API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 17th, 2011
109
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 45.32 KB | None | 0 0
raw download clone embed print report
  1. FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Feb 23 2009 at 21:43:09
  2. Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE.
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License v2.
  7. Starting - reading configuration files ...
  8. including configuration file /etc/raddb/radiusd.conf
  9. including configuration file /etc/raddb/proxy.conf
  10. including configuration file /etc/raddb/clients.conf
  11. including files in directory /etc/raddb/modules/
  12. including configuration file /etc/raddb/modules/acct_unique
  13. including configuration file /etc/raddb/modules/echo
  14. including configuration file /etc/raddb/modules/files
  15. including configuration file /etc/raddb/modules/mschap
  16. including configuration file /etc/raddb/modules/counter
  17. including configuration file /etc/raddb/modules/preprocess
  18. including configuration file /etc/raddb/modules/ntlm_auth
  19. including configuration file /etc/raddb/modules/mac2vlan
  20. including configuration file /etc/raddb/modules/radutmp
  21. including configuration file /etc/raddb/modules/attr_filter
  22. including configuration file /etc/raddb/modules/inner-eap
  23. including configuration file /etc/raddb/modules/always
  24. including configuration file /etc/raddb/modules/digest
  25. including configuration file /etc/raddb/modules/linelog
  26. including configuration file /etc/raddb/modules/ldap
  27. including configuration file /etc/raddb/modules/realm
  28. including configuration file /etc/raddb/modules/expiration
  29. including configuration file /etc/raddb/modules/wimax
  30. including configuration file /etc/raddb/modules/pap
  31. including configuration file /etc/raddb/modules/detail
  32. including configuration file /etc/raddb/modules/mac2ip
  33. including configuration file /etc/raddb/modules/sql_log
  34. including configuration file /etc/raddb/modules/krb5
  35. including configuration file /etc/raddb/modules/expr
  36. including configuration file /etc/raddb/modules/etc_group
  37. including configuration file /etc/raddb/modules/detail.example.com
  38. including configuration file /etc/raddb/modules/checkval
  39. including configuration file /etc/raddb/modules/logintime
  40. including configuration file /etc/raddb/modules/passwd
  41. including configuration file /etc/raddb/modules/detail.log
  42. including configuration file /etc/raddb/modules/exec
  43. including configuration file /etc/raddb/modules/attr_rewrite
  44. including configuration file /etc/raddb/modules/unix
  45. including configuration file /etc/raddb/modules/ippool
  46. including configuration file /etc/raddb/modules/smbpasswd
  47. including configuration file /etc/raddb/modules/chap
  48. including configuration file /etc/raddb/modules/pam
  49. including configuration file /etc/raddb/modules/sradutmp
  50. including configuration file /etc/raddb/modules/policy
  51. including configuration file /etc/raddb/eap.conf
  52. including configuration file /etc/raddb/sql.conf
  53. including configuration file /etc/raddb/sql/mysql/dialup.conf
  54. including configuration file /etc/raddb/sql/mysql/counter.conf
  55. including configuration file /etc/raddb/policy.conf
  56. including files in directory /etc/raddb/sites-enabled/
  57. including configuration file /etc/raddb/sites-enabled/default
  58. including configuration file /etc/raddb/sites-enabled/inner-tunnel
  59. group = radiusd
  60. user = radiusd
  61. including dictionary file /etc/raddb/dictionary
  62. main {
  63. prefix = "/usr"
  64. localstatedir = "/var"
  65. logdir = "/var/log/radius"
  66. libdir = "/usr/lib64/freeradius"
  67. radacctdir = "/var/log/radius/radacct"
  68. hostname_lookups = no
  69. max_request_time = 30
  70. cleanup_delay = 5
  71. max_requests = 1024
  72. allow_core_dumps = no
  73. pidfile = "/var/run/radiusd/radiusd.pid"
  74. checkrad = "/usr/sbin/checkrad"
  75. debug_level = 0
  76. proxy_requests = yes
  77. log {
  78. stripped_names = no
  79. auth = no
  80. auth_badpass = no
  81. auth_goodpass = no
  82. }
  83. security {
  84. max_attributes = 200
  85. reject_delay = 1
  86. status_server = yes
  87. }
  88. }
  89. client localhost {
  90. ipaddr = 127.0.0.1
  91. require_message_authenticator = no
  92. secret = "testing123"
  93. nastype = "other"
  94. }
  95. client 10.40.2.11/24 {
  96. require_message_authenticator = no
  97. secret = "radiussharedsecret"
  98. shortname = "private-network-1"
  99. }
  100. radiusd: #### Loading Realms and Home Servers ####
  101. proxy server {
  102. retry_delay = 5
  103. retry_count = 3
  104. default_fallback = no
  105. dead_time = 120
  106. wake_all_if_all_dead = no
  107. }
  108. home_server localhost {
  109. ipaddr = 127.0.0.1
  110. port = 1812
  111. type = "auth"
  112. secret = "testing123"
  113. response_window = 20
  114. max_outstanding = 65536
  115. zombie_period = 40
  116. status_check = "status-server"
  117. ping_interval = 30
  118. check_interval = 30
  119. num_answers_to_alive = 3
  120. num_pings_to_alive = 3
  121. revive_interval = 120
  122. status_check_timeout = 4
  123. }
  124. home_server_pool my_auth_failover {
  125. type = fail-over
  126. home_server = localhost
  127. }
  128. realm example.com {
  129. auth_pool = my_auth_failover
  130. }
  131. realm LOCAL {
  132. }
  133. radiusd: #### Instantiating modules ####
  134. instantiate {
  135. Module: Linked to module rlm_exec
  136. Module: Instantiating exec
  137. exec {
  138. wait = no
  139. input_pairs = "request"
  140. shell_escape = yes
  141. }
  142. Module: Linked to module rlm_expr
  143. Module: Instantiating expr
  144. Module: Linked to module rlm_expiration
  145. Module: Instantiating expiration
  146. expiration {
  147. reply-message = "Password Has Expired "
  148. }
  149. Module: Linked to module rlm_logintime
  150. Module: Instantiating logintime
  151. logintime {
  152. reply-message = "You are calling outside your allowed timespan "
  153. minimum-timeout = 60
  154. }
  155. }
  156. radiusd: #### Loading Virtual Servers ####
  157. server inner-tunnel {
  158. modules {
  159. Module: Checking authenticate {...} for more modules to load
  160. Module: Instantiating ntlm_auth
  161. exec ntlm_auth {
  162. wait = yes
  163. program = "/usr/bin/ntlm_auth --request-nt-key --domain=(domain).com --username=%{mschap:User-Name} --password=%{User-Password}"
  164. input_pairs = "request"
  165. shell_escape = yes
  166. }
  167. Module: Linked to module rlm_pap
  168. Module: Instantiating pap
  169. pap {
  170. encryption_scheme = "auto"
  171. auto_header = no
  172. }
  173. Module: Linked to module rlm_chap
  174. Module: Instantiating chap
  175. Module: Linked to module rlm_mschap
  176. Module: Instantiating mschap
  177. mschap {
  178. use_mppe = yes
  179. require_encryption = no
  180. require_strong = no
  181. with_ntdomain_hack = no
  182. ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{%{mschap:NT-Domain}:-(domain).com --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
  183. }
  184. Module: Linked to module rlm_unix
  185. Module: Instantiating unix
  186. unix {
  187. radwtmp = "/var/log/radius/radwtmp"
  188. }
  189. Module: Linked to module rlm_ldap
  190. Module: Instantiating ldap
  191. ldap {
  192. server = "ldap.your.domain"
  193. port = 389
  194. password = ""
  195. identity = ""
  196. net_timeout = 1
  197. timeout = 4
  198. timelimit = 3
  199. tls_mode = no
  200. start_tls = no
  201. tls_require_cert = "allow"
  202. tls {
  203. start_tls = no
  204. require_cert = "allow"
  205. }
  206. basedn = "o=My Org,c=UA"
  207. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  208. base_filter = "(objectclass=radiusprofile)"
  209. auto_header = no
  210. access_attr_used_for_allow = yes
  211. groupname_attribute = "cn"
  212. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  213. dictionary_mapping = "/etc/raddb/ldap.attrmap"
  214. ldap_debug = 0
  215. ldap_connections_number = 5
  216. compare_check_items = no
  217. do_xlat = yes
  218. edir_account_policy_check = no
  219. set_auth_type = yes
  220. }
  221. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  222. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  223. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
  224. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  225. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  226. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  227. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  228. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  229. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  230. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  231. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  232. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  233. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  234. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  235. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  236. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  237. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  238. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  239. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  240. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  241. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  242. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  243. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  244. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  245. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  246. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  247. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  248. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  249. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  250. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  251. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  252. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  253. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  254. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  255. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  256. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  257. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  258. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  259. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  260. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  261. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  262. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  263. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  264. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  265. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  266. conns: 0x7fbd3874f500
  267. Module: Linked to module rlm_eap
  268. Module: Instantiating eap
  269. eap {
  270. default_eap_type = "md5"
  271. timer_expire = 60
  272. ignore_unknown_eap_types = no
  273. cisco_accounting_username_bug = no
  274. max_sessions = 2048
  275. }
  276. Module: Linked to sub-module rlm_eap_md5
  277. Module: Instantiating eap-md5
  278. Module: Linked to sub-module rlm_eap_leap
  279. Module: Instantiating eap-leap
  280. Module: Linked to sub-module rlm_eap_gtc
  281. Module: Instantiating eap-gtc
  282. gtc {
  283. challenge = "Password: "
  284. auth_type = "PAP"
  285. }
  286. Module: Linked to sub-module rlm_eap_tls
  287. Module: Instantiating eap-tls
  288. tls {
  289. rsa_key_exchange = no
  290. dh_key_exchange = yes
  291. rsa_key_length = 512
  292. dh_key_length = 512
  293. verify_depth = 0
  294. pem_file_type = yes
  295. private_key_file = "/etc/raddb/certs/server.pem"
  296. certificate_file = "/etc/raddb/certs/server.pem"
  297. CA_file = "/etc/raddb/certs/ca.pem"
  298. private_key_password = "(privatekeypassword)"
  299. dh_file = "/etc/raddb/certs/dh"
  300. random_file = "/etc/raddb/certs/random"
  301. fragment_size = 1024
  302. include_length = yes
  303. check_crl = no
  304. cipher_list = "DEFAULT"
  305. cache {
  306. enable = no
  307. lifetime = 24
  308. max_entries = 255
  309. }
  310. }
  311. Module: Linked to sub-module rlm_eap_ttls
  312. Module: Instantiating eap-ttls
  313. ttls {
  314. default_eap_type = "md5"
  315. copy_request_to_tunnel = no
  316. use_tunneled_reply = no
  317. virtual_server = "inner-tunnel"
  318. }
  319. Module: Linked to sub-module rlm_eap_peap
  320. Module: Instantiating eap-peap
  321. peap {
  322. default_eap_type = "mschapv2"
  323. copy_request_to_tunnel = no
  324. use_tunneled_reply = no
  325. proxy_tunneled_request_as_eap = yes
  326. virtual_server = "inner-tunnel"
  327. }
  328. Module: Linked to sub-module rlm_eap_mschapv2
  329. Module: Instantiating eap-mschapv2
  330. mschapv2 {
  331. with_ntdomain_hack = no
  332. }
  333. Module: Checking authorize {...} for more modules to load
  334. Module: Linked to module rlm_realm
  335. Module: Instantiating suffix
  336. realm suffix {
  337. format = "suffix"
  338. delimiter = "@"
  339. ignore_default = no
  340. ignore_null = no
  341. }
  342. Module: Linked to module rlm_files
  343. Module: Instantiating files
  344. files {
  345. usersfile = "/etc/raddb/users"
  346. acctusersfile = "/etc/raddb/acct_users"
  347. preproxy_usersfile = "/etc/raddb/preproxy_users"
  348. compat = "no"
  349. }
  350. Module: Checking session {...} for more modules to load
  351. Module: Linked to module rlm_radutmp
  352. Module: Instantiating radutmp
  353. radutmp {
  354. filename = "/var/log/radius/radutmp"
  355. username = "%{User-Name}"
  356. case_sensitive = yes
  357. check_with_nas = yes
  358. perm = 384
  359. callerid = yes
  360. }
  361. Module: Checking post-proxy {...} for more modules to load
  362. Module: Checking post-auth {...} for more modules to load
  363. Module: Linked to module rlm_attr_filter
  364. Module: Instantiating attr_filter.access_reject
  365. attr_filter attr_filter.access_reject {
  366. attrsfile = "/etc/raddb/attrs.access_reject"
  367. key = "%{User-Name}"
  368. }
  369. }
  370. }
  371. modules {
  372. Module: Checking authenticate {...} for more modules to load
  373. Module: Checking authorize {...} for more modules to load
  374. Module: Linked to module rlm_preprocess
  375. Module: Instantiating preprocess
  376. preprocess {
  377. huntgroups = "/etc/raddb/huntgroups"
  378. hints = "/etc/raddb/hints"
  379. with_ascend_hack = no
  380. ascend_channels_per_line = 23
  381. with_ntdomain_hack = no
  382. with_specialix_jetstream_hack = no
  383. with_cisco_vsa_hack = no
  384. with_alvarion_vsa_hack = no
  385. }
  386. Module: Checking preacct {...} for more modules to load
  387. Module: Linked to module rlm_acct_unique
  388. Module: Instantiating acct_unique
  389. acct_unique {
  390. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  391. }
  392. Module: Checking accounting {...} for more modules to load
  393. Module: Linked to module rlm_detail
  394. Module: Instantiating detail
  395. detail {
  396. detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
  397. header = "%t"
  398. detailperm = 384
  399. dirperm = 493
  400. locking = no
  401. log_packet_header = no
  402. }
  403. Module: Instantiating attr_filter.accounting_response
  404. attr_filter attr_filter.accounting_response {
  405. attrsfile = "/etc/raddb/attrs.accounting_response"
  406. key = "%{User-Name}"
  407. }
  408. Module: Checking session {...} for more modules to load
  409. Module: Checking post-proxy {...} for more modules to load
  410. Module: Checking post-auth {...} for more modules to load
  411. }
  412. radiusd: #### Opening IP addresses and Ports ####
  413. listen {
  414. type = "auth"
  415. ipaddr = *
  416. port = 0
  417. }
  418. listen {
  419. type = "acct"
  420. ipaddr = *
  421. port = 0
  422. }
  423. Listening on authentication address * port 1812
  424. Listening on accounting address * port 1813
  425. Listening on proxy address * port 1814
  426. Ready to process requests.
  427. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=164, length=174
  428. User-Name = "(domain)\\(user)"
  429. Calling-Station-Id = "00-24-D7-29-45-30"
  430. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  431. NAS-Port = 29
  432. NAS-IP-Address = 10.40.2.11
  433. NAS-Identifier = "Cisco_b2:3f:03"
  434. Airespace-Wlan-Id = 3
  435. Service-Type = Framed-User
  436. Framed-MTU = 1300
  437. NAS-Port-Type = Wireless-802.11
  438. EAP-Message = 0x02020011015353505f43435c4a48616c6c
  439. Message-Authenticator = 0x22e65e810271fd1bc00f4fb8256e3585
  440. +- entering group authorize {...}
  441. ++[preprocess] returns ok
  442. ++[chap] returns noop
  443. ++[mschap] returns noop
  444. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  445. [suffix] No such realm "NULL"
  446. ++[suffix] returns noop
  447. [eap] EAP packet type response id 2 length 17
  448. [eap] No EAP Start, assuming it's an on-going EAP conversation
  449. ++[eap] returns updated
  450. ++[unix] returns notfound
  451. ++[files] returns noop
  452. ++[expiration] returns noop
  453. ++[logintime] returns noop
  454. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  455. ++[pap] returns noop
  456. Found Auth-Type = EAP
  457. +- entering group authenticate {...}
  458. [eap] EAP Identity
  459. [eap] processing type md5
  460. rlm_eap_md5: Issuing Challenge
  461. ++[eap] returns handled
  462. Sending Access-Challenge of id 164 to 10.40.2.11 port 32769
  463. EAP-Message = 0x01030016041089424d1b22507f4279bc6a8e5a6cb76d
  464. Message-Authenticator = 0x00000000000000000000000000000000
  465. State = 0x1dedbc721deeb88b128db7fe5110b19f
  466. Finished request 0.
  467. Going to the next request
  468. Waking up in 4.9 seconds.
  469. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=165, length=181
  470. User-Name = "(domain)\\(user)"
  471. Calling-Station-Id = "00-24-D7-29-45-30"
  472. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  473. NAS-Port = 29
  474. NAS-IP-Address = 10.40.2.11
  475. NAS-Identifier = "Cisco_b2:3f:03"
  476. Airespace-Wlan-Id = 3
  477. Service-Type = Framed-User
  478. Framed-MTU = 1300
  479. NAS-Port-Type = Wireless-802.11
  480. EAP-Message = 0x020300060319
  481. State = 0x1dedbc721deeb88b128db7fe5110b19f
  482. Message-Authenticator = 0xec1070345ca7eabd9758afcc971c0cd8
  483. +- entering group authorize {...}
  484. ++[preprocess] returns ok
  485. ++[chap] returns noop
  486. ++[mschap] returns noop
  487. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  488. [suffix] No such realm "NULL"
  489. ++[suffix] returns noop
  490. [eap] EAP packet type response id 3 length 6
  491. [eap] No EAP Start, assuming it's an on-going EAP conversation
  492. ++[eap] returns updated
  493. ++[unix] returns notfound
  494. ++[files] returns noop
  495. ++[expiration] returns noop
  496. ++[logintime] returns noop
  497. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  498. ++[pap] returns noop
  499. Found Auth-Type = EAP
  500. +- entering group authenticate {...}
  501. [eap] Request found, released from the list
  502. [eap] EAP NAK
  503. [eap] EAP-NAK asked for EAP-Type/peap
  504. [eap] processing type tls
  505. [tls] Initiate
  506. [tls] Start returned 1
  507. ++[eap] returns handled
  508. Sending Access-Challenge of id 165 to 10.40.2.11 port 32769
  509. EAP-Message = 0x010400061920
  510. Message-Authenticator = 0x00000000000000000000000000000000
  511. State = 0x1dedbc721ce9a58b128db7fe5110b19f
  512. Finished request 1.
  513. Going to the next request
  514. Waking up in 4.9 seconds.
  515. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=166, length=301
  516. User-Name = "(domain)\\(user)"
  517. Calling-Station-Id = "00-24-D7-29-45-30"
  518. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  519. NAS-Port = 29
  520. NAS-IP-Address = 10.40.2.11
  521. NAS-Identifier = "Cisco_b2:3f:03"
  522. Airespace-Wlan-Id = 3
  523. Service-Type = Framed-User
  524. Framed-MTU = 1300
  525. NAS-Port-Type = Wireless-802.11
  526. EAP-Message = 0x0204007e198000000074160301006f0100006b03014d3450e789f31a17a8a0d1bc654e6c737d36c862f57548c6e49504e1a4edb186000018002f00350005000ac013c014c009c00a00320038001300040100002aff0100010000000011000f00000c7373705f63635c6a68616c6c000a0006000400170018000b00020100
  527. State = 0x1dedbc721ce9a58b128db7fe5110b19f
  528. Message-Authenticator = 0x2ea6fef055f2cc33b30f77addba6458f
  529. +- entering group authorize {...}
  530. ++[preprocess] returns ok
  531. ++[chap] returns noop
  532. ++[mschap] returns noop
  533. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  534. [suffix] No such realm "NULL"
  535. ++[suffix] returns noop
  536. [eap] EAP packet type response id 4 length 126
  537. [eap] Continuing tunnel setup.
  538. ++[eap] returns ok
  539. Found Auth-Type = EAP
  540. +- entering group authenticate {...}
  541. [eap] Request found, released from the list
  542. [eap] EAP/peap
  543. [eap] processing type peap
  544. [peap] processing EAP-TLS
  545. TLS Length 116
  546. [peap] Length Included
  547. [peap] eaptls_verify returned 11
  548. [peap] (other): before/accept initialization
  549. [peap] TLS_accept: before/accept initialization
  550. [peap] <<< TLS 1.0 Handshake [length 006f], ClientHello
  551. [peap] TLS_accept: SSLv3 read client hello A
  552. [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
  553. [peap] TLS_accept: SSLv3 write server hello A
  554. [peap] >>> TLS 1.0 Handshake [length 0bf0], Certificate
  555. [peap] TLS_accept: SSLv3 write certificate A
  556. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  557. [peap] TLS_accept: SSLv3 write server done A
  558. [peap] TLS_accept: SSLv3 flush data
  559. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
  560. In SSL Handshake Phase
  561. In SSL Accept mode
  562. [peap] eaptls_process returned 13
  563. [peap] EAPTLS_HANDLED
  564. ++[eap] returns handled
  565. Sending Access-Challenge of id 166 to 10.40.2.11 port 32769
  566. EAP-Message = 0x0105040019c000000c2d160301002a0200002603014d33fc2e9dec03e295119761deb06e6a0d6ccb6dcd48797bc00bdb4d1cdea82200002f001603010bf00b000bec000be90005ec308205e8308204d0a003020102020101300d06092a864886f70d01010505003081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e205365637572652057
  567. EAP-Message = 0x6972656c65737320547275737465642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d301e170d3131303131343135343033315a170d3231303131303135343033315a3081d0310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e743141303f0603550403133853757373657220486f6c64696e67732c204c4c432e2053656375726520576972656c6573732053
  568. EAP-Message = 0x65727665722043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b0e7fe12345cdca6833d10c3d0bcae35202914ba993ea6c4e02725c1360758b8e539656a193a2273e1e08b2b95b57adcf1c74a0e4dcbd97aee4bfb5e64a9bc2429a8fb82b2003868b3d4baafcb220087b0716073978dd6e4cbbd7e827e3e7d8ba4995544143116f0d36aeafa90b8a943643b24e212a4056570cc80b953f0025e3992ffc02f65b09ba99a19d07bf1b078c86366a0f9c50f63be23259efaa0aba9753e0e119a3b1d39
  569. EAP-Message = 0x835c9c02b5d7ffe4bb52db138503939151c84220454d499e57b8a6bed5559cbf57ef530df40ca7cbddb734e86e2daaf3df0164e224fc19f45f4273696922ed83031b8b601a90e06fc4ea2a4dda511ebc93b9d17513357d670203010001a38201c8308201c430090603551d1304023000303006096086480186f842010d04231621596153542047656e65726174656420536572766572204365727469666963617465301106096086480186f8420101040403020640300b0603551d0f0404030205a0301d0603551d0e04160414b34b5411ea24bb17cef6b4c7739c8566178b4570308201060603551d230481fe3081fb80149d539b706056043dba6cd3
  570. EAP-Message = 0x93afbc36e5d1e4cd32a181d7
  571. Message-Authenticator = 0x00000000000000000000000000000000
  572. State = 0x1dedbc721fe8a58b128db7fe5110b19f
  573. Finished request 2.
  574. Going to the next request
  575. Waking up in 4.9 seconds.
  576. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=167, length=181
  577. User-Name = "(domain)\\(user)"
  578. Calling-Station-Id = "00-24-D7-29-45-30"
  579. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  580. NAS-Port = 29
  581. NAS-IP-Address = 10.40.2.11
  582. NAS-Identifier = "Cisco_b2:3f:03"
  583. Airespace-Wlan-Id = 3
  584. Service-Type = Framed-User
  585. Framed-MTU = 1300
  586. NAS-Port-Type = Wireless-802.11
  587. EAP-Message = 0x020500061900
  588. State = 0x1dedbc721fe8a58b128db7fe5110b19f
  589. Message-Authenticator = 0xe8493a9f0063708c0184d68a35cd6edb
  590. +- entering group authorize {...}
  591. ++[preprocess] returns ok
  592. ++[chap] returns noop
  593. ++[mschap] returns noop
  594. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  595. [suffix] No such realm "NULL"
  596. ++[suffix] returns noop
  597. [eap] EAP packet type response id 5 length 6
  598. [eap] Continuing tunnel setup.
  599. ++[eap] returns ok
  600. Found Auth-Type = EAP
  601. +- entering group authenticate {...}
  602. [eap] Request found, released from the list
  603. [eap] EAP/peap
  604. [eap] processing type peap
  605. [peap] processing EAP-TLS
  606. [peap] Received TLS ACK
  607. [peap] ACK handshake fragment handler
  608. [peap] eaptls_verify returned 1
  609. [peap] eaptls_process returned 13
  610. [peap] EAPTLS_HANDLED
  611. ++[eap] returns handled
  612. Sending Access-Challenge of id 167 to 10.40.2.11 port 32769
  613. EAP-Message = 0x010603fc1940a481d43081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e2053656375726520576972656c65737320547275737465642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d820900bf89678296012560301d0603551d11041630148112697461646d696e40
  614. EAP-Message = 0x7375737365722e636f6d301d0603551d12041630148112697461646d696e407375737365722e636f6d300d06092a864886f70d01010505000382010100180a6ec06ed765cd52362efc3a4f5f65e73d5c804cc6deeb784bede440b0913c1c801c22a36d1854d47d018b65d56babcccd2e8f88eab7b05fa3d1d04612ba6abccd48ce8e2171341c4471afb98ce9ef06e95a9c83e9acee444c7f6aae91e109150a94f21c9793bd8efd4c332d6426562c1ffbae3fb0e9766d277300da2cdb7ef612f62b34e36817980c63a664a0e08259ef214747a552539c7d75d01db0dfcec87bb2cf275a4f30fe905a2da2620d9c45b5263c5093e824d39de22d225b432a
  615. EAP-Message = 0x2936e56a606a793cb7101984c482ec7606e9c26ca484e00256898fead240f3421e5644e7fff1dd5be19f4b41c7c15e66d1e42d4f9cf751d3378c3d8dda80e43c0005f7308205f3308204dba003020102020900bf89678296012560300d06092a864886f70d01010505003081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e205365637572
  616. EAP-Message = 0x6520576972656c65737320547275737465642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d301e170d3131303131343135333931345a170d3231303131313135333931345a3081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e2053656375726520576972656c6573
  617. EAP-Message = 0x7320547275737465
  618. Message-Authenticator = 0x00000000000000000000000000000000
  619. State = 0x1dedbc721eeba58b128db7fe5110b19f
  620. Finished request 3.
  621. Going to the next request
  622. Waking up in 4.9 seconds.
  623. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=168, length=181
  624. User-Name = "(domain)\\(user)"
  625. Calling-Station-Id = "00-24-D7-29-45-30"
  626. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  627. NAS-Port = 29
  628. NAS-IP-Address = 10.40.2.11
  629. NAS-Identifier = "Cisco_b2:3f:03"
  630. Airespace-Wlan-Id = 3
  631. Service-Type = Framed-User
  632. Framed-MTU = 1300
  633. NAS-Port-Type = Wireless-802.11
  634. EAP-Message = 0x020600061900
  635. State = 0x1dedbc721eeba58b128db7fe5110b19f
  636. Message-Authenticator = 0xa20ce8e682b85a758ebed239f4af3e57
  637. +- entering group authorize {...}
  638. ++[preprocess] returns ok
  639. ++[chap] returns noop
  640. ++[mschap] returns noop
  641. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  642. [suffix] No such realm "NULL"
  643. ++[suffix] returns noop
  644. [eap] EAP packet type response id 6 length 6
  645. [eap] Continuing tunnel setup.
  646. ++[eap] returns ok
  647. Found Auth-Type = EAP
  648. +- entering group authenticate {...}
  649. [eap] Request found, released from the list
  650. [eap] EAP/peap
  651. [eap] processing type peap
  652. [peap] processing EAP-TLS
  653. [peap] Received TLS ACK
  654. [peap] ACK handshake fragment handler
  655. [peap] eaptls_verify returned 1
  656. [peap] eaptls_process returned 13
  657. [peap] EAPTLS_HANDLED
  658. ++[eap] returns handled
  659. Sending Access-Challenge of id 168 to 10.40.2.11 port 32769
  660. EAP-Message = 0x010703fc1940642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b84a9abe8de3b7564ce3778f537011afd28e5a022ab9947b35205af702e765565b1385ebfbefb424b3e2f6265b90f480c4b6a43ff18b6f04d1780d9dd33ce3de4ffbbd05c3586d8bf16bbf4a219ebbe0a8129e65c4ed4cc3deaf6893983901aa19e068ac9f9b1120d7fb493c523ac128a10439a8a4ca1ba3b6a281430e06ee0f376b429b435cedb161aff437df698dfa4514329f51f51405d8761323e98dada8c8ae297343ff
  661. EAP-Message = 0x42eac1f7590a45d48fcb26c1172ff8a23a2accd5fac0b7d8786fa3b9f29ec0d26b094f7cbf3635277b9e8b14f5d139540877df6abba406de92a6911b6e7a1f548fecb3f65f6aaad2f88e61a9e6d4aa96c2bcbaee6291d179931b0203010001a38201ca308201c6300f0603551d130101ff040530030101ff302c06096086480186f842010d041f161d596153542047656e657261746564204341204365727469666963617465301106096086480186f8420101040403020106300b0603551d0f040403020106301d0603551d0e041604149d539b706056043dba6cd393afbc36e5d1e4cd32308201060603551d230481fe3081fb80149d539b70605604
  662. EAP-Message = 0x3dba6cd393afbc36e5d1e4cd32a181d7a481d43081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e2053656375726520576972656c65737320547275737465642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d820900bf89678296012560301d0603551d1104163014
  663. EAP-Message = 0x8112697461646d696e407375737365722e636f6d301d0603551d12041630148112697461646d696e407375737365722e636f6d300d06092a864886f70d010105050003820101005b09949f2b2fc866f3b57730da7e86aee978c3ae7e5e2f1d12a4b4c9b5d3e0346f552d6ad7dbf1925f8d45cef62f07b1d93d9ec85ed97a2f3cfbd2e64b39c8ace6c71f560d0302883057b0c5b82ead73b2a5157777d72e4a49bb988c19d2bca3a39fd6e7ef0f900bfb17f8fc60b022a63c841c5a5bf4b11a1dc496278da6fa690546597461992fbcb2cb7c4ab186564ff8d3727a5b1fd80527abf5c082a137b5185152bfd37501bbe81123f6194d0795366871c20183
  664. EAP-Message = 0x1b74c41719f9221e
  665. Message-Authenticator = 0x00000000000000000000000000000000
  666. State = 0x1dedbc7219eaa58b128db7fe5110b19f
  667. Finished request 4.
  668. Going to the next request
  669. Waking up in 4.9 seconds.
  670. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=169, length=181
  671. User-Name = "(domain)\\(user)"
  672. Calling-Station-Id = "00-24-D7-29-45-30"
  673. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  674. NAS-Port = 29
  675. NAS-IP-Address = 10.40.2.11
  676. NAS-Identifier = "Cisco_b2:3f:03"
  677. Airespace-Wlan-Id = 3
  678. Service-Type = Framed-User
  679. Framed-MTU = 1300
  680. NAS-Port-Type = Wireless-802.11
  681. EAP-Message = 0x020700061900
  682. State = 0x1dedbc7219eaa58b128db7fe5110b19f
  683. Message-Authenticator = 0x94dbb14a676d6e35004a5663cba79ac5
  684. +- entering group authorize {...}
  685. ++[preprocess] returns ok
  686. ++[chap] returns noop
  687. ++[mschap] returns noop
  688. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  689. [suffix] No such realm "NULL"
  690. ++[suffix] returns noop
  691. [eap] EAP packet type response id 7 length 6
  692. [eap] Continuing tunnel setup.
  693. ++[eap] returns ok
  694. Found Auth-Type = EAP
  695. +- entering group authenticate {...}
  696. [eap] Request found, released from the list
  697. [eap] EAP/peap
  698. [eap] processing type peap
  699. [peap] processing EAP-TLS
  700. [peap] Received TLS ACK
  701. [peap] ACK handshake fragment handler
  702. [peap] eaptls_verify returned 1
  703. [peap] eaptls_process returned 13
  704. [peap] EAPTLS_HANDLED
  705. ++[eap] returns handled
  706. Sending Access-Challenge of id 169 to 10.40.2.11 port 32769
  707. EAP-Message = 0x0108005119001e07c8f51ab4d6fd08b6b7297a7222ec2618a9d85c2d1efb027d09bf69595974bf43b9e5cf05395370df069a527110567041044b61647b49ebb07d118cf6b015870116030100040e000000
  708. Message-Authenticator = 0x00000000000000000000000000000000
  709. State = 0x1dedbc7218e5a58b128db7fe5110b19f
  710. Finished request 5.
  711. Going to the next request
  712. Waking up in 4.9 seconds.
  713. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=170, length=513
  714. User-Name = "(domain)\\(user)"
  715. Calling-Station-Id = "00-24-D7-29-45-30"
  716. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  717. NAS-Port = 29
  718. NAS-IP-Address = 10.40.2.11
  719. NAS-Identifier = "Cisco_b2:3f:03"
  720. Airespace-Wlan-Id = 3
  721. Service-Type = Framed-User
  722. Framed-MTU = 1300
  723. NAS-Port-Type = Wireless-802.11
  724. EAP-Message = 0x02080150198000000146160301010610000102010056074a8ce6d2bf13d8ba53eeada28dbf64a643f308d5f7c8220caba3b7c2e736509344c1ae317873920466d3376379dd31a7687c128ad151f78dca9822fe2ebaef2531944b6f5fd134904b852aaec1e353e4edb6e6d0018b0c19f8b6ae8e1073aa4fcdf1591e70d18b8cd11576888b8f0d57f87229187c70cbc25d43a35922b1a1c7ef24f2cdd8cac0451c5f89bce15efa23e8e0bc485a94e865ccc11d9bdab17455190c816287a841f491ad4d9fb6f4119985209f9402147b0804c93ee7f2022daf1e8a8be3b9c0bcccb6fe6d63f1474362a01694868d1f83e990e886444bd87acd08bda3632812
  725. EAP-Message = 0xa8f27eb3579e4daf03951ff172169766e132eeb0a7630f371403010001011603010030e99a93df44da1214fd136e6c535739f1e8a3a4e31ba97f7e8b1b6b15adb4ba6bfffc793d5bef7f3f09af7d4f3d49d625
  726. State = 0x1dedbc7218e5a58b128db7fe5110b19f
  727. Message-Authenticator = 0x7d0821c9e8487d7798f3b22c48313997
  728. +- entering group authorize {...}
  729. ++[preprocess] returns ok
  730. ++[chap] returns noop
  731. ++[mschap] returns noop
  732. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  733. [suffix] No such realm "NULL"
  734. ++[suffix] returns noop
  735. [eap] EAP packet type response id 8 length 253
  736. [eap] Continuing tunnel setup.
  737. ++[eap] returns ok
  738. Found Auth-Type = EAP
  739. +- entering group authenticate {...}
  740. [eap] Request found, released from the list
  741. [eap] EAP/peap
  742. [eap] processing type peap
  743. [peap] processing EAP-TLS
  744. TLS Length 326
  745. [peap] Length Included
  746. [peap] eaptls_verify returned 11
  747. [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
  748. [peap] TLS_accept: SSLv3 read client key exchange A
  749. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  750. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  751. [peap] TLS_accept: SSLv3 read finished A
  752. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  753. [peap] TLS_accept: SSLv3 write change cipher spec A
  754. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  755. [peap] TLS_accept: SSLv3 write finished A
  756. [peap] TLS_accept: SSLv3 flush data
  757. [peap] (other): SSL negotiation finished successfully
  758. SSL Connection Established
  759. [peap] eaptls_process returned 13
  760. [peap] EAPTLS_HANDLED
  761. ++[eap] returns handled
  762. Sending Access-Challenge of id 170 to 10.40.2.11 port 32769
  763. EAP-Message = 0x010900411900140301000101160301003057cbc220aaa7a31bcb770d29cb143ec6f2d242bcd5a2f6e1db6910083a1efc1032d85a5b86c13e11572e11e7ee93f240
  764. Message-Authenticator = 0x00000000000000000000000000000000
  765. State = 0x1dedbc721be4a58b128db7fe5110b19f
  766. Finished request 6.
  767. Going to the next request
  768. Waking up in 4.9 seconds.
  769. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=171, length=181
  770. User-Name = "(domain)\\(user)"
  771. Calling-Station-Id = "00-24-D7-29-45-30"
  772. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  773. NAS-Port = 29
  774. NAS-IP-Address = 10.40.2.11
  775. NAS-Identifier = "Cisco_b2:3f:03"
  776. Airespace-Wlan-Id = 3
  777. Service-Type = Framed-User
  778. Framed-MTU = 1300
  779. NAS-Port-Type = Wireless-802.11
  780. EAP-Message = 0x020900061900
  781. State = 0x1dedbc721be4a58b128db7fe5110b19f
  782. Message-Authenticator = 0x6d48ab1e43819505af4a416a7b2826f0
  783. +- entering group authorize {...}
  784. ++[preprocess] returns ok
  785. ++[chap] returns noop
  786. ++[mschap] returns noop
  787. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  788. [suffix] No such realm "NULL"
  789. ++[suffix] returns noop
  790. [eap] EAP packet type response id 9 length 6
  791. [eap] Continuing tunnel setup.
  792. ++[eap] returns ok
  793. Found Auth-Type = EAP
  794. +- entering group authenticate {...}
  795. [eap] Request found, released from the list
  796. [eap] EAP/peap
  797. [eap] processing type peap
  798. [peap] processing EAP-TLS
  799. [peap] Received TLS ACK
  800. [peap] ACK handshake is finished
  801. [peap] eaptls_verify returned 3
  802. [peap] eaptls_process returned 3
  803. [peap] EAPTLS_SUCCESS
  804. ++[eap] returns handled
  805. Sending Access-Challenge of id 171 to 10.40.2.11 port 32769
  806. EAP-Message = 0x010a002b190017030100204526c0a02937a16eaa76e17213d3ab8e854bd75c71390ec25e930e7d36fd12e2
  807. Message-Authenticator = 0x00000000000000000000000000000000
  808. State = 0x1dedbc721ae7a58b128db7fe5110b19f
  809. Finished request 7.
  810. Going to the next request
  811. Waking up in 3.2 seconds.
  812. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=172, length=234
  813. User-Name = "(domain)\\(user)"
  814. Calling-Station-Id = "00-24-D7-29-45-30"
  815. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  816. NAS-Port = 29
  817. NAS-IP-Address = 10.40.2.11
  818. NAS-Identifier = "Cisco_b2:3f:03"
  819. Airespace-Wlan-Id = 3
  820. Service-Type = Framed-User
  821. Framed-MTU = 1300
  822. NAS-Port-Type = Wireless-802.11
  823. EAP-Message = 0x020a003b1900170301003078282befec1b7679a1de2aa9c784a3ea5e83d0ab997a502098535a285e62c831f6aa96a3ec03ea24b7b4caef2e0ebefa
  824. State = 0x1dedbc721ae7a58b128db7fe5110b19f
  825. Message-Authenticator = 0x42dce2e3d25deade88966084c925319f
  826. +- entering group authorize {...}
  827. ++[preprocess] returns ok
  828. ++[chap] returns noop
  829. ++[mschap] returns noop
  830. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  831. [suffix] No such realm "NULL"
  832. ++[suffix] returns noop
  833. [eap] EAP packet type response id 10 length 59
  834. [eap] Continuing tunnel setup.
  835. ++[eap] returns ok
  836. Found Auth-Type = EAP
  837. +- entering group authenticate {...}
  838. [eap] Request found, released from the list
  839. [eap] EAP/peap
  840. [eap] processing type peap
  841. [peap] processing EAP-TLS
  842. [peap] eaptls_verify returned 7
  843. [peap] Done initial handshake
  844. [peap] eaptls_process returned 7
  845. [peap] EAPTLS_OK
  846. [peap] Session established. Decoding tunneled attributes.
  847. [peap] Identity - (domain)\(user)
  848. [peap] Got tunnled request
  849. EAP-Message = 0x020a0011015353505f43435c4a48616c6c
  850. server (null) {
  851. PEAP: Got tunneled identity of (domain)\(user)
  852. PEAP: Setting default EAP type for tunneled EAP session.
  853. PEAP: Setting User-Name to (domain)\(user)
  854. Sending tunneled request
  855. EAP-Message = 0x020a0011015353505f43435c4a48616c6c
  856. FreeRADIUS-Proxied-To = 127.0.0.1
  857. User-Name = "(domain)\\(user)"
  858. server inner-tunnel {
  859. +- entering group authorize {...}
  860. ++[chap] returns noop
  861. ++[mschap] returns noop
  862. ++[unix] returns notfound
  863. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  864. [suffix] No such realm "NULL"
  865. ++[suffix] returns noop
  866. ++[control] returns noop
  867. [eap] EAP packet type response id 10 length 17
  868. [eap] No EAP Start, assuming it's an on-going EAP conversation
  869. ++[eap] returns updated
  870. ++[files] returns noop
  871. ++[expiration] returns noop
  872. ++[logintime] returns noop
  873. ++[pap] returns noop
  874. Found Auth-Type = EAP
  875. +- entering group authenticate {...}
  876. [eap] EAP Identity
  877. [eap] processing type mschapv2
  878. rlm_eap_mschapv2: Issuing Challenge
  879. ++[eap] returns handled
  880. } # server inner-tunnel
  881. [peap] Got tunneled reply code 11
  882. EAP-Message = 0x010b00261a010b0021108dfc895abc3748a1c8709063dde96f3d5353505f43435c4a48616c6c
  883. Message-Authenticator = 0x00000000000000000000000000000000
  884. State = 0x9918869199139cb22171548594d00a2c
  885. [peap] Got tunneled reply RADIUS code 11
  886. EAP-Message = 0x010b00261a010b0021108dfc895abc3748a1c8709063dde96f3d5353505f43435c4a48616c6c
  887. Message-Authenticator = 0x00000000000000000000000000000000
  888. State = 0x9918869199139cb22171548594d00a2c
  889. [peap] Got tunneled Access-Challenge
  890. ++[eap] returns handled
  891. Sending Access-Challenge of id 172 to 10.40.2.11 port 32769
  892. EAP-Message = 0x010b004b1900170301004056e02bcff26c43ab68b25f5d2a501b58a5fdbd937c4347e147670e46c94b852b96f7130e73cef059a1efa3a51cafb252b6476f146cf7d5524f0864a51650bec7
  893. Message-Authenticator = 0x00000000000000000000000000000000
  894. State = 0x1dedbc7215e6a58b128db7fe5110b19f
  895. Finished request 8.
  896. Going to the next request
  897. Waking up in 3.2 seconds.
  898. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=173, length=282
  899. User-Name = "(domain)\\(user)"
  900. Calling-Station-Id = "00-24-D7-29-45-30"
  901. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  902. NAS-Port = 29
  903. NAS-IP-Address = 10.40.2.11
  904. NAS-Identifier = "Cisco_b2:3f:03"
  905. Airespace-Wlan-Id = 3
  906. Service-Type = Framed-User
  907. Framed-MTU = 1300
  908. NAS-Port-Type = Wireless-802.11
  909. EAP-Message = 0x020b006b1900170301006020cbf5d56ae56b630701999d7e2dc11561c35f99f0d498ddb2db204bf088741478bccdc3417be2df8ecf65c1f5cbcaf96501adde526a22bd5af5d4d5bb8654baae1adf365163ae6c4034de22c405ee52fefa08aef4afb52e33dfe3234fd4023c
  910. State = 0x1dedbc7215e6a58b128db7fe5110b19f
  911. Message-Authenticator = 0xeb20df972de86e096d8c3f846fd9510f
  912. +- entering group authorize {...}
  913. ++[preprocess] returns ok
  914. ++[chap] returns noop
  915. ++[mschap] returns noop
  916. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  917. [suffix] No such realm "NULL"
  918. ++[suffix] returns noop
  919. [eap] EAP packet type response id 11 length 107
  920. [eap] Continuing tunnel setup.
  921. ++[eap] returns ok
  922. Found Auth-Type = EAP
  923. +- entering group authenticate {...}
  924. [eap] Request found, released from the list
  925. [eap] EAP/peap
  926. [eap] processing type peap
  927. [peap] processing EAP-TLS
  928. [peap] eaptls_verify returned 7
  929. [peap] Done initial handshake
  930. [peap] eaptls_process returned 7
  931. [peap] EAPTLS_OK
  932. [peap] Session established. Decoding tunneled attributes.
  933. [peap] EAP type mschapv2
  934. [peap] Got tunnled request
  935. EAP-Message = 0x020b00471a020b00423192434a06391e967d7c8da94705894ca20000000000000000e5cdcf51202c24af288d870a02aca0dbca81b9c7bf266aab005353505f43435c4a48616c6c
  936. server (null) {
  937. PEAP: Setting User-Name to (domain)\(user)
  938. Sending tunneled request
  939. EAP-Message = 0x020b00471a020b00423192434a06391e967d7c8da94705894ca20000000000000000e5cdcf51202c24af288d870a02aca0dbca81b9c7bf266aab005353505f43435c4a48616c6c
  940. FreeRADIUS-Proxied-To = 127.0.0.1
  941. User-Name = "(domain)\\(user)"
  942. State = 0x9918869199139cb22171548594d00a2c
  943. server inner-tunnel {
  944. +- entering group authorize {...}
  945. ++[chap] returns noop
  946. ++[mschap] returns noop
  947. ++[unix] returns notfound
  948. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  949. [suffix] No such realm "NULL"
  950. ++[suffix] returns noop
  951. ++[control] returns noop
  952. [eap] EAP packet type response id 11 length 71
  953. [eap] No EAP Start, assuming it's an on-going EAP conversation
  954. ++[eap] returns updated
  955. ++[files] returns noop
  956. ++[expiration] returns noop
  957. ++[logintime] returns noop
  958. ++[pap] returns noop
  959. Found Auth-Type = EAP
  960. +- entering group authenticate {...}
  961. [eap] Request found, released from the list
  962. [eap] EAP/mschapv2
  963. [eap] processing type mschapv2
  964. [mschapv2] +- entering group MS-CHAP {...}
  965. [mschap] No Cleartext-Password configured. Cannot create LM-Password.
  966. [mschap] No Cleartext-Password configured. Cannot create NT-Password.
  967. [mschap] NT Domain delimeter found, should we have enabled with_ntdomain_hack?
  968. [mschap] Told to do MS-CHAPv2 for (domain)\(user) with NT-Password
  969. Invalid variable expansion passed as argument for external program
  970. [mschap] External script failed.
  971. [mschap] FAILED: MS-CHAP2-Response is incorrect
  972. ++[mschap] returns reject
  973. [eap] Freeing handler
  974. ++[eap] returns reject
  975. Failed to authenticate the user.
  976. } # server inner-tunnel
  977. [peap] Got tunneled reply code 3
  978. MS-CHAP-Error = "\013E=691 R=1"
  979. EAP-Message = 0x040b0004
  980. Message-Authenticator = 0x00000000000000000000000000000000
  981. [peap] Got tunneled reply RADIUS code 3
  982. MS-CHAP-Error = "\013E=691 R=1"
  983. EAP-Message = 0x040b0004
  984. Message-Authenticator = 0x00000000000000000000000000000000
  985. [peap] Tunneled authentication was rejected.
  986. [peap] FAILURE
  987. ++[eap] returns handled
  988. Sending Access-Challenge of id 173 to 10.40.2.11 port 32769
  989. EAP-Message = 0x010c002b190017030100205815cdcd706a77846a327b2de97fdf1250571ebabc464597f263fc50c83dda45
  990. Message-Authenticator = 0x00000000000000000000000000000000
  991. State = 0x1dedbc7214e1a58b128db7fe5110b19f
  992. Finished request 9.
  993. Going to the next request
  994. Waking up in 3.2 seconds.
  995. rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=174, length=218
  996. User-Name = "(domain)\\(user)"
  997. Calling-Station-Id = "00-24-D7-29-45-30"
  998. Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
  999. NAS-Port = 29
  1000. NAS-IP-Address = 10.40.2.11
  1001. NAS-Identifier = "Cisco_b2:3f:03"
  1002. Airespace-Wlan-Id = 3
  1003. Service-Type = Framed-User
  1004. Framed-MTU = 1300
  1005. NAS-Port-Type = Wireless-802.11
  1006. EAP-Message = 0x020c002b19001703010020fb01bec9111f697d9a111f6e552a65496bbda49351a3c2450c848038e6f64e80
  1007. State = 0x1dedbc7214e1a58b128db7fe5110b19f
  1008. Message-Authenticator = 0xbf16ef67a8dc8874d43fb14397f27d49
  1009. +- entering group authorize {...}
  1010. ++[preprocess] returns ok
  1011. ++[chap] returns noop
  1012. ++[mschap] returns noop
  1013. [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
  1014. [suffix] No such realm "NULL"
  1015. ++[suffix] returns noop
  1016. [eap] EAP packet type response id 12 length 43
  1017. [eap] Continuing tunnel setup.
  1018. ++[eap] returns ok
  1019. Found Auth-Type = EAP
  1020. +- entering group authenticate {...}
  1021. [eap] Request found, released from the list
  1022. [eap] EAP/peap
  1023. [eap] processing type peap
  1024. [peap] processing EAP-TLS
  1025. [peap] eaptls_verify returned 7
  1026. [peap] Done initial handshake
  1027. [peap] eaptls_process returned 7
  1028. [peap] EAPTLS_OK
  1029. [peap] Session established. Decoding tunneled attributes.
  1030. [peap] Received EAP-TLV response.
  1031. [peap] Had sent TLV failure. User was rejected earlier in this session.
  1032. [eap] Handler failed in EAP/peap
  1033. [eap] Failed in EAP select
  1034. ++[eap] returns invalid
  1035. Failed to authenticate the user.
  1036. Using Post-Auth-Type Reject
  1037. +- entering group REJECT {...}
  1038. [attr_filter.access_reject] expand: %{User-Name} -> (domain)\(user)
  1039. attr_filter: Matched entry DEFAULT at line 11
  1040. ++[attr_filter.access_reject] returns updated
  1041. Delaying reject of request 10 for 1 seconds
  1042. Going to the next request
  1043. Waking up in 0.9 seconds.
  1044. Sending delayed reject for request 10
  1045. Sending Access-Reject of id 174 to 10.40.2.11 port 32769
  1046. EAP-Message = 0x040c0004
  1047. Message-Authenticator = 0x00000000000000000000000000000000
  1048. Waking up in 2.2 seconds.
  1049. Cleaning up request 0 ID 164 with timestamp +6
  1050. Cleaning up request 1 ID 165 with timestamp +6
  1051. Cleaning up request 2 ID 166 with timestamp +6
  1052. Cleaning up request 3 ID 167 with timestamp +6
  1053. Cleaning up request 4 ID 168 with timestamp +6
  1054. Cleaning up request 5 ID 169 with timestamp +6
  1055. Cleaning up request 6 ID 170 with timestamp +6
  1056. Waking up in 1.6 seconds.
  1057. Cleaning up request 7 ID 171 with timestamp +8
  1058. Cleaning up request 8 ID 172 with timestamp +8
  1059. Cleaning up request 9 ID 173 with timestamp +8
  1060. Waking up in 1.0 seconds.
  1061. Cleaning up request 10 ID 174 with timestamp +8
  1062. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!