API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 5th, 2012
249
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.97 KB | None | 0 0
raw download clone embed print report
  1. rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=2, length=252
  2. User-Name = "testaccount@testdomain.edu"
  3. Calling-Station-Id = "00-21-00-2d-f5-31"
  4. Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
  5. NAS-Port = 29
  6. Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
  7. NAS-IP-Address = 10.5.11.6
  8. NAS-Identifier = "SIMONS-WLC2"
  9. Airespace-Wlan-Id = 2
  10. Service-Type = Framed-User
  11. Framed-MTU = 1300
  12. NAS-Port-Type = Wireless-802.11
  13. Tunnel-Type:0 = VLAN
  14. Tunnel-Medium-Type:0 = IEEE-802
  15. Tunnel-Private-Group-Id:0 = "60"
  16. EAP-Message = 0x020f001901747374754073696d6f6e732d726f636b2e656475
  17. Message-Authenticator = 0x2a7295ca400e871b79e1366c27d62fae
  18. # Executing section authorize from file /etc/raddb/sites-enabled/default
  19. +- entering group authorize {...}
  20. ++[preprocess] returns ok
  21. ++[chap] returns noop
  22. ++[mschap] returns noop
  23. ++[digest] returns noop
  24. [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
  25. [suffix] Found realm "testdomain.edu"
  26. [suffix] Adding Stripped-User-Name = "testaccount"
  27. [suffix] Adding Realm = "testdomain.edu"
  28. [suffix] Authentication realm is LOCAL.
  29. ++[suffix] returns ok
  30. [eap] EAP packet type response id 15 length 25
  31. [eap] No EAP Start, assuming it's an on-going EAP conversation
  32. ++[eap] returns updated
  33. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  34. [ldap] Entering ldap_groupcmp()
  35. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  36. [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  37. [files] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
  38. [ldap] ldap_get_conn: Checking Id: 0
  39. [ldap] ldap_get_conn: Got Id: 0
  40. [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
  41. [ldap] ldap_release_conn: Release Id: 0
  42. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  43. [ldap] ldap_get_conn: Checking Id: 0
  44. [ldap] ldap_get_conn: Got Id: 0
  45. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  46. [ldap] object not found
  47. [ldap] ldap_release_conn: Release Id: 0
  48. [ldap] ldap_get_conn: Checking Id: 0
  49. [ldap] ldap_get_conn: Got Id: 0
  50. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  51. rlm_ldap::groupcmp: Group faculty not found or user not a member
  52. [ldap] ldap_release_conn: Release Id: 0
  53. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  54. [ldap] Entering ldap_groupcmp()
  55. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  56. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  57. [ldap] ldap_get_conn: Checking Id: 0
  58. [ldap] ldap_get_conn: Got Id: 0
  59. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  60. [ldap] object not found
  61. [ldap] ldap_release_conn: Release Id: 0
  62. [ldap] ldap_get_conn: Checking Id: 0
  63. [ldap] ldap_get_conn: Got Id: 0
  64. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  65. rlm_ldap::groupcmp: Group staff not found or user not a member
  66. [ldap] ldap_release_conn: Release Id: 0
  67. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  68. [ldap] Entering ldap_groupcmp()
  69. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  70. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  71. [ldap] ldap_get_conn: Checking Id: 0
  72. [ldap] ldap_get_conn: Got Id: 0
  73. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  74. [ldap] object not found
  75. [ldap] ldap_release_conn: Release Id: 0
  76. [ldap] ldap_get_conn: Checking Id: 0
  77. [ldap] ldap_get_conn: Got Id: 0
  78. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  79. rlm_ldap::ldap_groupcmp: User found in group student
  80. [ldap] ldap_release_conn: Release Id: 0
  81. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  82. [ldap] Entering ldap_groupcmp()
  83. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  84. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  85. [ldap] ldap_get_conn: Checking Id: 0
  86. [ldap] ldap_get_conn: Got Id: 0
  87. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=driver)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  88. [ldap] object not found
  89. [ldap] ldap_release_conn: Release Id: 0
  90. [ldap] ldap_get_conn: Checking Id: 0
  91. [ldap] ldap_get_conn: Got Id: 0
  92. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  93. rlm_ldap::groupcmp: Group driver not found or user not a member
  94. [ldap] ldap_release_conn: Release Id: 0
  95. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  96. [ldap] Entering ldap_groupcmp()
  97. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  98. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  99. [ldap] ldap_get_conn: Checking Id: 0
  100. [ldap] ldap_get_conn: Got Id: 0
  101. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  102. [ldap] object not found
  103. [ldap] ldap_release_conn: Release Id: 0
  104. [ldap] ldap_get_conn: Checking Id: 0
  105. [ldap] ldap_get_conn: Got Id: 0
  106. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  107. rlm_ldap::groupcmp: Group faculty not found or user not a member
  108. [ldap] ldap_release_conn: Release Id: 0
  109. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  110. [ldap] Entering ldap_groupcmp()
  111. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  112. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  113. [ldap] ldap_get_conn: Checking Id: 0
  114. [ldap] ldap_get_conn: Got Id: 0
  115. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  116. [ldap] object not found
  117. [ldap] ldap_release_conn: Release Id: 0
  118. [ldap] ldap_get_conn: Checking Id: 0
  119. [ldap] ldap_get_conn: Got Id: 0
  120. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  121. rlm_ldap::groupcmp: Group staff not found or user not a member
  122. [ldap] ldap_release_conn: Release Id: 0
  123. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  124. [ldap] Entering ldap_groupcmp()
  125. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  126. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  127. [ldap] ldap_get_conn: Checking Id: 0
  128. [ldap] ldap_get_conn: Got Id: 0
  129. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  130. [ldap] object not found
  131. [ldap] ldap_release_conn: Release Id: 0
  132. [ldap] ldap_get_conn: Checking Id: 0
  133. [ldap] ldap_get_conn: Got Id: 0
  134. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  135. rlm_ldap::ldap_groupcmp: User found in group student
  136. [ldap] ldap_release_conn: Release Id: 0
  137. [files] users: Matched entry DEFAULT at line 249
  138. ++[files] returns ok
  139. [ldap] performing user authorization for testaccount
  140. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  141. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
  142. [ldap] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  143. [ldap] ldap_get_conn: Checking Id: 0
  144. [ldap] ldap_get_conn: Got Id: 0
  145. [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
  146. [ldap] checking if remote access for testaccount is allowed by uid
  147. [ldap] looking for check items in directory...
  148. [ldap] looking for reply items in directory...
  149. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  150. [ldap] user testaccount authorized to use remote access
  151. [ldap] ldap_release_conn: Release Id: 0
  152. ++[ldap] returns ok
  153. ++[expiration] returns noop
  154. ++[logintime] returns noop
  155. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  156. ++[pap] returns noop
  157. Found Auth-Type = EAP
  158. # Executing group from file /etc/raddb/sites-enabled/default
  159. +- entering group authenticate {...}
  160. [eap] EAP Identity
  161. [eap] processing type md5
  162. rlm_eap_md5: Issuing Challenge
  163. ++[eap] returns handled
  164. Sending Access-Challenge of id 2 to 10.5.11.6 port 32768
  165. Tunnel-Type:0 = VLAN
  166. Tunnel-Medium-Type:0 = IEEE-802
  167. Tunnel-Private-Group-Id:0 = "360"
  168. EAP-Message = 0x01100016041018d8ef54d69ea798aff0558773cbe2eb
  169. Message-Authenticator = 0x00000000000000000000000000000000
  170. State = 0xa21774aba20770afd7fdef493d91b23e
  171. Finished request 1656.
  172. Going to the next request
  173. Waking up in 2.3 seconds.
  174. rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=3, length=251
  175. User-Name = "testaccount@testdomain.edu"
  176. Calling-Station-Id = "00-21-00-2d-f5-31"
  177. Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
  178. NAS-Port = 29
  179. Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
  180. NAS-IP-Address = 10.5.11.6
  181. NAS-Identifier = "SIMONS-WLC2"
  182. Airespace-Wlan-Id = 2
  183. Service-Type = Framed-User
  184. Framed-MTU = 1300
  185. NAS-Port-Type = Wireless-802.11
  186. Tunnel-Type:0 = VLAN
  187. Tunnel-Medium-Type:0 = IEEE-802
  188. Tunnel-Private-Group-Id:0 = "60"
  189. EAP-Message = 0x021000060315
  190. State = 0xa21774aba20770afd7fdef493d91b23e
  191. Message-Authenticator = 0x87a7eedbb79d90c2796a7bc94ac2ba48
  192. # Executing section authorize from file /etc/raddb/sites-enabled/default
  193. +- entering group authorize {...}
  194. ++[preprocess] returns ok
  195. ++[chap] returns noop
  196. ++[mschap] returns noop
  197. ++[digest] returns noop
  198. [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
  199. [suffix] Found realm "testdomain.edu"
  200. [suffix] Adding Stripped-User-Name = "testaccount"
  201. [suffix] Adding Realm = "testdomain.edu"
  202. [suffix] Authentication realm is LOCAL.
  203. ++[suffix] returns ok
  204. [eap] EAP packet type response id 16 length 6
  205. [eap] No EAP Start, assuming it's an on-going EAP conversation
  206. ++[eap] returns updated
  207. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  208. [ldap] Entering ldap_groupcmp()
  209. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  210. [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  211. [files] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
  212. [ldap] ldap_get_conn: Checking Id: 0
  213. [ldap] ldap_get_conn: Got Id: 0
  214. [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
  215. [ldap] ldap_release_conn: Release Id: 0
  216. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  217. [ldap] ldap_get_conn: Checking Id: 0
  218. [ldap] ldap_get_conn: Got Id: 0
  219. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  220. [ldap] object not found
  221. [ldap] ldap_release_conn: Release Id: 0
  222. [ldap] ldap_get_conn: Checking Id: 0
  223. [ldap] ldap_get_conn: Got Id: 0
  224. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  225. rlm_ldap::groupcmp: Group faculty not found or user not a member
  226. [ldap] ldap_release_conn: Release Id: 0
  227. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  228. [ldap] Entering ldap_groupcmp()
  229. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  230. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  231. [ldap] ldap_get_conn: Checking Id: 0
  232. [ldap] ldap_get_conn: Got Id: 0
  233. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  234. [ldap] object not found
  235. [ldap] ldap_release_conn: Release Id: 0
  236. [ldap] ldap_get_conn: Checking Id: 0
  237. [ldap] ldap_get_conn: Got Id: 0
  238. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  239. rlm_ldap::groupcmp: Group staff not found or user not a member
  240. [ldap] ldap_release_conn: Release Id: 0
  241. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  242. [ldap] Entering ldap_groupcmp()
  243. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  244. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  245. [ldap] ldap_get_conn: Checking Id: 0
  246. [ldap] ldap_get_conn: Got Id: 0
  247. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  248. [ldap] object not found
  249. [ldap] ldap_release_conn: Release Id: 0
  250. [ldap] ldap_get_conn: Checking Id: 0
  251. [ldap] ldap_get_conn: Got Id: 0
  252. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  253. rlm_ldap::ldap_groupcmp: User found in group student
  254. [ldap] ldap_release_conn: Release Id: 0
  255. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  256. [ldap] Entering ldap_groupcmp()
  257. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  258. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  259. [ldap] ldap_get_conn: Checking Id: 0
  260. [ldap] ldap_get_conn: Got Id: 0
  261. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=driver)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  262. [ldap] object not found
  263. [ldap] ldap_release_conn: Release Id: 0
  264. [ldap] ldap_get_conn: Checking Id: 0
  265. [ldap] ldap_get_conn: Got Id: 0
  266. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  267. rlm_ldap::groupcmp: Group driver not found or user not a member
  268. [ldap] ldap_release_conn: Release Id: 0
  269. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  270. [ldap] Entering ldap_groupcmp()
  271. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  272. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  273. [ldap] ldap_get_conn: Checking Id: 0
  274. [ldap] ldap_get_conn: Got Id: 0
  275. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  276. [ldap] object not found
  277. [ldap] ldap_release_conn: Release Id: 0
  278. [ldap] ldap_get_conn: Checking Id: 0
  279. [ldap] ldap_get_conn: Got Id: 0
  280. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  281. rlm_ldap::groupcmp: Group faculty not found or user not a member
  282. [ldap] ldap_release_conn: Release Id: 0
  283. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  284. [ldap] Entering ldap_groupcmp()
  285. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  286. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  287. [ldap] ldap_get_conn: Checking Id: 0
  288. [ldap] ldap_get_conn: Got Id: 0
  289. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  290. [ldap] object not found
  291. [ldap] ldap_release_conn: Release Id: 0
  292. [ldap] ldap_get_conn: Checking Id: 0
  293. [ldap] ldap_get_conn: Got Id: 0
  294. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  295. rlm_ldap::groupcmp: Group staff not found or user not a member
  296. [ldap] ldap_release_conn: Release Id: 0
  297. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  298. [ldap] Entering ldap_groupcmp()
  299. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  300. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  301. [ldap] ldap_get_conn: Checking Id: 0
  302. [ldap] ldap_get_conn: Got Id: 0
  303. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  304. [ldap] object not found
  305. [ldap] ldap_release_conn: Release Id: 0
  306. [ldap] ldap_get_conn: Checking Id: 0
  307. [ldap] ldap_get_conn: Got Id: 0
  308. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  309. rlm_ldap::ldap_groupcmp: User found in group student
  310. [ldap] ldap_release_conn: Release Id: 0
  311. [files] users: Matched entry DEFAULT at line 249
  312. ++[files] returns ok
  313. [ldap] performing user authorization for testaccount
  314. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  315. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
  316. [ldap] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  317. [ldap] ldap_get_conn: Checking Id: 0
  318. [ldap] ldap_get_conn: Got Id: 0
  319. [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
  320. [ldap] checking if remote access for testaccount is allowed by uid
  321. [ldap] looking for check items in directory...
  322. [ldap] looking for reply items in directory...
  323. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  324. [ldap] user testaccount authorized to use remote access
  325. [ldap] ldap_release_conn: Release Id: 0
  326. ++[ldap] returns ok
  327. ++[expiration] returns noop
  328. ++[logintime] returns noop
  329. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  330. ++[pap] returns noop
  331. Found Auth-Type = EAP
  332. # Executing group from file /etc/raddb/sites-enabled/default
  333. +- entering group authenticate {...}
  334. [eap] Request found, released from the list
  335. [eap] EAP NAK
  336. [eap] EAP-NAK asked for EAP-Type/ttls
  337. [eap] processing type tls
  338. [tls] Initiate
  339. [tls] Start returned 1
  340. ++[eap] returns handled
  341. Sending Access-Challenge of id 3 to 10.5.11.6 port 32768
  342. Tunnel-Type:0 = VLAN
  343. Tunnel-Medium-Type:0 = IEEE-802
  344. Tunnel-Private-Group-Id:0 = "360"
  345. EAP-Message = 0x011100061520
  346. Message-Authenticator = 0x00000000000000000000000000000000
  347. State = 0xa21774aba30661afd7fdef493d91b23e
  348. Finished request 1657.
  349. Going to the next request
  350. Waking up in 2.3 seconds.
  351. rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=4, length=354
  352. User-Name = "testaccount@testdomain.edu"
  353. Calling-Station-Id = "00-21-00-2d-f5-31"
  354. Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
  355. NAS-Port = 29
  356. Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
  357. NAS-IP-Address = 10.5.11.6
  358. NAS-Identifier = "SIMONS-WLC2"
  359. Airespace-Wlan-Id = 2
  360. Service-Type = Framed-User
  361. Framed-MTU = 1300
  362. NAS-Port-Type = Wireless-802.11
  363. Tunnel-Type:0 = VLAN
  364. Tunnel-Medium-Type:0 = IEEE-802
  365. Tunnel-Private-Group-Id:0 = "60"
  366. EAP-Message = 0x0211006d158000000063160301005e0100005a03014f5504d0cb1064cb5d75ae6e8ed973e4c0da2393549b5f7aa918e46810aca441000018002f00350005000ac013c014c009c00a003200380013000401000019ff01000100000a0006000400170018000b0002010000230000
  367. State = 0xa21774aba30661afd7fdef493d91b23e
  368. Message-Authenticator = 0xb246c2e794291d4e71df77e3dfe9639e
  369. # Executing section authorize from file /etc/raddb/sites-enabled/default
  370. +- entering group authorize {...}
  371. ++[preprocess] returns ok
  372. ++[chap] returns noop
  373. ++[mschap] returns noop
  374. ++[digest] returns noop
  375. [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
  376. [suffix] Found realm "testdomain.edu"
  377. [suffix] Adding Stripped-User-Name = "testaccount"
  378. [suffix] Adding Realm = "testdomain.edu"
  379. [suffix] Authentication realm is LOCAL.
  380. ++[suffix] returns ok
  381. [eap] EAP packet type response id 17 length 109
  382. [eap] Continuing tunnel setup.
  383. ++[eap] returns ok
  384. Found Auth-Type = EAP
  385. # Executing group from file /etc/raddb/sites-enabled/default
  386. +- entering group authenticate {...}
  387. [eap] Request found, released from the list
  388. [eap] EAP/ttls
  389. [eap] processing type ttls
  390. [ttls] Authenticate
  391. [ttls] processing EAP-TLS
  392. TLS Length 99
  393. [ttls] Length Included
  394. [ttls] eaptls_verify returned 11
  395. [ttls] (other): before/accept initialization
  396. [ttls] TLS_accept: before/accept initialization
  397. [ttls] <<< TLS 1.0 Handshake [length 005e], ClientHello
  398. [ttls] TLS_accept: SSLv3 read client hello A
  399. [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello
  400. [ttls] TLS_accept: SSLv3 write server hello A
  401. [ttls] >>> TLS 1.0 Handshake [length 08cf], Certificate
  402. [ttls] TLS_accept: SSLv3 write certificate A
  403. [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  404. [ttls] TLS_accept: SSLv3 write server done A
  405. [ttls] TLS_accept: SSLv3 flush data
  406. [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
  407. In SSL Handshake Phase
  408. In SSL Accept mode
  409. [ttls] eaptls_process returned 13
  410. ++[eap] returns handled
  411. Sending Access-Challenge of id 4 to 10.5.11.6 port 32768
  412. EAP-Message = 0x0112040015c00000091316030100310200002d03014f5504d1319589c6f0c8780218bd875a3aa26822699b0550b34cd15db30ce51e00002f000005ff0100010016030108cf0b0008cb0008c80004e9308204e5308203cda003020102020304162b300d06092a864886f70d0101050500303c310b300906035504061302555331173015060355040a130e47656f54727573742c20496e632e311430120603550403130b526170696453534c204341301e170d3131313132313137313432385a170d3137303232313135333933325a3081e93129302706035504051320795a4b446844676b3642724169572f66487a4b514974343933314f756970755231
  413. EAP-Message = 0x0b3009060355040613025553311a3018060355040a0c112a2e73696d6f6e732d726f636b2e65647531133011060355040b130a475433373637383036313131302f060355040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f637073202863293131312f302d060355040b1326446f6d61696e20436f6e74726f6c2056616c696461746564202d20526170696453534c285229311a301806035504030c112a2e73696d6f6e732d726f636b2e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100fb332c06cf365090cf397c2c3b78092c684958734db77857efbc824731082f
  414. EAP-Message = 0x80a37dc1998acd45824fd80fb6678925a136e7313070d0952d8ace024737177104bfa8b83908be1e6e6d1a8dab3da6e8651d164e1d5599e5da11c0e6d7b59962a93222a4da4c2076f832455d036de2eb08e1defb96f52945a5f1a572d18cf9e780bddd4115fab6256be30bc0d0b2fc2d90c3cd3398174f1e0e6780607b654ec39fb8c1807e263dbe5a0280947f5dac22251f4bd514ec4bb1cce86534509a337c1ce46a8cd791172641a22edecf7cd8b2356e9c71c4d4c5540999fec09f7608e4cf64e5aabe75cd899f47f7dc7dff2133e80df9e5ded8fb4c85b066fc044b880d890203010001a38201403082013c301f0603551d230418301680146b69
  415. EAP-Message = 0x3d6a18424add8f026539fd35248678911630300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302302d0603551d110426302482112a2e73696d6f6e732d726f636b2e656475820f73696d6f6e732d726f636b2e65647530430603551d1f043c303a3038a036a0348632687474703a2f2f726170696473736c2d63726c2e67656f74727573742e636f6d2f63726c732f726170696473736c2e63726c301d0603551d0e04160414949b26e17f9eadddc9fe1570ee0b765076a3d161300c0603551d130101ff04023000304906082b06010505070101043d303b303906082b060105050730
  416. EAP-Message = 0x02862d687474703a2f2f7261
  417. Message-Authenticator = 0x00000000000000000000000000000000
  418. State = 0xa21774aba00561afd7fdef493d91b23e
  419. Finished request 1658.
  420. Going to the next request
  421. Waking up in 2.3 seconds.
  422. rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=5, length=251
  423. User-Name = "testaccount@testdomain.edu"
  424. Calling-Station-Id = "00-21-00-2d-f5-31"
  425. Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
  426. NAS-Port = 29
  427. Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
  428. NAS-IP-Address = 10.5.11.6
  429. NAS-Identifier = "SIMONS-WLC2"
  430. Airespace-Wlan-Id = 2
  431. Service-Type = Framed-User
  432. Framed-MTU = 1300
  433. NAS-Port-Type = Wireless-802.11
  434. Tunnel-Type:0 = VLAN
  435. Tunnel-Medium-Type:0 = IEEE-802
  436. Tunnel-Private-Group-Id:0 = "60"
  437. EAP-Message = 0x021200061500
  438. State = 0xa21774aba00561afd7fdef493d91b23e
  439. Message-Authenticator = 0xb7a75f24d4d353d4202ceebb30d2aa58
  440. # Executing section authorize from file /etc/raddb/sites-enabled/default
  441. +- entering group authorize {...}
  442. ++[preprocess] returns ok
  443. ++[chap] returns noop
  444. ++[mschap] returns noop
  445. ++[digest] returns noop
  446. [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
  447. [suffix] Found realm "testdomain.edu"
  448. [suffix] Adding Stripped-User-Name = "testaccount"
  449. [suffix] Adding Realm = "testdomain.edu"
  450. [suffix] Authentication realm is LOCAL.
  451. ++[suffix] returns ok
  452. [eap] EAP packet type response id 18 length 6
  453. [eap] Continuing tunnel setup.
  454. ++[eap] returns ok
  455. Found Auth-Type = EAP
  456. # Executing group from file /etc/raddb/sites-enabled/default
  457. +- entering group authenticate {...}
  458. [eap] Request found, released from the list
  459. [eap] EAP/ttls
  460. [eap] processing type ttls
  461. [ttls] Authenticate
  462. [ttls] processing EAP-TLS
  463. [ttls] Received TLS ACK
  464. [ttls] ACK handshake fragment handler
  465. [ttls] eaptls_verify returned 1
  466. [ttls] eaptls_process returned 13
  467. ++[eap] returns handled
  468. Sending Access-Challenge of id 5 to 10.5.11.6 port 32768
  469. EAP-Message = 0x0113040015c00000091370696473736c2d6169612e67656f74727573742e636f6d2f726170696473736c2e637274300d06092a864886f70d010105050003820101001845cc1c562218f11207bbc32e985402bb763dbdf48b06ce198bbd1693cd3d4b02d564e1c426aceee7ef2580c47ba85620782a48aec6e4562dac194298a2621d273d2586872b03762b41bbb33ca378add486ab5eaf40ed22a65c6737db0b7f9e3688c3f590a2cdb855327b54fefaff6b0285b6bf6a1e1184fce12060702d2856cb843b5531487cb4e9a6b539827654759a4c06cfdb37fdf4572e748a06de3765398c9e1b22cfd1d1bb00df762194bc7b8a58be7c2683fd30ada9e7
  470. EAP-Message = 0x28b9d9a83feb3b635ef4ccb1bab93dd71bed1a8d9cf7fc8480c07a5969158c2aeff7e11496d31f010562a1675ef515dc6f7f7c3d5c63875702857393b804a0af15d1249fcc0003d9308203d5308202bda00302010202030236d1300d06092a864886f70d01010505003042310b300906035504061302555331163014060355040a130d47656f547275737420496e632e311b30190603550403131247656f547275737420476c6f62616c204341301e170d3130303231393232343530355a170d3230303231383232343530355a303c310b300906035504061302555331173015060355040a130e47656f54727573742c20496e632e3114301206035504
  471. EAP-Message = 0x03130b526170696453534c20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c771f856c71ed9ccb5adf6b497a3fba1e60b505f50aa3ada0ffc3d292443c61029c1fc554072eebdeadf9fb641f4484bc86efe4f57128b5bfa92dd5ee8adf3f01bb17b4dfbcffdd1e5f8e3dce7f5737fdf0149cf8c56c1bd37e35bbeb54f8b8bf0da4fc7e3dd554769dff25b7b074f3de5ac21c1c81d7ae8e7f60fa1aaf56fdea8654f10899c03f3897aa55e017233eda9e95a1e79f387c8dfc8c5fc37c89a9ad7b876ccb03ee7fde654eadf5f5241785957adf112d67fbcd59f70d3056cfaa37d6758dd26621d31920c79791c8e
  472. EAP-Message = 0xcfca7bc166afa87448fb8e82c29e2c995c7b2d5d9bbc5b579e7c3a7a13adf2a3185b2b590fcd5c3aeb6833c6281d82d1508b0203010001a381d93081d6300e0603551d0f0101ff040403020106301d0603551d0e041604146b693d6a18424add8f026539fd35248678911630301f0603551d23041830168014c07a98688d89fbab05640c117daa7d65b8cacc4e30120603551d130101ff040830060101ff020100303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f6774676c6f62616c2e63726c303406082b0601050507010104283026302406082b0601050507300186186874
  473. EAP-Message = 0x74703a2f2f6f6373702e6765
  474. Message-Authenticator = 0x00000000000000000000000000000000
  475. State = 0xa21774aba10461afd7fdef493d91b23e
  476. Finished request 1659.
  477. Going to the next request
  478. Waking up in 2.3 seconds.
  479. rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=6, length=251
  480. User-Name = "testaccount@testdomain.edu"
  481. Calling-Station-Id = "00-21-00-2d-f5-31"
  482. Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
  483. NAS-Port = 29
  484. Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
  485. NAS-IP-Address = 10.5.11.6
  486. NAS-Identifier = "SIMONS-WLC2"
  487. Airespace-Wlan-Id = 2
  488. Service-Type = Framed-User
  489. Framed-MTU = 1300
  490. NAS-Port-Type = Wireless-802.11
  491. Tunnel-Type:0 = VLAN
  492. Tunnel-Medium-Type:0 = IEEE-802
  493. Tunnel-Private-Group-Id:0 = "60"
  494. EAP-Message = 0x021300061500
  495. State = 0xa21774aba10461afd7fdef493d91b23e
  496. Message-Authenticator = 0x6ce48f27fee5fcf6015478bd727600fd
  497. # Executing section authorize from file /etc/raddb/sites-enabled/default
  498. +- entering group authorize {...}
  499. ++[preprocess] returns ok
  500. ++[chap] returns noop
  501. ++[mschap] returns noop
  502. ++[digest] returns noop
  503. [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
  504. [suffix] Found realm "testdomain.edu"
  505. [suffix] Adding Stripped-User-Name = "testaccount"
  506. [suffix] Adding Realm = "testdomain.edu"
  507. [suffix] Authentication realm is LOCAL.
  508. ++[suffix] returns ok
  509. [eap] EAP packet type response id 19 length 6
  510. [eap] Continuing tunnel setup.
  511. ++[eap] returns ok
  512. Found Auth-Type = EAP
  513. # Executing group from file /etc/raddb/sites-enabled/default
  514. +- entering group authenticate {...}
  515. [eap] Request found, released from the list
  516. [eap] EAP/ttls
  517. [eap] processing type ttls
  518. [ttls] Authenticate
  519. [ttls] processing EAP-TLS
  520. [ttls] Received TLS ACK
  521. [ttls] ACK handshake fragment handler
  522. [ttls] eaptls_verify returned 1
  523. [ttls] eaptls_process returned 13
  524. ++[eap] returns handled
  525. Sending Access-Challenge of id 6 to 10.5.11.6 port 32768
  526. EAP-Message = 0x011401311580000009136f74727573742e636f6d300d06092a864886f70d01010505000382010100abbcbc0a5d1894e3c1b1c3a84c55d6beb498f1ee3c1ccdcff324245c96032758fc36aea22f8ff1feda2b02c333bdc8dd48222b600fa50310fd77f8d0ed96674ffdea47207054dca90c557ee196258ad9b5da574abe8d8e494363a56c4e278725eb5b6dfea27f3828e036abad39a5a562c4b75c582caa5d0160a66267a3c0c76223f4e76c46eeb5d3806a2213d22d3f744feaaf8c5fb4389cdbaeceaf841ea6f634515979d3e375dcbcd7f373df92ecd220596f9cfb95f89276180a7c0f2ca6cade8a627bd8f3ce5f68bd8f3ec174bb15723a1683a9
  527. EAP-Message = 0x0be64d999cd857eca80151c76f57345eab4a2c42f64f1c8978de264ef56f934c156b27564d00546c7ab7b716030100040e000000
  528. Message-Authenticator = 0x00000000000000000000000000000000
  529. State = 0xa21774aba60361afd7fdef493d91b23e
  530. Finished request 1660.
  531. Going to the next request
  532. Waking up in 2.3 seconds.
  533. rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=7, length=583
  534. User-Name = "testaccount@testdomain.edu"
  535. Calling-Station-Id = "00-21-00-2d-f5-31"
  536. Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
  537. NAS-Port = 29
  538. Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
  539. NAS-IP-Address = 10.5.11.6
  540. NAS-Identifier = "SIMONS-WLC2"
  541. Airespace-Wlan-Id = 2
  542. Service-Type = Framed-User
  543. Framed-MTU = 1300
  544. NAS-Port-Type = Wireless-802.11
  545. Tunnel-Type:0 = VLAN
  546. Tunnel-Medium-Type:0 = IEEE-802
  547. Tunnel-Private-Group-Id:0 = "60"
  548. EAP-Message = 0x021401501580000001461603010106100001020100681eb02185015eb7fa9772641ed4a7dc37daebd99639f569cca27c518a56ec374c99a724fa49d955148eec015bbe06572bbf644c48b9fbeefa64f1a841bfe58e8ea46f3bba2148e43fd02606a3bf8877fb1e363ce7c48bbad0f7278633f7187c4d6192f817b1e73e775b26c03605604625d5fddecdab0a84fe68a462db5bb731051d84150b092aef23056172b32bc43c63cb56344f6dd152514671a223f0875e847eb680b6809a57b836ee9cd9c610b61bc3ba53e835c786b18a1d864bb2c23005e6966f7e512dce7fecbbf7173550bb023fc3a927927099be6ce56e89096afdace61b20bd494d97
  549. EAP-Message = 0x442b09756ede214f6fd202c0f6d5e441336dcb284bcff483140301000101160301003017576173032be633996ed4d8e68b0afed2d31a38cabe45af393565c33206265d4214782e56250908dbcdfa014d788b4b
  550. State = 0xa21774aba60361afd7fdef493d91b23e
  551. Message-Authenticator = 0x1f5807a96c33dcc130b0a9c8c5e7c99a
  552. # Executing section authorize from file /etc/raddb/sites-enabled/default
  553. +- entering group authorize {...}
  554. ++[preprocess] returns ok
  555. ++[chap] returns noop
  556. ++[mschap] returns noop
  557. ++[digest] returns noop
  558. [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
  559. [suffix] Found realm "testdomain.edu"
  560. [suffix] Adding Stripped-User-Name = "testaccount"
  561. [suffix] Adding Realm = "testdomain.edu"
  562. [suffix] Authentication realm is LOCAL.
  563. ++[suffix] returns ok
  564. [eap] EAP packet type response id 20 length 253
  565. [eap] Continuing tunnel setup.
  566. ++[eap] returns ok
  567. Found Auth-Type = EAP
  568. # Executing group from file /etc/raddb/sites-enabled/default
  569. +- entering group authenticate {...}
  570. [eap] Request found, released from the list
  571. [eap] EAP/ttls
  572. [eap] processing type ttls
  573. [ttls] Authenticate
  574. [ttls] processing EAP-TLS
  575. TLS Length 326
  576. [ttls] Length Included
  577. [ttls] eaptls_verify returned 11
  578. [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
  579. [ttls] TLS_accept: SSLv3 read client key exchange A
  580. [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  581. [ttls] <<< TLS 1.0 Handshake [length 0010], Finished
  582. [ttls] TLS_accept: SSLv3 read finished A
  583. [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  584. [ttls] TLS_accept: SSLv3 write change cipher spec A
  585. [ttls] >>> TLS 1.0 Handshake [length 0010], Finished
  586. [ttls] TLS_accept: SSLv3 write finished A
  587. [ttls] TLS_accept: SSLv3 flush data
  588. [ttls] (other): SSL negotiation finished successfully
  589. SSL Connection Established
  590. [ttls] eaptls_process returned 13
  591. ++[eap] returns handled
  592. Sending Access-Challenge of id 7 to 10.5.11.6 port 32768
  593. EAP-Message = 0x0115004515800000003b14030100010116030100308334d3efee1ec82976cac9e129f3c660e9106e7d8ee4176ad39f45b84013fe5fe05a755377372139e9e9f53626a3f54e
  594. Message-Authenticator = 0x00000000000000000000000000000000
  595. State = 0xa21774aba70261afd7fdef493d91b23e
  596. Finished request 1661.
  597. Going to the next request
  598. Waking up in 2.3 seconds.
  599. rad_recv: Access-Request packet from host 10.5.11.6 port 32768, id=8, length=340
  600. User-Name = "testaccount@testdomain.edu"
  601. Calling-Station-Id = "00-21-00-2d-f5-31"
  602. Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
  603. NAS-Port = 29
  604. Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
  605. NAS-IP-Address = 10.5.11.6
  606. NAS-Identifier = "SIMONS-WLC2"
  607. Airespace-Wlan-Id = 2
  608. Service-Type = Framed-User
  609. Framed-MTU = 1300
  610. NAS-Port-Type = Wireless-802.11
  611. Tunnel-Type:0 = VLAN
  612. Tunnel-Medium-Type:0 = IEEE-802
  613. Tunnel-Private-Group-Id:0 = "60"
  614. EAP-Message = 0x0215005f1580000000551703010050a5f6c3fcb1a787b60f256c51246b6ce6d9da0b7c28d797dc6f9fd628b0e03ed0fa434143718e27032a38b58de72612873e3d88ea896531136cbad40d2acca8a08cd97801279fec9baa4f7a84cbf921d1
  615. State = 0xa21774aba70261afd7fdef493d91b23e
  616. Message-Authenticator = 0x5f0fa2285ac032657b9d6f2f6fd040f9
  617. # Executing section authorize from file /etc/raddb/sites-enabled/default
  618. +- entering group authorize {...}
  619. ++[preprocess] returns ok
  620. ++[chap] returns noop
  621. ++[mschap] returns noop
  622. ++[digest] returns noop
  623. [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
  624. [suffix] Found realm "testdomain.edu"
  625. [suffix] Adding Stripped-User-Name = "testaccount"
  626. [suffix] Adding Realm = "testdomain.edu"
  627. [suffix] Authentication realm is LOCAL.
  628. ++[suffix] returns ok
  629. [eap] EAP packet type response id 21 length 95
  630. [eap] Continuing tunnel setup.
  631. ++[eap] returns ok
  632. Found Auth-Type = EAP
  633. # Executing group from file /etc/raddb/sites-enabled/default
  634. +- entering group authenticate {...}
  635. [eap] Request found, released from the list
  636. [eap] EAP/ttls
  637. [eap] processing type ttls
  638. [ttls] Authenticate
  639. [ttls] processing EAP-TLS
  640. TLS Length 85
  641. [ttls] Length Included
  642. [ttls] eaptls_verify returned 11
  643. [ttls] eaptls_process returned 7
  644. [ttls] Session established. Proceeding to decode tunneled attributes.
  645. [ttls] Got tunneled request
  646. User-Name = "testaccount@testdomain.edu"
  647. User-Password = "testpassword"
  648. FreeRADIUS-Proxied-To = 127.0.0.1
  649. [ttls] Sending tunneled request
  650. User-Name = "testaccount@testdomain.edu"
  651. User-Password = "testpassword"
  652. FreeRADIUS-Proxied-To = 127.0.0.1
  653. Calling-Station-Id = "00-21-00-2d-f5-31"
  654. Called-Station-Id = "00-1f-6c-a9-85-d0:secure"
  655. NAS-Port = 29
  656. Cisco-AVPair = "audit-session-id=0a050b06000249d24f5504d0"
  657. NAS-IP-Address = 10.5.11.6
  658. NAS-Identifier = "SIMONS-WLC2"
  659. Airespace-Wlan-Id = 2
  660. Service-Type = Framed-User
  661. Framed-MTU = 1300
  662. NAS-Port-Type = Wireless-802.11
  663. Tunnel-Type:0 = VLAN
  664. Tunnel-Medium-Type:0 = IEEE-802
  665. Tunnel-Private-Group-Id:0 = "60"
  666. server inner-tunnel {
  667. # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
  668. +- entering group authorize {...}
  669. ++[chap] returns noop
  670. ++[mschap] returns noop
  671. [suffix] Looking up realm "testdomain.edu" for User-Name = "testaccount@testdomain.edu"
  672. [suffix] Found realm "testdomain.edu"
  673. [suffix] Adding Stripped-User-Name = "testaccount"
  674. [suffix] Adding Realm = "testdomain.edu"
  675. [suffix] Authentication realm is LOCAL.
  676. ++[suffix] returns ok
  677. ++[control] returns ok
  678. [eap] No EAP-Message, not doing EAP
  679. ++[eap] returns noop
  680. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  681. [ldap] Entering ldap_groupcmp()
  682. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  683. [files] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  684. [files] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
  685. [ldap] ldap_get_conn: Checking Id: 0
  686. [ldap] ldap_get_conn: Got Id: 0
  687. [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
  688. [ldap] ldap_release_conn: Release Id: 0
  689. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  690. [ldap] ldap_get_conn: Checking Id: 0
  691. [ldap] ldap_get_conn: Got Id: 0
  692. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  693. [ldap] object not found
  694. [ldap] ldap_release_conn: Release Id: 0
  695. [ldap] ldap_get_conn: Checking Id: 0
  696. [ldap] ldap_get_conn: Got Id: 0
  697. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  698. rlm_ldap::groupcmp: Group faculty not found or user not a member
  699. [ldap] ldap_release_conn: Release Id: 0
  700. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  701. [ldap] Entering ldap_groupcmp()
  702. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  703. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  704. [ldap] ldap_get_conn: Checking Id: 0
  705. [ldap] ldap_get_conn: Got Id: 0
  706. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  707. [ldap] object not found
  708. [ldap] ldap_release_conn: Release Id: 0
  709. [ldap] ldap_get_conn: Checking Id: 0
  710. [ldap] ldap_get_conn: Got Id: 0
  711. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  712. rlm_ldap::groupcmp: Group staff not found or user not a member
  713. [ldap] ldap_release_conn: Release Id: 0
  714. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  715. [ldap] Entering ldap_groupcmp()
  716. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  717. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  718. [ldap] ldap_get_conn: Checking Id: 0
  719. [ldap] ldap_get_conn: Got Id: 0
  720. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  721. [ldap] object not found
  722. [ldap] ldap_release_conn: Release Id: 0
  723. [ldap] ldap_get_conn: Checking Id: 0
  724. [ldap] ldap_get_conn: Got Id: 0
  725. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  726. rlm_ldap::ldap_groupcmp: User found in group student
  727. [ldap] ldap_release_conn: Release Id: 0
  728. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  729. [ldap] Entering ldap_groupcmp()
  730. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  731. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  732. [ldap] ldap_get_conn: Checking Id: 0
  733. [ldap] ldap_get_conn: Got Id: 0
  734. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=driver)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  735. [ldap] object not found
  736. [ldap] ldap_release_conn: Release Id: 0
  737. [ldap] ldap_get_conn: Checking Id: 0
  738. [ldap] ldap_get_conn: Got Id: 0
  739. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  740. rlm_ldap::groupcmp: Group driver not found or user not a member
  741. [ldap] ldap_release_conn: Release Id: 0
  742. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  743. [ldap] Entering ldap_groupcmp()
  744. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  745. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  746. [ldap] ldap_get_conn: Checking Id: 0
  747. [ldap] ldap_get_conn: Got Id: 0
  748. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=faculty)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  749. [ldap] object not found
  750. [ldap] ldap_release_conn: Release Id: 0
  751. [ldap] ldap_get_conn: Checking Id: 0
  752. [ldap] ldap_get_conn: Got Id: 0
  753. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  754. rlm_ldap::groupcmp: Group faculty not found or user not a member
  755. [ldap] ldap_release_conn: Release Id: 0
  756. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  757. [ldap] Entering ldap_groupcmp()
  758. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  759. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  760. [ldap] ldap_get_conn: Checking Id: 0
  761. [ldap] ldap_get_conn: Got Id: 0
  762. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=staff)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  763. [ldap] object not found
  764. [ldap] ldap_release_conn: Release Id: 0
  765. [ldap] ldap_get_conn: Checking Id: 0
  766. [ldap] ldap_get_conn: Got Id: 0
  767. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  768. rlm_ldap::groupcmp: Group staff not found or user not a member
  769. [ldap] ldap_release_conn: Release Id: 0
  770. [files] expand: %{Client-IP-Address} -> 10.5.11.6
  771. [ldap] Entering ldap_groupcmp()
  772. [files] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  773. [files] expand: (&(objectClass=personSR)(uid=%{User-Name})) -> (&(objectClass=personSR)(uid=testaccount@testdomain.edu))
  774. [ldap] ldap_get_conn: Checking Id: 0
  775. [ldap] ldap_get_conn: Got Id: 0
  776. [ldap] performing search in dc=testdomain,dc=edu, with filter (&(groupSR=student)(&(objectClass=personSR)(uid=testaccount@testdomain.edu)))
  777. [ldap] object not found
  778. [ldap] ldap_release_conn: Release Id: 0
  779. [ldap] ldap_get_conn: Checking Id: 0
  780. [ldap] ldap_get_conn: Got Id: 0
  781. [ldap] performing search in uid=testaccount,ou=people,dc=testdomain,dc=edu, with filter (objectclass=*)
  782. rlm_ldap::ldap_groupcmp: User found in group student
  783. [ldap] ldap_release_conn: Release Id: 0
  784. [files] users: Matched entry DEFAULT at line 249
  785. ++[files] returns ok
  786. [ldap] performing user authorization for testaccount
  787. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  788. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=testaccount)
  789. [ldap] expand: dc=testdomain,dc=edu -> dc=testdomain,dc=edu
  790. [ldap] ldap_get_conn: Checking Id: 0
  791. [ldap] ldap_get_conn: Got Id: 0
  792. [ldap] performing search in dc=testdomain,dc=edu, with filter (uid=testaccount)
  793. [ldap] checking if remote access for testaccount is allowed by uid
  794. [ldap] looking for check items in directory...
  795. [ldap] looking for reply items in directory...
  796. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  797. [ldap] Setting Auth-Type = LDAP
  798. [ldap] user testaccount authorized to use remote access
  799. [ldap] ldap_release_conn: Release Id: 0
  800. ++[ldap] returns ok
  801. ++[expiration] returns noop
  802. ++[logintime] returns noop
  803. ++[pap] returns noop
  804. Found Auth-Type = LDAP
  805. # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
  806. +- entering group LDAP {...}
  807. [ldap] login attempt by "testaccount" with password "testpassword"
  808. [ldap] user DN: uid=testaccount,ou=people,dc=testdomain,dc=edu
  809. [ldap] (re)connect to ldapserver.testdomain.edu:389, authentication 1
  810. [ldap] bind as uid=testaccount,ou=people,dc=testdomain,dc=edu/testpassword to ldapserver.testdomain.edu:389
  811. [ldap] waiting for bind result ...
  812. [ldap] Bind was successful
  813. [ldap] user testaccount authenticated succesfully
  814. ++[ldap] returns ok
  815. Login OK: [testaccount@testdomain.edu] (from client SIMONS-WLC2 port 29 cli 00-21-00-2d-f5-31 via TLS tunnel)
  816. WARNING: Empty post-auth section. Using default return values.
  817. # Executing section post-auth from file /etc/raddb/sites-enabled/inner-tunnel
  818. } # server inner-tunnel
  819. [ttls] Got tunneled reply code 2
  820. Tunnel-Type:0 = VLAN
  821. Tunnel-Medium-Type:0 = IEEE-802
  822. Tunnel-Private-Group-Id:0 = "360"
  823. [ttls] Got tunneled Access-Accept
  824. [eap] Freeing handler
  825. ++[eap] returns ok
  826. Login OK: [testaccount@testdomain.edu] (from client SIMONS-WLC2 port 29 cli 00-21-00-2d-f5-31)
  827. # Executing section post-auth from file /etc/raddb/sites-enabled/default
  828. +- entering group post-auth {...}
  829. ++[exec] returns noop
  830. Sending Access-Accept of id 8 to 10.5.11.6 port 32768
  831. Tunnel-Type:0 = VLAN
  832. Tunnel-Medium-Type:0 = IEEE-802
  833. Tunnel-Private-Group-Id:0 = "360"
  834. MS-MPPE-Recv-Key = 0x1d45dc670bf171d27f6a3803389b7cd729ce603503c4855e429efd710e85c14d
  835. MS-MPPE-Send-Key = 0xa85eb171c8ebae769e489d7f0b56efd5b5046a6ef88ed456b47f7e5ee1437d31
  836. EAP-Message = 0x03150004
  837. Message-Authenticator = 0x00000000000000000000000000000000
  838. User-Name = "testaccount"
  839. Finished request 1662.
  840. Going to the next request
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!