Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Feb 23 2009 at 21:43:09
- Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License v2.
- Starting - reading configuration files ...
- including configuration file /etc/raddb/radiusd.conf
- including configuration file /etc/raddb/proxy.conf
- including configuration file /etc/raddb/clients.conf
- including files in directory /etc/raddb/modules/
- including configuration file /etc/raddb/modules/acct_unique
- including configuration file /etc/raddb/modules/echo
- including configuration file /etc/raddb/modules/files
- including configuration file /etc/raddb/modules/mschap
- including configuration file /etc/raddb/modules/counter
- including configuration file /etc/raddb/modules/preprocess
- including configuration file /etc/raddb/modules/ntlm_auth
- including configuration file /etc/raddb/modules/mac2vlan
- including configuration file /etc/raddb/modules/radutmp
- including configuration file /etc/raddb/modules/attr_filter
- including configuration file /etc/raddb/modules/inner-eap
- including configuration file /etc/raddb/modules/always
- including configuration file /etc/raddb/modules/digest
- including configuration file /etc/raddb/modules/linelog
- including configuration file /etc/raddb/modules/ldap
- including configuration file /etc/raddb/modules/realm
- including configuration file /etc/raddb/modules/expiration
- including configuration file /etc/raddb/modules/wimax
- including configuration file /etc/raddb/modules/pap
- including configuration file /etc/raddb/modules/detail
- including configuration file /etc/raddb/modules/mac2ip
- including configuration file /etc/raddb/modules/sql_log
- including configuration file /etc/raddb/modules/krb5
- including configuration file /etc/raddb/modules/expr
- including configuration file /etc/raddb/modules/etc_group
- including configuration file /etc/raddb/modules/detail.example.com
- including configuration file /etc/raddb/modules/checkval
- including configuration file /etc/raddb/modules/logintime
- including configuration file /etc/raddb/modules/passwd
- including configuration file /etc/raddb/modules/detail.log
- including configuration file /etc/raddb/modules/exec
- including configuration file /etc/raddb/modules/attr_rewrite
- including configuration file /etc/raddb/modules/unix
- including configuration file /etc/raddb/modules/ippool
- including configuration file /etc/raddb/modules/smbpasswd
- including configuration file /etc/raddb/modules/chap
- including configuration file /etc/raddb/modules/pam
- including configuration file /etc/raddb/modules/sradutmp
- including configuration file /etc/raddb/modules/policy
- including configuration file /etc/raddb/eap.conf
- including configuration file /etc/raddb/sql.conf
- including configuration file /etc/raddb/sql/mysql/dialup.conf
- including configuration file /etc/raddb/sql/mysql/counter.conf
- including configuration file /etc/raddb/policy.conf
- including files in directory /etc/raddb/sites-enabled/
- including configuration file /etc/raddb/sites-enabled/default
- including configuration file /etc/raddb/sites-enabled/inner-tunnel
- group = radiusd
- user = radiusd
- including dictionary file /etc/raddb/dictionary
- main {
- prefix = "/usr"
- localstatedir = "/var"
- logdir = "/var/log/radius"
- libdir = "/usr/lib64/freeradius"
- radacctdir = "/var/log/radius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- allow_core_dumps = no
- pidfile = "/var/run/radiusd/radiusd.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- }
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "testing123"
- nastype = "other"
- }
- client 10.40.2.11/24 {
- require_message_authenticator = no
- secret = "radiussharedsecret"
- shortname = "private-network-1"
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- }
- Module: Linked to module rlm_expr
- Module: Instantiating expr
- Module: Linked to module rlm_expiration
- Module: Instantiating expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server inner-tunnel {
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Instantiating ntlm_auth
- exec ntlm_auth {
- wait = yes
- program = "/usr/bin/ntlm_auth --request-nt-key --domain=(domain).com --username=%{mschap:User-Name} --password=%{User-Password}"
- input_pairs = "request"
- shell_escape = yes
- }
- Module: Linked to module rlm_pap
- Module: Instantiating pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating chap
- Module: Linked to module rlm_mschap
- Module: Instantiating mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = no
- ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{%{mschap:NT-Domain}:-(domain).com --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
- }
- Module: Linked to module rlm_unix
- Module: Instantiating unix
- unix {
- radwtmp = "/var/log/radius/radwtmp"
- }
- Module: Linked to module rlm_ldap
- Module: Instantiating ldap
- ldap {
- server = "ldap.your.domain"
- port = 389
- password = ""
- identity = ""
- net_timeout = 1
- timeout = 4
- timelimit = 3
- tls_mode = no
- start_tls = no
- tls_require_cert = "allow"
- tls {
- start_tls = no
- require_cert = "allow"
- }
- basedn = "o=My Org,c=UA"
- filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
- base_filter = "(objectclass=radiusprofile)"
- auto_header = no
- access_attr_used_for_allow = yes
- groupname_attribute = "cn"
- groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
- dictionary_mapping = "/etc/raddb/ldap.attrmap"
- ldap_debug = 0
- ldap_connections_number = 5
- compare_check_items = no
- do_xlat = yes
- edir_account_policy_check = no
- set_auth_type = yes
- }
- rlm_ldap: Registering ldap_groupcmp for Ldap-Group
- rlm_ldap: Registering ldap_xlat with xlat_name ldap
- rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
- rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
- rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
- rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
- rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
- rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
- rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
- rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
- rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
- rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
- rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
- rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
- rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
- rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
- rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
- rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
- rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
- rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
- rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
- rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
- rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
- rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
- rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
- rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
- rlm_ldap: LDAP radiusClass mapped to RADIUS Class
- rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
- rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
- rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
- rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
- rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
- rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
- rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
- rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
- rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
- rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
- rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
- rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
- conns: 0x7fbd3874f500
- Module: Linked to module rlm_eap
- Module: Instantiating eap
- eap {
- default_eap_type = "md5"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 2048
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- Module: Linked to sub-module rlm_eap_tls
- Module: Instantiating eap-tls
- tls {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- pem_file_type = yes
- private_key_file = "/etc/raddb/certs/server.pem"
- certificate_file = "/etc/raddb/certs/server.pem"
- CA_file = "/etc/raddb/certs/ca.pem"
- private_key_password = "(privatekeypassword)"
- dh_file = "/etc/raddb/certs/dh"
- random_file = "/etc/raddb/certs/random"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- cipher_list = "DEFAULT"
- cache {
- enable = no
- lifetime = 24
- max_entries = 255
- }
- }
- Module: Linked to sub-module rlm_eap_ttls
- Module: Instantiating eap-ttls
- ttls {
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- }
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_realm
- Module: Instantiating suffix
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_files
- Module: Instantiating files
- files {
- usersfile = "/etc/raddb/users"
- acctusersfile = "/etc/raddb/acct_users"
- preproxy_usersfile = "/etc/raddb/preproxy_users"
- compat = "no"
- }
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating radutmp
- radutmp {
- filename = "/var/log/radius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Linked to module rlm_attr_filter
- Module: Instantiating attr_filter.access_reject
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/raddb/attrs.access_reject"
- key = "%{User-Name}"
- }
- }
- }
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating preprocess
- preprocess {
- huntgroups = "/etc/raddb/huntgroups"
- hints = "/etc/raddb/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating acct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_detail
- Module: Instantiating detail
- detail {
- detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
- header = "%t"
- detailperm = 384
- dirperm = 493
- locking = no
- log_packet_header = no
- }
- Module: Instantiating attr_filter.accounting_response
- attr_filter attr_filter.accounting_response {
- attrsfile = "/etc/raddb/attrs.accounting_response"
- key = "%{User-Name}"
- }
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- }
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=164, length=174
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x02020011015353505f43435c4a48616c6c
- Message-Authenticator = 0x22e65e810271fd1bc00f4fb8256e3585
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 2 length 17
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[unix] returns notfound
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
- ++[pap] returns noop
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type md5
- rlm_eap_md5: Issuing Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 164 to 10.40.2.11 port 32769
- EAP-Message = 0x01030016041089424d1b22507f4279bc6a8e5a6cb76d
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc721deeb88b128db7fe5110b19f
- Finished request 0.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=165, length=181
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020300060319
- State = 0x1dedbc721deeb88b128db7fe5110b19f
- Message-Authenticator = 0xec1070345ca7eabd9758afcc971c0cd8
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 3 length 6
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[unix] returns notfound
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
- ++[pap] returns noop
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP NAK
- [eap] EAP-NAK asked for EAP-Type/peap
- [eap] processing type tls
- [tls] Initiate
- [tls] Start returned 1
- ++[eap] returns handled
- Sending Access-Challenge of id 165 to 10.40.2.11 port 32769
- EAP-Message = 0x010400061920
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc721ce9a58b128db7fe5110b19f
- Finished request 1.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=166, length=301
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x0204007e198000000074160301006f0100006b03014d3450e789f31a17a8a0d1bc654e6c737d36c862f57548c6e49504e1a4edb186000018002f00350005000ac013c014c009c00a00320038001300040100002aff0100010000000011000f00000c7373705f63635c6a68616c6c000a0006000400170018000b00020100
- State = 0x1dedbc721ce9a58b128db7fe5110b19f
- Message-Authenticator = 0x2ea6fef055f2cc33b30f77addba6458f
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 4 length 126
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 116
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] (other): before/accept initialization
- [peap] TLS_accept: before/accept initialization
- [peap] <<< TLS 1.0 Handshake [length 006f], ClientHello
- [peap] TLS_accept: SSLv3 read client hello A
- [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
- [peap] TLS_accept: SSLv3 write server hello A
- [peap] >>> TLS 1.0 Handshake [length 0bf0], Certificate
- [peap] TLS_accept: SSLv3 write certificate A
- [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
- [peap] TLS_accept: SSLv3 write server done A
- [peap] TLS_accept: SSLv3 flush data
- [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
- In SSL Handshake Phase
- In SSL Accept mode
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 166 to 10.40.2.11 port 32769
- EAP-Message = 0x0105040019c000000c2d160301002a0200002603014d33fc2e9dec03e295119761deb06e6a0d6ccb6dcd48797bc00bdb4d1cdea82200002f001603010bf00b000bec000be90005ec308205e8308204d0a003020102020101300d06092a864886f70d01010505003081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e205365637572652057
- EAP-Message = 0x6972656c65737320547275737465642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d301e170d3131303131343135343033315a170d3231303131303135343033315a3081d0310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e743141303f0603550403133853757373657220486f6c64696e67732c204c4c432e2053656375726520576972656c6573732053
- EAP-Message = 0x65727665722043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b0e7fe12345cdca6833d10c3d0bcae35202914ba993ea6c4e02725c1360758b8e539656a193a2273e1e08b2b95b57adcf1c74a0e4dcbd97aee4bfb5e64a9bc2429a8fb82b2003868b3d4baafcb220087b0716073978dd6e4cbbd7e827e3e7d8ba4995544143116f0d36aeafa90b8a943643b24e212a4056570cc80b953f0025e3992ffc02f65b09ba99a19d07bf1b078c86366a0f9c50f63be23259efaa0aba9753e0e119a3b1d39
- EAP-Message = 0x835c9c02b5d7ffe4bb52db138503939151c84220454d499e57b8a6bed5559cbf57ef530df40ca7cbddb734e86e2daaf3df0164e224fc19f45f4273696922ed83031b8b601a90e06fc4ea2a4dda511ebc93b9d17513357d670203010001a38201c8308201c430090603551d1304023000303006096086480186f842010d04231621596153542047656e65726174656420536572766572204365727469666963617465301106096086480186f8420101040403020640300b0603551d0f0404030205a0301d0603551d0e04160414b34b5411ea24bb17cef6b4c7739c8566178b4570308201060603551d230481fe3081fb80149d539b706056043dba6cd3
- EAP-Message = 0x93afbc36e5d1e4cd32a181d7
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc721fe8a58b128db7fe5110b19f
- Finished request 2.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=167, length=181
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020500061900
- State = 0x1dedbc721fe8a58b128db7fe5110b19f
- Message-Authenticator = 0xe8493a9f0063708c0184d68a35cd6edb
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 5 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 167 to 10.40.2.11 port 32769
- EAP-Message = 0x010603fc1940a481d43081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e2053656375726520576972656c65737320547275737465642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d820900bf89678296012560301d0603551d11041630148112697461646d696e40
- EAP-Message = 0x7375737365722e636f6d301d0603551d12041630148112697461646d696e407375737365722e636f6d300d06092a864886f70d01010505000382010100180a6ec06ed765cd52362efc3a4f5f65e73d5c804cc6deeb784bede440b0913c1c801c22a36d1854d47d018b65d56babcccd2e8f88eab7b05fa3d1d04612ba6abccd48ce8e2171341c4471afb98ce9ef06e95a9c83e9acee444c7f6aae91e109150a94f21c9793bd8efd4c332d6426562c1ffbae3fb0e9766d277300da2cdb7ef612f62b34e36817980c63a664a0e08259ef214747a552539c7d75d01db0dfcec87bb2cf275a4f30fe905a2da2620d9c45b5263c5093e824d39de22d225b432a
- EAP-Message = 0x2936e56a606a793cb7101984c482ec7606e9c26ca484e00256898fead240f3421e5644e7fff1dd5be19f4b41c7c15e66d1e42d4f9cf751d3378c3d8dda80e43c0005f7308205f3308204dba003020102020900bf89678296012560300d06092a864886f70d01010505003081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e205365637572
- EAP-Message = 0x6520576972656c65737320547275737465642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d301e170d3131303131343135333931345a170d3231303131313135333931345a3081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e2053656375726520576972656c6573
- EAP-Message = 0x7320547275737465
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc721eeba58b128db7fe5110b19f
- Finished request 3.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=168, length=181
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020600061900
- State = 0x1dedbc721eeba58b128db7fe5110b19f
- Message-Authenticator = 0xa20ce8e682b85a758ebed239f4af3e57
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 6 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 168 to 10.40.2.11 port 32769
- EAP-Message = 0x010703fc1940642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b84a9abe8de3b7564ce3778f537011afd28e5a022ab9947b35205af702e765565b1385ebfbefb424b3e2f6265b90f480c4b6a43ff18b6f04d1780d9dd33ce3de4ffbbd05c3586d8bf16bbf4a219ebbe0a8129e65c4ed4cc3deaf6893983901aa19e068ac9f9b1120d7fb493c523ac128a10439a8a4ca1ba3b6a281430e06ee0f376b429b435cedb161aff437df698dfa4514329f51f51405d8761323e98dada8c8ae297343ff
- EAP-Message = 0x42eac1f7590a45d48fcb26c1172ff8a23a2accd5fac0b7d8786fa3b9f29ec0d26b094f7cbf3635277b9e8b14f5d139540877df6abba406de92a6911b6e7a1f548fecb3f65f6aaad2f88e61a9e6d4aa96c2bcbaee6291d179931b0203010001a38201ca308201c6300f0603551d130101ff040530030101ff302c06096086480186f842010d041f161d596153542047656e657261746564204341204365727469666963617465301106096086480186f8420101040403020106300b0603551d0f040403020106301d0603551d0e041604149d539b706056043dba6cd393afbc36e5d1e4cd32308201060603551d230481fe3081fb80149d539b70605604
- EAP-Message = 0x3dba6cd393afbc36e5d1e4cd32a181d7a481d43081d1310b3009060355040613025553310b3009060355040813025458311730150603550407130e436f727075732043687269737469311d301b060355040a131453757373657220486f6c64696e67732c204c4c4331163014060355040b130d4954204465706172746d656e74314230400603550403133953757373657220486f6c64696e67732c204c4c432e2053656375726520576972656c65737320547275737465642043657274696669636174653121301f06092a864886f70d0109011612697461646d696e407375737365722e636f6d820900bf89678296012560301d0603551d1104163014
- EAP-Message = 0x8112697461646d696e407375737365722e636f6d301d0603551d12041630148112697461646d696e407375737365722e636f6d300d06092a864886f70d010105050003820101005b09949f2b2fc866f3b57730da7e86aee978c3ae7e5e2f1d12a4b4c9b5d3e0346f552d6ad7dbf1925f8d45cef62f07b1d93d9ec85ed97a2f3cfbd2e64b39c8ace6c71f560d0302883057b0c5b82ead73b2a5157777d72e4a49bb988c19d2bca3a39fd6e7ef0f900bfb17f8fc60b022a63c841c5a5bf4b11a1dc496278da6fa690546597461992fbcb2cb7c4ab186564ff8d3727a5b1fd80527abf5c082a137b5185152bfd37501bbe81123f6194d0795366871c20183
- EAP-Message = 0x1b74c41719f9221e
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc7219eaa58b128db7fe5110b19f
- Finished request 4.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=169, length=181
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020700061900
- State = 0x1dedbc7219eaa58b128db7fe5110b19f
- Message-Authenticator = 0x94dbb14a676d6e35004a5663cba79ac5
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 7 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 169 to 10.40.2.11 port 32769
- EAP-Message = 0x0108005119001e07c8f51ab4d6fd08b6b7297a7222ec2618a9d85c2d1efb027d09bf69595974bf43b9e5cf05395370df069a527110567041044b61647b49ebb07d118cf6b015870116030100040e000000
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc7218e5a58b128db7fe5110b19f
- Finished request 5.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=170, length=513
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x02080150198000000146160301010610000102010056074a8ce6d2bf13d8ba53eeada28dbf64a643f308d5f7c8220caba3b7c2e736509344c1ae317873920466d3376379dd31a7687c128ad151f78dca9822fe2ebaef2531944b6f5fd134904b852aaec1e353e4edb6e6d0018b0c19f8b6ae8e1073aa4fcdf1591e70d18b8cd11576888b8f0d57f87229187c70cbc25d43a35922b1a1c7ef24f2cdd8cac0451c5f89bce15efa23e8e0bc485a94e865ccc11d9bdab17455190c816287a841f491ad4d9fb6f4119985209f9402147b0804c93ee7f2022daf1e8a8be3b9c0bcccb6fe6d63f1474362a01694868d1f83e990e886444bd87acd08bda3632812
- EAP-Message = 0xa8f27eb3579e4daf03951ff172169766e132eeb0a7630f371403010001011603010030e99a93df44da1214fd136e6c535739f1e8a3a4e31ba97f7e8b1b6b15adb4ba6bfffc793d5bef7f3f09af7d4f3d49d625
- State = 0x1dedbc7218e5a58b128db7fe5110b19f
- Message-Authenticator = 0x7d0821c9e8487d7798f3b22c48313997
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 8 length 253
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 326
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
- [peap] TLS_accept: SSLv3 read client key exchange A
- [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] <<< TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: SSLv3 read finished A
- [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] TLS_accept: SSLv3 write change cipher spec A
- [peap] >>> TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: SSLv3 write finished A
- [peap] TLS_accept: SSLv3 flush data
- [peap] (other): SSL negotiation finished successfully
- SSL Connection Established
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 170 to 10.40.2.11 port 32769
- EAP-Message = 0x010900411900140301000101160301003057cbc220aaa7a31bcb770d29cb143ec6f2d242bcd5a2f6e1db6910083a1efc1032d85a5b86c13e11572e11e7ee93f240
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc721be4a58b128db7fe5110b19f
- Finished request 6.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=171, length=181
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020900061900
- State = 0x1dedbc721be4a58b128db7fe5110b19f
- Message-Authenticator = 0x6d48ab1e43819505af4a416a7b2826f0
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 9 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake is finished
- [peap] eaptls_verify returned 3
- [peap] eaptls_process returned 3
- [peap] EAPTLS_SUCCESS
- ++[eap] returns handled
- Sending Access-Challenge of id 171 to 10.40.2.11 port 32769
- EAP-Message = 0x010a002b190017030100204526c0a02937a16eaa76e17213d3ab8e854bd75c71390ec25e930e7d36fd12e2
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc721ae7a58b128db7fe5110b19f
- Finished request 7.
- Going to the next request
- Waking up in 3.2 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=172, length=234
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020a003b1900170301003078282befec1b7679a1de2aa9c784a3ea5e83d0ab997a502098535a285e62c831f6aa96a3ec03ea24b7b4caef2e0ebefa
- State = 0x1dedbc721ae7a58b128db7fe5110b19f
- Message-Authenticator = 0x42dce2e3d25deade88966084c925319f
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 10 length 59
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Identity - (domain)\(user)
- [peap] Got tunnled request
- EAP-Message = 0x020a0011015353505f43435c4a48616c6c
- server (null) {
- PEAP: Got tunneled identity of (domain)\(user)
- PEAP: Setting default EAP type for tunneled EAP session.
- PEAP: Setting User-Name to (domain)\(user)
- Sending tunneled request
- EAP-Message = 0x020a0011015353505f43435c4a48616c6c
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "(domain)\\(user)"
- server inner-tunnel {
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[unix] returns notfound
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 10 length 17
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- ++[pap] returns noop
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type mschapv2
- rlm_eap_mschapv2: Issuing Challenge
- ++[eap] returns handled
- } # server inner-tunnel
- [peap] Got tunneled reply code 11
- EAP-Message = 0x010b00261a010b0021108dfc895abc3748a1c8709063dde96f3d5353505f43435c4a48616c6c
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x9918869199139cb22171548594d00a2c
- [peap] Got tunneled reply RADIUS code 11
- EAP-Message = 0x010b00261a010b0021108dfc895abc3748a1c8709063dde96f3d5353505f43435c4a48616c6c
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x9918869199139cb22171548594d00a2c
- [peap] Got tunneled Access-Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 172 to 10.40.2.11 port 32769
- EAP-Message = 0x010b004b1900170301004056e02bcff26c43ab68b25f5d2a501b58a5fdbd937c4347e147670e46c94b852b96f7130e73cef059a1efa3a51cafb252b6476f146cf7d5524f0864a51650bec7
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc7215e6a58b128db7fe5110b19f
- Finished request 8.
- Going to the next request
- Waking up in 3.2 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=173, length=282
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020b006b1900170301006020cbf5d56ae56b630701999d7e2dc11561c35f99f0d498ddb2db204bf088741478bccdc3417be2df8ecf65c1f5cbcaf96501adde526a22bd5af5d4d5bb8654baae1adf365163ae6c4034de22c405ee52fefa08aef4afb52e33dfe3234fd4023c
- State = 0x1dedbc7215e6a58b128db7fe5110b19f
- Message-Authenticator = 0xeb20df972de86e096d8c3f846fd9510f
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 11 length 107
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] EAP type mschapv2
- [peap] Got tunnled request
- EAP-Message = 0x020b00471a020b00423192434a06391e967d7c8da94705894ca20000000000000000e5cdcf51202c24af288d870a02aca0dbca81b9c7bf266aab005353505f43435c4a48616c6c
- server (null) {
- PEAP: Setting User-Name to (domain)\(user)
- Sending tunneled request
- EAP-Message = 0x020b00471a020b00423192434a06391e967d7c8da94705894ca20000000000000000e5cdcf51202c24af288d870a02aca0dbca81b9c7bf266aab005353505f43435c4a48616c6c
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "(domain)\\(user)"
- State = 0x9918869199139cb22171548594d00a2c
- server inner-tunnel {
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[unix] returns notfound
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 11 length 71
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- ++[pap] returns noop
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/mschapv2
- [eap] processing type mschapv2
- [mschapv2] +- entering group MS-CHAP {...}
- [mschap] No Cleartext-Password configured. Cannot create LM-Password.
- [mschap] No Cleartext-Password configured. Cannot create NT-Password.
- [mschap] NT Domain delimeter found, should we have enabled with_ntdomain_hack?
- [mschap] Told to do MS-CHAPv2 for (domain)\(user) with NT-Password
- Invalid variable expansion passed as argument for external program
- [mschap] External script failed.
- [mschap] FAILED: MS-CHAP2-Response is incorrect
- ++[mschap] returns reject
- [eap] Freeing handler
- ++[eap] returns reject
- Failed to authenticate the user.
- } # server inner-tunnel
- [peap] Got tunneled reply code 3
- MS-CHAP-Error = "\013E=691 R=1"
- EAP-Message = 0x040b0004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Got tunneled reply RADIUS code 3
- MS-CHAP-Error = "\013E=691 R=1"
- EAP-Message = 0x040b0004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Tunneled authentication was rejected.
- [peap] FAILURE
- ++[eap] returns handled
- Sending Access-Challenge of id 173 to 10.40.2.11 port 32769
- EAP-Message = 0x010c002b190017030100205815cdcd706a77846a327b2de97fdf1250571ebabc464597f263fc50c83dda45
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x1dedbc7214e1a58b128db7fe5110b19f
- Finished request 9.
- Going to the next request
- Waking up in 3.2 seconds.
- rad_recv: Access-Request packet from host 10.40.2.11 port 32769, id=174, length=218
- User-Name = "(domain)\\(user)"
- Calling-Station-Id = "00-24-D7-29-45-30"
- Called-Station-Id = "00-1D-70-02-1C-20:(domain)"
- NAS-Port = 29
- NAS-IP-Address = 10.40.2.11
- NAS-Identifier = "Cisco_b2:3f:03"
- Airespace-Wlan-Id = 3
- Service-Type = Framed-User
- Framed-MTU = 1300
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020c002b19001703010020fb01bec9111f697d9a111f6e552a65496bbda49351a3c2450c848038e6f64e80
- State = 0x1dedbc7214e1a58b128db7fe5110b19f
- Message-Authenticator = 0xbf16ef67a8dc8874d43fb14397f27d49
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "(domain)\(user)", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 12 length 43
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Received EAP-TLV response.
- [peap] Had sent TLV failure. User was rejected earlier in this session.
- [eap] Handler failed in EAP/peap
- [eap] Failed in EAP select
- ++[eap] returns invalid
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- +- entering group REJECT {...}
- [attr_filter.access_reject] expand: %{User-Name} -> (domain)\(user)
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] returns updated
- Delaying reject of request 10 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 10
- Sending Access-Reject of id 174 to 10.40.2.11 port 32769
- EAP-Message = 0x040c0004
- Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 2.2 seconds.
- Cleaning up request 0 ID 164 with timestamp +6
- Cleaning up request 1 ID 165 with timestamp +6
- Cleaning up request 2 ID 166 with timestamp +6
- Cleaning up request 3 ID 167 with timestamp +6
- Cleaning up request 4 ID 168 with timestamp +6
- Cleaning up request 5 ID 169 with timestamp +6
- Cleaning up request 6 ID 170 with timestamp +6
- Waking up in 1.6 seconds.
- Cleaning up request 7 ID 171 with timestamp +8
- Cleaning up request 8 ID 172 with timestamp +8
- Cleaning up request 9 ID 173 with timestamp +8
- Waking up in 1.0 seconds.
- Cleaning up request 10 ID 174 with timestamp +8
- Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement