API tools faq
paste
Prateek0a

Freeradius_LDAP_TLS_WITH_verify_server_certificate

Prateek0a
Jun 15th, 2012
159
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 54.99 KB | None | 0 0
raw download clone embed print report
  1. rad_recv: Access-Request packet from host 192.168.0.14 port 32779, id=174, length=168
  2. User-Name = "steve"
  3. NAS-IP-Address = 192.168.0.14
  4. NAS-Identifier = "hello"
  5. NAS-Port = 0
  6. Called-Station-Id = "00-26-AD-01-20-7D:Prateek"
  7. Calling-Station-Id = "00-03-7F-0B-44-48"
  8. Framed-MTU = 1400
  9. NAS-Port-Type = Wireless-802.11
  10. Connect-Info = "CONNECT 0Mbps 802.11b"
  11. EAP-Message = 0x0209000a017374657665
  12. Message-Authenticator = 0x7dc21eb0629b206dcce55587b0b8ff44
  13. # Executing section authorize from file /etc/raddb/sites-enabled/default
  14. +- entering group authorize {...}
  15. ++[preprocess] returns ok
  16. ++[chap] returns noop
  17. ++[mschap] returns noop
  18. ++[digest] returns noop
  19. [suffix] No '@' in User-Name = "steve", looking up realm NULL
  20. [suffix] No such realm "NULL"
  21. ++[suffix] returns noop
  22. [ldap] performing user authorization for steve
  23. [ldap] expand: %{Stripped-User-Name} ->
  24. [ldap] ... expanding second conditional
  25. [ldap] expand: %{User-Name} -> steve
  26. [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=steve)
  27. [ldap] expand: dc=prateek,dc=com -> dc=prateek,dc=com
  28. [ldap] ldap_get_conn: Checking Id: 0
  29. [ldap] ldap_get_conn: Got Id: 0
  30. [ldap] performing search in dc=prateek,dc=com, with filter (uid=steve)
  31. [ldap] looking for check items in directory...
  32. [ldap] userPassword -> Password-With-Header == "stevesecret"
  33. [ldap] looking for reply items in directory...
  34. [ldap] user steve authorized to use remote access
  35. [ldap] ldap_release_conn: Release Id: 0
  36. ++[ldap] returns ok
  37. [eap] EAP packet type response id 9 length 10
  38. [eap] No EAP Start, assuming it's an on-going EAP conversation
  39. ++[eap] returns updated
  40. ++[files] returns noop
  41. ++[expiration] returns noop
  42. ++[logintime] returns noop
  43. [pap] Failed to decode Password-With-Header = "stevesecret"
  44. [pap] WARNING: Auth-Type already set. Not setting to PAP
  45. ++[pap] returns noop
  46. Found Auth-Type = EAP
  47. # Executing group from file /etc/raddb/sites-enabled/default
  48. +- entering group authenticate {...}
  49. [eap] EAP Identity
  50. [eap] processing type md5
  51. rlm_eap_md5: Issuing Challenge
  52. ++[eap] returns handled
  53. Sending Access-Challenge of id 174 to 192.168.0.14 port 32779
  54. EAP-Message = 0x010a0016041064d5ce5385c2f22bbb6772c9f5368c9b
  55. Message-Authenticator = 0x00000000000000000000000000000000
  56. State = 0xf9247a83f92e7e990be09e468948476c
  57. Finished request 164.
  58. Going to the next request
  59. Waking up in 4.9 seconds.
  60. rad_recv: Access-Request packet from host 192.168.0.14 port 32779, id=175, length=182
  61. User-Name = "steve"
  62. NAS-IP-Address = 192.168.0.14
  63. NAS-Identifier = "hello"
  64. NAS-Port = 0
  65. Called-Station-Id = "00-26-AD-01-20-7D:Prateek"
  66. Calling-Station-Id = "00-03-7F-0B-44-48"
  67. Framed-MTU = 1400
  68. NAS-Port-Type = Wireless-802.11
  69. Connect-Info = "CONNECT 0Mbps 802.11b"
  70. EAP-Message = 0x020a00060319
  71. State = 0xf9247a83f92e7e990be09e468948476c
  72. Message-Authenticator = 0xa3c00727933daabdbe8793d54c6a4758
  73. # Executing section authorize from file /etc/raddb/sites-enabled/default
  74. +- entering group authorize {...}
  75. ++[preprocess] returns ok
  76. ++[chap] returns noop
  77. ++[mschap] returns noop
  78. ++[digest] returns noop
  79. [suffix] No '@' in User-Name = "steve", looking up realm NULL
  80. [suffix] No such realm "NULL"
  81. ++[suffix] returns noop
  82. [ldap] performing user authorization for steve
  83. [ldap] expand: %{Stripped-User-Name} ->
  84. [ldap] ... expanding second conditional
  85. [ldap] expand: %{User-Name} -> steve
  86. [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=steve)
  87. [ldap] expand: dc=prateek,dc=com -> dc=prateek,dc=com
  88. [ldap] ldap_get_conn: Checking Id: 0
  89. [ldap] ldap_get_conn: Got Id: 0
  90. [ldap] performing search in dc=prateek,dc=com, with filter (uid=steve)
  91. [ldap] looking for check items in directory...
  92. [ldap] userPassword -> Password-With-Header == "stevesecret"
  93. [ldap] looking for reply items in directory...
  94. [ldap] user steve authorized to use remote access
  95. [ldap] ldap_release_conn: Release Id: 0
  96. ++[ldap] returns ok
  97. [eap] EAP packet type response id 10 length 6
  98. [eap] No EAP Start, assuming it's an on-going EAP conversation
  99. ++[eap] returns updated
  100. ++[files] returns noop
  101. ++[expiration] returns noop
  102. ++[logintime] returns noop
  103. [pap] Failed to decode Password-With-Header = "stevesecret"
  104. [pap] WARNING: Auth-Type already set. Not setting to PAP
  105. ++[pap] returns noop
  106. Found Auth-Type = EAP
  107. # Executing group from file /etc/raddb/sites-enabled/default
  108. +- entering group authenticate {...}
  109. [eap] Request found, released from the list
  110. [eap] EAP NAK
  111. [eap] EAP-NAK asked for EAP-Type/peap
  112. [eap] processing type tls
  113. [tls] Initiate
  114. [tls] Start returned 1
  115. ++[eap] returns handled
  116. Sending Access-Challenge of id 175 to 192.168.0.14 port 32779
  117. EAP-Message = 0x010b00061920
  118. Message-Authenticator = 0x00000000000000000000000000000000
  119. State = 0xf9247a83f82f63990be09e468948476c
  120. Finished request 165.
  121. Going to the next request
  122. Waking up in 4.6 seconds.
  123. rad_recv: Access-Request packet from host 192.168.0.14 port 32779, id=176, length=263
  124. User-Name = "steve"
  125. NAS-IP-Address = 192.168.0.14
  126. NAS-Identifier = "hello"
  127. NAS-Port = 0
  128. Called-Station-Id = "00-26-AD-01-20-7D:Prateek"
  129. Calling-Station-Id = "00-03-7F-0B-44-48"
  130. Framed-MTU = 1400
  131. NAS-Port-Type = Wireless-802.11
  132. Connect-Info = "CONNECT 0Mbps 802.11b"
  133. EAP-Message = 0x020b005719800000004d16030100480100004403014fdb44db2090aa55395f2412e9fe4265bfd698a4b39c6aef99f9f8d5ee7d073f0000160000
  134. State = 0xf9247a83f82f63990be09e468948476c
  135. Message-Authenticator = 0xdb7f58c4bd701afd30633640af2d68df
  136. # Executing section authorize from file /etc/raddb/sites-enabled/default
  137. +- entering group authorize {...}
  138. ++[preprocess] returns ok
  139. ++[chap] returns noop
  140. ++[mschap] returns noop
  141. ++[digest] returns noop
  142. [suffix] No '@' in User-Name = "steve", looking up realm NULL
  143. [suffix] No such realm "NULL"
  144. ++[suffix] returns noop
  145. [ldap] performing user authorization for steve
  146. [ldap] expand: %{Stripped-User-Name} ->
  147. [ldap] ... expanding second conditional
  148. [ldap] expand: %{User-Name} -> steve
  149. [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=steve)
  150. [ldap] expand: dc=prateek,dc=com -> dc=prateek,dc=com
  151. [ldap] ldap_get_conn: Checking Id: 0
  152. [ldap] ldap_get_conn: Got Id: 0
  153. [ldap] performing search in dc=prateek,dc=com, with filter (uid=steve)
  154. [ldap] looking for check items in directory...
  155. [ldap] userPassword -> Password-With-Header == "stevesecret"
  156. [ldap] looking for reply items in directory...
  157. [ldap] user steve authorized to use remote access
  158. [ldap] ldap_release_conn: Release Id: 0
  159. ++[ldap] returns ok
  160. [eap] EAP packet type response id 11 length 87
  161. [eap] Continuing tunnel setup.
  162. ++[eap] returns ok
  163. Found Auth-Type = EAP
  164. # Executing group from file /etc/raddb/sites-enabled/default
  165. +- entering group authenticate {...}
  166. [eap] Request found, released from the list
  167. [eap] EAP/peap
  168. [eap] processing type peap
  169. [peap] processing EAP-TLS
  170. TLS Length 77
  171. [peap] Length Included
  172. [peap] eaptls_verify returned 11
  173. [peap] (other): before/accept initialization
  174. [peap] TLS_accept: before/accept initialization
  175. [peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
  176. [peap] TLS_accept: SSLv3 read client hello A
  177. [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
  178. [peap] TLS_accept: SSLv3 write server hello A
  179. [peap] >>> TLS 1.0 Handshake [length 085e], Certificate
  180. [peap] TLS_accept: SSLv3 write certificate A
  181. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  182. [peap] TLS_accept: SSLv3 write server done A
  183. [peap] TLS_accept: SSLv3 flush data
  184. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
  185. In SSL Handshake Phase
  186. In SSL Accept mode
  187. [peap] eaptls_process returned 13
  188. [peap] EAPTLS_HANDLED
  189. ++[eap] returns handled
  190. Sending Access-Challenge of id 176 to 192.168.0.14 port 32779
  191. EAP-Message = 0x010c040019c00000089b160301002a0200002603014fd797d54f8f12fbeb590a6b08fa1e3e1ac50a8142aeca200b2a2866f9867de90000040019
  192. EAP-Message = 0x301e170d3132303431303037313731365a170d3134303431303037313731365a307c310b3009060355040613024652310f300d06035504081309
  193. EAP-Message = 0x13c88d95481271505b5dc1c5233845f92d27a86437257fc232342a0f9906cb0711675e4efb58f24b96ce1d46c78a766291d6ac815ca31ef5c008
  194. EAP-Message = 0x067bc8f2cdd77b7a8be176de70b90c83e515e2bf160c1bbc0099b26481faf1b83097095de9cb49ed9a9b6e72aec8a12ee5bc6c01517a0e7e1554
  195. EAP-Message = 0xa73082038fa0030201020209
  196. Message-Authenticator = 0x00000000000000000000000000000000
  197. State = 0xf9247a83fb2863990be09e468948476c
  198. Finished request 166.
  199. Going to the next request
  200. Waking up in 4.3 seconds.
  201. rad_recv: Access-Request packet from host 192.168.0.14 port 32779, id=177, length=182
  202. User-Name = "steve"
  203. NAS-IP-Address = 192.168.0.14
  204. NAS-Identifier = "hello"
  205. NAS-Port = 0
  206. Called-Station-Id = "00-26-AD-01-20-7D:Prateek"
  207. Calling-Station-Id = "00-03-7F-0B-44-48"
  208. Framed-MTU = 1400
  209. NAS-Port-Type = Wireless-802.11
  210. Connect-Info = "CONNECT 0Mbps 802.11b"
  211. EAP-Message = 0x020c00061900
  212. State = 0xf9247a83fb2863990be09e468948476c
  213. Message-Authenticator = 0x7a897ae641bab6b5b48c36332dda0c70
  214. # Executing section authorize from file /etc/raddb/sites-enabled/default
  215. +- entering group authorize {...}
  216. ++[preprocess] returns ok
  217. ++[chap] returns noop
  218. ++[mschap] returns noop
  219. ++[digest] returns noop
  220. [suffix] No '@' in User-Name = "steve", looking up realm NULL
  221. [suffix] No such realm "NULL"
  222. ++[suffix] returns noop
  223. [ldap] performing user authorization for steve
  224. [ldap] expand: %{Stripped-User-Name} ->
  225. [ldap] ... expanding second conditional
  226. [ldap] expand: %{User-Name} -> steve
  227. [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=steve)
  228. [ldap] expand: dc=prateek,dc=com -> dc=prateek,dc=com
  229. [ldap] ldap_get_conn: Checking Id: 0
  230. [ldap] ldap_get_conn: Got Id: 0
  231. [ldap] performing search in dc=prateek,dc=com, with filter (uid=steve)
  232. [ldap] looking for check items in directory...
  233. [ldap] userPassword -> Password-With-Header == "stevesecret"
  234. [ldap] looking for reply items in directory...
  235. [ldap] user steve authorized to use remote access
  236. [ldap] ldap_release_conn: Release Id: 0
  237. ++[ldap] returns ok
  238. [eap] EAP packet type response id 12 length 6
  239. [eap] Continuing tunnel setup.
  240. ++[eap] returns ok
  241. Found Auth-Type = EAP
  242. # Executing group from file /etc/raddb/sites-enabled/default
  243. +- entering group authenticate {...}
  244. [eap] Request found, released from the list
  245. [eap] EAP/peap
  246. [eap] processing type peap
  247. [peap] processing EAP-TLS
  248. [peap] Received TLS ACK
  249. [peap] ACK handshake fragment handler
  250. [peap] eaptls_verify returned 1
  251. [peap] eaptls_process returned 13
  252. [peap] EAPTLS_HANDLED
  253. ++[eap] returns handled
  254. Sending Access-Challenge of id 177 to 192.168.0.14 port 32779
  255. EAP-Message = 0x010d03fc194000d8e326f43defcfa0300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d0603550408130654
  256. EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e47
  257. EAP-Message = 0x8503de2b49e9fecda441afb0fb9d5f010c65bdd372cfb25eb428653872864c0a604be24af88f1f8c98521be3566ae3985fc9f320bb761a687fc4
  258. EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e0606
  259. EAP-Message = 0x22e286ab789f4f44
  260. Message-Authenticator = 0x00000000000000000000000000000000
  261. State = 0xf9247a83fa2963990be09e468948476c
  262. Finished request 167.
  263. Going to the next request
  264. Waking up in 3.9 seconds.
  265. rad_recv: Access-Request packet from host 192.168.0.14 port 32779, id=178, length=182
  266. User-Name = "steve"
  267. NAS-IP-Address = 192.168.0.14
  268. NAS-Identifier = "hello"
  269. NAS-Port = 0
  270. Called-Station-Id = "00-26-AD-01-20-7D:Prateek"
  271. Calling-Station-Id = "00-03-7F-0B-44-48"
  272. Framed-MTU = 1400
  273. NAS-Port-Type = Wireless-802.11
  274. Connect-Info = "CONNECT 0Mbps 802.11b"
  275. EAP-Message = 0x020d00061900
  276. State = 0xf9247a83fa2963990be09e468948476c
  277. Message-Authenticator = 0x15bda512b8f348ec0fda47f1dff12780
  278. # Executing section authorize from file /etc/raddb/sites-enabled/default
  279. +- entering group authorize {...}
  280. ++[preprocess] returns ok
  281. ++[chap] returns noop
  282. ++[mschap] returns noop
  283. ++[digest] returns noop
  284. [suffix] No '@' in User-Name = "steve", looking up realm NULL
  285. [suffix] No such realm "NULL"
  286. ++[suffix] returns noop
  287. [ldap] performing user authorization for steve
  288. [ldap] expand: %{Stripped-User-Name} ->
  289. [ldap] ... expanding second conditional
  290. [ldap] expand: %{User-Name} -> steve
  291. [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=steve)
  292. [ldap] expand: dc=prateek,dc=com -> dc=prateek,dc=com
  293. [ldap] ldap_get_conn: Checking Id: 0
  294. [ldap] ldap_get_conn: Got Id: 0
  295. [ldap] performing search in dc=prateek,dc=com, with filter (uid=steve)
  296. [ldap] looking for check items in directory...
  297. [ldap] userPassword -> Password-With-Header == "stevesecret"
  298. [ldap] looking for reply items in directory...
  299. [ldap] user steve authorized to use remote access
  300. [ldap] ldap_release_conn: Release Id: 0
  301. ++[ldap] returns ok
  302. [eap] EAP packet type response id 13 length 6
  303. [eap] Continuing tunnel setup.
  304. ++[eap] returns ok
  305. Found Auth-Type = EAP
  306. # Executing group from file /etc/raddb/sites-enabled/default
  307. +- entering group authenticate {...}
  308. [eap] Request found, released from the list
  309. [eap] EAP/peap
  310. [eap] processing type peap
  311. [peap] processing EAP-TLS
  312. [peap] Received TLS ACK
  313. [peap] ACK handshake fragment handler
  314. [peap] eaptls_verify returned 1
  315. [peap] eaptls_process returned 13
  316. [peap] EAPTLS_HANDLED
  317. ++[eap] returns handled
  318. Sending Access-Challenge of id 178 to 192.168.0.14 port 32779
  319. EAP-Message = 0x010e00b519005121aace8a6a362647daeb3deee0bd2f7cf2d33d3e799f00fe4d2a6f8380e826624b1cb16a1b252d74009b0a0ed7db37eafdf640
  320. Message-Authenticator = 0x00000000000000000000000000000000
  321. State = 0xf9247a83fd2a63990be09e468948476c
  322. Finished request 168.
  323. Going to the next request
  324. Waking up in 3.6 seconds.
  325. rad_recv: Access-Request packet from host 192.168.0.14 port 32779, id=179, length=182
  326. User-Name = "steve"
  327. NAS-IP-Address = 192.168.0.14
  328. NAS-Identifier = "hello"
  329. NAS-Port = 0
  330. Called-Station-Id = "00-26-AD-01-20-7D:Prateek"
  331. Calling-Station-Id = "00-03-7F-0B-44-48"
  332. Framed-MTU = 1400
  333. NAS-Port-Type = Wireless-802.11
  334. Connect-Info = "CONNECT 0Mbps 802.11b"
  335. EAP-Message = 0x020e00061900
  336. State = 0xf9247a83fd2a63990be09e468948476c
  337. Message-Authenticator = 0x8ef672d2d05f6e21667e2dc865ed70e2
  338. # Executing section authorize from file /etc/raddb/sites-enabled/default
  339. +- entering group authorize {...}
  340. ++[preprocess] returns ok
  341. ++[chap] returns noop
  342. ++[mschap] returns noop
  343. ++[digest] returns noop
  344. [suffix] No '@' in User-Name = "steve", looking up realm NULL
  345. [suffix] No such realm "NULL"
  346. ++[suffix] returns noop
  347. [ldap] performing user authorization for steve
  348. [ldap] expand: %{Stripped-User-Name} ->
  349. [ldap] ... expanding second conditional
  350. [ldap] expand: %{User-Name} -> steve
  351. [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=steve)
  352. [ldap] expand: dc=prateek,dc=com -> dc=prateek,dc=com
  353. [ldap] ldap_get_conn: Checking Id: 0
  354. [ldap] ldap_get_conn: Got Id: 0
  355. [ldap] performing search in dc=prateek,dc=com, with filter (uid=steve)
  356. [ldap] looking for check items in directory...
  357. [ldap] userPassword -> Password-With-Header == "stevesecret"
  358. [ldap] looking for reply items in directory...
  359. [ldap] user steve authorized to use remote access
  360. [ldap] ldap_release_conn: Release Id: 0
  361. ++[ldap] returns ok
  362. [eap] EAP packet type response id 14 length 6
  363. [eap] Continuing tunnel setup.
  364. ++[eap] returns ok
  365. Found Auth-Type = EAP
  366. # Executing group from file /etc/raddb/sites-enabled/default
  367. +- entering group authenticate {...}
  368. [eap] Request found, released from the list
  369. [eap] EAP/peap
  370. [eap] processing type peap
  371. [peap] processing EAP-TLS
  372. [peap] Received TLS ACK
  373. [peap] ACK handshake fragment handler
  374. [peap] eaptls_verify returned 1
  375. [peap] eaptls_process returned 13
  376. [peap] EAPTLS_HANDLED
  377. ++[eap] returns handled
  378. Sending Access-Challenge of id 179 to 192.168.0.14 port 32779
  379. EAP-Message = 0x010f00061900
  380. Message-Authenticator = 0x00000000000000000000000000000000
  381. State = 0xf9247a83fc2b63990be09e468948476c
  382. Finished request 169.
  383. Going to the next request
  384. Waking up in 3.6 seconds.
  385. Cleaning up request 164 ID 174 with timestamp +392841345
  386. Waking up in 0.3 seconds.
  387. Cleaning up request 165 ID 175 with timestamp +392841345
  388. Cleaning up request 166 ID 176 with timestamp +392841346
  389. Waking up in 0.6 seconds.
  390. Cleaning up request 167 ID 177 with timestamp +392841346
  391. Waking up in 0.3 seconds.
  392. Cleaning up request 168 ID 178 with timestamp +392841346
  393. Cleaning up request 169 ID 179 with timestamp +392841347
  394. WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  395. WARNING: !! EAP session for state 0xf9247a83fc2b6399 did not finish!
  396. WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
  397. WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  398. Ready to process requests.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!