 f4 07 a3 f3 6c 90 9c 05 6f eb ae e0 ce cc c2 bb 33 95 be 8e 8a 24 c2 a5 05 3e 81 d5 69 a4 dd 49 11 4e d5 f0 91 d9 83 8a a4 f1 d8 e7 8d b9 18 3f 2a 5b f5 57 e0 c2 a2 db a7 86 87 6b d2 d3 61 44 25 5a d0 f3 3e 3a cf 34 4d da 80 fe cd 4d 79 98 32 5c 7e 21 38 14 f2 da 9e 11 aa be 40 83 87 fb e7 5d 58 d1 df 60 a9 e5 6d 9f 67 73 1c c9 14 7d ed 25 6e 6f 05 e8 03 7d 65 b0 fb 52 40 28 ed 59 6f e6 71 6e e5 e7 75 98 a4 1f 1f ae 35 b3 ac 4b 4b 8a 99 44 38 38 99 49 fd fa fb 49 75 60 1a f9 bf 9a 15 5d 72 45 2f e1 0f 9c a8 72 4a c2 5b 81 d2 69 df 8b d9 26 0f 3d 39 20 fd 50 7c 26 86 06 d7 73 b5 1a 52 8f ee 2c 5a ba 82 2a 6f 7e b8 4e 43 d6 57 e1 77 88 fc 4f 19 02 c1 b7 d9 ab
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=13 length=1517
Attribute 80 (Message-Authenticator) length=18
Value: 014d0f204d5a230240c2986adda2b8ec
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=255
Value: 026a053f37011703030534c3e8e09ec857322636dd17021da30376098fc2f063fa72f2ee104df85d62e59bce062047bd575f2a9c39ab48cce77019e355b0b0193a1cca9971a3340a8a6130d2a91acf2035cc9ee71ec81aff29bd1e291dcbea8cf0f31ece4412f780c474737ca1170c2201c4ba99deca187900c71b833c7d29d0b321ee75310b2c7c65d85505f9ea65c7aefd8ec3ab6bce5692d577939c7b5f7df2bdc56507b4327a0c357eddf1fc657215bc3cec811088324f787f36e7ad611ab458ba56c913dc38c3871c7541c96d33764a44953d34486b6e98b6383e593d7f8a5492ec6fd8653c6825f805d07e26bc3850ddba54fb5eafdc8cca9f56
Attribute 79 (EAP-Message) length=255
Value: 23ad0dbe9c3c558d580fb9cd841e3e6f3c8fc02f1ae8ab2cb1e4d6114e7d11343e76dbfe0f5f4b027ab72bcbeda0e4103d77a7a21d8825f4d9954c739c29016a0d2ce45a9ec6ef3d5ba9c0e63d2c13dbe028a6b51515b087b59f8410a53c38fc02b485f1ba60c0a658ccbaf092a7295f4036f4c69a51778b444f994a295f5f116f4f10d1cc5cf9993928dfc1e1592775b5e1e281715bfd67a580c5d7601562fd80ae7e9ea793b310585b84f28f21983dfca111500b7217945ec67e54dd87c3f78ad2a399b0c422c30d45d951ebf360b3cf7b527cccc9b362f98333ff150786a2e533588658ff780300311d42d23d19c6a3750f237989c19bd691e397dd
Attribute 79 (EAP-Message) length=255
Value: 6863d52744b1b2da6cc20fb451d6f12a473e98d27b4af3b1c98b98d3259c8e985f7b3b1b9a31923ea29dadabafee8e50447b81befa070f1137d585678ab9a364bfdac96603823a2faa768533e74cd606349ed7bf1f6c412d9596d3c904a61d0a2d8c177db154cc4a2a90861e55ac20851533b4231e39db6c77fdad9de8a2781a20d1438b04fe94960282f71df4649a9c4aefd45e433f01a296225595f360f882bb159f448e2f549d756ddd78d87ddefcff725aaa9e5ba2431b99498679f1c6d6ee6993e94b8c538460c2f0e924dec9505f627425ec30edaf428e690119bafebb73ae1181106a138c4ccc98b15b2ed920e15d239d8baa38dec42153bbb9
Attribute 79 (EAP-Message) length=255
Value: 26a62f52db59df9642a4753c447550f65eb4c8e71a7d5b178442d79205591a235db46e53d48840488e969aee724e3eb7ed844bd2b1851622adab8c37eb1750c36fa61710fb712df62cce8bb583d3672bba013b6a171d698456b4dd88c6718c2383aba0a130625b8eed37f5a4916186134f80447c817a9416c5e8c8230495845ff54b9347288cb85b323fc594bf35d53330d816b87ce16b39ec72cf3a6de7d540849bc200ebcd66a44da5c610de91defb5aa6d968fba84a489664f8c5a2f30f8d26d10d205e1b1873ccbb30d08fe53de38d5b40147a30b6b69b5e1e871c9e6163a31c00f6a9a41ec41a694346d4976dd98dcd12ed0d5ee2c9f367188911
Attribute 79 (EAP-Message) length=255
Value: 4ccd06b3c274a715e523ed3d64321956508f66b97531c3c4b308eb46d0c8fe6a1670eadda71a15a2e398c9291f616cd526b96b6d52259acc578f7ee37a11c131d35fef6c638ee2168e1d18a7ecc6e76420d7941618054bae694b0460b54458170cc714ca3009516be8c81024c8f407a3f36c909c056febaee0ceccc2bb3395be8e8a24c2a5053e81d569a4dd49114ed5f091d9838aa4f1d8e78db9183f2a5bf557e0c2a2dba786876bd2d36144255ad0f33e3acf344dda80fecd4d7998325c7e213814f2da9e11aabe408387fbe75d58d1df60a9e56d9f67731cc9147ded256e6f05e8037d65b0fb524028ed596fe6716ee5e77598a41f1fae35b3ac4b
Attribute 79 (EAP-Message) length=80
Value: 4b8a994438389949fdfafb4975601af9bf9a155d72452fe10f9ca8724ac25b81d269df8bd9260f3d3920fd507c268606d773b51a528fee2c5aba822a6f7eb84e43d657e17788fc4f1902c1b7d9ab
Attribute 24 (State) length=18
Value: 6501da9e696bed03dd76d824d918a37a
RADIUS: Send 1517 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 103 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=13 length=103
Attribute 80 (Message-Authenticator) length=18
Value: 2590e8ed3356c3cb0ef1c38d479010d8
Attribute 79 (EAP-Message) length=47
Value: 016b002d37011703030022288983a38fe43b6b7205fb27447f6a361e2f8e1cd2f189d85ab5f239e621e22d2f9b
Attribute 24 (State) length=18
Value: 6501da9e686aed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=107 len=45) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=107 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=45) - Flags 0x01
EAP-TEAP: Received 39 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 6b 00 06 0d 00
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 6b 00 06 0d 00
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=6) - Flags 0x00
SSL: 107 bytes left to be sent out (of total 2703 bytes)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=117): 80 09 00 71 02 6b 00 71 0d 00 4f a3 72 2b 26 21 5e 80 4f 53 45 5a 5d 5b 8c 21 6d 23 a3 ca 29 2f af 03 be c4 4a 46 2e 3e 12 d2 7f 00 1f a5 e6 5d 69 d1 d9 d4 0c ff 10 9b 75 89 ab d5 58 1f 48 fd 09 76 14 03 03 00 01 01 16 03 03 00 28 2f 20 31 08 12 14 2f 83 91 23 d0 04 93 3d b8 7f 81 0a dc b1 44 3c 2e fb 9f 3f 3c d1 ff 02 b1 4c 37 a2 41 e0 0a 94 26 7f
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 8d
SSL: 146 bytes left to be sent out (of total 146 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0faff30
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=152)
TX EAP -> RADIUS - hexdump(len=152): 02 6b 00 98 37 01 17 03 03 00 8d c3 e8 e0 9e c8 57 32 27 f8 99 38 84 d8 f1 26 1f 6a 6c b2 79 e2 52 42 f6 42 42 a2 4b 3b cc c0 55 d1 0b 91 fa 67 e2 f2 71 a1 f7 cd 2c 22 a9 4f 78 89 a5 c4 4b c4 2a ca 87 02 a4 8b 81 03 7b 1f f5 fb b1 da 07 85 2c 35 8e 91 f8 e6 c5 53 13 83 b0 7a 2a 16 e6 8d ce c0 0f 03 d5 9a d7 4c e7 79 88 72 59 78 9b d9 38 9e b3 c2 c9 7c 96 36 55 ad 79 78 79 d1 c8 15 3c 74 60 d3 db 3c e9 16 9d 7c 7b bc 23 5c e0 38 cf 71 e4 14 41 c1 08 59
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=14 length=316
Attribute 80 (Message-Authenticator) length=18
Value: 9df89c02b33d950e479313932c0f1bdc
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=154
Value: 026b00983701170303008dc3e8e09ec8573227f8993884d8f1261f6a6cb279e25242f64242a24b3bccc055d10b91fa67e2f271a1f7cd2c22a94f7889a5c44bc42aca8702a48b81037b1ff5fbb1da07852c358e91f8e6c5531383b07a2a16e68dcec00f03d59ad74ce779887259789bd9389eb3c2c97c963655ad797879d1c8153c7460d3db3ce9169d7c7bbc235ce038cf71e41441c10859
Attribute 24 (State) length=18
Value: 6501da9e686aed03dd76d824d918a37a
RADIUS: Send 316 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 158 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=14 length=158
Attribute 80 (Message-Authenticator) length=18
Value: 7ebe83849b0c8002be85ccf9db8ca807
Attribute 79 (EAP-Message) length=102
Value: 016c006437011703030059288983a38fe43b6c0b28c9559df65d77f0ad9a4099487ea9a750debdcad8fb27c3f5611a45c94405adba48567e89d0ff604c2192eaafe13c1292b50b5d0e53c250a687ff04862d670715871479770df466480f319183b0cdf5
Attribute 24 (State) length=18
Value: 6501da9e6b6ded03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=108 len=100) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=108 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=100) - Flags 0x01
EAP-TEAP: Received 94 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 59
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=65): 80 09 00 3d 01 6c 00 3d 0d 80 00 00 00 33 14 03 03 00 01 01 16 03 03 00 28 47 c8 ee bd 55 96 3c b5 4e 9e fb a7 92 02 73 75 f7 e3 58 4a b6 d1 4d db 9f a8 27 af 0d f9 e0 dd 4d 03 78 47 0c 2a e2 a9
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 61 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=61): 01 6c 00 3d 0d 80 00 00 00 33 14 03 03 00 01 01 16 03 03 00 28 47 c8 ee bd 55 96 3c b5 4e 9e fb a7 92 02 73 75 f7 e3 58 4a b6 d1 4d db 9f a8 27 af 0d f9 e0 dd 4d 03 78 47 0c 2a e2 a9
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=61) - Flags 0x80
SSL: TLS Message Length: 51
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 98 7d 4f a9 7f c9 90 b2 06 7e 66 bc
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1.2
SSL: No data to be sent out
EAP-TLS: Done
EAP-TLS: Derived key - hexdump(len=64): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7 31 59 24 53 19 54 6b 36 8e de 95 64 16 02 8f 60 f9 d7 6d a1 ae 58 b8 32 66 50 d9 ba e3 48 5d 0e
EAP-TLS: Derived EMSK - hexdump(len=64): 45 70 28 b4 9a e6 c7 86 ba ac 05 0a 68 09 b1 47 81 89 62 14 d3 56 ea ba 00 d8 c0 39 4b 81 b4 84 f1 28 97 33 65 a4 5f a3 04 ae 62 b5 43 2b 8b 67 b3 a0 9e 74 be c7 f9 c3 60 ae 80 d4 b7 3f ce 8d
EAP-TLS: Derived Session-Id - hexdump(len=65): 0d a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13
SSL: Building ACK (type=13 id=108 ver=0)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 6c 00 06 0d 00
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
SSL: 39 bytes left to be sent out (of total 39 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb3850
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=45)
TX EAP -> RADIUS - hexdump(len=45): 02 6c 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 28 e3 ba 6b 0b de bf d4 f5 e6 2a d0 25 9b 38 07 7c 11 c3 cb f8 50 c3 1c 98 18 b3
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=15 length=209
Attribute 80 (Message-Authenticator) length=18
Value: a40374886e256fec561e9328c05e4109
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=47
Value: 026c002d37011703030022c3e8e09ec8573228e3ba6b0bdebfd4f5e62ad0259b38077c11c3cbf850c31c9818b3
Attribute 24 (State) length=18
Value: 6501da9e6b6ded03dd76d824d918a37a
RADIUS: Send 209 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 185 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=15 length=185
Attribute 80 (Message-Authenticator) length=18
Value: 4516f6067de73352b078510d41e2492e
Attribute 79 (EAP-Message) length=129
Value: 016d007f37011703030074288983a38fe43b6db4f6b522f0efe64022ddb91fda06f70c560b3ae9c0cc272dc4248c2a1a071cb7ec6cde1b5b0a509cd05c2e7aaa7026d0b6634ed9574ee1d144e163c0f9a01474d48c94c86591752dcb0d4c8213997f31ea238f4c069ef531579e70f435d4b89e99c28626b4dcbcc31992492b
Attribute 24 (State) length=18
Value: 6501da9e6a6ced03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=109 len=127) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=109 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=127) - Flags 0x01
EAP-TEAP: Received 121 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 74
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=92): 80 0a 00 02 00 01 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47 80 03 00 02 00 01
EAP-TEAP: Received Phase 2: TLV type 10 (Intermediate-Result) length 2 (mandatory)
EAP-TEAP: Intermediate-Result TLV - hexdump(len=2): 00 01
EAP-TEAP: Intermediate Result: Success
EAP-TEAP: Received Phase 2: TLV type 12 (Crypto-Binding) length 76 (mandatory)
EAP-TEAP: Crypto-Binding TLV - hexdump(len=76): 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47
EAP-TEAP: Received Phase 2: TLV type 3 (Result) length 2 (mandatory)
EAP-TEAP: Result TLV - hexdump(len=2): 00 01
EAP-TEAP: Result: Success
EAP-TEAP: Crypto-Binding TLV: Version 1 Received Version 1 Flags 3 Sub-Type 0
EAP-TEAP: Nonce - hexdump(len=32): 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c
EAP-TEAP: EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25
EAP-TEAP: MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47
EAP-TEAP: Determining CMK[1] for Compound MAC calculation
EAP-TEAP: MSK[j] - hexdump(len=64): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7 31 59 24 53 19 54 6b 36 8e de 95 64 16 02 8f 60 f9 d7 6d a1 ae 58 b8 32 66 50 d9 ba e3 48 5d 0e
EAP-TEAP: EMSK[j] - hexdump(len=64): 45 70 28 b4 9a e6 c7 86 ba ac 05 0a 68 09 b1 47 81 89 62 14 d3 56 ea ba 00 d8 c0 39 4b 81 b4 84 f1 28 97 33 65 a4 5f a3 04 ae 62 b5 43 2b 8b 67 b3 a0 9e 74 be c7 f9 c3 60 ae 80 d4 b7 3f ce 8d
EAP-TEAP: IMSK from EMSK - hexdump(len=32): 32 6d 28 0e b8 c0 d0 d2 cb 5d 01 3e bc da 73 db fa 06 32 73 ec c2 5e 28 ae 79 6f e7 95 6d 29 69
EAP-TEAP: EMSK S-IMCK[j] - hexdump(len=40): e7 f0 81 5a 82 28 cc 53 d4 15 a1 e0 e5 4c 49 66 11 0e 40 e7 24 ab 6f 9f 81 47 f0 49 39 b0 e8 f3 7c 07 7f 1d d2 73 63 1e
EAP-TEAP: EMSK CMK[j] - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61
EAP-TEAP: IMSK from MSK - hexdump(len=32): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7
EAP-TEAP: MSK S-IMCK[j] - hexdump(len=40): 32 7f 21 f9 c1 4f c5 5f 3a 7f 39 99 4b 00 ea ce 27 f3 d0 6c d9 9d 36 07 ac 66 4e a3 55 6b d2 ba 54 aa 17 7f 95 fc 8c 85
EAP-TEAP: MSK CMK[j] - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10
EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10
EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34
EAP-TEAP: MAC algorithm: HMAC-SHA384
EAP-TEAP: Received MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47
EAP-TEAP: Calculated MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47
EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61
EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34
EAP-TEAP: MAC algorithm: HMAC-SHA384
EAP-TEAP: Received EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25
EAP-TEAP: Calculated EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25
EAP-TEAP: Derived key (MSK) - hexdump(len=64): db d6 41 75 31 4c 06 4b a0 01 e1 84 39 49 35 84 19 93 3d ad c5 7a 2a 1c 56 69 5a d4 08 19 9f 08 33 df c1 ab a0 8e 83 b6 3a 36 92 69 99 78 18 2f a1 b8 9b 84 22 2a 23 8c fa 8f 3f 3f f0 f2 f0 f9
EAP-TEAP: Derived key (EMSK) - hexdump(len=64): 34 cb 3d 09 88 64 b0 7b 1c 27 6c d6 8a 54 db 95 53 13 45 68 08 42 37 5f 08 f1 e1 59 e4 8c f4 e1 b9 98 8a d8 d0 68 33 ce 14 1b 5b ca 75 38 0c fc 4d 4d a6 7f 68 03 b1 f2 e7 4a fe 4f e5 67 12 92
EAP-TEAP: Derived Session-Id - hexdump(len=13): 37 6f bf 86 34 6f 24 32 54 81 16 df a7
EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10
EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34
EAP-TEAP: MAC algorithm: HMAC-SHA384
EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61
EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34
EAP-TEAP: MAC algorithm: HMAC-SHA384
EAP-TEAP: Reply Crypto-Binding TLV: Version 1 Received Version 1 Flags 3 SubType 1
EAP-TEAP: Nonce - hexdump(len=32): 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d
EAP-TEAP: EMSK Compound MAC - hexdump(len=20): dd 71 03 1a f7 44 65 d8 ba 7c 02 9d 74 7f 50 f3 0d ae d3 6d
EAP-TEAP: MSK Compound MAC - hexdump(len=20): 3c 70 05 6f 80 2f 8a 7f 78 74 2b 41 64 a8 e8 57 d4 4f 35 cf
EAP-TEAP: Add Result TLV(status=Success)
EAP-TEAP: Add Intermediate-Result TLV(status=Success)
EAP-TEAP: Authentication completed successfully
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=92): 80 0a 00 02 00 01 80 03 00 02 00 01 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d dd 71 03 1a f7 44 65 d8 ba 7c 02 9d 74 7f 50 f3 0d ae d3 6d 3c 70 05 6f 80 2f 8a 7f 78 74 2b 41 64 a8 e8 57 d4 4f 35 cf
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 74
SSL: 121 bytes left to be sent out (of total 121 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=UNCOND_SUCC eapRespData=0x5614c0fb0480
EAP: Session-Id - hexdump(len=13): 37 6f bf 86 34 6f 24 32 54 81 16 df a7
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=127)
TX EAP -> RADIUS - hexdump(len=127): 02 6d 00 7f 37 01 17 03 03 00 74 c3 e8 e0 9e c8 57 32 29 34 54 72 69 86 39 13 f6 91 df 2d 96 85 72 20 ae d0 84 f6 f6 00 99 11 df 2e 6f 55 df 70 5d 83 e3 f1 93 88 31 bd 3f e4 0e ef 10 54 ea 9b e3 93 d4 03 23 79 fb 93 7e d2 97 37 9e e7 d2 e4 49 3d 41 d9 ec 98 29 c1 bc 82 ee 4c 41 f8 10 c8 36 f9 6f a9 ed ee a2 b0 46 c6 39 fd a3 d3 f3 28 a9 32 94 cd 31 95 fb 9d d3 86 5b 21 b8 bd 1e
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=16 length=291
Attribute 80 (Message-Authenticator) length=18
Value: d7189876b0b6015b5824181f72f99123
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=129
Value: 026d007f37011703030074c3e8e09ec857322934547269863913f691df2d96857220aed084f6f6009911df2e6f55df705d83e3f1938831bd3fe40eef1054ea9be393d4032379fb937ed297379ee7d2e4493d41d9ec9829c1bc82ee4c41f810c836f96fa9edeea2b046c639fda3d3f328a93294cd3195fb9dd3865b21b8bd1e
Attribute 24 (State) length=18
Value: 6501da9e6a6ced03dd76d824d918a37a
RADIUS: Send 291 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 177 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=16 length=177
Attribute 80 (Message-Authenticator) length=18
Value: 79408ea0aa6e7e121a7fe60f36847969
Attribute 26 (Vendor-Specific) length=58
Value: 000001371134831ef5a48eda8cd424a09602d9f6e6707c0bf0bf7ddf3e2a794e28ca4965deade919a69d244e247cf20a6bca42d8da16a25d
Attribute 26 (Vendor-Specific) length=58
Value: 0000013710348cd477c07de14a4f1450a187746d1533e168e852534eec23835ac98b01ae81ade9af03e2f8ef8b532d8b70efb80e28c36b94
Attribute 79 (EAP-Message) length=6
Value: 036d0004
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 12 (Framed-MTU) length=6
Value: 974
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): 8e 09 c3 95 43 cb d1 59 10 0a 92 a2 4f 70 ed fe 6d 08 9f b9 ce 28 d4 59 53 9f e4 8f c1 c9 f4 27
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): ee 59 aa 95 cf fe 96 ce 43 de c1 30 a0 14 84 ac dd 72 22 ba a3 cd 82 2b f0 eb 9d a5 6b e2 e4 89
decapsulated EAP packet (code=3 id=109 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
Cancelling authentication timeout
State: DISCONNECTED -> COMPLETED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): db d6 41 75 31 4c 06 4b a0 01 e1 84 39 49 35 84 19 93 3d ad c5 7a 2a 1c 56 69 5a d4 08 19 9f 08
WARNING: PMK mismatch
PMK from AS - hexdump(len=32): ee 59 aa 95 cf fe 96 ce 43 de c1 30 a0 14 84 ac dd 72 22 ba a3 cd 82 2b f0 eb 9d a5 6b e2 e4 89
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (55, TEAP) at EAP deinit
ENGINE: engine deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
mailto:root at debian-freeradius:~/wpa_supplicant-2.11#
More information about the Freeradius-Users
mailing list