Authentication with rlm_python module failes for iphone, works for android, windows, linux
The2nd
the2nd at otpme.org
Sun Jan 11 11:29:11 UTC 2026
Hello list,
i hope this is the right list for this question.
I've written a python module to be used with freeradius and it works for
wlan authentication (mschapv2) with windows, linux and android devices.
But it fails with iphone/ios. With iOS is see the request in my python
module and it authenticates against my server successfully but the
iPhone always tells me "Unable to join the network <ssid>".
My python module can be found here:
https://github.com/the2nd/otpme/blob/main/otpme/lib/freeradius/otpme.py
As it works with linux, windows and android i think its not completely
wrong.
Debug log of a successful authentication with my android device:
FreeRADIUS Version 3.2.6
Copyright (C) 1999-2023 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including configuration file /var/run/otpme/freeradius/radiusd.conf
including configuration file /var/run/otpme/freeradius/clients.conf
main {
security {
user = "otpme"
group = "otpme"
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/otpme"
run_dir = "/var/run/otpme"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/otpme"
run_dir = "/var/run/otpme"
libdir = "/usr/lib"
radacctdir = "/var/log/otpme/radacct"
hostname_lookups = no
max_request_time = 30
proxy_dedup_window = 1
cleanup_delay = 5
max_requests = 16384
max_fds = 512
postauth_client_lost = no
pidfile = "/var/run/otpme/pidfiles/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
require_message_authenticator = "auto"
limit_proxy_state = "auto"
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
Debugger not attached
# Creating Auth-Type = python_otpme
# Creating Auth-Type = EAP
# Creating Auth-Type = MS-CHAP
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_mschap
# Loading module "mschap" from file
/var/run/otpme/freeradius/radiusd.conf
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_eap
# Loading module "eap" from file /var/run/otpme/freeradius/radiusd.conf
eap {
default_eap_type = "mschapv2"
timer_expire = 60
max_eap_type = 52
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
dedup_key = ""
}
# Loading module "mschap_otp" from file
/var/run/otpme/freeradius/radiusd.conf
mschap mschap_otp {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/local/bin/otpme-auth verify_mschap --socket
'%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}'
'%{%{mschap_otp:Challenge}:-00}' '%{%{mschap_otp:NT-Response}:-00}'
'%{NAS-Identifier}' '%{Client-IP-Address}'"
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_python3
# Loading module "python_otpme" from file
/var/run/otpme/freeradius/radiusd.conf
python3 python_otpme {
mod_instantiate = "otpme.lib.freeradius.otpme"
func_instantiate = "instantiate"
mod_authorize = "otpme.lib.freeradius.otpme"
func_authorize = "authorize"
mod_authenticate = "otpme.lib.freeradius.otpme"
func_authenticate = "authenticate"
python_path =
"/var/run/otpme/freeradius/mods-config/python3:/opt/otpme/lib/python3.11/site-packages"
cext_compat = yes
pass_all_vps = no
pass_all_vps_dict = no
}
# Instantiating module "mschap" from file
/var/run/otpme/freeradius/radiusd.conf
rlm_mschap (mschap): using internal authentication
# Instantiating module "eap" from file
/var/run/otpme/freeradius/radiusd.conf
# Linked to sub-module rlm_eap_md5
rlm_eap (EAP): Ignoring EAP method 'leap', because it is no longer supported
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
pem_file_type = yes
private_key_file = "/var/run/otpme/freeradius/key.pem"
certificate_file = "/var/run/otpme/freeradius/cert.pem"
ca_file = "/var/run/otpme/freeradius/ca.pem"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
ca_path_reload_interval = 0
cipher_list = "DEFAULT"
cipher_server_preference = no
reject_unknown_intermediate_ca = no
ecdh_curve = "prime256v1"
disable_tlsv1 = yes
disable_tlsv1_1 = yes
tls_max_version = "1.2"
tls_min_version = "1.2"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = no
use_nonce = yes
timeout = 0
softfail = no
}
}
tls: Please use 'tls_min_version' and 'tls_max_version' instead of
'disable_tlsv1'
tls: Please use 'tls_min_version' and 'tls_max_version' instead of
'disable_tlsv1_1'
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "otpme"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "otpme"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "mschap_otp" from file
/var/run/otpme/freeradius/radiusd.conf
rlm_mschap (mschap_otp): authenticating by calling 'ntlm_auth'
# Instantiating module "python_otpme" from file
/var/run/otpme/freeradius/radiusd.conf
Python version: 3.11.13 (main, Jul 3 2025, 11:31:00) [GCC 12.2.1 20230428]
otpme.py: OTPme config verfied successful.
otpme.py: Instantiated OTPme module.
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /var/run/otpme/freeradius/radiusd.conf
} # server
server otpme { # from file /var/run/otpme/freeradius/radiusd.conf
# Loading authenticate {...}
Compiling Auth-Type EAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Loading authorize {...}
} # server otpme
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 1812
client 10.219.195.225 {
ipv4addr = 10.219.195.225
secret = <<< secret >>>
shortname = "ap01-hbap-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.223 {
ipv4addr = 10.219.195.223
secret = <<< secret >>>
shortname = "cloudix-nextcloud-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 127.0.0.1 {
ipv4addr = 127.0.0.1
secret = <<< secret >>>
shortname = "localhost-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.100 {
ipv4addr = 10.219.195.100
secret = <<< secret >>>
shortname = "sharewatcher-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.254 {
ipv4addr = 10.219.195.254
secret = <<< secret >>>
shortname = "smtp-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
Listening on auth address * port 1812 bound to server otpme
Ready to process requests
(0) Received Access-Request Id 162 from 10.219.195.225:38276 to
10.219.195.1:1812 length 204
(0) User-Name = "anonymous"
(0) NAS-Identifier = "ap01-hbap"
(0) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) NAS-Port = 1
(0) Calling-Station-Id = "42-33-75-43-BE-2D"
(0) Connect-Info = "CONNECT 54Mbps 802.11a"
(0) Acct-Session-Id = "BF0C189E956F9999"
(0) WLAN-Pairwise-Cipher = 1027076
(0) WLAN-Group-Cipher = 1027076
(0) WLAN-AKM-Suite = 1027073
(0) Framed-MTU = 1400
(0) EAP-Message = 0x0277000e01616e6f6e796d6f7573
(0) Message-Authenticator = 0xe8db3a835195304aa1c2e8655f6cea44
(0) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(0) authorize {
(0) eap: Peer sent EAP Response (code 2) ID 119 length 14
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0) [eap] = ok
(0) if (!control:Auth-Type) {
(0) if (!control:Auth-Type) -> FALSE
(0) } # authorize = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(0) Auth-Type EAP {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_mschapv2 to process data
(0) eap_mschapv2: Issuing Challenge
(0) eap: Sending EAP Request (code 1) ID 120 length 42
(0) eap: EAP session adding &reply:State = 0x64b8ac1d64c0b641
(0) [eap] = handled
(0) } # Auth-Type EAP = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) Sent Access-Challenge Id 162 from 10.219.195.1:1812 to
10.219.195.225:38276 length 100
(0) EAP-Message =
0x0178002a1a0178002510784b2270bd2bafab1ed5f5a37c9ae5e8667265657261646975732d332e322e36
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x64b8ac1d64c0b641aa9dae41afb34712
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 163 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(1) User-Name = "anonymous"
(1) NAS-Identifier = "ap01-hbap"
(1) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) NAS-Port = 1
(1) Calling-Station-Id = "42-33-75-43-BE-2D"
(1) Connect-Info = "CONNECT 54Mbps 802.11a"
(1) Acct-Session-Id = "BF0C189E956F9999"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027076
(1) WLAN-AKM-Suite = 1027073
(1) Framed-MTU = 1400
(1) EAP-Message = 0x027800060319
(1) State = 0x64b8ac1d64c0b641aa9dae41afb34712
(1) Message-Authenticator = 0x2bd3281b58e070552d01366780334918
(1) session-state: No cached attributes
(1) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(1) authorize {
(1) eap: Peer sent EAP Response (code 2) ID 120 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) if (!control:Auth-Type) {
(1) if (!control:Auth-Type) -> FALSE
(1) } # authorize = updated
(1) Found Auth-Type = EAP
(1) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(1) Auth-Type EAP {
(1) eap: Removing EAP session with state 0x64b8ac1d64c0b641
(1) eap: Previous EAP request found for state 0x64b8ac1d64c0b641,
released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: (TLS) PEAP -Initiating new session
(1) eap: Sending EAP Request (code 1) ID 121 length 6
(1) eap: EAP session adding &reply:State = 0x64b8ac1d65c1b541
(1) [eap] = handled
(1) } # Auth-Type EAP = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) session-state: Saving cached attributes
(1) Framed-MTU = 994
(1) Sent Access-Challenge Id 163 from 10.219.195.1:1812 to
10.219.195.225:38276 length 64
(1) EAP-Message = 0x017900061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x64b8ac1d65c1b541aa9dae41afb34712
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 164 from 10.219.195.225:38276 to
10.219.195.1:1812 length 446
(2) User-Name = "anonymous"
(2) NAS-Identifier = "ap01-hbap"
(2) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) NAS-Port = 1
(2) Calling-Station-Id = "42-33-75-43-BE-2D"
(2) Connect-Info = "CONNECT 54Mbps 802.11a"
(2) Acct-Session-Id = "BF0C189E956F9999"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027076
(2) WLAN-AKM-Suite = 1027073
(2) Framed-MTU = 1400
(2) EAP-Message =
0x027900ee1980000000e416030100df010000db0303204b82994ddeede4b1efd09220705397da7cefa712c268070e9c45dd100931cd20e74544c9e44528171eb11e711a721ac7bce002642c974be41e1cbc3625b7f02d0022130113021303c02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f00350100007000170000ff01000100000a00080006001d00170018000b00020100000d00140012040308040401050308050501080606010201003300260024001d002032c7b45122c64b455fb50da767a2cc4ce59b726e3cd9bd403abba61c883ac722002d00020101002b0009080304030303020301
(2) State = 0x64b8ac1d65c1b541aa9dae41afb34712
(2) Message-Authenticator = 0xcc735b6b3bf60fe0d35655caee8b130a
(2) Restoring &session-state
(2) &session-state:Framed-MTU = 994
(2) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(2) authorize {
(2) eap: Peer sent EAP Response (code 2) ID 121 length 238
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) if (!control:Auth-Type) {
(2) if (!control:Auth-Type) -> FALSE
(2) } # authorize = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(2) Auth-Type EAP {
(2) eap: Removing EAP session with state 0x64b8ac1d65c1b541
(2) eap: Previous EAP request found for state 0x64b8ac1d65c1b541,
released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: (TLS) EAP Peer says that the final record size will be 228
bytes
(2) eap_peap: (TLS) EAP Got all data (228 bytes)
(2) eap_peap: (TLS) PEAP - Handshake state - before SSL initialization
(2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL
initialization
(2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL
initialization
(2) eap_peap: (TLS) PEAP - recv TLS 1.3 Handshake, ClientHello
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
client hello
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHello
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server hello
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Certificate
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
certificate
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write key
exchange
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server done
(2) eap_peap: (TLS) PEAP - Server : Need to read more data: SSLv3/TLS
write server done
(2) eap_peap: (TLS) PEAP - In Handshake Phase
(2) eap: Sending EAP Request (code 1) ID 122 length 1004
(2) eap: EAP session adding &reply:State = 0x64b8ac1d66c2b541
(2) [eap] = handled
(2) } # Auth-Type EAP = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) session-state: Saving cached attributes
(2) Framed-MTU = 994
(2) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(2) Sent Access-Challenge Id 164 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1068
(2) EAP-Message =
0x017a03ec19c000000bd7160303003d020000390303406d024d9f92625990729dd1d0d2b54f155819983be5efc77c0843cfd0c7410400c02f000011ff01000100000b000403000102001700001603030a350b000a31000a2e000499308204953082027da003020102020705fea02d221361300d06092a864886f70d01010b05003076312a302806035504030c212f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f534954455f4341310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f5353310b3009060355040b0c024954301e170d3233303632313039313330395a170d3338303631373039313330395a3069311d301b06035504030c146b6f626c656e7a2e68626f73732e696e7465726e310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f535331
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x64b8ac1d66c2b541aa9dae41afb34712
(2) Finished request
Waking up in 4.8 seconds.
(3) Received Access-Request Id 165 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(3) User-Name = "anonymous"
(3) NAS-Identifier = "ap01-hbap"
(3) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) NAS-Port = 1
(3) Calling-Station-Id = "42-33-75-43-BE-2D"
(3) Connect-Info = "CONNECT 54Mbps 802.11a"
(3) Acct-Session-Id = "BF0C189E956F9999"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027076
(3) WLAN-AKM-Suite = 1027073
(3) Framed-MTU = 1400
(3) EAP-Message = 0x027a00061900
(3) State = 0x64b8ac1d66c2b541aa9dae41afb34712
(3) Message-Authenticator = 0xeb39f94920377984aec242aa3813e06a
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 994
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(3) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(3) authorize {
(3) eap: Peer sent EAP Response (code 2) ID 122 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) if (!control:Auth-Type) {
(3) if (!control:Auth-Type) -> FALSE
(3) } # authorize = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(3) Auth-Type EAP {
(3) eap: Removing EAP session with state 0x64b8ac1d66c2b541
(3) eap: Previous EAP request found for state 0x64b8ac1d66c2b541,
released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: (TLS) Peer ACKed our handshake fragment
(3) eap: Sending EAP Request (code 1) ID 123 length 1000
(3) eap: EAP session adding &reply:State = 0x64b8ac1d67c3b541
(3) [eap] = handled
(3) } # Auth-Type EAP = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) session-state: Saving cached attributes
(3) Framed-MTU = 994
(3) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(3) Sent Access-Challenge Id 165 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1064
(3) EAP-Message =
0x017b03e819406729c41ca39fed55f40b0703e590f4ef3fe75165ed505d0e8e33187c7f82a4fa97311282257e3dca08d5818a76cee90d8aea88403b1d62eda2f8ed0e7cc7d72ce4f25e3497d7cbb88d5fb3e76fd5eb2cb7c29126896e5cf175ca9a6b177812f14e4ad1acc69c7a07a33ad3e880179c3971584f08442b7bfe40153886a8e68f88b2ebd088522f0214474a905d560fa04a8f20a966b67e072e644b106f92e95d3fc468afe1b60ff5b30eabfd9eb217f1847f6a24ab5f922365ecc2bb16be43951cbf4cf33735cd9fc4a0337c1632c68690fb8748b78e6f1fe6534e092fc9b9f25123a0a3ed26215dc6b0b765bbe2272058c9bf0935cb8ac47c5b1f7bd20e474f71a760f1db1b8a45da00058f3082058b30820373a003020102020705fea02cf10b27300d06092a864886f70d01010b05003077312b302906035504030c222f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f5245414c4d5f4341310b3009060355040613024445310c300a06
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x64b8ac1d67c3b541aa9dae41afb34712
(3) Finished request
Waking up in 4.8 seconds.
(4) Received Access-Request Id 166 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(4) User-Name = "anonymous"
(4) NAS-Identifier = "ap01-hbap"
(4) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) NAS-Port = 1
(4) Calling-Station-Id = "42-33-75-43-BE-2D"
(4) Connect-Info = "CONNECT 54Mbps 802.11a"
(4) Acct-Session-Id = "BF0C189E956F9999"
(4) WLAN-Pairwise-Cipher = 1027076
(4) WLAN-Group-Cipher = 1027076
(4) WLAN-AKM-Suite = 1027073
(4) Framed-MTU = 1400
(4) EAP-Message = 0x027b00061900
(4) State = 0x64b8ac1d67c3b541aa9dae41afb34712
(4) Message-Authenticator = 0xed6b5266742723e30e700e8b4f75739f
(4) Restoring &session-state
(4) &session-state:Framed-MTU = 994
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(4) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(4) authorize {
(4) eap: Peer sent EAP Response (code 2) ID 123 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) if (!control:Auth-Type) {
(4) if (!control:Auth-Type) -> FALSE
(4) } # authorize = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(4) Auth-Type EAP {
(4) eap: Removing EAP session with state 0x64b8ac1d67c3b541
(4) eap: Previous EAP request found for state 0x64b8ac1d67c3b541,
released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: (TLS) Peer ACKed our handshake fragment
(4) eap: Sending EAP Request (code 1) ID 124 length 1000
(4) eap: EAP session adding &reply:State = 0x64b8ac1d60c4b541
(4) [eap] = handled
(4) } # Auth-Type EAP = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found. Ignoring.
(4) session-state: Saving cached attributes
(4) Framed-MTU = 994
(4) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(4) Sent Access-Challenge Id 166 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1064
(4) EAP-Message =
0x017c03e81940603ef2f2884b299ace212671ea16a0df8d30640875c03aaef2ac1e4cd0b45487fcb99234083e915ecded1171c41b3eb10b7c736e781a97f17e3aa3b85d0f5b5f35d09ce1570d621b9dc5be4b4f9ecae899a6d0949b7eed4ebcbf64a48aa40d41d3c07d33da2e8d816dd2eba719a8b75d53dfa7ecb5a35b7cec093710efea7ff30203010001a31d301b300c0603551d13040530030101ff300b0603551d0f040403020106300d06092a864886f70d01010b0500038202010048ed80b6b8d9f45c988d3a8c439f33112acf5a1a90a3e79a8622a919c7fa078d6bcfcb743a26ddd8bc1bc56f9071c89b8a986b33eeb0c6defe6f99834b9a90da8089c002815951b451f4b9d4ed8225888e5b77b04f9131487a830c71082209525143b143d9335eb02b382660f462e5b6d5e4dd2991b894148e23f6ce2be12f76406890fe48dba3e0c97b33089c20f7466a37daa34eb110f7d9cf47553fae6f7453ad44e48fa154f1db59066d3250216bde12320eed158d5197
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x64b8ac1d60c4b541aa9dae41afb34712
(4) Finished request
Waking up in 4.8 seconds.
(5) Received Access-Request Id 167 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(5) User-Name = "anonymous"
(5) NAS-Identifier = "ap01-hbap"
(5) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) NAS-Port = 1
(5) Calling-Station-Id = "42-33-75-43-BE-2D"
(5) Connect-Info = "CONNECT 54Mbps 802.11a"
(5) Acct-Session-Id = "BF0C189E956F9999"
(5) WLAN-Pairwise-Cipher = 1027076
(5) WLAN-Group-Cipher = 1027076
(5) WLAN-AKM-Suite = 1027073
(5) Framed-MTU = 1400
(5) EAP-Message = 0x027c00061900
(5) State = 0x64b8ac1d60c4b541aa9dae41afb34712
(5) Message-Authenticator = 0xd495f330c78e196eb11dc3995b88a242
(5) Restoring &session-state
(5) &session-state:Framed-MTU = 994
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(5) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(5) authorize {
(5) eap: Peer sent EAP Response (code 2) ID 124 length 6
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) if (!control:Auth-Type) {
(5) if (!control:Auth-Type) -> FALSE
(5) } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(5) Auth-Type EAP {
(5) eap: Removing EAP session with state 0x64b8ac1d60c4b541
(5) eap: Previous EAP request found for state 0x64b8ac1d60c4b541,
released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: (TLS) Peer ACKed our handshake fragment
(5) eap: Sending EAP Request (code 1) ID 125 length 55
(5) eap: EAP session adding &reply:State = 0x64b8ac1d61c5b541
(5) [eap] = handled
(5) } # Auth-Type EAP = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found. Ignoring.
(5) session-state: Saving cached attributes
(5) Framed-MTU = 994
(5) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(5) Sent Access-Challenge Id 167 from 10.219.195.1:1812 to
10.219.195.225:38276 length 113
(5) EAP-Message =
0x017d00371900501263aad1ec47677b3c48e295891733e13224af67d346d25d68f13a27dd1b6060701aa6f7a4003816030300040e000000
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x64b8ac1d61c5b541aa9dae41afb34712
(5) Finished request
Waking up in 4.8 seconds.
(6) Received Access-Request Id 168 from 10.219.195.225:38276 to
10.219.195.1:1812 length 344
(6) User-Name = "anonymous"
(6) NAS-Identifier = "ap01-hbap"
(6) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) NAS-Port = 1
(6) Calling-Station-Id = "42-33-75-43-BE-2D"
(6) Connect-Info = "CONNECT 54Mbps 802.11a"
(6) Acct-Session-Id = "BF0C189E956F9999"
(6) WLAN-Pairwise-Cipher = 1027076
(6) WLAN-Group-Cipher = 1027076
(6) WLAN-AKM-Suite = 1027073
(6) Framed-MTU = 1400
(6) EAP-Message =
0x027d008819800000007e1603030046100000424104d03773246fb4ee58f2b210f0d7e78f044a507dfb457b56f714c4f99379b7b54a81c78f01ba73c7a855d726a53e8e06b20bcdd4e9ff3eb63d2aab0e6075f697e114030300010116030300280000000000000000eb102ea08ec0ea6bf3ef1493251569d7fb91064e446e30581e1839c200c0883c
(6) State = 0x64b8ac1d61c5b541aa9dae41afb34712
(6) Message-Authenticator = 0x06debe813bbb88b569740faf21dbdcb9
(6) Restoring &session-state
(6) &session-state:Framed-MTU = 994
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(6) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(6) authorize {
(6) eap: Peer sent EAP Response (code 2) ID 125 length 136
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) if (!control:Auth-Type) {
(6) if (!control:Auth-Type) -> FALSE
(6) } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(6) Auth-Type EAP {
(6) eap: Removing EAP session with state 0x64b8ac1d61c5b541
(6) eap: Previous EAP request found for state 0x64b8ac1d61c5b541,
released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: (TLS) EAP Peer says that the final record size will be 126
bytes
(6) eap_peap: (TLS) EAP Got all data (126 bytes)
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server done
(6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
client key exchange
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
change cipher spec
(6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, Finished
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read finished
(6) eap_peap: (TLS) PEAP - send TLS 1.2 ChangeCipherSpec
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
change cipher spec
(6) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Finished
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write finished
(6) eap_peap: (TLS) PEAP - Handshake state - SSL negotiation finished
successfully
(6) eap_peap: (TLS) PEAP - Connection Established
(6) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(6) eap_peap: TLS-Session-Version = "TLS 1.2"
(6) eap: Sending EAP Request (code 1) ID 126 length 57
(6) eap: EAP session adding &reply:State = 0x64b8ac1d62c6b541
(6) [eap] = handled
(6) } # Auth-Type EAP = handled
(6) Using Post-Auth-Type Challenge
(6) Post-Auth-Type sub-section not found. Ignoring.
(6) session-state: Saving cached attributes
(6) Framed-MTU = 994
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(6) TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 168 from 10.219.195.1:1812 to
10.219.195.225:38276 length 115
(6) EAP-Message =
0x017e0039190014030300010116030300283fbfcc47e7ff15335d94fe3f3b7f1d2683dbacec358f9dfdd26341970bf6679ebf855cd4a6aafe17
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x64b8ac1d62c6b541aa9dae41afb34712
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 169 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(7) User-Name = "anonymous"
(7) NAS-Identifier = "ap01-hbap"
(7) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) NAS-Port = 1
(7) Calling-Station-Id = "42-33-75-43-BE-2D"
(7) Connect-Info = "CONNECT 54Mbps 802.11a"
(7) Acct-Session-Id = "BF0C189E956F9999"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027076
(7) WLAN-AKM-Suite = 1027073
(7) Framed-MTU = 1400
(7) EAP-Message = 0x027e00061900
(7) State = 0x64b8ac1d62c6b541aa9dae41afb34712
(7) Message-Authenticator = 0xe942008c55e4659b864a6a49b1848ae5
(7) Restoring &session-state
(7) &session-state:Framed-MTU = 994
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(7) &session-state:TLS-Session-Version = "TLS 1.2"
(7) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(7) authorize {
(7) eap: Peer sent EAP Response (code 2) ID 126 length 6
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) if (!control:Auth-Type) {
(7) if (!control:Auth-Type) -> FALSE
(7) } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(7) Auth-Type EAP {
(7) eap: Removing EAP session with state 0x64b8ac1d62c6b541
(7) eap: Previous EAP request found for state 0x64b8ac1d62c6b541,
released from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is
finished
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state TUNNEL ESTABLISHED
(7) eap: Sending EAP Request (code 1) ID 127 length 40
(7) eap: EAP session adding &reply:State = 0x64b8ac1d63c7b541
(7) [eap] = handled
(7) } # Auth-Type EAP = handled
(7) Using Post-Auth-Type Challenge
(7) Post-Auth-Type sub-section not found. Ignoring.
(7) session-state: Saving cached attributes
(7) Framed-MTU = 994
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 169 from 10.219.195.1:1812 to
10.219.195.225:38276 length 98
(7) EAP-Message =
0x017f00281900170303001d3fbfcc47e7ff15344cfac04ed63722fa13bff21b90d93b042ce8c29282
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x64b8ac1d63c7b541aa9dae41afb34712
(7) Finished request
Waking up in 4.8 seconds.
(8) Received Access-Request Id 170 from 10.219.195.225:38276 to
10.219.195.1:1812 length 257
(8) User-Name = "anonymous"
(8) NAS-Identifier = "ap01-hbap"
(8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 1
(8) Calling-Station-Id = "42-33-75-43-BE-2D"
(8) Connect-Info = "CONNECT 54Mbps 802.11a"
(8) Acct-Session-Id = "BF0C189E956F9999"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) EAP-Message =
0x027f0031190017030300260000000000000001c658b8d37ccad3ed1c1cb348b9a92784ffb1c57cf6dfcd328673aaf30788
(8) State = 0x64b8ac1d63c7b541aa9dae41afb34712
(8) Message-Authenticator = 0x4db29f5f022a1b50adf137196caea97c
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 994
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(8) &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(8) authorize {
(8) eap: Peer sent EAP Response (code 2) ID 127 length 49
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) if (!control:Auth-Type) {
(8) if (!control:Auth-Type) -> FALSE
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(8) Auth-Type EAP {
(8) eap: Removing EAP session with state 0x64b8ac1d63c7b541
(8) eap: Previous EAP request found for state 0x64b8ac1d63c7b541,
released from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: (TLS) EAP Done initial handshake
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(8) eap_peap: Identity - heiko.baumann
(8) eap_peap: Got inner identity 'heiko.baumann'
(8) eap_peap: Setting default EAP type for tunneled EAP session
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e
(8) eap_peap: Setting User-Name to heiko.baumann
(8) eap_peap: Sending tunneled request to otpme
(8) eap_peap: EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = "heiko.baumann"
(8) eap_peap: NAS-Identifier = "ap01-hbap"
(8) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) eap_peap: NAS-Port-Type = Wireless-802.11
(8) eap_peap: Service-Type = Framed-User
(8) eap_peap: NAS-Port = 1
(8) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D"
(8) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(8) eap_peap: Acct-Session-Id = "BF0C189E956F9999"
(8) eap_peap: WLAN-Pairwise-Cipher = 1027076
(8) eap_peap: WLAN-Group-Cipher = 1027076
(8) eap_peap: WLAN-AKM-Suite = 1027073
(8) eap_peap: Framed-MTU = 1400
(8) Virtual server otpme received request
(8) EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = "heiko.baumann"
(8) NAS-Identifier = "ap01-hbap"
(8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 1
(8) Calling-Station-Id = "42-33-75-43-BE-2D"
(8) Connect-Info = "CONNECT 54Mbps 802.11a"
(8) Acct-Session-Id = "BF0C189E956F9999"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) server otpme {
(8) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(8) authorize {
(8) eap: Peer sent EAP Response (code 2) ID 127 length 18
(8) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(8) [eap] = ok
(8) if (!control:Auth-Type) {
(8) if (!control:Auth-Type) -> FALSE
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(8) Auth-Type EAP {
(8) eap: Peer sent packet with method EAP Identity (1)
(8) eap: Calling submodule eap_mschapv2 to process data
(8) eap_mschapv2: Issuing Challenge
(8) eap: Sending EAP Request (code 1) ID 128 length 42
(8) eap: EAP session adding &reply:State = 0xfae70ce5fa67161a
(8) [eap] = handled
(8) } # Auth-Type EAP = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) } # server otpme
(8) Virtual server sending reply
(8) EAP-Message =
0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0xfae70ce5fa67161a0a330e080f4ac17b
(8) eap_peap: Got tunneled reply code 11
(8) eap_peap: EAP-Message =
0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b
(8) eap_peap: Got tunneled reply RADIUS code 11
(8) eap_peap: EAP-Message =
0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b
(8) eap_peap: Got tunneled Access-Challenge
(8) eap: Sending EAP Request (code 1) ID 128 length 73
(8) eap: EAP session adding &reply:State = 0x64b8ac1d6c38b541
(8) [eap] = handled
(8) } # Auth-Type EAP = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) session-state: Saving cached attributes
(8) Framed-MTU = 994
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(8) TLS-Session-Version = "TLS 1.2"
(8) Sent Access-Challenge Id 170 from 10.219.195.1:1812 to
10.219.195.225:38276 length 131
(8) EAP-Message =
0x018000491900170303003e3fbfcc47e7ff15357d447a7f7984baab3d24cc5e608d3e9b1f1732d6a0ca80dc81cb5017596f1ecb3eb7dab2ad8c55187f67c2271843c3645767e378659b
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x64b8ac1d6c38b541aa9dae41afb34712
(8) Finished request
Waking up in 4.8 seconds.
(9) Received Access-Request Id 171 from 10.219.195.225:38276 to
10.219.195.1:1812 length 311
(9) User-Name = "anonymous"
(9) NAS-Identifier = "ap01-hbap"
(9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 1
(9) Calling-Station-Id = "42-33-75-43-BE-2D"
(9) Connect-Info = "CONNECT 54Mbps 802.11a"
(9) Acct-Session-Id = "BF0C189E956F9999"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) EAP-Message =
0x028000671900170303005c00000000000000020b045bbce75f04f16e2985586e3d8ddbb45c4e798479b6033a504fc6a1cb4e043e8039b454a3da869b72d32d72c5c2654d8c11604829788b46e22513ff41d8a0e6b4d9fcd835b3c3cdfe90e8d4b22b911d2c7298
(9) State = 0x64b8ac1d6c38b541aa9dae41afb34712
(9) Message-Authenticator = 0x3118fa5cac060f01aad3516f4dfc5902
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 994
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(9) &session-state:TLS-Session-Version = "TLS 1.2"
(9) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(9) authorize {
(9) eap: Peer sent EAP Response (code 2) ID 128 length 103
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) if (!control:Auth-Type) {
(9) if (!control:Auth-Type) -> FALSE
(9) } # authorize = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(9) Auth-Type EAP {
(9) eap: Removing EAP session with state 0x64b8ac1d6c38b541
(9) eap: Previous EAP request found for state 0x64b8ac1d6c38b541,
released from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: (TLS) EAP Done initial handshake
(9) eap_peap: Session established. Decoding tunneled attributes
(9) eap_peap: PEAP state phase2
(9) eap_peap: EAP method MSCHAPv2 (26)
(9) eap_peap: Got tunneled request
(9) eap_peap: EAP-Message =
0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e
(9) eap_peap: Setting User-Name to heiko.baumann
(9) eap_peap: Sending tunneled request to otpme
(9) eap_peap: EAP-Message =
0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e
(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(9) eap_peap: User-Name = "heiko.baumann"
(9) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b
(9) eap_peap: NAS-Identifier = "ap01-hbap"
(9) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) eap_peap: NAS-Port-Type = Wireless-802.11
(9) eap_peap: Service-Type = Framed-User
(9) eap_peap: NAS-Port = 1
(9) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D"
(9) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(9) eap_peap: Acct-Session-Id = "BF0C189E956F9999"
(9) eap_peap: WLAN-Pairwise-Cipher = 1027076
(9) eap_peap: WLAN-Group-Cipher = 1027076
(9) eap_peap: WLAN-AKM-Suite = 1027073
(9) eap_peap: Framed-MTU = 1400
(9) Virtual server otpme received request
(9) EAP-Message =
0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = "heiko.baumann"
(9) State = 0xfae70ce5fa67161a0a330e080f4ac17b
(9) NAS-Identifier = "ap01-hbap"
(9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 1
(9) Calling-Station-Id = "42-33-75-43-BE-2D"
(9) Connect-Info = "CONNECT 54Mbps 802.11a"
(9) Acct-Session-Id = "BF0C189E956F9999"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) server otpme {
(9) session-state: No cached attributes
(9) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(9) authorize {
(9) eap: Peer sent EAP Response (code 2) ID 128 length 72
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) if (!control:Auth-Type) {
(9) if (!control:Auth-Type) -> FALSE
(9) } # authorize = updated
(9) Found Auth-Type = EAP
(9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(9) Auth-Type EAP {
(9) eap: Removing EAP session with state 0xfae70ce5fa67161a
(9) eap: Previous EAP request found for state 0xfae70ce5fa67161a,
released from the list
(9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(9) eap: Calling submodule eap_mschapv2 to process data
(9) eap_mschapv2: # Executing group from file
/var/run/otpme/freeradius/radiusd.conf
(9) eap_mschapv2: Auth-Type MS-CHAP {
otpme.py: adding MS-CHAP2-Success:
'3S=44f6bccdca0cf8377cbd06122065d7f895050076'
otpme.py: adding MS-MPPE-Send-Key: '99420b0d55925232c6c62e7e8b913301'
otpme.py: adding MS-MPPE-Recv-Key: '1114b25f146360e67f9bad689e3e9c88'
otpme.py: adding MS-MPPE-Encryption-Policy: '0x00000001'
otpme.py: adding MS-MPPE-Encryption-Types: '0x00000006'
otpme.py: adding Auth-Type: 'MS-CHAP'
authenticate - 'reply:Reply-Message' = 'Authentication successful'
authenticate - 'reply:MS-CHAP2-Success' =
'0x33533d34346636626363646361306366383337376362643036313232303635643766383935303530303736'
authenticate - 'reply:MS-MPPE-Encryption-Policy' = '0x00000001'
authenticate - 'reply:MS-MPPE-Encryption-Types' = '0x00000006'
authenticate - 'reply:MS-MPPE-Send-Key' =
'0x99420b0d55925232c6c62e7e8b913301'
authenticate - 'reply:MS-MPPE-Recv-Key' =
'0x1114b25f146360e67f9bad689e3e9c88'
authenticate - 'config:Auth-Type' = 'MS-CHAP'
(9) eap_mschapv2: [python_otpme] = ok
(9) eap_mschapv2: } # Auth-Type MS-CHAP = ok
(9) eap_mschapv2: MSCHAP Success
(9) eap: Sending EAP Request (code 1) ID 129 length 51
(9) eap: EAP session adding &reply:State = 0xfae70ce5fb66161a
(9) [eap] = handled
(9) } # Auth-Type EAP = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) } # server otpme
(9) Virtual server sending reply
(9) Reply-Message = "Authentication successful"
(9) EAP-Message =
0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0xfae70ce5fb66161a0a330e080f4ac17b
(9) eap_peap: Got tunneled reply code 11
(9) eap_peap: Reply-Message = "Authentication successful"
(9) eap_peap: EAP-Message =
0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b
(9) eap_peap: Got tunneled reply RADIUS code 11
(9) eap_peap: Reply-Message = "Authentication successful"
(9) eap_peap: EAP-Message =
0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b
(9) eap_peap: Got tunneled Access-Challenge
(9) eap: Sending EAP Request (code 1) ID 129 length 82
(9) eap: EAP session adding &reply:State = 0x64b8ac1d6d39b541
(9) [eap] = handled
(9) } # Auth-Type EAP = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) session-state: Saving cached attributes
(9) Framed-MTU = 994
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(9) TLS-Session-Version = "TLS 1.2"
(9) Sent Access-Challenge Id 171 from 10.219.195.1:1812 to
10.219.195.225:38276 length 140
(9) EAP-Message =
0x01810052190017030300473fbfcc47e7ff153625de7e663dc1113d94046a6050434ba068b90ab3a11c1d9f82ea1de4187ef8e19cf8f9fbc5dbf084c02faa214014b226b04d2f410be0964a728ea31d7d7d6d
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x64b8ac1d6d39b541aa9dae41afb34712
(9) Finished request
Waking up in 3.4 seconds.
(10) Received Access-Request Id 172 from 10.219.195.225:38276 to
10.219.195.1:1812 length 245
(10) User-Name = "anonymous"
(10) NAS-Identifier = "ap01-hbap"
(10) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) NAS-Port = 1
(10) Calling-Station-Id = "42-33-75-43-BE-2D"
(10) Connect-Info = "CONNECT 54Mbps 802.11a"
(10) Acct-Session-Id = "BF0C189E956F9999"
(10) WLAN-Pairwise-Cipher = 1027076
(10) WLAN-Group-Cipher = 1027076
(10) WLAN-AKM-Suite = 1027073
(10) Framed-MTU = 1400
(10) EAP-Message =
0x028100251900170303001a00000000000000031685834550dd6a5554a79de46d67b072c3cb
(10) State = 0x64b8ac1d6d39b541aa9dae41afb34712
(10) Message-Authenticator = 0xce20e30f4de7c6a5a7563cd6ac38935f
(10) Restoring &session-state
(10) &session-state:Framed-MTU = 994
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(10) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(10) &session-state:TLS-Session-Version = "TLS 1.2"
(10) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(10) authorize {
(10) eap: Peer sent EAP Response (code 2) ID 129 length 37
(10) eap: Continuing tunnel setup
(10) [eap] = ok
(10) if (!control:Auth-Type) {
(10) if (!control:Auth-Type) -> FALSE
(10) } # authorize = ok
(10) Found Auth-Type = EAP
(10) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(10) Auth-Type EAP {
(10) eap: Removing EAP session with state 0x64b8ac1d6d39b541
(10) eap: Previous EAP request found for state 0x64b8ac1d6d39b541,
released from the list
(10) eap: Peer sent packet with method EAP PEAP (25)
(10) eap: Calling submodule eap_peap to process data
(10) eap_peap: (TLS) EAP Done initial handshake
(10) eap_peap: Session established. Decoding tunneled attributes
(10) eap_peap: PEAP state phase2
(10) eap_peap: EAP method MSCHAPv2 (26)
(10) eap_peap: Got tunneled request
(10) eap_peap: EAP-Message = 0x028100061a03
(10) eap_peap: Setting User-Name to heiko.baumann
(10) eap_peap: Sending tunneled request to otpme
(10) eap_peap: EAP-Message = 0x028100061a03
(10) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(10) eap_peap: User-Name = "heiko.baumann"
(10) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b
(10) eap_peap: NAS-Identifier = "ap01-hbap"
(10) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(10) eap_peap: NAS-Port-Type = Wireless-802.11
(10) eap_peap: Service-Type = Framed-User
(10) eap_peap: NAS-Port = 1
(10) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D"
(10) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(10) eap_peap: Acct-Session-Id = "BF0C189E956F9999"
(10) eap_peap: WLAN-Pairwise-Cipher = 1027076
(10) eap_peap: WLAN-Group-Cipher = 1027076
(10) eap_peap: WLAN-AKM-Suite = 1027073
(10) eap_peap: Framed-MTU = 1400
(10) Virtual server otpme received request
(10) EAP-Message = 0x028100061a03
(10) FreeRADIUS-Proxied-To = 127.0.0.1
(10) User-Name = "heiko.baumann"
(10) State = 0xfae70ce5fb66161a0a330e080f4ac17b
(10) NAS-Identifier = "ap01-hbap"
(10) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) NAS-Port = 1
(10) Calling-Station-Id = "42-33-75-43-BE-2D"
(10) Connect-Info = "CONNECT 54Mbps 802.11a"
(10) Acct-Session-Id = "BF0C189E956F9999"
(10) WLAN-Pairwise-Cipher = 1027076
(10) WLAN-Group-Cipher = 1027076
(10) WLAN-AKM-Suite = 1027073
(10) Framed-MTU = 1400
(10) server otpme {
(10) session-state: No cached attributes
(10) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(10) authorize {
(10) eap: Peer sent EAP Response (code 2) ID 129 length 6
(10) eap: No EAP Start, assuming it's an on-going EAP conversation
(10) [eap] = updated
(10) if (!control:Auth-Type) {
(10) if (!control:Auth-Type) -> FALSE
(10) } # authorize = updated
(10) Found Auth-Type = EAP
(10) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(10) Auth-Type EAP {
(10) eap: Removing EAP session with state 0xfae70ce5fb66161a
(10) eap: Previous EAP request found for state 0xfae70ce5fb66161a,
released from the list
(10) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(10) eap: Calling submodule eap_mschapv2 to process data
(10) eap: Sending EAP Success (code 3) ID 129 length 4
(10) eap: Freeing handler
(10) [eap] = ok
(10) } # Auth-Type EAP = ok
(10) } # server otpme
(10) Virtual server sending reply
(10) MS-MPPE-Encryption-Policy = Encryption-Allowed
(10) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(10) MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301
(10) MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88
(10) EAP-Message = 0x03810004
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) User-Name = "heiko.baumann"
(10) eap_peap: Got tunneled reply code 2
(10) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
(10) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(10) eap_peap: MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301
(10) eap_peap: MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88
(10) eap_peap: EAP-Message = 0x03810004
(10) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(10) eap_peap: User-Name = "heiko.baumann"
(10) eap_peap: Got tunneled reply RADIUS code 2
(10) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
(10) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(10) eap_peap: MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301
(10) eap_peap: MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88
(10) eap_peap: EAP-Message = 0x03810004
(10) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(10) eap_peap: User-Name = "heiko.baumann"
(10) eap_peap: Tunneled authentication was successful
(10) eap_peap: SUCCESS
(10) eap_peap: Saving tunneled attributes for later
(10) eap: Sending EAP Request (code 1) ID 130 length 46
(10) eap: EAP session adding &reply:State = 0x64b8ac1d6e3ab541
(10) [eap] = handled
(10) } # Auth-Type EAP = handled
(10) Using Post-Auth-Type Challenge
(10) Post-Auth-Type sub-section not found. Ignoring.
(10) session-state: Saving cached attributes
(10) Framed-MTU = 994
(10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2
ChangeCipherSpec"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(10) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(10) TLS-Session-Version = "TLS 1.2"
(10) Sent Access-Challenge Id 172 from 10.219.195.1:1812 to
10.219.195.225:38276 length 104
(10) EAP-Message =
0x0182002e190017030300233fbfcc47e7ff153753fdd6108d64e215a21d55da7ef02d5dee925bc76d6a4e6392574b
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0x64b8ac1d6e3ab541aa9dae41afb34712
(10) Finished request
Waking up in 3.4 seconds.
(11) Received Access-Request Id 173 from 10.219.195.225:38276 to
10.219.195.1:1812 length 254
(11) User-Name = "anonymous"
(11) NAS-Identifier = "ap01-hbap"
(11) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(11) NAS-Port-Type = Wireless-802.11
(11) Service-Type = Framed-User
(11) NAS-Port = 1
(11) Calling-Station-Id = "42-33-75-43-BE-2D"
(11) Connect-Info = "CONNECT 54Mbps 802.11a"
(11) Acct-Session-Id = "BF0C189E956F9999"
(11) WLAN-Pairwise-Cipher = 1027076
(11) WLAN-Group-Cipher = 1027076
(11) WLAN-AKM-Suite = 1027073
(11) Framed-MTU = 1400
(11) EAP-Message =
0x0282002e190017030300230000000000000004f4cfa29e4ec86e3245b7e5cbd0fb74dea5e8ff12c7bc2100be801a
(11) State = 0x64b8ac1d6e3ab541aa9dae41afb34712
(11) Message-Authenticator = 0x8353375023b7e469efb93d9e282cd1a3
(11) Restoring &session-state
(11) &session-state:Framed-MTU = 994
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(11) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(11) &session-state:TLS-Session-Version = "TLS 1.2"
(11) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(11) authorize {
(11) eap: Peer sent EAP Response (code 2) ID 130 length 46
(11) eap: Continuing tunnel setup
(11) [eap] = ok
(11) if (!control:Auth-Type) {
(11) if (!control:Auth-Type) -> FALSE
(11) } # authorize = ok
(11) Found Auth-Type = EAP
(11) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(11) Auth-Type EAP {
(11) eap: Removing EAP session with state 0x64b8ac1d6e3ab541
(11) eap: Previous EAP request found for state 0x64b8ac1d6e3ab541,
released from the list
(11) eap: Peer sent packet with method EAP PEAP (25)
(11) eap: Calling submodule eap_peap to process data
(11) eap_peap: (TLS) EAP Done initial handshake
(11) eap_peap: Session established. Decoding tunneled attributes
(11) eap_peap: PEAP state send tlv success
(11) eap_peap: Received EAP-TLV response
(11) eap_peap: Success
(11) eap_peap: Using saved attributes from the original Access-Accept
(11) eap_peap: User-Name = "heiko.baumann"
(11) eap: Sending EAP Success (code 3) ID 130 length 4
(11) eap: Freeing handler
(11) [eap] = ok
(11) } # Auth-Type EAP = ok
(11) Sent Access-Accept Id 173 from 10.219.195.1:1812 to
10.219.195.225:38276 length 175
(11) User-Name = "heiko.baumann"
(11) MS-MPPE-Recv-Key =
0x7fd1806ac0bae3a4dce0733ee3ba2285ec93eb01ffaa19010f48e0bdabebb623
(11) MS-MPPE-Send-Key =
0x833cfac00c66d42a0bcbc62e008e5591890e585ae00c8d3b56707e5b49a140f5
(11) EAP-Message = 0x03820004
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) Finished request
Waking up in 3.4 seconds.
Debug output of a failed request with an iPhone:
FreeRADIUS Version 3.2.6
Copyright (C) 1999-2023 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including configuration file /var/run/otpme/freeradius/radiusd.conf
including configuration file /var/run/otpme/freeradius/clients.conf
main {
security {
user = "otpme"
group = "otpme"
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/otpme"
run_dir = "/var/run/otpme"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/otpme"
run_dir = "/var/run/otpme"
libdir = "/usr/lib"
radacctdir = "/var/log/otpme/radacct"
hostname_lookups = no
max_request_time = 30
proxy_dedup_window = 1
cleanup_delay = 5
max_requests = 16384
max_fds = 512
postauth_client_lost = no
pidfile = "/var/run/otpme/pidfiles/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
require_message_authenticator = "auto"
limit_proxy_state = "auto"
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
Debugger not attached
# Creating Auth-Type = python_otpme
# Creating Auth-Type = EAP
# Creating Auth-Type = MS-CHAP
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_mschap
# Loading module "mschap" from file
/var/run/otpme/freeradius/radiusd.conf
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_eap
# Loading module "eap" from file /var/run/otpme/freeradius/radiusd.conf
eap {
default_eap_type = "mschapv2"
timer_expire = 60
max_eap_type = 52
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
dedup_key = ""
}
# Loading module "mschap_otp" from file
/var/run/otpme/freeradius/radiusd.conf
mschap mschap_otp {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/local/bin/otpme-auth verify_mschap --socket
'%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}'
'%{%{mschap_otp:Challenge}:-00}' '%{%{mschap_otp:NT-Response}:-00}'
'%{NAS-Identifier}' '%{Client-IP-Address}'"
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_python3
# Loading module "python_otpme" from file
/var/run/otpme/freeradius/radiusd.conf
python3 python_otpme {
mod_instantiate = "otpme.lib.freeradius.otpme"
func_instantiate = "instantiate"
mod_authorize = "otpme.lib.freeradius.otpme"
func_authorize = "authorize"
mod_authenticate = "otpme.lib.freeradius.otpme"
func_authenticate = "authenticate"
python_path =
"/var/run/otpme/freeradius/mods-config/python3:/opt/otpme/lib/python3.11/site-packages"
cext_compat = yes
pass_all_vps = no
pass_all_vps_dict = no
}
# Instantiating module "mschap" from file
/var/run/otpme/freeradius/radiusd.conf
rlm_mschap (mschap): using internal authentication
# Instantiating module "eap" from file
/var/run/otpme/freeradius/radiusd.conf
# Linked to sub-module rlm_eap_md5
rlm_eap (EAP): Ignoring EAP method 'leap', because it is no longer supported
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
pem_file_type = yes
private_key_file = "/var/run/otpme/freeradius/key.pem"
certificate_file = "/var/run/otpme/freeradius/cert.pem"
ca_file = "/var/run/otpme/freeradius/ca.pem"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
ca_path_reload_interval = 0
cipher_list = "DEFAULT"
cipher_server_preference = no
reject_unknown_intermediate_ca = no
ecdh_curve = "prime256v1"
disable_tlsv1 = yes
disable_tlsv1_1 = yes
tls_max_version = "1.2"
tls_min_version = "1.2"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = no
use_nonce = yes
timeout = 0
softfail = no
}
}
tls: Please use 'tls_min_version' and 'tls_max_version' instead of
'disable_tlsv1'
tls: Please use 'tls_min_version' and 'tls_max_version' instead of
'disable_tlsv1_1'
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "otpme"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "otpme"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "mschap_otp" from file
/var/run/otpme/freeradius/radiusd.conf
rlm_mschap (mschap_otp): authenticating by calling 'ntlm_auth'
# Instantiating module "python_otpme" from file
/var/run/otpme/freeradius/radiusd.conf
Python version: 3.11.13 (main, Jul 3 2025, 11:31:00) [GCC 12.2.1 20230428]
otpme.py: OTPme config verfied successful.
otpme.py: Instantiated OTPme module.
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /var/run/otpme/freeradius/radiusd.conf
} # server
server otpme { # from file /var/run/otpme/freeradius/radiusd.conf
# Loading authenticate {...}
Compiling Auth-Type EAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Loading authorize {...}
} # server otpme
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 1812
client 10.219.195.225 {
ipv4addr = 10.219.195.225
secret = <<< secret >>>
shortname = "ap01-hbap-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.223 {
ipv4addr = 10.219.195.223
secret = <<< secret >>>
shortname = "cloudix-nextcloud-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 127.0.0.1 {
ipv4addr = 127.0.0.1
secret = <<< secret >>>
shortname = "localhost-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.100 {
ipv4addr = 10.219.195.100
secret = <<< secret >>>
shortname = "sharewatcher-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.254 {
ipv4addr = 10.219.195.254
secret = <<< secret >>>
shortname = "smtp-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
Listening on auth address * port 1812 bound to server otpme
Ready to process requests
(0) Received Access-Request Id 204 from 10.219.195.225:38276 to
10.219.195.1:1812 length 194
(0) User-Name = "test"
(0) NAS-Identifier = "ap01-hbap"
(0) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) NAS-Port = 3
(0) Calling-Station-Id = "A6-5F-75-98-A5-06"
(0) Connect-Info = "CONNECT 54Mbps 802.11a"
(0) Acct-Session-Id = "EEFF590BE3BB6A1C"
(0) WLAN-Pairwise-Cipher = 1027076
(0) WLAN-Group-Cipher = 1027076
(0) WLAN-AKM-Suite = 1027073
(0) Framed-MTU = 1400
(0) EAP-Message = 0x022200090174657374
(0) Message-Authenticator = 0x7dfcffdfd9fbf339765f6ac0c092a78d
(0) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(0) authorize {
(0) eap: Peer sent EAP Response (code 2) ID 34 length 9
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0) [eap] = ok
(0) if (!control:Auth-Type) {
(0) if (!control:Auth-Type) -> FALSE
(0) } # authorize = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(0) Auth-Type EAP {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_mschapv2 to process data
(0) eap_mschapv2: Issuing Challenge
(0) eap: Sending EAP Request (code 1) ID 35 length 42
(0) eap: EAP session adding &reply:State = 0xac2b487aac085271
(0) [eap] = handled
(0) } # Auth-Type EAP = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) Sent Access-Challenge Id 204 from 10.219.195.1:1812 to
10.219.195.225:38276 length 100
(0) EAP-Message =
0x0123002a1a0123002510807cf25a7f0593f308104a2a7f1bbe28667265657261646975732d332e322e36
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xac2b487aac0852714e974a6b4baa7cab
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 205 from 10.219.195.225:38276 to
10.219.195.1:1812 length 211
(1) User-Name = "test"
(1) NAS-Identifier = "ap01-hbap"
(1) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) NAS-Port = 3
(1) Calling-Station-Id = "A6-5F-75-98-A5-06"
(1) Connect-Info = "CONNECT 54Mbps 802.11a"
(1) Acct-Session-Id = "EEFF590BE3BB6A1C"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027076
(1) WLAN-AKM-Suite = 1027073
(1) Framed-MTU = 1400
(1) EAP-Message = 0x022300080319152b
(1) State = 0xac2b487aac0852714e974a6b4baa7cab
(1) Message-Authenticator = 0x87e934652733a17be1765b4b6f4f24c4
(1) session-state: No cached attributes
(1) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(1) authorize {
(1) eap: Peer sent EAP Response (code 2) ID 35 length 8
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) if (!control:Auth-Type) {
(1) if (!control:Auth-Type) -> FALSE
(1) } # authorize = updated
(1) Found Auth-Type = EAP
(1) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(1) Auth-Type EAP {
(1) eap: Removing EAP session with state 0xac2b487aac085271
(1) eap: Previous EAP request found for state 0xac2b487aac085271,
released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: (TLS) PEAP -Initiating new session
(1) eap: Sending EAP Request (code 1) ID 36 length 6
(1) eap: EAP session adding &reply:State = 0xac2b487aad0f5171
(1) [eap] = handled
(1) } # Auth-Type EAP = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) session-state: Saving cached attributes
(1) Framed-MTU = 994
(1) Sent Access-Challenge Id 205 from 10.219.195.1:1812 to
10.219.195.225:38276 length 64
(1) EAP-Message = 0x012400061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0xac2b487aad0f51714e974a6b4baa7cab
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 206 from 10.219.195.225:38276 to
10.219.195.1:1812 length 364
(2) User-Name = "test"
(2) NAS-Identifier = "ap01-hbap"
(2) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) NAS-Port = 3
(2) Calling-Station-Id = "A6-5F-75-98-A5-06"
(2) Connect-Info = "CONNECT 54Mbps 802.11a"
(2) Acct-Session-Id = "EEFF590BE3BB6A1C"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027076
(2) WLAN-AKM-Suite = 1027073
(2) Framed-MTU = 1400
(2) EAP-Message =
0x022400a119800000009716030100920100008e0303696381086bafdecf86b47ad4c93e56a3b253ab52e8d2d1935c21005877f5eeb700002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00020100000d00120010040102010501060104030203050306030005000501000000000012000000170000
(2) State = 0xac2b487aad0f51714e974a6b4baa7cab
(2) Message-Authenticator = 0x8d8adccff2d8071b49b73e04caacb294
(2) Restoring &session-state
(2) &session-state:Framed-MTU = 994
(2) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(2) authorize {
(2) eap: Peer sent EAP Response (code 2) ID 36 length 161
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) if (!control:Auth-Type) {
(2) if (!control:Auth-Type) -> FALSE
(2) } # authorize = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(2) Auth-Type EAP {
(2) eap: Removing EAP session with state 0xac2b487aad0f5171
(2) eap: Previous EAP request found for state 0xac2b487aad0f5171,
released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: (TLS) EAP Peer says that the final record size will be 151
bytes
(2) eap_peap: (TLS) EAP Got all data (151 bytes)
(2) eap_peap: (TLS) PEAP - Handshake state - before SSL initialization
(2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL
initialization
(2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL
initialization
(2) eap_peap: (TLS) PEAP - recv TLS 1.3 Handshake, ClientHello
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
client hello
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHello
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server hello
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Certificate
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
certificate
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write key
exchange
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server done
(2) eap_peap: (TLS) PEAP - Server : Need to read more data: SSLv3/TLS
write server done
(2) eap_peap: (TLS) PEAP - In Handshake Phase
(2) eap: Sending EAP Request (code 1) ID 37 length 1004
(2) eap: EAP session adding &reply:State = 0xac2b487aae0e5171
(2) [eap] = handled
(2) } # Auth-Type EAP = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) session-state: Saving cached attributes
(2) Framed-MTU = 994
(2) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(2) Sent Access-Challenge Id 206 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1068
(2) EAP-Message =
0x012503ec19c000000bd7160303003d0200003903037d9615ce8191f6cead070312ee58c68647bb340519841c210fc1a6f586ebbff400c030000011ff01000100000b000403000102001700001603030a350b000a31000a2e000499308204953082027da003020102020705fea02d221361300d06092a864886f70d01010b05003076312a302806035504030c212f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f534954455f4341310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f5353310b3009060355040b0c024954301e170d3233303632313039313330395a170d3338303631373039313330395a3069311d301b06035504030c146b6f626c656e7a2e68626f73732e696e7465726e310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f535331
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0xac2b487aae0e51714e974a6b4baa7cab
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 207 from 10.219.195.225:38276 to
10.219.195.1:1812 length 209
(3) User-Name = "test"
(3) NAS-Identifier = "ap01-hbap"
(3) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) NAS-Port = 3
(3) Calling-Station-Id = "A6-5F-75-98-A5-06"
(3) Connect-Info = "CONNECT 54Mbps 802.11a"
(3) Acct-Session-Id = "EEFF590BE3BB6A1C"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027076
(3) WLAN-AKM-Suite = 1027073
(3) Framed-MTU = 1400
(3) EAP-Message = 0x022500061900
(3) State = 0xac2b487aae0e51714e974a6b4baa7cab
(3) Message-Authenticator = 0xbfa1456c3a23563d3ae031e3ab7b871c
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 994
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(3) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(3) authorize {
(3) eap: Peer sent EAP Response (code 2) ID 37 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) if (!control:Auth-Type) {
(3) if (!control:Auth-Type) -> FALSE
(3) } # authorize = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(3) Auth-Type EAP {
(3) eap: Removing EAP session with state 0xac2b487aae0e5171
(3) eap: Previous EAP request found for state 0xac2b487aae0e5171,
released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: (TLS) Peer ACKed our handshake fragment
(3) eap: Sending EAP Request (code 1) ID 38 length 1000
(3) eap: EAP session adding &reply:State = 0xac2b487aaf0d5171
(3) [eap] = handled
(3) } # Auth-Type EAP = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) session-state: Saving cached attributes
(3) Framed-MTU = 994
(3) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(3) Sent Access-Challenge Id 207 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1064
(3) EAP-Message =
0x012603e819406729c41ca39fed55f40b0703e590f4ef3fe75165ed505d0e8e33187c7f82a4fa97311282257e3dca08d5818a76cee90d8aea88403b1d62eda2f8ed0e7cc7d72ce4f25e3497d7cbb88d5fb3e76fd5eb2cb7c29126896e5cf175ca9a6b177812f14e4ad1acc69c7a07a33ad3e880179c3971584f08442b7bfe40153886a8e68f88b2ebd088522f0214474a905d560fa04a8f20a966b67e072e644b106f92e95d3fc468afe1b60ff5b30eabfd9eb217f1847f6a24ab5f922365ecc2bb16be43951cbf4cf33735cd9fc4a0337c1632c68690fb8748b78e6f1fe6534e092fc9b9f25123a0a3ed26215dc6b0b765bbe2272058c9bf0935cb8ac47c5b1f7bd20e474f71a760f1db1b8a45da00058f3082058b30820373a003020102020705fea02cf10b27300d06092a864886f70d01010b05003077312b302906035504030c222f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f5245414c4d5f4341310b3009060355040613024445310c300a06
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0xac2b487aaf0d51714e974a6b4baa7cab
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 208 from 10.219.195.225:38276 to
10.219.195.1:1812 length 209
(4) User-Name = "test"
(4) NAS-Identifier = "ap01-hbap"
(4) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) NAS-Port = 3
(4) Calling-Station-Id = "A6-5F-75-98-A5-06"
(4) Connect-Info = "CONNECT 54Mbps 802.11a"
(4) Acct-Session-Id = "EEFF590BE3BB6A1C"
(4) WLAN-Pairwise-Cipher = 1027076
(4) WLAN-Group-Cipher = 1027076
(4) WLAN-AKM-Suite = 1027073
(4) Framed-MTU = 1400
(4) EAP-Message = 0x022600061900
(4) State = 0xac2b487aaf0d51714e974a6b4baa7cab
(4) Message-Authenticator = 0x5cb8800c3a7ed09d207a2ef341573028
(4) Restoring &session-state
(4) &session-state:Framed-MTU = 994
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(4) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(4) authorize {
(4) eap: Peer sent EAP Response (code 2) ID 38 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) if (!control:Auth-Type) {
(4) if (!control:Auth-Type) -> FALSE
(4) } # authorize = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(4) Auth-Type EAP {
(4) eap: Removing EAP session with state 0xac2b487aaf0d5171
(4) eap: Previous EAP request found for state 0xac2b487aaf0d5171,
released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: (TLS) Peer ACKed our handshake fragment
(4) eap: Sending EAP Request (code 1) ID 39 length 1000
(4) eap: EAP session adding &reply:State = 0xac2b487aa80c5171
(4) [eap] = handled
(4) } # Auth-Type EAP = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found. Ignoring.
(4) session-state: Saving cached attributes
(4) Framed-MTU = 994
(4) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(4) Sent Access-Challenge Id 208 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1064
(4) EAP-Message =
0x012703e81940603ef2f2884b299ace212671ea16a0df8d30640875c03aaef2ac1e4cd0b45487fcb99234083e915ecded1171c41b3eb10b7c736e781a97f17e3aa3b85d0f5b5f35d09ce1570d621b9dc5be4b4f9ecae899a6d0949b7eed4ebcbf64a48aa40d41d3c07d33da2e8d816dd2eba719a8b75d53dfa7ecb5a35b7cec093710efea7ff30203010001a31d301b300c0603551d13040530030101ff300b0603551d0f040403020106300d06092a864886f70d01010b0500038202010048ed80b6b8d9f45c988d3a8c439f33112acf5a1a90a3e79a8622a919c7fa078d6bcfcb743a26ddd8bc1bc56f9071c89b8a986b33eeb0c6defe6f99834b9a90da8089c002815951b451f4b9d4ed8225888e5b77b04f9131487a830c71082209525143b143d9335eb02b382660f462e5b6d5e4dd2991b894148e23f6ce2be12f76406890fe48dba3e0c97b33089c20f7466a37daa34eb110f7d9cf47553fae6f7453ad44e48fa154f1db59066d3250216bde12320eed158d5197
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xac2b487aa80c51714e974a6b4baa7cab
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 209 from 10.219.195.225:38276 to
10.219.195.1:1812 length 209
(5) User-Name = "test"
(5) NAS-Identifier = "ap01-hbap"
(5) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) NAS-Port = 3
(5) Calling-Station-Id = "A6-5F-75-98-A5-06"
(5) Connect-Info = "CONNECT 54Mbps 802.11a"
(5) Acct-Session-Id = "EEFF590BE3BB6A1C"
(5) WLAN-Pairwise-Cipher = 1027076
(5) WLAN-Group-Cipher = 1027076
(5) WLAN-AKM-Suite = 1027073
(5) Framed-MTU = 1400
(5) EAP-Message = 0x022700061900
(5) State = 0xac2b487aa80c51714e974a6b4baa7cab
(5) Message-Authenticator = 0x4904b50139129c9ee3d149be137fb45e
(5) Restoring &session-state
(5) &session-state:Framed-MTU = 994
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(5) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(5) authorize {
(5) eap: Peer sent EAP Response (code 2) ID 39 length 6
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) if (!control:Auth-Type) {
(5) if (!control:Auth-Type) -> FALSE
(5) } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(5) Auth-Type EAP {
(5) eap: Removing EAP session with state 0xac2b487aa80c5171
(5) eap: Previous EAP request found for state 0xac2b487aa80c5171,
released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: (TLS) Peer ACKed our handshake fragment
(5) eap: Sending EAP Request (code 1) ID 40 length 55
(5) eap: EAP session adding &reply:State = 0xac2b487aa9035171
(5) [eap] = handled
(5) } # Auth-Type EAP = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found. Ignoring.
(5) session-state: Saving cached attributes
(5) Framed-MTU = 994
(5) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(5) Sent Access-Challenge Id 209 from 10.219.195.1:1812 to
10.219.195.225:38276 length 113
(5) EAP-Message =
0x012800371900b048c07ac17f86f9c727014f0cc6a508653ff99a95e6e84a4829d48058b9132be05c9c1b68de733316030300040e000000
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xac2b487aa90351714e974a6b4baa7cab
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 210 from 10.219.195.225:38276 to
10.219.195.1:1812 length 339
(6) User-Name = "test"
(6) NAS-Identifier = "ap01-hbap"
(6) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) NAS-Port = 3
(6) Calling-Station-Id = "A6-5F-75-98-A5-06"
(6) Connect-Info = "CONNECT 54Mbps 802.11a"
(6) Acct-Session-Id = "EEFF590BE3BB6A1C"
(6) WLAN-Pairwise-Cipher = 1027076
(6) WLAN-Group-Cipher = 1027076
(6) WLAN-AKM-Suite = 1027073
(6) Framed-MTU = 1400
(6) EAP-Message =
0x0228008819800000007e16030300461000004241041914318456c90b3eed960cc0f427749a4a58dea1c45b04d88e0d4aa358aa753149db3707404dba0da11104816db305bfb16c221d10d02ca05f66f05e90868b1914030300010116030300284ae33342f449b98c815966dbee60f4bfb147c6898c284415f0f4f449d2ff033a5ec9027ddb4ce85f
(6) State = 0xac2b487aa90351714e974a6b4baa7cab
(6) Message-Authenticator = 0x4765ff00e4d57c7b8098fe86dc4fa440
(6) Restoring &session-state
(6) &session-state:Framed-MTU = 994
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(6) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(6) authorize {
(6) eap: Peer sent EAP Response (code 2) ID 40 length 136
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) if (!control:Auth-Type) {
(6) if (!control:Auth-Type) -> FALSE
(6) } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(6) Auth-Type EAP {
(6) eap: Removing EAP session with state 0xac2b487aa9035171
(6) eap: Previous EAP request found for state 0xac2b487aa9035171,
released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: (TLS) EAP Peer says that the final record size will be 126
bytes
(6) eap_peap: (TLS) EAP Got all data (126 bytes)
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server done
(6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
client key exchange
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
change cipher spec
(6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, Finished
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read finished
(6) eap_peap: (TLS) PEAP - send TLS 1.2 ChangeCipherSpec
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
change cipher spec
(6) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Finished
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write finished
(6) eap_peap: (TLS) PEAP - Handshake state - SSL negotiation finished
successfully
(6) eap_peap: (TLS) PEAP - Connection Established
(6) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6) eap_peap: TLS-Session-Version = "TLS 1.2"
(6) eap: Sending EAP Request (code 1) ID 41 length 57
(6) eap: EAP session adding &reply:State = 0xac2b487aaa025171
(6) [eap] = handled
(6) } # Auth-Type EAP = handled
(6) Using Post-Auth-Type Challenge
(6) Post-Auth-Type sub-section not found. Ignoring.
(6) session-state: Saving cached attributes
(6) Framed-MTU = 994
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6) TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 210 from 10.219.195.1:1812 to
10.219.195.225:38276 length 115
(6) EAP-Message =
0x01290039190014030300010116030300282209ea55626d5fee2bc36d1a8a06ba29ee44eb2847cffb3da18d6d212b1f8b681bddb7d42c7dc10a
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0xac2b487aaa0251714e974a6b4baa7cab
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 211 from 10.219.195.225:38276 to
10.219.195.1:1812 length 209
(7) User-Name = "test"
(7) NAS-Identifier = "ap01-hbap"
(7) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) NAS-Port = 3
(7) Calling-Station-Id = "A6-5F-75-98-A5-06"
(7) Connect-Info = "CONNECT 54Mbps 802.11a"
(7) Acct-Session-Id = "EEFF590BE3BB6A1C"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027076
(7) WLAN-AKM-Suite = 1027073
(7) Framed-MTU = 1400
(7) EAP-Message = 0x022900061900
(7) State = 0xac2b487aaa0251714e974a6b4baa7cab
(7) Message-Authenticator = 0xb01820edd9de0eb9ebd79cea4c818884
(7) Restoring &session-state
(7) &session-state:Framed-MTU = 994
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES256-GCM-SHA384"
(7) &session-state:TLS-Session-Version = "TLS 1.2"
(7) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(7) authorize {
(7) eap: Peer sent EAP Response (code 2) ID 41 length 6
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) if (!control:Auth-Type) {
(7) if (!control:Auth-Type) -> FALSE
(7) } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(7) Auth-Type EAP {
(7) eap: Removing EAP session with state 0xac2b487aaa025171
(7) eap: Previous EAP request found for state 0xac2b487aaa025171,
released from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is
finished
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state TUNNEL ESTABLISHED
(7) eap: Sending EAP Request (code 1) ID 42 length 40
(7) eap: EAP session adding &reply:State = 0xac2b487aab015171
(7) [eap] = handled
(7) } # Auth-Type EAP = handled
(7) Using Post-Auth-Type Challenge
(7) Post-Auth-Type sub-section not found. Ignoring.
(7) session-state: Saving cached attributes
(7) Framed-MTU = 994
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 211 from 10.219.195.1:1812 to
10.219.195.225:38276 length 98
(7) EAP-Message =
0x012a00281900170303001d2209ea55626d5fef324c805c6b28f660cb29d8bd4026022faedaf16c29
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0xac2b487aab0151714e974a6b4baa7cab
(7) Finished request
Waking up in 4.8 seconds.
(8) Received Access-Request Id 212 from 10.219.195.225:38276 to
10.219.195.1:1812 length 243
(8) User-Name = "test"
(8) NAS-Identifier = "ap01-hbap"
(8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 3
(8) Calling-Station-Id = "A6-5F-75-98-A5-06"
(8) Connect-Info = "CONNECT 54Mbps 802.11a"
(8) Acct-Session-Id = "EEFF590BE3BB6A1C"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) EAP-Message =
0x022a00281900170303001d4ae33342f449b98d13c961f594f00dcb253fa40f83e7aec02fab3fb55a
(8) State = 0xac2b487aab0151714e974a6b4baa7cab
(8) Message-Authenticator = 0xcea0cff4f6afbee50b7007acbe9993a1
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 994
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES256-GCM-SHA384"
(8) &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(8) authorize {
(8) eap: Peer sent EAP Response (code 2) ID 42 length 40
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) if (!control:Auth-Type) {
(8) if (!control:Auth-Type) -> FALSE
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(8) Auth-Type EAP {
(8) eap: Removing EAP session with state 0xac2b487aab015171
(8) eap: Previous EAP request found for state 0xac2b487aab015171,
released from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: (TLS) EAP Done initial handshake
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(8) eap_peap: Identity - test
(8) eap_peap: Got inner identity 'test'
(8) eap_peap: Setting default EAP type for tunneled EAP session
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message = 0x022a00090174657374
(8) eap_peap: Setting User-Name to test
(8) eap_peap: Sending tunneled request to otpme
(8) eap_peap: EAP-Message = 0x022a00090174657374
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = "test"
(8) eap_peap: NAS-Identifier = "ap01-hbap"
(8) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) eap_peap: NAS-Port-Type = Wireless-802.11
(8) eap_peap: Service-Type = Framed-User
(8) eap_peap: NAS-Port = 3
(8) eap_peap: Calling-Station-Id = "A6-5F-75-98-A5-06"
(8) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(8) eap_peap: Acct-Session-Id = "EEFF590BE3BB6A1C"
(8) eap_peap: WLAN-Pairwise-Cipher = 1027076
(8) eap_peap: WLAN-Group-Cipher = 1027076
(8) eap_peap: WLAN-AKM-Suite = 1027073
(8) eap_peap: Framed-MTU = 1400
(8) Virtual server otpme received request
(8) EAP-Message = 0x022a00090174657374
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = "test"
(8) NAS-Identifier = "ap01-hbap"
(8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 3
(8) Calling-Station-Id = "A6-5F-75-98-A5-06"
(8) Connect-Info = "CONNECT 54Mbps 802.11a"
(8) Acct-Session-Id = "EEFF590BE3BB6A1C"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(8) server otpme {
(8) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(8) authorize {
(8) eap: Peer sent EAP Response (code 2) ID 42 length 9
(8) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(8) [eap] = ok
(8) if (!control:Auth-Type) {
(8) if (!control:Auth-Type) -> FALSE
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(8) Auth-Type EAP {
(8) eap: Peer sent packet with method EAP Identity (1)
(8) eap: Calling submodule eap_mschapv2 to process data
(8) eap_mschapv2: Issuing Challenge
(8) eap: Sending EAP Request (code 1) ID 43 length 42
(8) eap: EAP session adding &reply:State = 0x4d7ab8054d51a258
(8) [eap] = handled
(8) } # Auth-Type EAP = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) } # server otpme
(8) Virtual server sending reply
(8) EAP-Message =
0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x4d7ab8054d51a258be49ba37bb208c58
(8) eap_peap: Got tunneled reply code 11
(8) eap_peap: EAP-Message =
0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58
(8) eap_peap: Got tunneled reply RADIUS code 11
(8) eap_peap: EAP-Message =
0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58
(8) eap_peap: Got tunneled Access-Challenge
(8) eap: Sending EAP Request (code 1) ID 43 length 73
(8) eap: EAP session adding &reply:State = 0xac2b487aa4005171
(8) [eap] = handled
(8) } # Auth-Type EAP = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) session-state: Saving cached attributes
(8) Framed-MTU = 994
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8) TLS-Session-Version = "TLS 1.2"
(8) Sent Access-Challenge Id 212 from 10.219.195.1:1812 to
10.219.195.225:38276 length 131
(8) EAP-Message =
0x012b00491900170303003e2209ea55626d5ff0baf80a2c42ec6788dd5d4663e3245c6aaaef10c2c1deb1d2ad96fab8a4438ea319ff3f70d6d27ae2c8a9d4aa8dc68429000232767ded
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0xac2b487aa40051714e974a6b4baa7cab
(8) Finished request
Waking up in 4.8 seconds.
(9) Received Access-Request Id 213 from 10.219.195.225:38276 to
10.219.195.1:1812 length 297
(9) User-Name = "test"
(9) NAS-Identifier = "ap01-hbap"
(9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 3
(9) Calling-Station-Id = "A6-5F-75-98-A5-06"
(9) Connect-Info = "CONNECT 54Mbps 802.11a"
(9) Acct-Session-Id = "EEFF590BE3BB6A1C"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) EAP-Message =
0x022b005e190017030300534ae33342f449b98e94136a54fa9773216317d2ebacdd3c8cea4603265909a0054c9dbb0bc8083fe2bd3ff8548dde3574e03c15d2b5a9ba2568d6711d69a8859b8fe148f477919afc4ccdbd64664e50b2cf5a5f
(9) State = 0xac2b487aa40051714e974a6b4baa7cab
(9) Message-Authenticator = 0x70ed0ad4ec446ceb8871e3c49ec3026a
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 994
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES256-GCM-SHA384"
(9) &session-state:TLS-Session-Version = "TLS 1.2"
(9) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(9) authorize {
(9) eap: Peer sent EAP Response (code 2) ID 43 length 94
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) if (!control:Auth-Type) {
(9) if (!control:Auth-Type) -> FALSE
(9) } # authorize = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(9) Auth-Type EAP {
(9) eap: Removing EAP session with state 0xac2b487aa4005171
(9) eap: Previous EAP request found for state 0xac2b487aa4005171,
released from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: (TLS) EAP Done initial handshake
(9) eap_peap: Session established. Decoding tunneled attributes
(9) eap_peap: PEAP state phase2
(9) eap_peap: EAP method MSCHAPv2 (26)
(9) eap_peap: Got tunneled request
(9) eap_peap: EAP-Message =
0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374
(9) eap_peap: Setting User-Name to test
(9) eap_peap: Sending tunneled request to otpme
(9) eap_peap: EAP-Message =
0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374
(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(9) eap_peap: User-Name = "test"
(9) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58
(9) eap_peap: NAS-Identifier = "ap01-hbap"
(9) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) eap_peap: NAS-Port-Type = Wireless-802.11
(9) eap_peap: Service-Type = Framed-User
(9) eap_peap: NAS-Port = 3
(9) eap_peap: Calling-Station-Id = "A6-5F-75-98-A5-06"
(9) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(9) eap_peap: Acct-Session-Id = "EEFF590BE3BB6A1C"
(9) eap_peap: WLAN-Pairwise-Cipher = 1027076
(9) eap_peap: WLAN-Group-Cipher = 1027076
(9) eap_peap: WLAN-AKM-Suite = 1027073
(9) eap_peap: Framed-MTU = 1400
(9) Virtual server otpme received request
(9) EAP-Message =
0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = "test"
(9) State = 0x4d7ab8054d51a258be49ba37bb208c58
(9) NAS-Identifier = "ap01-hbap"
(9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 3
(9) Calling-Station-Id = "A6-5F-75-98-A5-06"
(9) Connect-Info = "CONNECT 54Mbps 802.11a"
(9) Acct-Session-Id = "EEFF590BE3BB6A1C"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(9) server otpme {
(9) session-state: No cached attributes
(9) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(9) authorize {
(9) eap: Peer sent EAP Response (code 2) ID 43 length 63
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) if (!control:Auth-Type) {
(9) if (!control:Auth-Type) -> FALSE
(9) } # authorize = updated
(9) Found Auth-Type = EAP
(9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(9) Auth-Type EAP {
(9) eap: Removing EAP session with state 0x4d7ab8054d51a258
(9) eap: Previous EAP request found for state 0x4d7ab8054d51a258,
released from the list
(9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(9) eap: Calling submodule eap_mschapv2 to process data
(9) eap_mschapv2: # Executing group from file
/var/run/otpme/freeradius/radiusd.conf
(9) eap_mschapv2: Auth-Type MS-CHAP {
otpme.py: adding MS-CHAP2-Success:
'3S=c3971529e7869293a9a388ede7e667182aeaa22c'
otpme.py: adding MS-MPPE-Send-Key: 'c7726ce0b854c17314668bc50df88203'
otpme.py: adding MS-MPPE-Recv-Key: '7019a1e6577898bd8acfecd45e55a41d'
otpme.py: adding MS-MPPE-Encryption-Policy: '0x00000001'
otpme.py: adding MS-MPPE-Encryption-Types: '0x00000006'
otpme.py: adding Auth-Type: 'MS-CHAP'
authenticate - 'reply:Reply-Message' = 'Authentication successful'
authenticate - 'reply:MS-CHAP2-Success' =
'0x33533d63333937313532396537383639323933613961333838656465376536363731383261656161323263'
authenticate - 'reply:MS-MPPE-Encryption-Policy' = '0x00000001'
authenticate - 'reply:MS-MPPE-Encryption-Types' = '0x00000006'
authenticate - 'reply:MS-MPPE-Send-Key' =
'0xc7726ce0b854c17314668bc50df88203'
authenticate - 'reply:MS-MPPE-Recv-Key' =
'0x7019a1e6577898bd8acfecd45e55a41d'
authenticate - 'config:Auth-Type' = 'MS-CHAP'
(9) eap_mschapv2: [python_otpme] = ok
(9) eap_mschapv2: } # Auth-Type MS-CHAP = ok
(9) eap_mschapv2: MSCHAP Success
(9) eap: Sending EAP Request (code 1) ID 44 length 51
(9) eap: EAP session adding &reply:State = 0x4d7ab8054c56a258
(9) [eap] = handled
(9) } # Auth-Type EAP = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) } # server otpme
(9) Virtual server sending reply
(9) Reply-Message = "Authentication successful"
(9) EAP-Message =
0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x4d7ab8054c56a258be49ba37bb208c58
(9) eap_peap: Got tunneled reply code 11
(9) eap_peap: Reply-Message = "Authentication successful"
(9) eap_peap: EAP-Message =
0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: State = 0x4d7ab8054c56a258be49ba37bb208c58
(9) eap_peap: Got tunneled reply RADIUS code 11
(9) eap_peap: Reply-Message = "Authentication successful"
(9) eap_peap: EAP-Message =
0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: State = 0x4d7ab8054c56a258be49ba37bb208c58
(9) eap_peap: Got tunneled Access-Challenge
(9) eap: Sending EAP Request (code 1) ID 44 length 82
(9) eap: EAP session adding &reply:State = 0xac2b487aa5075171
(9) [eap] = handled
(9) } # Auth-Type EAP = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) session-state: Saving cached attributes
(9) Framed-MTU = 994
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(9) TLS-Session-Version = "TLS 1.2"
(9) Sent Access-Challenge Id 213 from 10.219.195.1:1812 to
10.219.195.225:38276 length 140
(9) EAP-Message =
0x012c0052190017030300472209ea55626d5ff1c5bfe6da41424c37ee71bb77118b8f1f51e7bdb050466709030848e8afe46e99cd47ef4337957aa870e14a5a42c006d97a017640d76c88fd54daf3585dae47
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0xac2b487aa50751714e974a6b4baa7cab
(9) Finished request
Waking up in 4.0 seconds.
More information about the Freeradius-Users
mailing list