API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 17th, 2010
293
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.85 KB | None | 0 0
raw download clone embed print report
  1. FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu, built on Mar 31 2010 at 00:14:28
  2. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE.
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License v2.
  7. Starting - reading configuration files ...
  8. including configuration file /etc/raddb/radiusd.conf
  9. including configuration file /etc/raddb/proxy.conf
  10. including configuration file /etc/raddb/clients.conf
  11. including files in directory /etc/raddb/modules/
  12. including configuration file /etc/raddb/modules/expiration
  13. including configuration file /etc/raddb/modules/files
  14. including configuration file /etc/raddb/modules/mac2vlan
  15. including configuration file /etc/raddb/modules/pap
  16. including configuration file /etc/raddb/modules/expr
  17. including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
  18. including configuration file /etc/raddb/modules/always
  19. including configuration file /etc/raddb/modules/policy
  20. including configuration file /etc/raddb/modules/perl
  21. including configuration file /etc/raddb/modules/sradutmp
  22. including configuration file /etc/raddb/modules/digest
  23. including configuration file /etc/raddb/modules/realm
  24. including configuration file /etc/raddb/modules/otp
  25. including configuration file /etc/raddb/modules/linelog
  26. including configuration file /etc/raddb/modules/chap
  27. including configuration file /etc/raddb/modules/attr_filter
  28. including configuration file /etc/raddb/modules/checkval
  29. including configuration file /etc/raddb/modules/echo
  30. including configuration file /etc/raddb/modules/mac2ip
  31. including configuration file /etc/raddb/modules/acct_unique
  32. including configuration file /etc/raddb/modules/unix
  33. including configuration file /etc/raddb/modules/ippool
  34. including configuration file /etc/raddb/modules/detail.log
  35. including configuration file /etc/raddb/modules/radutmp
  36. including configuration file /etc/raddb/modules/detail.example.com
  37. including configuration file /etc/raddb/modules/logintime
  38. including configuration file /etc/raddb/modules/preprocess
  39. including configuration file /etc/raddb/modules/ldap
  40. including configuration file /etc/raddb/modules/mschap
  41. including configuration file /etc/raddb/modules/passwd
  42. including configuration file /etc/raddb/modules/counter
  43. including configuration file /etc/raddb/modules/detail
  44. including configuration file /etc/raddb/modules/pam
  45. including configuration file /etc/raddb/modules/exec
  46. including configuration file /etc/raddb/modules/inner-eap
  47. including configuration file /etc/raddb/modules/smbpasswd
  48. including configuration file /etc/raddb/modules/attr_rewrite
  49. including configuration file /etc/raddb/modules/sql_log
  50. including configuration file /etc/raddb/modules/etc_group
  51. including configuration file /etc/raddb/modules/wimax
  52. including configuration file /etc/raddb/modules/smsotp
  53. including configuration file /etc/raddb/modules/cui
  54. including configuration file /etc/raddb/eap.conf
  55. including configuration file /etc/raddb/policy.conf
  56. including files in directory /etc/raddb/sites-enabled/
  57. including configuration file /etc/raddb/sites-enabled/inner-tunnel
  58. including configuration file /etc/raddb/sites-enabled/default
  59. including configuration file /etc/raddb/sites-enabled/control-socket
  60. group = radiusd
  61. user = radiusd
  62. including dictionary file /etc/raddb/dictionary
  63. main {
  64. prefix = "/usr"
  65. localstatedir = "/var"
  66. logdir = "/var/log/radius"
  67. libdir = "/usr/lib64/freeradius"
  68. radacctdir = "/var/log/radius/radacct"
  69. hostname_lookups = no
  70. max_request_time = 30
  71. cleanup_delay = 5
  72. max_requests = 1024
  73. allow_core_dumps = no
  74. pidfile = "/var/run/radiusd/radiusd.pid"
  75. checkrad = "/usr/sbin/checkrad"
  76. debug_level = 0
  77. proxy_requests = yes
  78. log {
  79. stripped_names = no
  80. auth = no
  81. auth_badpass = no
  82. auth_goodpass = no
  83. }
  84. security {
  85. max_attributes = 200
  86. reject_delay = 1
  87. status_server = yes
  88. }
  89. }
  90. radiusd: #### Loading Realms and Home Servers ####
  91. proxy server {
  92. retry_delay = 5
  93. retry_count = 3
  94. default_fallback = no
  95. dead_time = 120
  96. wake_all_if_all_dead = no
  97. }
  98. home_server localhost {
  99. ipaddr = 127.0.0.1
  100. port = 1812
  101. type = "auth"
  102. secret = "testing123"
  103. response_window = 20
  104. max_outstanding = 65536
  105. require_message_authenticator = no
  106. zombie_period = 40
  107. status_check = "status-server"
  108. ping_interval = 30
  109. check_interval = 30
  110. num_answers_to_alive = 3
  111. num_pings_to_alive = 3
  112. revive_interval = 120
  113. status_check_timeout = 4
  114. irt = 2
  115. mrt = 16
  116. mrc = 5
  117. mrd = 30
  118. }
  119. home_server_pool my_auth_failover {
  120. type = fail-over
  121. home_server = localhost
  122. }
  123. realm example.com {
  124. auth_pool = my_auth_failover
  125. }
  126. realm LOCAL {
  127. }
  128. radiusd: #### Loading Clients ####
  129. client localhost {
  130. ipaddr = 127.0.0.1
  131. require_message_authenticator = no
  132. secret = "testing123"
  133. nastype = "other"
  134. }
  135. client 192.168.0.0/16 {
  136. require_message_authenticator = no
  137. shortname = "wirelessNetwork_802_1x"
  138. }
  139. client 192.168.47.18 {
  140. require_message_authenticator = no
  141. shortname = "VE_WIRELESS__3F_OPS"
  142. }
  143. client 192.168.47.19 {
  144. require_message_authenticator = no
  145. shortname = "VE_WIRELESS_ROOT"
  146. }
  147. client 192.168.49.224 {
  148. require_message_authenticator = no
  149. shortname = "VE_WIRELESS_ROOT"
  150. }
  151. radiusd: #### Instantiating modules ####
  152. instantiate {
  153. Module: Linked to module rlm_exec
  154. Module: Instantiating exec
  155. exec {
  156. wait = no
  157. input_pairs = "request"
  158. shell_escape = yes
  159. }
  160. Module: Linked to module rlm_expr
  161. Module: Instantiating expr
  162. Module: Linked to module rlm_expiration
  163. Module: Instantiating expiration
  164. expiration {
  165. reply-message = "Password Has Expired "
  166. }
  167. Module: Linked to module rlm_logintime
  168. Module: Instantiating logintime
  169. logintime {
  170. reply-message = "You are calling outside your allowed timespan "
  171. minimum-timeout = 60
  172. }
  173. }
  174. radiusd: #### Loading Virtual Servers ####
  175. server inner-tunnel {
  176. modules {
  177. Module: Checking authenticate {...} for more modules to load
  178. Module: Linked to module rlm_pap
  179. Module: Instantiating pap
  180. pap {
  181. encryption_scheme = "auto"
  182. auto_header = no
  183. }
  184. Module: Linked to module rlm_chap
  185. Module: Instantiating chap
  186. Module: Linked to module rlm_mschap
  187. Module: Instantiating mschap
  188. mschap {
  189. use_mppe = yes
  190. require_encryption = no
  191. require_strong = no
  192. with_ntdomain_hack = no
  193. }
  194. Module: Linked to module rlm_unix
  195. Module: Instantiating unix
  196. unix {
  197. radwtmp = "/var/log/radius/radwtmp"
  198. }
  199. Module: Linked to module rlm_ldap
  200. Module: Instantiating ldap
  201. ldap {
  202. server = "ldap.sacta.videoegg.com"
  203. port = 389
  204. identity = "uid=radiusd,ou=People,dc=videoegg,dc=com"
  205. net_timeout = 1
  206. timeout = 4
  207. timelimit = 3
  208. tls_mode = no
  209. start_tls = no
  210. tls_require_cert = "allow"
  211. tls {
  212. start_tls = no
  213. require_cert = "allow"
  214. }
  215. basedn = "ou=People,dc=videoegg,dc=com"
  216. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  217. base_filter = "(objectclass=radiusprofile)"
  218. auto_header = no
  219. access_attr_used_for_allow = yes
  220. groupname_attribute = "cn"
  221. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  222. dictionary_mapping = "/etc/raddb/ldap.attrmap"
  223. ldap_debug = 0
  224. ldap_connections_number = 5
  225. compare_check_items = no
  226. do_xlat = yes
  227. set_auth_type = yes
  228. }
  229. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  230. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  231. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
  232. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  233. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  234. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  235. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  236. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  237. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  238. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  239. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  240. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  241. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  242. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  243. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  244. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  245. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  246. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  247. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  248. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  249. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  250. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  251. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  252. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  253. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  254. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  255. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  256. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  257. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  258. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  259. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  260. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  261. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  262. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  263. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  264. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  265. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  266. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  267. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  268. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  269. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  270. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  271. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  272. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  273. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  274. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  275. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  276. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
  277. conns: 0x8a82210
  278. Module: Linked to module rlm_eap
  279. Module: Instantiating eap
  280. eap {
  281. default_eap_type = "md5"
  282. timer_expire = 60
  283. ignore_unknown_eap_types = no
  284. cisco_accounting_username_bug = no
  285. max_sessions = 2048
  286. }
  287. Module: Linked to sub-module rlm_eap_md5
  288. Module: Instantiating eap-md5
  289. Module: Linked to sub-module rlm_eap_leap
  290. Module: Instantiating eap-leap
  291. Module: Linked to sub-module rlm_eap_gtc
  292. Module: Instantiating eap-gtc
  293. gtc {
  294. challenge = "Password: "
  295. auth_type = "PAP"
  296. }
  297. Module: Linked to sub-module rlm_eap_tls
  298. Module: Instantiating eap-tls
  299. tls {
  300. rsa_key_exchange = no
  301. dh_key_exchange = yes
  302. rsa_key_length = 512
  303. dh_key_length = 512
  304. verify_depth = 0
  305. pem_file_type = yes
  306. private_key_file = "/etc/raddb/certs/server.pem"
  307. certificate_file = "/etc/raddb/certs/server.pem"
  308. CA_file = "/etc/raddb/certs/ca.pem"
  309. private_key_password = "xxxxxxxxx"
  310. dh_file = "/etc/raddb/certs/dh"
  311. random_file = "/etc/raddb/certs/random"
  312. fragment_size = 1024
  313. include_length = yes
  314. check_crl = no
  315. cipher_list = "DEFAULT"
  316. make_cert_command = "/etc/raddb/certs/bootstrap"
  317. cache {
  318. enable = no
  319. lifetime = 24
  320. max_entries = 255
  321. }
  322. }
  323. Module: Linked to sub-module rlm_eap_ttls
  324. Module: Instantiating eap-ttls
  325. ttls {
  326. default_eap_type = "md5"
  327. copy_request_to_tunnel = no
  328. use_tunneled_reply = no
  329. virtual_server = "inner-tunnel"
  330. include_length = yes
  331. }
  332. Module: Linked to sub-module rlm_eap_peap
  333. Module: Instantiating eap-peap
  334. peap {
  335. default_eap_type = "mschapv2"
  336. copy_request_to_tunnel = no
  337. use_tunneled_reply = no
  338. proxy_tunneled_request_as_eap = yes
  339. virtual_server = "inner-tunnel"
  340. }
  341. Module: Linked to sub-module rlm_eap_mschapv2
  342. Module: Instantiating eap-mschapv2
  343. mschapv2 {
  344. with_ntdomain_hack = no
  345. }
  346. Module: Checking authorize {...} for more modules to load
  347. Module: Linked to module rlm_realm
  348. Module: Instantiating suffix
  349. realm suffix {
  350. format = "suffix"
  351. delimiter = "@"
  352. ignore_default = no
  353. ignore_null = no
  354. }
  355. Module: Linked to module rlm_files
  356. Module: Instantiating files
  357. files {
  358. usersfile = "/etc/raddb/users"
  359. acctusersfile = "/etc/raddb/acct_users"
  360. preproxy_usersfile = "/etc/raddb/preproxy_users"
  361. compat = "no"
  362. }
  363. Module: Checking session {...} for more modules to load
  364. Module: Linked to module rlm_radutmp
  365. Module: Instantiating radutmp
  366. radutmp {
  367. filename = "/var/log/radius/radutmp"
  368. username = "%{User-Name}"
  369. case_sensitive = yes
  370. check_with_nas = yes
  371. perm = 384
  372. callerid = yes
  373. }
  374. Module: Checking post-proxy {...} for more modules to load
  375. Module: Checking post-auth {...} for more modules to load
  376. Module: Linked to module rlm_attr_filter
  377. Module: Instantiating attr_filter.access_reject
  378. attr_filter attr_filter.access_reject {
  379. attrsfile = "/etc/raddb/attrs.access_reject"
  380. key = "%{User-Name}"
  381. }
  382. } # modules
  383. } # server
  384. server {
  385. modules {
  386. Module: Checking authenticate {...} for more modules to load
  387. Module: Checking authorize {...} for more modules to load
  388. Module: Linked to module rlm_preprocess
  389. Module: Instantiating preprocess
  390. preprocess {
  391. huntgroups = "/etc/raddb/huntgroups"
  392. hints = "/etc/raddb/hints"
  393. with_ascend_hack = no
  394. ascend_channels_per_line = 23
  395. with_ntdomain_hack = no
  396. with_specialix_jetstream_hack = no
  397. with_cisco_vsa_hack = no
  398. with_alvarion_vsa_hack = no
  399. }
  400. Module: Checking preacct {...} for more modules to load
  401. Module: Linked to module rlm_acct_unique
  402. Module: Instantiating acct_unique
  403. acct_unique {
  404. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  405. }
  406. Module: Checking accounting {...} for more modules to load
  407. Module: Linked to module rlm_detail
  408. Module: Instantiating detail
  409. detail {
  410. detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
  411. header = "%t"
  412. detailperm = 384
  413. dirperm = 493
  414. locking = no
  415. log_packet_header = no
  416. }
  417. Module: Instantiating attr_filter.accounting_response
  418. attr_filter attr_filter.accounting_response {
  419. attrsfile = "/etc/raddb/attrs.accounting_response"
  420. key = "%{User-Name}"
  421. }
  422. Module: Checking session {...} for more modules to load
  423. Module: Checking post-proxy {...} for more modules to load
  424. Module: Checking post-auth {...} for more modules to load
  425. } # modules
  426. } # server
  427. radiusd: #### Opening IP addresses and Ports ####
  428. listen {
  429. type = "auth"
  430. ipaddr = *
  431. port = 0
  432. }
  433. listen {
  434. type = "acct"
  435. ipaddr = *
  436. port = 0
  437. }
  438. listen {
  439. type = "control"
  440. listen {
  441. socket = "/var/run/radiusd/radiusd.sock"
  442. }
  443. }
  444. Listening on authentication address * port 1812
  445. Listening on accounting address * port 1813
  446. Listening on command file /var/run/radiusd/radiusd.sock
  447. Listening on proxy address * port 1814
  448. Ready to process requests.
  449. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=213, length=134
  450. User-Name = "kplimack"
  451. Framed-MTU = 1400
  452. Called-Station-Id = "0027.0ded.dbe0"
  453. Calling-Station-Id = "001b.775d.c7cd"
  454. Service-Type = Login-User
  455. Message-Authenticator = 0xb6578157227d87bc621e9de0aff26089
  456. EAP-Message = 0x0202000d016b706c696d61636b
  457. NAS-Port-Type = Wireless-802.11
  458. NAS-Port = 516
  459. NAS-Port-Id = "516"
  460. NAS-IP-Address = 192.168.49.195
  461. NAS-Identifier = "ap"
  462. +- entering group authorize {...}
  463. ++[preprocess] returns ok
  464. ++[chap] returns noop
  465. ++[mschap] returns noop
  466. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  467. [suffix] No such realm "NULL"
  468. ++[suffix] returns noop
  469. [eap] EAP packet type response id 2 length 13
  470. [eap] No EAP Start, assuming it's an on-going EAP conversation
  471. ++[eap] returns updated
  472. ++[unix] returns notfound
  473. ++[files] returns noop
  474. [ldap] performing user authorization for kplimack
  475. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  476. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
  477. [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
  478. rlm_ldap: ldap_get_conn: Checking Id: 0
  479. rlm_ldap: ldap_get_conn: Got Id: 0
  480. rlm_ldap: attempting LDAP reconnection
  481. rlm_ldap: (re)connect to ldap.sacta.videoegg.com:389, authentication 0
  482. rlm_ldap: bind as uid=radiusd,ou=People,dc=videoegg,dc=com/ApS3n6fjJ to ldap.sacta.videoegg.com:389
  483. rlm_ldap: waiting for bind result ...
  484. rlm_ldap: Bind was successful
  485. rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
  486. [ldap] looking for check items in directory...
  487. [ldap] looking for reply items in directory...
  488. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  489. [ldap] user kplimack authorized to use remote access
  490. rlm_ldap: ldap_release_conn: Release Id: 0
  491. ++[ldap] returns ok
  492. ++[expiration] returns noop
  493. ++[logintime] returns noop
  494. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  495. ++[pap] returns noop
  496. Found Auth-Type = EAP
  497. +- entering group authenticate {...}
  498. [eap] EAP Identity
  499. [eap] processing type md5
  500. rlm_eap_md5: Issuing Challenge
  501. ++[eap] returns handled
  502. Sending Access-Challenge of id 213 to 192.168.49.195 port 1645
  503. EAP-Message = 0x0103001604106f916d3b2844d42f0fb2a6dee6c794d6
  504. Message-Authenticator = 0x00000000000000000000000000000000
  505. State = 0x29473d5b29443903dfa7b88ea8751d8f
  506. Finished request 0.
  507. Going to the next request
  508. Waking up in 4.9 seconds.
  509. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=214, length=145
  510. User-Name = "kplimack"
  511. Framed-MTU = 1400
  512. Called-Station-Id = "0027.0ded.dbe0"
  513. Calling-Station-Id = "001b.775d.c7cd"
  514. Service-Type = Login-User
  515. Message-Authenticator = 0x860cdc44119fa7e212e1ac61037cafaa
  516. EAP-Message = 0x020300060319
  517. NAS-Port-Type = Wireless-802.11
  518. NAS-Port = 516
  519. NAS-Port-Id = "516"
  520. State = 0x29473d5b29443903dfa7b88ea8751d8f
  521. NAS-IP-Address = 192.168.49.195
  522. NAS-Identifier = "ap"
  523. +- entering group authorize {...}
  524. ++[preprocess] returns ok
  525. ++[chap] returns noop
  526. ++[mschap] returns noop
  527. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  528. [suffix] No such realm "NULL"
  529. ++[suffix] returns noop
  530. [eap] EAP packet type response id 3 length 6
  531. [eap] No EAP Start, assuming it's an on-going EAP conversation
  532. ++[eap] returns updated
  533. ++[unix] returns notfound
  534. ++[files] returns noop
  535. [ldap] performing user authorization for kplimack
  536. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  537. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
  538. [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
  539. rlm_ldap: ldap_get_conn: Checking Id: 0
  540. rlm_ldap: ldap_get_conn: Got Id: 0
  541. rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
  542. [ldap] looking for check items in directory...
  543. [ldap] looking for reply items in directory...
  544. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  545. [ldap] user kplimack authorized to use remote access
  546. rlm_ldap: ldap_release_conn: Release Id: 0
  547. ++[ldap] returns ok
  548. ++[expiration] returns noop
  549. ++[logintime] returns noop
  550. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  551. ++[pap] returns noop
  552. Found Auth-Type = EAP
  553. +- entering group authenticate {...}
  554. [eap] Request found, released from the list
  555. [eap] EAP NAK
  556. [eap] EAP-NAK asked for EAP-Type/peap
  557. [eap] processing type tls
  558. [tls] Initiate
  559. [tls] Start returned 1
  560. ++[eap] returns handled
  561. Sending Access-Challenge of id 214 to 192.168.49.195 port 1645
  562. EAP-Message = 0x010400061920
  563. Message-Authenticator = 0x00000000000000000000000000000000
  564. State = 0x29473d5b28432403dfa7b88ea8751d8f
  565. Finished request 1.
  566. Going to the next request
  567. Waking up in 4.9 seconds.
  568. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=215, length=219
  569. User-Name = "kplimack"
  570. Framed-MTU = 1400
  571. Called-Station-Id = "0027.0ded.dbe0"
  572. Calling-Station-Id = "001b.775d.c7cd"
  573. Service-Type = Login-User
  574. Message-Authenticator = 0xaffe20b71c31b64625656caf18cccdfe
  575. EAP-Message = 0x0204005019800000004616030100410100003d03014c1abee5b6abd01744c91368577068da09aff6daff29d3cc1e65ae6c239bc44a00001600040005000a000900640062000300060013001200630100
  576. NAS-Port-Type = Wireless-802.11
  577. NAS-Port = 516
  578. NAS-Port-Id = "516"
  579. State = 0x29473d5b28432403dfa7b88ea8751d8f
  580. NAS-IP-Address = 192.168.49.195
  581. NAS-Identifier = "ap"
  582. +- entering group authorize {...}
  583. ++[preprocess] returns ok
  584. ++[chap] returns noop
  585. ++[mschap] returns noop
  586. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  587. [suffix] No such realm "NULL"
  588. ++[suffix] returns noop
  589. [eap] EAP packet type response id 4 length 80
  590. [eap] Continuing tunnel setup.
  591. ++[eap] returns ok
  592. Found Auth-Type = EAP
  593. +- entering group authenticate {...}
  594. [eap] Request found, released from the list
  595. [eap] EAP/peap
  596. [eap] processing type peap
  597. [peap] processing EAP-TLS
  598. TLS Length 70
  599. [peap] Length Included
  600. [peap] eaptls_verify returned 11
  601. [peap] (other): before/accept initialization
  602. [peap] TLS_accept: before/accept initialization
  603. [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
  604. [peap] TLS_accept: SSLv3 read client hello A
  605. [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
  606. [peap] TLS_accept: SSLv3 write server hello A
  607. [peap] >>> TLS 1.0 Handshake [length 0845], Certificate
  608. [peap] TLS_accept: SSLv3 write certificate A
  609. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  610. [peap] TLS_accept: SSLv3 write server done A
  611. [peap] TLS_accept: SSLv3 flush data
  612. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
  613. In SSL Handshake Phase
  614. In SSL Accept mode
  615. [peap] eaptls_process returned 13
  616. [peap] EAPTLS_HANDLED
  617. ++[eap] returns handled
  618. Sending Access-Challenge of id 215 to 192.168.49.195 port 1645
  619. EAP-Message = 0x0105040019c000000882160301002a0200002603014c1a5d4a19004ca53fd9b69a45657f95d9819bf857ac5142b6d7867209e23d840000040016030108450b00084100083e00039f3082039b30820283a003020102020101300d06092a864886f70d010104050030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d301e170d3130
  620. EAP-Message = 0x303631373135343033355a170d3131303631373135343033355a307b310b3009060355040613025553310b300906035504081302434131193017060355040a1310566964656f4567672e636f6d20496e633121301f060355040313186c696c61632e73616364612e766964656f6567672e636f6d3121301f06092a864886f70d0109011612383032317840766964656f6567672e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c232436dc6f7dc02c892246377f74c34b452c7a8dc62b5310183ae22af0168344b8dd30c1067ef515d89c4355325f272ef0782540530408c5489e66d1f81e4504a40e5fb4a
  621. EAP-Message = 0x475816ccc2eca5ced34156a92c5031bba69f3031dddf3eae0b031e7004bf5498025fccdbf70e30bf255d2f18749f1e4c90d41e1d5758f6609ae8d4e4273cf78f16d10c68d0550db80a7afbc5cdd3316bc9fa28265611e83be4a0dd0510b075e5b53e5e829c9c0dc708ef8d713ddaca8540c71096d5633c7538791cfeed091b0ac620f5f3139dc2a725a90a26416bd32cf0c82d4878fd18b017f622ec767a36de300ddb6a02cbcd82aba4ff7a9c96c7e5d5744598e49c58d64d0c1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100ce7df71fd00adb62db22b78c67b76704
  622. EAP-Message = 0xfa067243083fa312bd0e3c1304ffe48ffdefec43b3bac93d4bd31a8cc8e7e96e496a1e1ba0806a70b9a9b06175e787a781e3023adfaa28635c3e16cd22bfd4cb07e02a3a82ee7d405f20d89d7af820ae998cd0d1c1ed090b8974315f65a032d132d1a1a4645851b1de1eca693540ac143285d25549c951ef3e2f2801a54825eb771f4cef3051468c057311ba307b53d1ee41fbc5e043ead40189463866db5d8c21c75f1f1b3320c928146a3a5c207f6de9d539202d6b434cb8a07930c5d4fbe7d2d7291fedb02b7b8417f57477c90871ee3e08a22b3d687c8facf8a333016e4280b327dfbd521da52e421a507134bc3d000499308204953082037da003
  623. EAP-Message = 0x020102020900e566a8866b4d
  624. Message-Authenticator = 0x00000000000000000000000000000000
  625. State = 0x29473d5b2b422403dfa7b88ea8751d8f
  626. Finished request 2.
  627. Going to the next request
  628. Waking up in 4.8 seconds.
  629. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=216, length=145
  630. User-Name = "kplimack"
  631. Framed-MTU = 1400
  632. Called-Station-Id = "0027.0ded.dbe0"
  633. Calling-Station-Id = "001b.775d.c7cd"
  634. Service-Type = Login-User
  635. Message-Authenticator = 0xbb88140e183bc9d7aba3ee8bbe313307
  636. EAP-Message = 0x020500061900
  637. NAS-Port-Type = Wireless-802.11
  638. NAS-Port = 516
  639. NAS-Port-Id = "516"
  640. State = 0x29473d5b2b422403dfa7b88ea8751d8f
  641. NAS-IP-Address = 192.168.49.195
  642. NAS-Identifier = "ap"
  643. +- entering group authorize {...}
  644. ++[preprocess] returns ok
  645. ++[chap] returns noop
  646. ++[mschap] returns noop
  647. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  648. [suffix] No such realm "NULL"
  649. ++[suffix] returns noop
  650. [eap] EAP packet type response id 5 length 6
  651. [eap] Continuing tunnel setup.
  652. ++[eap] returns ok
  653. Found Auth-Type = EAP
  654. +- entering group authenticate {...}
  655. [eap] Request found, released from the list
  656. [eap] EAP/peap
  657. [eap] processing type peap
  658. [peap] processing EAP-TLS
  659. [peap] Received TLS ACK
  660. [peap] ACK handshake fragment handler
  661. [peap] eaptls_verify returned 1
  662. [peap] eaptls_process returned 13
  663. [peap] EAPTLS_HANDLED
  664. ++[eap] returns handled
  665. Sending Access-Challenge of id 216 to 192.168.49.195 port 1645
  666. EAP-Message = 0x010603fc19405ed6300d06092a864886f70d010105050030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d301e170d3130303631373135343033345a170d3131303631373135343033345a30818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31
  667. EAP-Message = 0x193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cee1e5ece7dca84af20dfb7c886241cbc28c63ac5f54ff0710f5e0089c6dd87e186f91a5a4a4e0f199503e4f7055026171eeed0452aa84c75f173883be976ead7bbdf419826e2cb28e8b10a481aea6397fd2931e5d1e607a384bb6c1461f9b31e8245385d37f1377766d07907e22c6118698993f3b946ae71f8c499b4160bdad3b65
  668. EAP-Message = 0xd12d889e22cdd5f0bdbdbd62b921730f517bba1a56effc0097cc22bebcc71da8f32967cbd90b1bc8d613e7ad34679d7861850932121091dea807ea039714f072135819a98811c4cc5ef4d6b3d8b8f6ab7e5ecd5255e8de4ce460e03dbc14d7c3a1e480fb1d5923b651300eaa492b57589a6ad25cb31cf968c8fd9aacd9e70203010001a381f53081f2301d0603551d0e0416041450e8cbfd41e27a4bd3bfb7be8f5a4b8e7e3a362f3081c20603551d230481ba3081b7801450e8cbfd41e27a4bd3bfb7be8f5a4b8e7e3a362fa18193a4819030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e
  669. EAP-Message = 0x204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d820900e566a8866b4d5ed6300c0603551d13040530030101ff300d06092a864886f70d010105050003820101002d61dac5153dbaa337dc137574aadd1414c8c378865491c1ace025a68b35f7e62d555abcdfd22e69de7551837b5fdff619a472ebd5ab95e0e9233aa8bd33aad1e65b385aa54689a62e3d2fc456cd5b8e62a584abce232204951d2acac2d8c3b0a2e778cd539a509605fac4
  670. EAP-Message = 0x7b14e228db99bfa6
  671. Message-Authenticator = 0x00000000000000000000000000000000
  672. State = 0x29473d5b2a412403dfa7b88ea8751d8f
  673. Finished request 3.
  674. Going to the next request
  675. Waking up in 4.7 seconds.
  676. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=217, length=145
  677. User-Name = "kplimack"
  678. Framed-MTU = 1400
  679. Called-Station-Id = "0027.0ded.dbe0"
  680. Calling-Station-Id = "001b.775d.c7cd"
  681. Service-Type = Login-User
  682. Message-Authenticator = 0xc93d44cf684c2125c4ca633c9940f854
  683. EAP-Message = 0x020600061900
  684. NAS-Port-Type = Wireless-802.11
  685. NAS-Port = 516
  686. NAS-Port-Id = "516"
  687. State = 0x29473d5b2a412403dfa7b88ea8751d8f
  688. NAS-IP-Address = 192.168.49.195
  689. NAS-Identifier = "ap"
  690. +- entering group authorize {...}
  691. ++[preprocess] returns ok
  692. ++[chap] returns noop
  693. ++[mschap] returns noop
  694. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  695. [suffix] No such realm "NULL"
  696. ++[suffix] returns noop
  697. [eap] EAP packet type response id 6 length 6
  698. [eap] Continuing tunnel setup.
  699. ++[eap] returns ok
  700. Found Auth-Type = EAP
  701. +- entering group authenticate {...}
  702. [eap] Request found, released from the list
  703. [eap] EAP/peap
  704. [eap] processing type peap
  705. [peap] processing EAP-TLS
  706. [peap] Received TLS ACK
  707. [peap] ACK handshake fragment handler
  708. [peap] eaptls_verify returned 1
  709. [peap] eaptls_process returned 13
  710. [peap] EAPTLS_HANDLED
  711. ++[eap] returns handled
  712. Sending Access-Challenge of id 217 to 192.168.49.195 port 1645
  713. EAP-Message = 0x0107009c1900884d62b6e26d0a6e79ddce5d95759e27022a8fb590858e5cde413ced7a79e777e7cb5f2fea42f1f32d5500a4f69d1ae5797cb4e57efc5c83ba25fb2c0b96e7737dab3a4fa58bea8bdeb813d26db1d03133b23545bb2dd821ba922a4e653c18520512eec23237f0eac704afc9b04385d44b3ff2bf69c0583714cfa5fbcacdbbff1d3911f8011a3a1cc3fb2a56e416030100040e000000
  714. Message-Authenticator = 0x00000000000000000000000000000000
  715. State = 0x29473d5b2d402403dfa7b88ea8751d8f
  716. Finished request 4.
  717. Going to the next request
  718. Waking up in 4.7 seconds.
  719. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=218, length=461
  720. User-Name = "kplimack"
  721. Framed-MTU = 1400
  722. Called-Station-Id = "0027.0ded.dbe0"
  723. Calling-Station-Id = "001b.775d.c7cd"
  724. Service-Type = Login-User
  725. Message-Authenticator = 0xbc17fa146370f85df8065ca36d87cb41
  726. EAP-Message = 0x0207014019800000013616030101061000010201006aebdbf1ced9004cddc99e847036bd1c5abf3d07aee252ad85fd80fa1c229f9a328e0a4cd520b6b2f39932f6932ed377aeab8381f6b9ebb5fea5dddadb50935212cc27bb33b88709270299c04012f537d5676ee0a6fb2236bdee7300ac9d3fc45ccfad2f4f25c861c6e671b65eb0581aa9763f552250549c7873d4fcc69313d8bbce13a172e8319c90ba2e574b6971719b6433c92517059146cf13b79a2f22f8632b22aed79baacf64f6cadbc8f4e26ad3a4fb742f15b16681eaba98fd7e9997434e396f0b1df23fbe31ece28701c1237458e4a208ee6c668f665a63e77a5f04348ce88095df0a9b
  727. EAP-Message = 0xb1778ca770f7ee4726c43ae977c27736cb16a39d6c06d0a01403010001011603010020adfbcd5c039b3844dc6184018bc81469918043f7ea22bed5bbc6690545e34044
  728. NAS-Port-Type = Wireless-802.11
  729. NAS-Port = 516
  730. NAS-Port-Id = "516"
  731. State = 0x29473d5b2d402403dfa7b88ea8751d8f
  732. NAS-IP-Address = 192.168.49.195
  733. NAS-Identifier = "ap"
  734. +- entering group authorize {...}
  735. ++[preprocess] returns ok
  736. ++[chap] returns noop
  737. ++[mschap] returns noop
  738. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  739. [suffix] No such realm "NULL"
  740. ++[suffix] returns noop
  741. [eap] EAP packet type response id 7 length 253
  742. [eap] Continuing tunnel setup.
  743. ++[eap] returns ok
  744. Found Auth-Type = EAP
  745. +- entering group authenticate {...}
  746. [eap] Request found, released from the list
  747. [eap] EAP/peap
  748. [eap] processing type peap
  749. [peap] processing EAP-TLS
  750. TLS Length 310
  751. [peap] Length Included
  752. [peap] eaptls_verify returned 11
  753. [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
  754. [peap] TLS_accept: SSLv3 read client key exchange A
  755. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  756. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  757. [peap] TLS_accept: SSLv3 read finished A
  758. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  759. [peap] TLS_accept: SSLv3 write change cipher spec A
  760. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  761. [peap] TLS_accept: SSLv3 write finished A
  762. [peap] TLS_accept: SSLv3 flush data
  763. [peap] (other): SSL negotiation finished successfully
  764. SSL Connection Established
  765. [peap] eaptls_process returned 13
  766. [peap] EAPTLS_HANDLED
  767. ++[eap] returns handled
  768. Sending Access-Challenge of id 218 to 192.168.49.195 port 1645
  769. EAP-Message = 0x010800311900140301000101160301002084fe0a4accf63d43fb76d40dee35a1ce30c55a2f86e2480ed64ac6c9b6822e6a
  770. Message-Authenticator = 0x00000000000000000000000000000000
  771. State = 0x29473d5b2c4f2403dfa7b88ea8751d8f
  772. Finished request 5.
  773. Going to the next request
  774. Waking up in 4.6 seconds.
  775. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=219, length=145
  776. User-Name = "kplimack"
  777. Framed-MTU = 1400
  778. Called-Station-Id = "0027.0ded.dbe0"
  779. Calling-Station-Id = "001b.775d.c7cd"
  780. Service-Type = Login-User
  781. Message-Authenticator = 0x52a316139086945beac49a8f02009d5f
  782. EAP-Message = 0x020800061900
  783. NAS-Port-Type = Wireless-802.11
  784. NAS-Port = 516
  785. NAS-Port-Id = "516"
  786. State = 0x29473d5b2c4f2403dfa7b88ea8751d8f
  787. NAS-IP-Address = 192.168.49.195
  788. NAS-Identifier = "ap"
  789. +- entering group authorize {...}
  790. ++[preprocess] returns ok
  791. ++[chap] returns noop
  792. ++[mschap] returns noop
  793. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  794. [suffix] No such realm "NULL"
  795. ++[suffix] returns noop
  796. [eap] EAP packet type response id 8 length 6
  797. [eap] Continuing tunnel setup.
  798. ++[eap] returns ok
  799. Found Auth-Type = EAP
  800. +- entering group authenticate {...}
  801. [eap] Request found, released from the list
  802. [eap] EAP/peap
  803. [eap] processing type peap
  804. [peap] processing EAP-TLS
  805. [peap] Received TLS ACK
  806. [peap] ACK handshake is finished
  807. [peap] eaptls_verify returned 3
  808. [peap] eaptls_process returned 3
  809. [peap] EAPTLS_SUCCESS
  810. ++[eap] returns handled
  811. Sending Access-Challenge of id 219 to 192.168.49.195 port 1645
  812. EAP-Message = 0x0109002019001703010015801f549d9331757e948506b198b6def8944024c929
  813. Message-Authenticator = 0x00000000000000000000000000000000
  814. State = 0x29473d5b2f4e2403dfa7b88ea8751d8f
  815. Finished request 6.
  816. Going to the next request
  817. Waking up in 4.5 seconds.
  818. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=220, length=175
  819. User-Name = "kplimack"
  820. Framed-MTU = 1400
  821. Called-Station-Id = "0027.0ded.dbe0"
  822. Calling-Station-Id = "001b.775d.c7cd"
  823. Service-Type = Login-User
  824. Message-Authenticator = 0xa7a789923869b9dc6206c03b28673544
  825. EAP-Message = 0x02090024190017030100196673b243b690db6e7988d332502cb42507ee81abaf21063c24
  826. NAS-Port-Type = Wireless-802.11
  827. NAS-Port = 516
  828. NAS-Port-Id = "516"
  829. State = 0x29473d5b2f4e2403dfa7b88ea8751d8f
  830. NAS-IP-Address = 192.168.49.195
  831. NAS-Identifier = "ap"
  832. +- entering group authorize {...}
  833. ++[preprocess] returns ok
  834. ++[chap] returns noop
  835. ++[mschap] returns noop
  836. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  837. [suffix] No such realm "NULL"
  838. ++[suffix] returns noop
  839. [eap] EAP packet type response id 9 length 36
  840. [eap] Continuing tunnel setup.
  841. ++[eap] returns ok
  842. Found Auth-Type = EAP
  843. +- entering group authenticate {...}
  844. [eap] Request found, released from the list
  845. [eap] EAP/peap
  846. [eap] processing type peap
  847. [peap] processing EAP-TLS
  848. [peap] eaptls_verify returned 7
  849. [peap] Done initial handshake
  850. [peap] eaptls_process returned 7
  851. [peap] EAPTLS_OK
  852. [peap] Session established. Decoding tunneled attributes.
  853. [peap] Identity - kplimack
  854. [peap] Got tunneled request
  855. EAP-Message = 0x0209000d016b706c696d61636b
  856. server {
  857. PEAP: Got tunneled identity of kplimack
  858. PEAP: Setting default EAP type for tunneled EAP session.
  859. PEAP: Setting User-Name to kplimack
  860. Sending tunneled request
  861. EAP-Message = 0x0209000d016b706c696d61636b
  862. FreeRADIUS-Proxied-To = 127.0.0.1
  863. User-Name = "kplimack"
  864. server inner-tunnel {
  865. +- entering group authorize {...}
  866. ++[chap] returns noop
  867. ++[mschap] returns noop
  868. ++[unix] returns notfound
  869. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  870. [suffix] No such realm "NULL"
  871. ++[suffix] returns noop
  872. ++[control] returns noop
  873. [eap] EAP packet type response id 9 length 13
  874. [eap] No EAP Start, assuming it's an on-going EAP conversation
  875. ++[eap] returns updated
  876. ++[files] returns noop
  877. [ldap] performing user authorization for kplimack
  878. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  879. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
  880. [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
  881. rlm_ldap: ldap_get_conn: Checking Id: 0
  882. rlm_ldap: ldap_get_conn: Got Id: 0
  883. rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
  884. [ldap] looking for check items in directory...
  885. [ldap] looking for reply items in directory...
  886. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  887. [ldap] user kplimack authorized to use remote access
  888. rlm_ldap: ldap_release_conn: Release Id: 0
  889. ++[ldap] returns ok
  890. ++[expiration] returns noop
  891. ++[logintime] returns noop
  892. ++[pap] returns noop
  893. Found Auth-Type = EAP
  894. +- entering group authenticate {...}
  895. [eap] EAP Identity
  896. [eap] processing type mschapv2
  897. rlm_eap_mschapv2: Issuing Challenge
  898. ++[eap] returns handled
  899. } # server inner-tunnel
  900. [peap] Got tunneled reply code 11
  901. EAP-Message = 0x010a00221a010a001d10052145c1c87a84aff244139ac64231f36b706c696d61636b
  902. Message-Authenticator = 0x00000000000000000000000000000000
  903. State = 0x2f449f932f4e85bb615adc3271f27005
  904. [peap] Got tunneled reply RADIUS code 11
  905. EAP-Message = 0x010a00221a010a001d10052145c1c87a84aff244139ac64231f36b706c696d61636b
  906. Message-Authenticator = 0x00000000000000000000000000000000
  907. State = 0x2f449f932f4e85bb615adc3271f27005
  908. [peap] Got tunneled Access-Challenge
  909. ++[eap] returns handled
  910. Sending Access-Challenge of id 220 to 192.168.49.195 port 1645
  911. EAP-Message = 0x010a00391900170301002e1280eac594cf14234dcceb7ddf3efb0966f6dcdf78013116305e213a7e965510af41880a6bba64a741746d913b83
  912. Message-Authenticator = 0x00000000000000000000000000000000
  913. State = 0x29473d5b2e4d2403dfa7b88ea8751d8f
  914. Finished request 7.
  915. Going to the next request
  916. Waking up in 4.4 seconds.
  917. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=221, length=229
  918. User-Name = "kplimack"
  919. Framed-MTU = 1400
  920. Called-Station-Id = "0027.0ded.dbe0"
  921. Calling-Station-Id = "001b.775d.c7cd"
  922. Service-Type = Login-User
  923. Message-Authenticator = 0x22e3f874ae3838870d1d74ce059336de
  924. EAP-Message = 0x020a005a1900170301004f0ffc909b048a870a29212861bfa3e82ffa6197958055b026f9611c892170d32c5250671bcc8c8ed72c4a283b7a4357c07831925ffb4c5bd7f8bc4f07df32989637fce2e008ac4788b582e94fd8c8e2
  925. NAS-Port-Type = Wireless-802.11
  926. NAS-Port = 516
  927. NAS-Port-Id = "516"
  928. State = 0x29473d5b2e4d2403dfa7b88ea8751d8f
  929. NAS-IP-Address = 192.168.49.195
  930. NAS-Identifier = "ap"
  931. +- entering group authorize {...}
  932. ++[preprocess] returns ok
  933. ++[chap] returns noop
  934. ++[mschap] returns noop
  935. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  936. [suffix] No such realm "NULL"
  937. ++[suffix] returns noop
  938. [eap] EAP packet type response id 10 length 90
  939. [eap] Continuing tunnel setup.
  940. ++[eap] returns ok
  941. Found Auth-Type = EAP
  942. +- entering group authenticate {...}
  943. [eap] Request found, released from the list
  944. [eap] EAP/peap
  945. [eap] processing type peap
  946. [peap] processing EAP-TLS
  947. [peap] eaptls_verify returned 7
  948. [peap] Done initial handshake
  949. [peap] eaptls_process returned 7
  950. [peap] EAPTLS_OK
  951. [peap] Session established. Decoding tunneled attributes.
  952. [peap] EAP type mschapv2
  953. [peap] Got tunneled request
  954. EAP-Message = 0x020a00431a020a003e316e03b3f577b1ed3dc5a5aea8dad6a6d300000000000000001061b0b5dd0f172347e8ab69efe2ba99018443769d814e99006b706c696d61636b
  955. server {
  956. PEAP: Setting User-Name to kplimack
  957. Sending tunneled request
  958. EAP-Message = 0x020a00431a020a003e316e03b3f577b1ed3dc5a5aea8dad6a6d300000000000000001061b0b5dd0f172347e8ab69efe2ba99018443769d814e99006b706c696d61636b
  959. FreeRADIUS-Proxied-To = 127.0.0.1
  960. User-Name = "kplimack"
  961. State = 0x2f449f932f4e85bb615adc3271f27005
  962. server inner-tunnel {
  963. +- entering group authorize {...}
  964. ++[chap] returns noop
  965. ++[mschap] returns noop
  966. ++[unix] returns notfound
  967. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  968. [suffix] No such realm "NULL"
  969. ++[suffix] returns noop
  970. ++[control] returns noop
  971. [eap] EAP packet type response id 10 length 67
  972. [eap] No EAP Start, assuming it's an on-going EAP conversation
  973. ++[eap] returns updated
  974. ++[files] returns noop
  975. [ldap] performing user authorization for kplimack
  976. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  977. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
  978. [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
  979. rlm_ldap: ldap_get_conn: Checking Id: 0
  980. rlm_ldap: ldap_get_conn: Got Id: 0
  981. rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
  982. [ldap] looking for check items in directory...
  983. [ldap] looking for reply items in directory...
  984. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  985. [ldap] user kplimack authorized to use remote access
  986. rlm_ldap: ldap_release_conn: Release Id: 0
  987. ++[ldap] returns ok
  988. ++[expiration] returns noop
  989. ++[logintime] returns noop
  990. ++[pap] returns noop
  991. Found Auth-Type = EAP
  992. +- entering group authenticate {...}
  993. [eap] Request found, released from the list
  994. [eap] EAP/mschapv2
  995. [eap] processing type mschapv2
  996. [mschapv2] +- entering group MS-CHAP {...}
  997. [mschap] No Cleartext-Password configured. Cannot create LM-Password.
  998. [mschap] No Cleartext-Password configured. Cannot create NT-Password.
  999. [mschap] Told to do MS-CHAPv2 for kplimack with NT-Password
  1000. [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
  1001. [mschap] FAILED: MS-CHAP2-Response is incorrect
  1002. ++[mschap] returns reject
  1003. [eap] Freeing handler
  1004. ++[eap] returns reject
  1005. Failed to authenticate the user.
  1006. } # server inner-tunnel
  1007. [peap] Got tunneled reply code 3
  1008. MS-CHAP-Error = "\nE=691 R=1"
  1009. EAP-Message = 0x040a0004
  1010. Message-Authenticator = 0x00000000000000000000000000000000
  1011. [peap] Got tunneled reply RADIUS code 3
  1012. MS-CHAP-Error = "\nE=691 R=1"
  1013. EAP-Message = 0x040a0004
  1014. Message-Authenticator = 0x00000000000000000000000000000000
  1015. [peap] Tunneled authentication was rejected.
  1016. [peap] FAILURE
  1017. ++[eap] returns handled
  1018. Sending Access-Challenge of id 221 to 192.168.49.195 port 1645
  1019. EAP-Message = 0x010b00261900170301001bc8eae28106366b6ce5b6823eec7d51c2e32c8d6e4a6891b9e1cff5
  1020. Message-Authenticator = 0x00000000000000000000000000000000
  1021. State = 0x29473d5b214c2403dfa7b88ea8751d8f
  1022. Finished request 8.
  1023. Going to the next request
  1024. Waking up in 4.2 seconds.
  1025. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=222, length=177
  1026. User-Name = "kplimack"
  1027. Framed-MTU = 1400
  1028. Called-Station-Id = "0027.0ded.dbe0"
  1029. Calling-Station-Id = "001b.775d.c7cd"
  1030. Service-Type = Login-User
  1031. Message-Authenticator = 0x90232eb3643204758e3d16cda21d9d35
  1032. EAP-Message = 0x020b00261900170301001bbce6adaf3bab7787875f0b5946f738cf18c768bc3e8a658fedf300
  1033. NAS-Port-Type = Wireless-802.11
  1034. NAS-Port = 516
  1035. NAS-Port-Id = "516"
  1036. State = 0x29473d5b214c2403dfa7b88ea8751d8f
  1037. NAS-IP-Address = 192.168.49.195
  1038. NAS-Identifier = "ap"
  1039. +- entering group authorize {...}
  1040. ++[preprocess] returns ok
  1041. ++[chap] returns noop
  1042. ++[mschap] returns noop
  1043. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  1044. [suffix] No such realm "NULL"
  1045. ++[suffix] returns noop
  1046. [eap] EAP packet type response id 11 length 38
  1047. [eap] Continuing tunnel setup.
  1048. ++[eap] returns ok
  1049. Found Auth-Type = EAP
  1050. +- entering group authenticate {...}
  1051. [eap] Request found, released from the list
  1052. [eap] EAP/peap
  1053. [eap] processing type peap
  1054. [peap] processing EAP-TLS
  1055. [peap] eaptls_verify returned 7
  1056. [peap] Done initial handshake
  1057. [peap] eaptls_process returned 7
  1058. [peap] EAPTLS_OK
  1059. [peap] Session established. Decoding tunneled attributes.
  1060. [peap] Received EAP-TLV response.
  1061. [peap] Had sent TLV failure. User was rejected earlier in this session.
  1062. [eap] Handler failed in EAP/peap
  1063. [eap] Failed in EAP select
  1064. ++[eap] returns invalid
  1065. Failed to authenticate the user.
  1066. Using Post-Auth-Type Reject
  1067. +- entering group REJECT {...}
  1068. [attr_filter.access_reject] expand: %{User-Name} -> kplimack
  1069. attr_filter: Matched entry DEFAULT at line 11
  1070. ++[attr_filter.access_reject] returns updated
  1071. Delaying reject of request 9 for 1 seconds
  1072. Going to the next request
  1073. Waking up in 0.9 seconds.
  1074. Sending delayed reject for request 9
  1075. Sending Access-Reject of id 222 to 192.168.49.195 port 1645
  1076. EAP-Message = 0x040b0004
  1077. Message-Authenticator = 0x00000000000000000000000000000000
  1078. Waking up in 3.2 seconds.
  1079. Cleaning up request 0 ID 213 with timestamp +85
  1080. Cleaning up request 1 ID 214 with timestamp +85
  1081. Cleaning up request 2 ID 215 with timestamp +85
  1082. Cleaning up request 3 ID 216 with timestamp +85
  1083. Cleaning up request 4 ID 217 with timestamp +85
  1084. Cleaning up request 5 ID 218 with timestamp +85
  1085. Cleaning up request 6 ID 219 with timestamp +85
  1086. Waking up in 0.1 seconds.
  1087. Cleaning up request 7 ID 220 with timestamp +86
  1088. Waking up in 0.1 seconds.
  1089. Cleaning up request 8 ID 221 with timestamp +86
  1090. Waking up in 1.0 seconds.
  1091. Cleaning up request 9 ID 222 with timestamp +86
  1092. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!