API tools faq
paste
Advertisement
Guest User

fajar

a guest
Feb 25th, 2009
244
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 42.17 KB | None | 0 0
raw download clone embed print report
  1. FreeRADIUS Version 2.1.3, for host x86_64-redhat-linux-gnu, built on Feb 12 2009 at 17:33:29
  2. Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE.
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License v2.
  7. Starting - reading configuration files ...
  8. including configuration file /etc/raddb/radiusd.conf
  9. including configuration file /etc/raddb/proxy.conf
  10. including configuration file /etc/raddb/clients.conf
  11. including files in directory /etc/raddb/modules/
  12. including configuration file /etc/raddb/modules/checkval
  13. including configuration file /etc/raddb/modules/always
  14. including configuration file /etc/raddb/modules/mac2ip
  15. including configuration file /etc/raddb/modules/pap
  16. including configuration file /etc/raddb/modules/ippool
  17. including configuration file /etc/raddb/modules/sql_log
  18. including configuration file /etc/raddb/modules/realm
  19. including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
  20. including configuration file /etc/raddb/modules/mschap
  21. including configuration file /etc/raddb/modules/digest
  22. including configuration file /etc/raddb/modules/echo
  23. including configuration file /etc/raddb/modules/smbpasswd
  24. including configuration file /etc/raddb/modules/perl
  25. including configuration file /etc/raddb/modules/passwd
  26. including configuration file /etc/raddb/modules/preprocess
  27. including configuration file /etc/raddb/modules/detail.log
  28. including configuration file /etc/raddb/modules/exec
  29. including configuration file /etc/raddb/modules/policy
  30. including configuration file /etc/raddb/modules/radutmp
  31. including configuration file /etc/raddb/modules/files
  32. including configuration file /etc/raddb/modules/detail
  33. including configuration file /etc/raddb/modules/sradutmp
  34. including configuration file /etc/raddb/modules/pam
  35. including configuration file /etc/raddb/modules/attr_filter
  36. including configuration file /etc/raddb/modules/expr
  37. including configuration file /etc/raddb/modules/mac2vlan
  38. including configuration file /etc/raddb/modules/acct_unique
  39. including configuration file /etc/raddb/modules/inner-eap
  40. including configuration file /etc/raddb/modules/detail.example.com
  41. including configuration file /etc/raddb/modules/wimax
  42. including configuration file /etc/raddb/modules/chap
  43. including configuration file /etc/raddb/modules/ldap
  44. including configuration file /etc/raddb/modules/unix
  45. including configuration file /etc/raddb/modules/attr_rewrite
  46. including configuration file /etc/raddb/modules/counter
  47. including configuration file /etc/raddb/modules/logintime
  48. including configuration file /etc/raddb/modules/expiration
  49. including configuration file /etc/raddb/modules/linelog
  50. including configuration file /etc/raddb/modules/etc_group
  51. including configuration file /etc/raddb/eap.conf
  52. including configuration file /etc/raddb/policy.conf
  53. including files in directory /etc/raddb/sites-enabled/
  54. including configuration file /etc/raddb/sites-enabled/control-socket
  55. including configuration file /etc/raddb/sites-enabled/inner-tunnel
  56. including configuration file /etc/raddb/sites-enabled/default
  57. group = root
  58. user = root
  59. including dictionary file /etc/raddb/dictionary
  60. main {
  61. prefix = "/usr"
  62. localstatedir = "/var"
  63. logdir = "/var/log/radius"
  64. libdir = "/usr/lib64/freeradius"
  65. radacctdir = "/var/log/radius/radacct"
  66. hostname_lookups = no
  67. max_request_time = 30
  68. cleanup_delay = 5
  69. max_requests = 1024
  70. allow_core_dumps = no
  71. pidfile = "/var/run/radiusd/radiusd.pid"
  72. checkrad = "/usr/sbin/checkrad"
  73. debug_level = 0
  74. proxy_requests = yes
  75. log {
  76. stripped_names = no
  77. auth = yes
  78. auth_badpass = no
  79. auth_goodpass = no
  80. }
  81. security {
  82. max_attributes = 200
  83. reject_delay = 0
  84. status_server = yes
  85. }
  86. }
  87. client localhost {
  88. ipaddr = 127.0.0.1
  89. require_message_authenticator = no
  90. secret = "testing123"
  91. nastype = "other"
  92. }
  93. client 10.11.23.57 {
  94. require_message_authenticator = no
  95. secret = "testing123"
  96. shortname = "<CLIENT>"
  97. }
  98. radiusd: #### Loading Realms and Home Servers ####
  99. proxy server {
  100. retry_delay = 5
  101. retry_count = 3
  102. default_fallback = no
  103. dead_time = 120
  104. wake_all_if_all_dead = no
  105. }
  106. home_server localhost {
  107. ipaddr = 127.0.0.1
  108. port = 1812
  109. type = "auth"
  110. secret = "testing123"
  111. response_window = 20
  112. max_outstanding = 65536
  113. zombie_period = 40
  114. status_check = "status-server"
  115. ping_interval = 30
  116. check_interval = 30
  117. num_answers_to_alive = 3
  118. num_pings_to_alive = 3
  119. revive_interval = 120
  120. status_check_timeout = 4
  121. }
  122. home_server_pool my_auth_failover {
  123. type = fail-over
  124. home_server = localhost
  125. }
  126. realm example.com {
  127. auth_pool = my_auth_failover
  128. }
  129. realm LOCAL {
  130. }
  131. radiusd: #### Instantiating modules ####
  132. instantiate {
  133. Module: Linked to module rlm_exec
  134. Module: Instantiating exec
  135. exec {
  136. wait = no
  137. input_pairs = "request"
  138. shell_escape = yes
  139. }
  140. Module: Linked to module rlm_expr
  141. Module: Instantiating expr
  142. Module: Linked to module rlm_expiration
  143. Module: Instantiating expiration
  144. expiration {
  145. reply-message = "Password Has Expired "
  146. }
  147. Module: Linked to module rlm_logintime
  148. Module: Instantiating logintime
  149. logintime {
  150. reply-message = "You are calling outside your allowed timespan "
  151. minimum-timeout = 60
  152. }
  153. }
  154. radiusd: #### Loading Virtual Servers ####
  155. server inner-tunnel {
  156. modules {
  157. Module: Checking authenticate {...} for more modules to load
  158. Module: Linked to module rlm_pap
  159. Module: Instantiating pap
  160. pap {
  161. encryption_scheme = "auto"
  162. auto_header = no
  163. }
  164. Module: Linked to module rlm_chap
  165. Module: Instantiating chap
  166. Module: Linked to module rlm_mschap
  167. Module: Instantiating mschap
  168. mschap {
  169. use_mppe = yes
  170. require_encryption = no
  171. require_strong = no
  172. with_ntdomain_hack = no
  173. }
  174. Module: Linked to module rlm_unix
  175. Module: Instantiating unix
  176. unix {
  177. radwtmp = "/var/log/radius/radwtmp"
  178. }
  179. Module: Linked to module rlm_eap
  180. Module: Instantiating eap
  181. eap {
  182. default_eap_type = "peap"
  183. timer_expire = 60
  184. ignore_unknown_eap_types = no
  185. cisco_accounting_username_bug = no
  186. max_sessions = 2048
  187. }
  188. Module: Linked to sub-module rlm_eap_md5
  189. Module: Instantiating eap-md5
  190. Module: Linked to sub-module rlm_eap_leap
  191. Module: Instantiating eap-leap
  192. Module: Linked to sub-module rlm_eap_gtc
  193. Module: Instantiating eap-gtc
  194. gtc {
  195. challenge = "Password: "
  196. auth_type = "PAP"
  197. }
  198. Module: Linked to sub-module rlm_eap_tls
  199. Module: Instantiating eap-tls
  200. tls {
  201. rsa_key_exchange = no
  202. dh_key_exchange = yes
  203. rsa_key_length = 512
  204. dh_key_length = 512
  205. verify_depth = 0
  206. pem_file_type = yes
  207. private_key_file = "/etc/raddb/certs/server.pem"
  208. certificate_file = "/etc/raddb/certs/server.pem"
  209. CA_file = "/etc/raddb/certs/ca.pem"
  210. private_key_password = "whatever"
  211. dh_file = "/etc/raddb/certs/dh"
  212. random_file = "/etc/raddb/certs/random"
  213. fragment_size = 1024
  214. include_length = yes
  215. check_crl = no
  216. cipher_list = "DEFAULT"
  217. make_cert_command = "/etc/raddb/certs/bootstrap"
  218. cache {
  219. enable = no
  220. lifetime = 24
  221. max_entries = 255
  222. }
  223. }
  224. Module: Linked to sub-module rlm_eap_peap
  225. Module: Instantiating eap-peap
  226. peap {
  227. default_eap_type = "gtc"
  228. copy_request_to_tunnel = no
  229. use_tunneled_reply = no
  230. proxy_tunneled_request_as_eap = yes
  231. virtual_server = "inner-tunnel"
  232. }
  233. Module: Linked to sub-module rlm_eap_mschapv2
  234. Module: Instantiating eap-mschapv2
  235. mschapv2 {
  236. with_ntdomain_hack = no
  237. }
  238. Module: Checking authorize {...} for more modules to load
  239. Module: Linked to module rlm_realm
  240. Module: Instantiating suffix
  241. realm suffix {
  242. format = "suffix"
  243. delimiter = "@"
  244. ignore_default = no
  245. ignore_null = no
  246. }
  247. Module: Linked to module rlm_files
  248. Module: Instantiating files
  249. files {
  250. usersfile = "/etc/raddb/users"
  251. acctusersfile = "/etc/raddb/acct_users"
  252. preproxy_usersfile = "/etc/raddb/preproxy_users"
  253. compat = "no"
  254. }
  255. Module: Checking session {...} for more modules to load
  256. Module: Linked to module rlm_radutmp
  257. Module: Instantiating radutmp
  258. radutmp {
  259. filename = "/var/log/radius/radutmp"
  260. username = "%{User-Name}"
  261. case_sensitive = yes
  262. check_with_nas = yes
  263. perm = 384
  264. callerid = yes
  265. }
  266. Module: Checking post-proxy {...} for more modules to load
  267. Module: Checking post-auth {...} for more modules to load
  268. Module: Linked to module rlm_attr_filter
  269. Module: Instantiating attr_filter.access_reject
  270. attr_filter attr_filter.access_reject {
  271. attrsfile = "/etc/raddb/attrs.access_reject"
  272. key = "%{User-Name}"
  273. }
  274. }
  275. }
  276. modules {
  277. Module: Checking authenticate {...} for more modules to load
  278. Module: Linked to module rlm_pam
  279. Module: Instantiating pam
  280. pam {
  281. pam_auth = "radiusd"
  282. }
  283. Module: Linked to module rlm_ldap
  284. Module: Instantiating ldap
  285. ldap {
  286. server = "<LDAP_SERVER>"
  287. port = 389
  288. password = ""
  289. identity = ""
  290. net_timeout = 1
  291. timeout = 4
  292. timelimit = 3
  293. tls_mode = no
  294. start_tls = no
  295. tls_require_cert = "allow"
  296. tls {
  297. start_tls = no
  298. require_cert = "allow"
  299. }
  300. basedn = "o=Telkom"
  301. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  302. base_filter = "(objectclass=radiusprofile)"
  303. auto_header = no
  304. access_attr_used_for_allow = yes
  305. groupname_attribute = "cn"
  306. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  307. dictionary_mapping = "/etc/raddb/ldap.attrmap"
  308. ldap_debug = 0
  309. ldap_connections_number = 5
  310. compare_check_items = no
  311. do_xlat = yes
  312. set_auth_type = yes
  313. }
  314. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  315. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  316. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
  317. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  318. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  319. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  320. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  321. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  322. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  323. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  324. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  325. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  326. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  327. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  328. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  329. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  330. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  331. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  332. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  333. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  334. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  335. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  336. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  337. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  338. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  339. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  340. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  341. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  342. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  343. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  344. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  345. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  346. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  347. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  348. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  349. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  350. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  351. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  352. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  353. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  354. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  355. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  356. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  357. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  358. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  359. conns: 0x1b807470
  360. Module: Checking authorize {...} for more modules to load
  361. Module: Linked to module rlm_preprocess
  362. Module: Instantiating preprocess
  363. preprocess {
  364. huntgroups = "/etc/raddb/huntgroups"
  365. hints = "/etc/raddb/hints"
  366. with_ascend_hack = no
  367. ascend_channels_per_line = 23
  368. with_ntdomain_hack = no
  369. with_specialix_jetstream_hack = no
  370. with_cisco_vsa_hack = no
  371. with_alvarion_vsa_hack = no
  372. }
  373. Module: Checking preacct {...} for more modules to load
  374. Module: Linked to module rlm_acct_unique
  375. Module: Instantiating acct_unique
  376. acct_unique {
  377. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  378. }
  379. Module: Checking accounting {...} for more modules to load
  380. Module: Linked to module rlm_detail
  381. Module: Instantiating detail
  382. detail {
  383. detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
  384. header = "%t"
  385. detailperm = 384
  386. dirperm = 493
  387. locking = no
  388. log_packet_header = no
  389. }
  390. Module: Instantiating attr_filter.accounting_response
  391. attr_filter attr_filter.accounting_response {
  392. attrsfile = "/etc/raddb/attrs.accounting_response"
  393. key = "%{User-Name}"
  394. }
  395. Module: Checking session {...} for more modules to load
  396. Module: Checking post-proxy {...} for more modules to load
  397. Module: Checking post-auth {...} for more modules to load
  398. }
  399. radiusd: #### Opening IP addresses and Ports ####
  400. listen {
  401. type = "auth"
  402. ipaddr = *
  403. port = 0
  404. }
  405. listen {
  406. type = "acct"
  407. ipaddr = *
  408. port = 0
  409. }
  410. listen {
  411. type = "control"
  412. listen {
  413. socket = "/var/run/radiusd/radiusd.sock"
  414. }
  415. }
  416. Listening on authentication address * port 1812
  417. Listening on accounting address * port 1813
  418. Listening on command file /var/run/radiusd/radiusd.sock
  419. Listening on proxy address * port 1814
  420. Ready to process requests.
  421. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=125
  422. User-Name = "<USER>"
  423. NAS-IP-Address = 192.168.6.11
  424. Called-Station-Id = "001839edc159"
  425. Calling-Station-Id = "002269607a74"
  426. NAS-Identifier = "001839edc159"
  427. NAS-Port = 46
  428. Framed-MTU = 1400
  429. NAS-Port-Type = Wireless-802.11
  430. EAP-Message = 0x0200000b01383030303432
  431. Message-Authenticator = 0x2b7f25c453eb1c0303454b95c1b44d71
  432. +- entering group authorize {...}
  433. ++[preprocess] returns ok
  434. ++[chap] returns noop
  435. ++[mschap] returns noop
  436. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  437. [suffix] No such realm "NULL"
  438. ++[suffix] returns noop
  439. [eap] EAP packet type response id 0 length 11
  440. [eap] No EAP Start, assuming it's an on-going EAP conversation
  441. ++[eap] returns updated
  442. ++[unix] returns notfound
  443. ++[files] returns noop
  444. [ldap] performing user authorization for <USER>
  445. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  446. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=<USER>)
  447. [ldap] expand: o=Telkom -> o=Telkom
  448. rlm_ldap: ldap_get_conn: Checking Id: 0
  449. rlm_ldap: ldap_get_conn: Got Id: 0
  450. rlm_ldap: attempting LDAP reconnection
  451. rlm_ldap: (re)connect to <LDAP_SERVER>:389, authentication 0
  452. rlm_ldap: bind as / to <LDAP_SERVER>:389
  453. rlm_ldap: waiting for bind result ...
  454. rlm_ldap: Bind was successful
  455. rlm_ldap: performing search in o=Telkom, with filter (uid=<USER>)
  456. [ldap] looking for check items in directory...
  457. [ldap] looking for reply items in directory...
  458. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  459. [ldap] user <USER> authorized to use remote access
  460. rlm_ldap: ldap_release_conn: Release Id: 0
  461. ++[ldap] returns ok
  462. ++[expiration] returns noop
  463. ++[logintime] returns noop
  464. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  465. ++[pap] returns noop
  466. ++? if (!control:Auth-Type)
  467. ? Evaluating !(control:Auth-Type) -> TRUE
  468. ++? if (!control:Auth-Type) -> FALSE
  469. Found Auth-Type = EAP
  470. +- entering group authenticate {...}
  471. [eap] EAP Identity
  472. [eap] processing type tls
  473. [tls] Initiate
  474. [tls] Start returned 1
  475. ++[eap] returns handled
  476. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  477. EAP-Message = 0x010100061920
  478. Message-Authenticator = 0x00000000000000000000000000000000
  479. State = 0x3b32b8053b33a1597e93aeb15ced1048
  480. Finished request 0.
  481. Going to the next request
  482. Waking up in 4.9 seconds.
  483. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=231
  484. Cleaning up request 0 ID 0 with timestamp +43
  485. User-Name = "<USER>"
  486. NAS-IP-Address = 192.168.6.11
  487. Called-Station-Id = "001839edc159"
  488. Calling-Station-Id = "002269607a74"
  489. NAS-Identifier = "001839edc159"
  490. NAS-Port = 46
  491. Framed-MTU = 1400
  492. State = 0x3b32b8053b33a1597e93aeb15ced1048
  493. NAS-Port-Type = Wireless-802.11
  494. EAP-Message = 0x020100631900160301005801000054030149a51ef25d50f2d8c4ad1483556c5d7b7e5d0d5c9ccd10f35c267455a5bd757f00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100000400230000
  495. Message-Authenticator = 0x6f60bb34657fc39b3da28becbbfebc66
  496. +- entering group authorize {...}
  497. ++[preprocess] returns ok
  498. ++[chap] returns noop
  499. ++[mschap] returns noop
  500. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  501. [suffix] No such realm "NULL"
  502. ++[suffix] returns noop
  503. [eap] EAP packet type response id 1 length 99
  504. [eap] Continuing tunnel setup.
  505. ++[eap] returns ok
  506. Found Auth-Type = EAP
  507. +- entering group authenticate {...}
  508. [eap] Request found, released from the list
  509. [eap] EAP/peap
  510. [eap] processing type peap
  511. [peap] processing EAP-TLS
  512. [peap] eaptls_verify returned 7
  513. [peap] Done initial handshake
  514. [peap] (other): before/accept initialization
  515. [peap] TLS_accept: before/accept initialization
  516. [peap] <<< TLS 1.0 Handshake [length 0058], ClientHello
  517. [peap] TLS_accept: SSLv3 read client hello A
  518. [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
  519. [peap] TLS_accept: SSLv3 write server hello A
  520. [peap] >>> TLS 1.0 Handshake [length 085e], Certificate
  521. [peap] TLS_accept: SSLv3 write certificate A
  522. [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
  523. [peap] TLS_accept: SSLv3 write key exchange A
  524. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  525. [peap] TLS_accept: SSLv3 write server done A
  526. [peap] TLS_accept: SSLv3 flush data
  527. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
  528. In SSL Handshake Phase
  529. In SSL Accept mode
  530. [peap] eaptls_process returned 13
  531. [peap] EAPTLS_HANDLED
  532. ++[eap] returns handled
  533. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  534. EAP-Message = 0x0102040019c000000aad160301002a02000026030149a51ef2bef7d82df13691208c39fc57f314217c3553a8d0421f41bc079defa200003901160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
  535. EAP-Message = 0x301e170d3039303232353037343535315a170d3130303232353037343535315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b88e250c6b203f28fe99acbc8b0183df2612e3fe504e509143256e6b2c9dfeb40e23b089d0f6e9a0a18998376e337ed911b3add9aff3929a70b10c826945
  536. EAP-Message = 0xc83934df4d491fba58d26f24ea48c8370152b82ac342ef518b5eb3b09f8c7e9c596cf62d5d8c50533bb196478e51546513310aec86f3492be772942656c04b642e077dab15101471a9fe09997817f404743d0a52f22c720b9f26496ba49529476ea71626afe98a6d2ee60a2b954634011260998202225da4c7207335e0aa053cff72080bfaa2cad44d4a792b8e5cb823658f1ba87aef1a903eaf91af6ef7380da8f6b98cb8df22f0b53545dc32aae30c9d07f5adbb72648b629d0c6623269dc79ab10203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c883a8f493e9746e73
  537. EAP-Message = 0x3b2f6df490b8b094e05d26705d903912bec8cc89b71464ba0ce346e362eff823fa1cfd999fa4c092bfe2f041b4bf494563d530dc388cc3d62db05a645c47baf1783470cf81607736be78d680173f32b2493631d8df6ab0d0f8fdc2a5faa9a8960bf9d82f9ee93805b720f4a8c0b281c046756baf2876a3f906fca579b280ccd2ba145df44c4b27d94f510e4d61f80470489d2ecdf9af5ff3e2311c2082c78645bacb05fbf62c026f59afd126a476b8aa8f9e52327ed1dd33e86e974271904cad0e0754551ec67bb0ec0ab589c91398f337063b1e7595a51294e4966229999c8278ca562eaa6a2ce44c6999594f5ff9030119f2743985e60004ab308204
  538. EAP-Message = 0xa73082038fa0030201020209
  539. Message-Authenticator = 0x00000000000000000000000000000000
  540. State = 0x3b32b8053a30a1597e93aeb15ced1048
  541. Finished request 1.
  542. Going to the next request
  543. Waking up in 4.9 seconds.
  544. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=138
  545. Cleaning up request 1 ID 0 with timestamp +43
  546. User-Name = "<USER>"
  547. NAS-IP-Address = 192.168.6.11
  548. Called-Station-Id = "001839edc159"
  549. Calling-Station-Id = "002269607a74"
  550. NAS-Identifier = "001839edc159"
  551. NAS-Port = 46
  552. Framed-MTU = 1400
  553. State = 0x3b32b8053a30a1597e93aeb15ced1048
  554. NAS-Port-Type = Wireless-802.11
  555. EAP-Message = 0x020200061900
  556. Message-Authenticator = 0x14a5a1570fe1230590cdaad8c5b606d3
  557. +- entering group authorize {...}
  558. ++[preprocess] returns ok
  559. ++[chap] returns noop
  560. ++[mschap] returns noop
  561. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  562. [suffix] No such realm "NULL"
  563. ++[suffix] returns noop
  564. [eap] EAP packet type response id 2 length 6
  565. [eap] Continuing tunnel setup.
  566. ++[eap] returns ok
  567. Found Auth-Type = EAP
  568. +- entering group authenticate {...}
  569. [eap] Request found, released from the list
  570. [eap] EAP/peap
  571. [eap] processing type peap
  572. [peap] processing EAP-TLS
  573. [peap] Received TLS ACK
  574. [peap] ACK handshake fragment handler
  575. [peap] eaptls_verify returned 1
  576. [peap] eaptls_process returned 13
  577. [peap] EAPTLS_HANDLED
  578. ++[eap] returns handled
  579. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  580. EAP-Message = 0x010303fc194000d462167527c1c1af300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303232353037343535315a170d3130303232353037343535315a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
  581. EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ca1e14f6797ed0f6ed9eac1d441662147f1e07dc70ede42a0512810ba9662bede309fa4d74654b85fa47c57f3867ef41ee24981ab55530df8cbb992ddca00fd7f741918f8dd529d6182443bb6162424238bbdb12f6f4a362ac5e3573782e4df2fd5db7b2033eddaca7c036ae670411
  582. EAP-Message = 0xc267bc353de1ca9107d2069bf5e4bf4b3950957fd1af4f2bd99b82eb7f8209df8140d8a92abff4f8471bdb441e4fcd2112cd455737cd995785e3469638dc2731ff09d7f2916e8c26b824de8504e0d7d47e4bb897c9e8c091cc93314e60751fa7806579a3101213aaa291ca6f5cd9b70c343a4607b863aae82e82a15465c7934ecd5bb2569867170adfc19ce69f8358a3fb0203010001a381fb3081f8301d0603551d0e04160414ed23222159f52c449662870ecef10140254552333081c80603551d230481c03081bd8014ed23222159f52c449662870ecef1014025455233a18199a48196308193310b3009060355040613024652310f300d06035504
  583. EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d462167527c1c1af300c0603551d13040530030101ff300d06092a864886f70d010105050003820101002e94a4725f3433215f111d93c267ba1af192af0e5636c5109d2e17ac607a48edfc7634d7daf0e7e9cde494ca03f8ee050058d004ae34fd9ed31ed09c3c50811f0844cca46e9377719d42b6d49869aa932c72
  584. EAP-Message = 0xf70a1d8d93adb077
  585. Message-Authenticator = 0x00000000000000000000000000000000
  586. State = 0x3b32b8053931a1597e93aeb15ced1048
  587. Finished request 2.
  588. Going to the next request
  589. Waking up in 4.9 seconds.
  590. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=138
  591. Cleaning up request 2 ID 0 with timestamp +43
  592. User-Name = "<USER>"
  593. NAS-IP-Address = 192.168.6.11
  594. Called-Station-Id = "001839edc159"
  595. Calling-Station-Id = "002269607a74"
  596. NAS-Identifier = "001839edc159"
  597. NAS-Port = 46
  598. Framed-MTU = 1400
  599. State = 0x3b32b8053931a1597e93aeb15ced1048
  600. NAS-Port-Type = Wireless-802.11
  601. EAP-Message = 0x020300061900
  602. Message-Authenticator = 0x567bfd86e1106c82a0a035fadba673da
  603. +- entering group authorize {...}
  604. ++[preprocess] returns ok
  605. ++[chap] returns noop
  606. ++[mschap] returns noop
  607. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  608. [suffix] No such realm "NULL"
  609. ++[suffix] returns noop
  610. [eap] EAP packet type response id 3 length 6
  611. [eap] Continuing tunnel setup.
  612. ++[eap] returns ok
  613. Found Auth-Type = EAP
  614. +- entering group authenticate {...}
  615. [eap] Request found, released from the list
  616. [eap] EAP/peap
  617. [eap] processing type peap
  618. [peap] processing EAP-TLS
  619. [peap] Received TLS ACK
  620. [peap] ACK handshake fragment handler
  621. [peap] eaptls_verify returned 1
  622. [peap] eaptls_process returned 13
  623. [peap] EAPTLS_HANDLED
  624. ++[eap] returns handled
  625. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  626. EAP-Message = 0x010402c7190057fe996ed18b8e878332d5ce0dcd51027fd97500368d80ee4121b2d45380d4d9f00e7d878c722c74ffd18cb21b7ef89b47a3bbe842f2c1d76866c2f56f6a56be43717bbc96267b2ce59026a1632d29ddd54163f31633e63abcebe013db77b35b9e9587adb8b465844a08687e2976af17cbc979e68bbce29c0cfe47272d62f9cc41d3a7df162607e851655cfdeedf5244823aa49f7cd754c119b3ef675540b69cb2a7d4bd7c63160301020d0c00020900808bf80d1651af42ca0ea4042ac7a30b8888065ac42fdd8f4eee8b687bda068144c37eefa94e3f77ab828cf83b38f5f37475cd84e29dfcb71b7ff8d231703c80bbe4769a817911
  627. EAP-Message = 0x51668373f666cfaa0f59c5c8814d02be0f0ccdc0ce9843f9d3c6b3e93bb690d8c570218f35160892a8cc78cd4047d920b8d23516343c7f9e793b00010200801cb1ce7ae8e70263576eb27f0427d67e603c8053a50fd424c08c33f119c6610b82897d3efbe1c09482536205b3edc6f1110196dfbbb96ac64ebb02bf400d21216ab64dd5d12857257a057cd8d74dc68f1609844f5fa24c3f3288404f9deebe439f9f878606951b2a50a3710c4451bf4d78a79bbcc8922ba3677d4b9db2a186c401002953d7906c787646a44d708a99dbc9c2f1ed0123ee986f69003ac390635b7b5f9077b2100bacfaaec806aafa52188120d60729ced05d1cafbbfae280
  628. EAP-Message = 0x9606d13e31496e966461e54908ecdd33781e4b5926c8010d4b38b77c1d641add78f4854a62fed91943919b5aa5386b45497974664e2c2a6e9a2af7e538fb8a4dd13800bde3d258428319a15899079c65e68982738ccf2c3ad5a90b0fd428a702bd1b4b6cbdab86e7998e6fabe5dc21246f45f2b8313d0faeb24da0d7652066ae0122d1a4921ec9fc46ccb99605682859dc8b747ac358cbe6cb80137c24b48fcb07349c3c59e207e164f9801df60726425ee79edba2574ffd325a6a49722b74edc2057cba16030100040e000000
  629. Message-Authenticator = 0x00000000000000000000000000000000
  630. State = 0x3b32b8053836a1597e93aeb15ced1048
  631. Finished request 3.
  632. Going to the next request
  633. Waking up in 4.9 seconds.
  634. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=336
  635. Cleaning up request 3 ID 0 with timestamp +43
  636. User-Name = "<USER>"
  637. NAS-IP-Address = 192.168.6.11
  638. Called-Station-Id = "001839edc159"
  639. Calling-Station-Id = "002269607a74"
  640. NAS-Identifier = "001839edc159"
  641. NAS-Port = 46
  642. Framed-MTU = 1400
  643. State = 0x3b32b8053836a1597e93aeb15ced1048
  644. NAS-Port-Type = Wireless-802.11
  645. EAP-Message = 0x020400cc1900160301008610000082008065ada6468a1a6ca73590f0bed60e3ea9245012e10261406f5f35c1dad33f638a293e1523f874aa46f9f48525855c44c27b7456c3b862ce6dc88ab91b6f2a7191be226d7cea78b455b7e9c8285b23ce43f4e1f914fcf46d878a7ed8fb2872976cd4b8bcef8f70f49a4f1dd9d9c183799c8ebae80bb182b29fb3c6ad1a54f01f0d1403010001011603010030c7200510d067e83bedcc6a75b3483ee8724356d31fc0d6956a5392803322dd65aa50c8ddf211997e7d130f46c67cb443
  646. Message-Authenticator = 0x30ba21be3f1a368a78a4d8a9c1749dbc
  647. +- entering group authorize {...}
  648. ++[preprocess] returns ok
  649. ++[chap] returns noop
  650. ++[mschap] returns noop
  651. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  652. [suffix] No such realm "NULL"
  653. ++[suffix] returns noop
  654. [eap] EAP packet type response id 4 length 204
  655. [eap] Continuing tunnel setup.
  656. ++[eap] returns ok
  657. Found Auth-Type = EAP
  658. +- entering group authenticate {...}
  659. [eap] Request found, released from the list
  660. [eap] EAP/peap
  661. [eap] processing type peap
  662. [peap] processing EAP-TLS
  663. [peap] eaptls_verify returned 7
  664. [peap] Done initial handshake
  665. [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
  666. [peap] TLS_accept: SSLv3 read client key exchange A
  667. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  668. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  669. [peap] TLS_accept: SSLv3 read finished A
  670. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  671. [peap] TLS_accept: SSLv3 write change cipher spec A
  672. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  673. [peap] TLS_accept: SSLv3 write finished A
  674. [peap] TLS_accept: SSLv3 flush data
  675. [peap] (other): SSL negotiation finished successfully
  676. SSL Connection Established
  677. [peap] eaptls_process returned 13
  678. [peap] EAPTLS_HANDLED
  679. ++[eap] returns handled
  680. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  681. EAP-Message = 0x01050041190014030100010116030100308cd7718960ec671993c4325627cd0595b80724507a38e5b451038b818382906da13a50b92fe2400e38ea74b3c3a550e6
  682. Message-Authenticator = 0x00000000000000000000000000000000
  683. State = 0x3b32b8053f37a1597e93aeb15ced1048
  684. Finished request 4.
  685. Going to the next request
  686. Waking up in 4.9 seconds.
  687. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=138
  688. Cleaning up request 4 ID 0 with timestamp +43
  689. User-Name = "<USER>"
  690. NAS-IP-Address = 192.168.6.11
  691. Called-Station-Id = "001839edc159"
  692. Calling-Station-Id = "002269607a74"
  693. NAS-Identifier = "001839edc159"
  694. NAS-Port = 46
  695. Framed-MTU = 1400
  696. State = 0x3b32b8053f37a1597e93aeb15ced1048
  697. NAS-Port-Type = Wireless-802.11
  698. EAP-Message = 0x020500061900
  699. Message-Authenticator = 0xb652caa9e83c1a46ef0c11874990be51
  700. +- entering group authorize {...}
  701. ++[preprocess] returns ok
  702. ++[chap] returns noop
  703. ++[mschap] returns noop
  704. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  705. [suffix] No such realm "NULL"
  706. ++[suffix] returns noop
  707. [eap] EAP packet type response id 5 length 6
  708. [eap] Continuing tunnel setup.
  709. ++[eap] returns ok
  710. Found Auth-Type = EAP
  711. +- entering group authenticate {...}
  712. [eap] Request found, released from the list
  713. [eap] EAP/peap
  714. [eap] processing type peap
  715. [peap] processing EAP-TLS
  716. [peap] Received TLS ACK
  717. [peap] ACK handshake is finished
  718. [peap] eaptls_verify returned 3
  719. [peap] eaptls_process returned 3
  720. [peap] EAPTLS_SUCCESS
  721. ++[eap] returns handled
  722. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  723. EAP-Message = 0x0106002b190017030100206e932ef975e63c81601fe35e85ff0061d9127fc3c76c22181d07afa7fb3f1c09
  724. Message-Authenticator = 0x00000000000000000000000000000000
  725. State = 0x3b32b8053e34a1597e93aeb15ced1048
  726. Finished request 5.
  727. Going to the next request
  728. Waking up in 4.9 seconds.
  729. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=228
  730. Cleaning up request 5 ID 0 with timestamp +43
  731. User-Name = "<USER>"
  732. NAS-IP-Address = 192.168.6.11
  733. Called-Station-Id = "001839edc159"
  734. Calling-Station-Id = "002269607a74"
  735. NAS-Identifier = "001839edc159"
  736. NAS-Port = 46
  737. Framed-MTU = 1400
  738. State = 0x3b32b8053e34a1597e93aeb15ced1048
  739. NAS-Port-Type = Wireless-802.11
  740. EAP-Message = 0x02060060190017030100206e2de0904f9953fc163dad932f1bd31d57371e49c42981397f84a0841172dc39170301003054074f91c21fa56f74a85a9619b1da78f830d2893cbf178d7b522be35ed287601b611f14d8f9df513cdb587195958fc1
  741. Message-Authenticator = 0xda78c3b48397d890ac96f563e7639dc2
  742. +- entering group authorize {...}
  743. ++[preprocess] returns ok
  744. ++[chap] returns noop
  745. ++[mschap] returns noop
  746. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  747. [suffix] No such realm "NULL"
  748. ++[suffix] returns noop
  749. [eap] EAP packet type response id 6 length 96
  750. [eap] Continuing tunnel setup.
  751. ++[eap] returns ok
  752. Found Auth-Type = EAP
  753. +- entering group authenticate {...}
  754. [eap] Request found, released from the list
  755. [eap] EAP/peap
  756. [eap] processing type peap
  757. [peap] processing EAP-TLS
  758. [peap] eaptls_verify returned 7
  759. [peap] Done initial handshake
  760. [peap] eaptls_process returned 7
  761. [peap] EAPTLS_OK
  762. [peap] Session established. Decoding tunneled attributes.
  763. [peap] Identity - <USER>
  764. [peap] Got tunneled request
  765. EAP-Message = 0x0206000b01383030303432
  766. server {
  767. PEAP: Got tunneled identity of <USER>
  768. PEAP: Setting default EAP type for tunneled EAP session.
  769. PEAP: Setting User-Name to <USER>
  770. Sending tunneled request
  771. EAP-Message = 0x0206000b01383030303432
  772. FreeRADIUS-Proxied-To = 127.0.0.1
  773. User-Name = "<USER>"
  774. server inner-tunnel {
  775. +- entering group authorize {...}
  776. ++[chap] returns noop
  777. ++[mschap] returns noop
  778. ++[unix] returns notfound
  779. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  780. [suffix] No such realm "NULL"
  781. ++[suffix] returns noop
  782. ++[control] returns noop
  783. [eap] EAP packet type response id 6 length 11
  784. [eap] No EAP Start, assuming it's an on-going EAP conversation
  785. ++[eap] returns updated
  786. ++[files] returns noop
  787. ++[expiration] returns noop
  788. ++[logintime] returns noop
  789. ++[pap] returns noop
  790. Found Auth-Type = EAP
  791. +- entering group authenticate {...}
  792. [eap] EAP Identity
  793. [eap] processing type gtc
  794. ++[eap] returns handled
  795. } # server inner-tunnel
  796. [peap] Got tunneled reply code 11
  797. EAP-Message = 0x0107000f0650617373776f72643a20
  798. Message-Authenticator = 0x00000000000000000000000000000000
  799. State = 0x29c3aad629c4ac82cf75d1666ecdce24
  800. [peap] Got tunneled reply RADIUS code 11
  801. EAP-Message = 0x0107000f0650617373776f72643a20
  802. Message-Authenticator = 0x00000000000000000000000000000000
  803. State = 0x29c3aad629c4ac82cf75d1666ecdce24
  804. [peap] Got tunneled Access-Challenge
  805. ++[eap] returns handled
  806. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  807. EAP-Message = 0x0107003b19001703010030853027027f48b85ddc12f67ab32119f3a1d12a6c90ff12f08f388bfc10e9a148346eea000076d50d4ba48f7fe7f4ce0b
  808. Message-Authenticator = 0x00000000000000000000000000000000
  809. State = 0x3b32b8053d35a1597e93aeb15ced1048
  810. Finished request 6.
  811. Going to the next request
  812. Waking up in 4.9 seconds.
  813. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=228
  814. Cleaning up request 6 ID 0 with timestamp +43
  815. User-Name = "<USER>"
  816. NAS-IP-Address = 192.168.6.11
  817. Called-Station-Id = "001839edc159"
  818. Calling-Station-Id = "002269607a74"
  819. NAS-Identifier = "001839edc159"
  820. NAS-Port = 46
  821. Framed-MTU = 1400
  822. State = 0x3b32b8053d35a1597e93aeb15ced1048
  823. NAS-Port-Type = Wireless-802.11
  824. EAP-Message = 0x020700601900170301002065498c2b66596d99eb42ff44caee54d82bfc9518bd4b9f41ead01a387aa88d1b17030100308c18f5efdbd7c9426c46cb5c4da9c4726c634b5d2f61ae8f31dd8894d2c385ff9e0d95bc014d88fa0c5ed1bb9496a14c
  825. Message-Authenticator = 0x3af4b2f86ed8015d344cb3724c0cb350
  826. +- entering group authorize {...}
  827. ++[preprocess] returns ok
  828. ++[chap] returns noop
  829. ++[mschap] returns noop
  830. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  831. [suffix] No such realm "NULL"
  832. ++[suffix] returns noop
  833. [eap] EAP packet type response id 7 length 96
  834. [eap] Continuing tunnel setup.
  835. ++[eap] returns ok
  836. Found Auth-Type = EAP
  837. +- entering group authenticate {...}
  838. [eap] Request found, released from the list
  839. [eap] EAP/peap
  840. [eap] processing type peap
  841. [peap] processing EAP-TLS
  842. [peap] eaptls_verify returned 7
  843. [peap] Done initial handshake
  844. [peap] eaptls_process returned 7
  845. [peap] EAPTLS_OK
  846. [peap] Session established. Decoding tunneled attributes.
  847. [peap] EAP type gtc
  848. [peap] Got tunneled request
  849. EAP-Message = 0x0207000b067372626c6677
  850. server {
  851. PEAP: Setting User-Name to <USER>
  852. Sending tunneled request
  853. EAP-Message = 0x0207000b067372626c6677
  854. FreeRADIUS-Proxied-To = 127.0.0.1
  855. User-Name = "<USER>"
  856. State = 0x29c3aad629c4ac82cf75d1666ecdce24
  857. server inner-tunnel {
  858. +- entering group authorize {...}
  859. ++[chap] returns noop
  860. ++[mschap] returns noop
  861. ++[unix] returns notfound
  862. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  863. [suffix] No such realm "NULL"
  864. ++[suffix] returns noop
  865. ++[control] returns noop
  866. [eap] EAP packet type response id 7 length 11
  867. [eap] No EAP Start, assuming it's an on-going EAP conversation
  868. ++[eap] returns updated
  869. ++[files] returns noop
  870. ++[expiration] returns noop
  871. ++[logintime] returns noop
  872. ++[pap] returns noop
  873. Found Auth-Type = EAP
  874. +- entering group authenticate {...}
  875. [eap] Request found, released from the list
  876. [eap] EAP/gtc
  877. [eap] processing type gtc
  878. [gtc] +- entering group PAP {...}
  879. [pap] login attempt with password "<PASSWORD>"
  880. [pap] No password configured for the user. Cannot do authentication
  881. ++[pap] returns fail
  882. [eap] Handler failed in EAP/gtc
  883. [eap] Failed in EAP select
  884. ++[eap] returns invalid
  885. Failed to authenticate the user.
  886. Login incorrect: [<USER>] (from client <CLIENT> port 0 via TLS tunnel)
  887. } # server inner-tunnel
  888. [peap] Got tunneled reply code 3
  889. EAP-Message = 0x04070004
  890. Message-Authenticator = 0x00000000000000000000000000000000
  891. [peap] Got tunneled reply RADIUS code 3
  892. EAP-Message = 0x04070004
  893. Message-Authenticator = 0x00000000000000000000000000000000
  894. [peap] Tunneled authentication was rejected.
  895. [peap] FAILURE
  896. ++[eap] returns handled
  897. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  898. EAP-Message = 0x0108003b19001703010030f10f471fc1902569031f1adc0d268757a118a0a985151c35493c14683827f83d086fc506b357ca1ae8b2492ddacbcd44
  899. Message-Authenticator = 0x00000000000000000000000000000000
  900. State = 0x3b32b8053c3aa1597e93aeb15ced1048
  901. Finished request 7.
  902. Going to the next request
  903. Waking up in 4.9 seconds.
  904. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=228
  905. Cleaning up request 7 ID 0 with timestamp +43
  906. User-Name = "<USER>"
  907. NAS-IP-Address = 192.168.6.11
  908. Called-Station-Id = "001839edc159"
  909. Calling-Station-Id = "002269607a74"
  910. NAS-Identifier = "001839edc159"
  911. NAS-Port = 46
  912. Framed-MTU = 1400
  913. State = 0x3b32b8053c3aa1597e93aeb15ced1048
  914. NAS-Port-Type = Wireless-802.11
  915. EAP-Message = 0x02080060190017030100200c31161fe0df8e4d97927bd0685ad8da6e711f237632c87896c196b82f0fc5411703010030041789764ed83986a389c83fd45ccb460158bca2dcb46c24c89ad564906b2553e4003b072c84729a8c24a59914819652
  916. Message-Authenticator = 0xd2858994eb82c2d86eb59137b255fe38
  917. +- entering group authorize {...}
  918. ++[preprocess] returns ok
  919. ++[chap] returns noop
  920. ++[mschap] returns noop
  921. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  922. [suffix] No such realm "NULL"
  923. ++[suffix] returns noop
  924. [eap] EAP packet type response id 8 length 96
  925. [eap] Continuing tunnel setup.
  926. ++[eap] returns ok
  927. Found Auth-Type = EAP
  928. +- entering group authenticate {...}
  929. [eap] Request found, released from the list
  930. [eap] EAP/peap
  931. [eap] processing type peap
  932. [peap] processing EAP-TLS
  933. [peap] eaptls_verify returned 7
  934. [peap] Done initial handshake
  935. [peap] eaptls_process returned 7
  936. [peap] EAPTLS_OK
  937. [peap] Session established. Decoding tunneled attributes.
  938. [peap] Received EAP-TLV response.
  939. [peap] Had sent TLV failure. User was rejected earlier in this session.
  940. [eap] Handler failed in EAP/peap
  941. [eap] Failed in EAP select
  942. ++[eap] returns invalid
  943. Failed to authenticate the user.
  944. Login incorrect: [<USER>] (from client <CLIENT> port 46 cli 002269607a74)
  945. Using Post-Auth-Type Reject
  946. +- entering group REJECT {...}
  947. [attr_filter.access_reject] expand: %{User-Name} -> <USER>
  948. attr_filter: Matched entry DEFAULT at line 11
  949. ++[attr_filter.access_reject] returns updated
  950. Sending Access-Reject of id 0 to 10.11.23.57 port 2050
  951. EAP-Message = 0x04080004
  952. Message-Authenticator = 0x00000000000000000000000000000000
  953. Finished request 8.
  954. Going to the next request
  955. Waking up in 4.9 seconds.
  956. Cleaning up request 8 ID 0 with timestamp +43
  957. Ready to process requests.
  958.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!