API tools faq
paste
Advertisement
Guest User

radius log

a guest
Nov 17th, 2017
330
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 42.84 KB | None | 0 0
raw download clone embed print report
  1. root@net0:/etc/freeradius# freeradius -X
  2. freeradius: FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Jul 26 2017 at 15:27:21
  3. Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE.
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License.
  8. For more information about these matters, see the file named COPYRIGHT.
  9. Starting - reading configuration files ...
  10. including configuration file /etc/freeradius/radiusd.conf
  11. including configuration file /etc/freeradius/proxy.conf
  12. including configuration file /etc/freeradius/clients.conf
  13. including files in directory /etc/freeradius/modules/
  14. including configuration file /etc/freeradius/modules/expiration
  15. including configuration file /etc/freeradius/modules/soh
  16. including configuration file /etc/freeradius/modules/always
  17. including configuration file /etc/freeradius/modules/files
  18. including configuration file /etc/freeradius/modules/wimax
  19. including configuration file /etc/freeradius/modules/cui
  20. including configuration file /etc/freeradius/modules/checkval
  21. including configuration file /etc/freeradius/modules/passwd
  22. including configuration file /etc/freeradius/modules/perl
  23. including configuration file /etc/freeradius/modules/otp
  24. including configuration file /etc/freeradius/modules/chap
  25. including configuration file /etc/freeradius/modules/detail.log
  26. including configuration file /etc/freeradius/modules/replicate
  27. including configuration file /etc/freeradius/modules/etc_group
  28. including configuration file /etc/freeradius/modules/smsotp
  29. including configuration file /etc/freeradius/modules/realm
  30. including configuration file /etc/freeradius/modules/ippool
  31. including configuration file /etc/freeradius/modules/attr_filter
  32. including configuration file /etc/freeradius/modules/detail
  33. including configuration file /etc/freeradius/modules/detail.example.com
  34. including configuration file /etc/freeradius/modules/expr
  35. including configuration file /etc/freeradius/modules/pam
  36. including configuration file /etc/freeradius/modules/digest
  37. including configuration file /etc/freeradius/modules/mschap
  38. including configuration file /etc/freeradius/modules/attr_rewrite
  39. including configuration file /etc/freeradius/modules/ntlm_auth
  40. including configuration file /etc/freeradius/modules/dhcp_sqlippool
  41. including configuration file /etc/freeradius/modules/ldap
  42. including configuration file /etc/freeradius/modules/pap
  43. including configuration file /etc/freeradius/modules/inner-eap
  44. including configuration file /etc/freeradius/modules/preprocess
  45. including configuration file /etc/freeradius/modules/logintime
  46. including configuration file /etc/freeradius/modules/radrelay
  47. including configuration file /etc/freeradius/modules/unix
  48. including configuration file /etc/freeradius/modules/cache
  49. including configuration file /etc/freeradius/modules/linelog
  50. including configuration file /etc/freeradius/modules/opendirectory
  51. including configuration file /etc/freeradius/modules/echo
  52. including configuration file /etc/freeradius/modules/mac2ip
  53. including configuration file /etc/freeradius/modules/acct_unique
  54. including configuration file /etc/freeradius/modules/sql_log
  55. including configuration file /etc/freeradius/modules/smbpasswd
  56. including configuration file /etc/freeradius/modules/python
  57. including configuration file /etc/freeradius/modules/radutmp
  58. including configuration file /etc/freeradius/modules/exec
  59. including configuration file /etc/freeradius/modules/sradutmp
  60. including configuration file /etc/freeradius/modules/polylan_auth
  61. including configuration file /etc/freeradius/modules/rediswho
  62. including configuration file /etc/freeradius/modules/dynamic_clients
  63. including configuration file /etc/freeradius/modules/counter
  64. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  65. including configuration file /etc/freeradius/modules/policy
  66. including configuration file /etc/freeradius/modules/mac2vlan
  67. including configuration file /etc/freeradius/modules/krb5
  68. including configuration file /etc/freeradius/modules/redis
  69. including configuration file /etc/freeradius/eap.conf
  70. including configuration file /etc/freeradius/policy.conf
  71. including files in directory /etc/freeradius/sites-enabled/
  72. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  73. including configuration file /etc/freeradius/sites-enabled/default
  74. main {
  75. user = "freerad"
  76. group = "freerad"
  77. allow_core_dumps = no
  78. }
  79. including dictionary file /etc/freeradius/dictionary
  80. main {
  81. name = "net0-freerad"
  82. prefix = "/usr"
  83. localstatedir = "/var"
  84. sbindir = "/usr/sbin"
  85. logdir = "/var/log/freeradius"
  86. run_dir = "/var/run/freeradius"
  87. libdir = "/usr/lib/freeradius"
  88. radacctdir = "/var/log/freeradius/radacct"
  89. hostname_lookups = no
  90. max_request_time = 30
  91. cleanup_delay = 5
  92. max_requests = 1024
  93. pidfile = "/var/run/freeradius/net0-freerad.pid"
  94. checkrad = "/usr/sbin/checkrad"
  95. debug_level = 0
  96. proxy_requests = yes
  97. log {
  98. stripped_names = no
  99. auth = no
  100. auth_badpass = yes
  101. auth_goodpass = no
  102. }
  103. security {
  104. max_attributes = 200
  105. reject_delay = 1
  106. status_server = yes
  107. allow_vulnerable_openssl = no
  108. }
  109. }
  110. radiusd: #### Loading Realms and Home Servers ####
  111. proxy server {
  112. retry_delay = 5
  113. retry_count = 3
  114. default_fallback = no
  115. dead_time = 120
  116. wake_all_if_all_dead = no
  117. }
  118. home_server localhost {
  119. ipaddr = 127.0.0.1
  120. port = 1812
  121. type = "auth"
  122. secret = "testing123"
  123. response_window = 20
  124. max_outstanding = 65536
  125. require_message_authenticator = yes
  126. zombie_period = 40
  127. status_check = "status-server"
  128. ping_interval = 30
  129. check_interval = 30
  130. num_answers_to_alive = 3
  131. num_pings_to_alive = 3
  132. revive_interval = 120
  133. status_check_timeout = 4
  134. coa {
  135. irt = 2
  136. mrt = 16
  137. mrc = 5
  138. mrd = 30
  139. }
  140. }
  141. home_server_pool my_auth_failover {
  142. type = fail-over
  143. home_server = localhost
  144. }
  145. realm example.com {
  146. auth_pool = my_auth_failover
  147. }
  148. realm LOCAL {
  149. }
  150. radiusd: #### Loading Clients ####
  151. client 127.0.0.1 {
  152. require_message_authenticator = no
  153. secret = "1234"
  154. nastype = "cisco"
  155. }
  156. client 10.0.42.0/24 {
  157. require_message_authenticator = no
  158. secret = "1234"
  159. nastype = "cisco"
  160. }
  161. client 10.0.20.0/22 {
  162. require_message_authenticator = no
  163. secret = "1234"
  164. nastype = "cisco"
  165. }
  166. radiusd: #### Instantiating modules ####
  167. instantiate {
  168. Module: Linked to module rlm_exec
  169. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  170. exec {
  171. wait = no
  172. input_pairs = "request"
  173. shell_escape = yes
  174. timeout = 10
  175. }
  176. Module: Linked to module rlm_python
  177. Module: Instantiating module "python" from file /etc/freeradius/modules/python
  178. python_init done
  179. python {
  180. mod_instantiate = "polylan_auth"
  181. func_instantiate = "instantiate"
  182. mod_authorize = "polylan_auth"
  183. func_authorize = "authorize"
  184. mod_authenticate = "polylan_auth"
  185. func_authenticate = "authenticate"
  186. mod_accounting = "polylan_auth"
  187. func_accounting = "accounting"
  188. mod_post_auth = "polylan_auth"
  189. func_post_auth = "post_auth"
  190. mod_detach = "polylan_auth"
  191. func_detach = "detach"
  192. }
  193. instantiate the polylan authentication module
  194. Module: Linked to module rlm_expr
  195. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  196. Module: Linked to module rlm_expiration
  197. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  198. expiration {
  199. reply-message = "Password Has Expired "
  200. }
  201. Module: Linked to module rlm_logintime
  202. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  203. logintime {
  204. reply-message = "You are calling outside your allowed timespan "
  205. minimum-timeout = 60
  206. }
  207. }
  208. radiusd: #### Loading Virtual Servers ####
  209. server { # from file /etc/freeradius/radiusd.conf
  210. modules {
  211. Module: Creating Auth-Type = python
  212. Module: Creating Auth-Type = digest
  213. Module: Checking authenticate {...} for more modules to load
  214. Module: Linked to module rlm_digest
  215. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  216. Module: Linked to module rlm_unix
  217. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  218. unix {
  219. radwtmp = "/var/log/freeradius/radwtmp"
  220. }
  221. Module: Linked to module rlm_eap
  222. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  223. eap {
  224. default_eap_type = "md5"
  225. timer_expire = 60
  226. ignore_unknown_eap_types = no
  227. cisco_accounting_username_bug = no
  228. max_sessions = 4096
  229. }
  230. Module: Linked to sub-module rlm_eap_md5
  231. Module: Instantiating eap-md5
  232. Module: Linked to sub-module rlm_eap_leap
  233. Module: Instantiating eap-leap
  234. Module: Linked to sub-module rlm_eap_gtc
  235. Module: Instantiating eap-gtc
  236. gtc {
  237. challenge = "Password: "
  238. auth_type = "PAP"
  239. }
  240. Module: Linked to sub-module rlm_eap_tls
  241. Module: Instantiating eap-tls
  242. tls {
  243. rsa_key_exchange = no
  244. dh_key_exchange = yes
  245. rsa_key_length = 512
  246. dh_key_length = 512
  247. verify_depth = 0
  248. CA_path = "/etc/freeradius/certs"
  249. pem_file_type = yes
  250. private_key_file = "/etc/freeradius/certs/server.key"
  251. certificate_file = "/etc/freeradius/certs/server.pem"
  252. CA_file = "/etc/freeradius/certs/ca.pem"
  253. private_key_password = "whatever"
  254. dh_file = "/etc/freeradius/certs/dh"
  255. random_file = "/dev/urandom"
  256. fragment_size = 1024
  257. include_length = yes
  258. check_crl = no
  259. check_all_crl = no
  260. cipher_list = "DEFAULT"
  261. make_cert_command = "/etc/freeradius/certs/bootstrap"
  262. ecdh_curve = "prime256v1"
  263. cache {
  264. enable = no
  265. lifetime = 24
  266. max_entries = 255
  267. }
  268. verify {
  269. }
  270. ocsp {
  271. enable = no
  272. override_cert_url = yes
  273. url = "http://127.0.0.1/ocsp/"
  274. use_nonce = yes
  275. timeout = 0
  276. softfail = no
  277. }
  278. }
  279. Module: Linked to sub-module rlm_eap_ttls
  280. Module: Instantiating eap-ttls
  281. ttls {
  282. default_eap_type = "md5"
  283. copy_request_to_tunnel = no
  284. use_tunneled_reply = no
  285. virtual_server = "inner-tunnel"
  286. include_length = yes
  287. }
  288. Module: Linked to sub-module rlm_eap_peap
  289. Module: Instantiating eap-peap
  290. peap {
  291. default_eap_type = "mschapv2"
  292. copy_request_to_tunnel = yes
  293. use_tunneled_reply = no
  294. proxy_tunneled_request_as_eap = yes
  295. virtual_server = "inner-tunnel"
  296. soh = no
  297. }
  298. Module: Linked to sub-module rlm_eap_mschapv2
  299. Module: Instantiating eap-mschapv2
  300. mschapv2 {
  301. with_ntdomain_hack = no
  302. send_error = no
  303. }
  304. Module: Checking authorize {...} for more modules to load
  305. Module: Linked to module rlm_chap
  306. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  307. Module: Linked to module rlm_mschap
  308. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  309. mschap {
  310. use_mppe = yes
  311. require_encryption = no
  312. require_strong = no
  313. with_ntdomain_hack = no
  314. allow_retry = yes
  315. }
  316. Module: Linked to module rlm_realm
  317. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  318. realm suffix {
  319. format = "suffix"
  320. delimiter = "@"
  321. ignore_default = no
  322. ignore_null = no
  323. }
  324. Module: Linked to module rlm_files
  325. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  326. files {
  327. usersfile = "/etc/freeradius/users"
  328. acctusersfile = "/etc/freeradius/acct_users"
  329. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  330. compat = "no"
  331. }
  332. reading pairlist file /etc/freeradius/users
  333. reading pairlist file /etc/freeradius/acct_users
  334. reading pairlist file /etc/freeradius/preproxy_users
  335. Module: Linked to module rlm_pap
  336. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  337. pap {
  338. encryption_scheme = "auto"
  339. auto_header = no
  340. }
  341. Module: Checking preacct {...} for more modules to load
  342. Module: Linked to module rlm_preprocess
  343. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  344. preprocess {
  345. huntgroups = "/etc/freeradius/huntgroups"
  346. hints = "/etc/freeradius/hints"
  347. with_ascend_hack = no
  348. ascend_channels_per_line = 23
  349. with_ntdomain_hack = no
  350. with_specialix_jetstream_hack = no
  351. with_cisco_vsa_hack = no
  352. with_alvarion_vsa_hack = no
  353. }
  354. reading pairlist file /etc/freeradius/huntgroups
  355. reading pairlist file /etc/freeradius/hints
  356. Module: Linked to module rlm_acct_unique
  357. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  358. acct_unique {
  359. key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
  360. }
  361. Module: Checking accounting {...} for more modules to load
  362. Module: Linked to module rlm_detail
  363. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  364. detail {
  365. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  366. header = "%t"
  367. detailperm = 384
  368. dirperm = 493
  369. locking = no
  370. log_packet_header = no
  371. escape_filenames = no
  372. }
  373. Module: Linked to module rlm_attr_filter
  374. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  375. attr_filter attr_filter.accounting_response {
  376. attrsfile = "/etc/freeradius/attrs.accounting_response"
  377. key = "%{User-Name}"
  378. relaxed = no
  379. }
  380. reading pairlist file /etc/freeradius/attrs.accounting_response
  381. Module: Checking session {...} for more modules to load
  382. Module: Linked to module rlm_radutmp
  383. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  384. radutmp {
  385. filename = "/var/log/freeradius/radutmp"
  386. username = "%{User-Name}"
  387. case_sensitive = yes
  388. check_with_nas = yes
  389. perm = 384
  390. callerid = yes
  391. }
  392. Module: Checking post-auth {...} for more modules to load
  393. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  394. attr_filter attr_filter.access_reject {
  395. attrsfile = "/etc/freeradius/attrs.access_reject"
  396. key = "%{User-Name}"
  397. relaxed = no
  398. }
  399. reading pairlist file /etc/freeradius/attrs.access_reject
  400. } # modules
  401. } # server
  402. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  403. modules {
  404. Module: Checking authenticate {...} for more modules to load
  405. Module: Checking authorize {...} for more modules to load
  406. Module: Checking post-proxy {...} for more modules to load
  407. Module: Checking post-auth {...} for more modules to load
  408. } # modules
  409. } # server
  410. radiusd: #### Opening IP addresses and Ports ####
  411. listen {
  412. type = "auth"
  413. ipaddr = *
  414. port = 0
  415. }
  416. listen {
  417. type = "acct"
  418. ipaddr = *
  419. port = 0
  420. }
  421. listen {
  422. type = "auth"
  423. ipaddr = *
  424. port = 18120
  425. }
  426. ... adding new socket proxy address * port 58850
  427. Listening on authentication address * port 1812
  428. Listening on accounting address * port 1813
  429. Listening on authentication address * port 18120 as server inner-tunnel
  430. Listening on proxy address * port 1814
  431. Ready to process requests.
  432. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=184, length=176
  433. User-Name = "Deeptwix"
  434. NAS-IP-Address = 10.0.20.36
  435. NAS-Identifier = "f09fc2a37292"
  436. NAS-Port = 0
  437. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  438. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  439. Framed-MTU = 1400
  440. NAS-Port-Type = Wireless-802.11
  441. Connect-Info = "CONNECT 0Mbps 802.11b"
  442. EAP-Message = 0x02d4000d014465657074776978
  443. Message-Authenticator = 0x2ee8cbecd2df6decbf1c7f3b26182cc0
  444. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  445. +group authorize {
  446. rlm_python:authorize: 'Session-Timeout' = '4000'
  447. rlm_python:authorize: 'Auth-Type' = 'python'
  448. ++[python] = updated
  449. ++[chap] = noop
  450. ++[mschap] = noop
  451. ++[digest] = noop
  452. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  453. [suffix] No such realm "NULL"
  454. ++[suffix] = noop
  455. [eap] EAP packet type response id 212 length 13
  456. [eap] No EAP Start, assuming it's an on-going EAP conversation
  457. ++[eap] = updated
  458. ++[files] = noop
  459. ++[expiration] = noop
  460. ++[logintime] = noop
  461. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  462. ++[pap] = noop
  463. +} # group authorize = updated
  464. Found Auth-Type = python
  465. Found Auth-Type = EAP
  466. Warning: Found 2 auth-types on request for user 'Deeptwix'
  467. # Executing group from file /etc/freeradius/sites-enabled/default
  468. +group authenticate {
  469. [eap] EAP Identity
  470. [eap] processing type md5
  471. rlm_eap_md5: Issuing Challenge
  472. ++[eap] = handled
  473. +} # group authenticate = handled
  474. Sending Access-Challenge of id 184 to 10.0.20.36 port 51361
  475. Session-Timeout = 4000
  476. EAP-Message = 0x01d50016041016d31b96fb4e3a34bf3d9a000c2c74da
  477. Message-Authenticator = 0x00000000000000000000000000000000
  478. State = 0x273c30fd27e93464cbd64c0a8a081c71
  479. Finished request 0.
  480. Going to the next request
  481. Waking up in 4.9 seconds.
  482. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=185, length=189
  483. User-Name = "Deeptwix"
  484. NAS-IP-Address = 10.0.20.36
  485. NAS-Identifier = "f09fc2a37292"
  486. NAS-Port = 0
  487. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  488. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  489. Framed-MTU = 1400
  490. NAS-Port-Type = Wireless-802.11
  491. Connect-Info = "CONNECT 0Mbps 802.11b"
  492. EAP-Message = 0x02d500080319152b
  493. State = 0x273c30fd27e93464cbd64c0a8a081c71
  494. Message-Authenticator = 0x3fb5c4f56135c58555aeacb9b48ca12a
  495. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  496. +group authorize {
  497. rlm_python:authorize: 'Session-Timeout' = '4000'
  498. rlm_python:authorize: 'Auth-Type' = 'python'
  499. ++[python] = updated
  500. ++[chap] = noop
  501. ++[mschap] = noop
  502. ++[digest] = noop
  503. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  504. [suffix] No such realm "NULL"
  505. ++[suffix] = noop
  506. [eap] EAP packet type response id 213 length 8
  507. [eap] No EAP Start, assuming it's an on-going EAP conversation
  508. ++[eap] = updated
  509. ++[files] = noop
  510. ++[expiration] = noop
  511. ++[logintime] = noop
  512. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  513. ++[pap] = noop
  514. +} # group authorize = updated
  515. Found Auth-Type = python
  516. Found Auth-Type = EAP
  517. Warning: Found 2 auth-types on request for user 'Deeptwix'
  518. # Executing group from file /etc/freeradius/sites-enabled/default
  519. +group authenticate {
  520. [eap] Request found, released from the list
  521. [eap] EAP NAK
  522. [eap] EAP-NAK asked for EAP-Type/peap
  523. [eap] processing type tls
  524. [tls] Initiate
  525. [tls] Start returned 1
  526. ++[eap] = handled
  527. +} # group authenticate = handled
  528. Sending Access-Challenge of id 185 to 10.0.20.36 port 51361
  529. Session-Timeout = 4000
  530. EAP-Message = 0x01d600061920
  531. Message-Authenticator = 0x00000000000000000000000000000000
  532. State = 0x273c30fd26ea2964cbd64c0a8a081c71
  533. Finished request 1.
  534. Going to the next request
  535. Waking up in 4.9 seconds.
  536. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=186, length=308
  537. User-Name = "Deeptwix"
  538. NAS-IP-Address = 10.0.20.36
  539. NAS-Identifier = "f09fc2a37292"
  540. NAS-Port = 0
  541. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  542. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  543. Framed-MTU = 1400
  544. NAS-Port-Type = Wireless-802.11
  545. Connect-Info = "CONNECT 0Mbps 802.11b"
  546. EAP-Message = 0x02d6007f19800000007516030100700100006c03015a0edeb86cecd22097a41ef2b0ffe53204779887db236ded7a5af64306d9a39b00002000ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000a01000023000a00080006001700180019000b000201000005000501000000000012000000170000
  547. State = 0x273c30fd26ea2964cbd64c0a8a081c71
  548. Message-Authenticator = 0xfd35a07d74ed66f53c7acd09dfe7ffc8
  549. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  550. +group authorize {
  551. rlm_python:authorize: 'Session-Timeout' = '4000'
  552. rlm_python:authorize: 'Auth-Type' = 'python'
  553. ++[python] = updated
  554. ++[chap] = noop
  555. ++[mschap] = noop
  556. ++[digest] = noop
  557. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  558. [suffix] No such realm "NULL"
  559. ++[suffix] = noop
  560. [eap] EAP packet type response id 214 length 127
  561. [eap] Continuing tunnel setup.
  562. ++[eap] = ok
  563. +} # group authorize = ok
  564. Found Auth-Type = python
  565. Found Auth-Type = EAP
  566. Warning: Found 2 auth-types on request for user 'Deeptwix'
  567. # Executing group from file /etc/freeradius/sites-enabled/default
  568. +group authenticate {
  569. [eap] Request found, released from the list
  570. [eap] EAP/peap
  571. [eap] processing type peap
  572. [peap] processing EAP-TLS
  573. TLS Length 117
  574. [peap] Length Included
  575. [peap] eaptls_verify returned 11
  576. [peap] (other): before/accept initialization
  577. [peap] TLS_accept: before/accept initialization
  578. [peap] <<< Unknown TLS version [length 0005]
  579. [peap] <<< TLS 1.0 Handshake [length 0070], ClientHello
  580. [peap] TLS_accept: unknown state
  581. [peap] >>> Unknown TLS version [length 0005]
  582. [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
  583. [peap] TLS_accept: unknown state
  584. [peap] >>> Unknown TLS version [length 0005]
  585. [peap] >>> TLS 1.0 Handshake [length 02d2], Certificate
  586. [peap] TLS_accept: unknown state
  587. [peap] >>> Unknown TLS version [length 0005]
  588. [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
  589. [peap] TLS_accept: unknown state
  590. [peap] >>> Unknown TLS version [length 0005]
  591. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  592. [peap] TLS_accept: unknown state
  593. [peap] TLS_accept: unknown state
  594. [peap] TLS_accept: unknown state
  595. [peap] TLS_accept: Need to read more data: unknown state
  596. [peap] TLS_accept: Need to read more data: unknown state
  597. In SSL Handshake Phase
  598. In SSL Accept mode
  599. [peap] eaptls_process returned 13
  600. [peap] EAPTLS_HANDLED
  601. ++[eap] = handled
  602. +} # group authenticate = handled
  603. Sending Access-Challenge of id 186 to 10.0.20.36 port 51361
  604. Session-Timeout = 4000
  605. EAP-Message = 0x01d7040019c00000046e1603010039020000350301d13880d0a9e5b92fcf2952e4a61b1b4305d7328b4a449e318f3f49a750968fe600c01400000dff01000100000b00040300010216030102d20b0002ce0002cb0002c8308202c4308201aca003020102020900af8abee32931c4b9300d06092a864886f70d01010b0500301a3118301606035504030c0f6e6574302e706f6c796c616e2e6368301e170d3137313131323032303431355a170d3237313131303032303431355a301a3118301606035504030c0f6e6574302e706f6c796c616e2e636830820122300d06092a864886f70d01010105000382010f003082010a0282010100d7290137e520
  606. EAP-Message = 0x9e9ebbdd6e92ee02b376e4f53bf0f05d2a6ca87659fc8f2bb1e01564f231aa18b8d22d761d5c752277421799f0ee421619dd35b6afd3c6745f108c3b2e950830d4f67d0f22d0b6cbdd01d46729442401b46f1ffda516114e1a06b8604ee05bdb8c6b530e873948e6127527da4eeabd8b4d4a03eafebf3b8db47b0b278c1ff16dedb03369df4ba245a81b1ff2ca5d3c097f021c4159299abd83d6d01bdf43b5d0d689eae631c034257544b7a9c0a07ba1d6f3b575150a31cf08ba5a4bd3793a8143c702e45e7c1552b65f628ab16b1ad9b2c640bb7866f74e02cda86fe2e35446169fe9f90320bf58c53420bb3fee796359787606f74497b7b455020301
  607. EAP-Message = 0x0001a30d300b30090603551d1304023000300d06092a864886f70d01010b05000382010100869afacab7a81fe51281aade189e4e7b07ecf1300e304f649a7b988f383671681e42d3d09866756bd725628fca3dfe87c7c447b82237f27794e313d442420865b3dafb6ed7e9284fbfb749d2ecc09184ebaedf66c06c2f589d2d8410c2491506de51f22ee6cbb76f22d801f19997e644e5c20f83ebee848d9ce5af806de9f9df99cc9bb178fefa4d0f1b475d2fa6ab4dd894405c0e3fd6ffffa1e8c06171844ab9159614718f07245060cc4cb7edd28a2a343fc8f6f36c3d9493bc6b7c8e739ae679ed14c62130327f4ec86ca3694e7e68f360b8e60d3cfa
  608. EAP-Message = 0x72530e00a0f85e0ac404356aab7362b9368f2a6af67c184d5297fc35a20331eb47b1f8af9a59cd69160301014b0c000147030017410455014ab2dc790af1465c2448ce26e4cef95538fd7d08c4ea74d842850cd5b93c2e7c6a95f991c478090fed3c89170bdbc143c55121c589293e03a3976456677c01009e5bfc57ffe7a4f945600f06f298a0770b7d9d2313374bcfbcc27357f358616a02728b14f9f2b073dda37a51f7ded63c0cb8ecbf75f2bedd94bfadcebba0450392ee58fb227c1f3f9b7e5db4ec2a27ec0b468f84cbb6ec6f9fa918d0103c27aa6b1b4ede02c8ba0eafd46fe1e4f0cfb8bab6d8ca0f5fa3e76888952db34113fbedb673919e
  609. EAP-Message = 0x8a7784cf29087eecee411eb9
  610. Message-Authenticator = 0x00000000000000000000000000000000
  611. State = 0x273c30fd25eb2964cbd64c0a8a081c71
  612. Finished request 2.
  613. Going to the next request
  614. Waking up in 4.9 seconds.
  615. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=187, length=187
  616. User-Name = "Deeptwix"
  617. NAS-IP-Address = 10.0.20.36
  618. NAS-Identifier = "f09fc2a37292"
  619. NAS-Port = 0
  620. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  621. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  622. Framed-MTU = 1400
  623. NAS-Port-Type = Wireless-802.11
  624. Connect-Info = "CONNECT 0Mbps 802.11b"
  625. EAP-Message = 0x02d700061900
  626. State = 0x273c30fd25eb2964cbd64c0a8a081c71
  627. Message-Authenticator = 0x96b51e34eeb5f580fb34277300aabf8d
  628. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  629. +group authorize {
  630. rlm_python:authorize: 'Session-Timeout' = '4000'
  631. rlm_python:authorize: 'Auth-Type' = 'python'
  632. ++[python] = updated
  633. ++[chap] = noop
  634. ++[mschap] = noop
  635. ++[digest] = noop
  636. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  637. [suffix] No such realm "NULL"
  638. ++[suffix] = noop
  639. [eap] EAP packet type response id 215 length 6
  640. [eap] Continuing tunnel setup.
  641. ++[eap] = ok
  642. +} # group authorize = ok
  643. Found Auth-Type = python
  644. Found Auth-Type = EAP
  645. Warning: Found 2 auth-types on request for user 'Deeptwix'
  646. # Executing group from file /etc/freeradius/sites-enabled/default
  647. +group authenticate {
  648. [eap] Request found, released from the list
  649. [eap] EAP/peap
  650. [eap] processing type peap
  651. [peap] processing EAP-TLS
  652. [peap] Received TLS ACK
  653. [peap] ACK handshake fragment handler
  654. [peap] eaptls_verify returned 1
  655. [peap] eaptls_process returned 13
  656. [peap] EAPTLS_HANDLED
  657. ++[eap] = handled
  658. +} # group authenticate = handled
  659. Sending Access-Challenge of id 187 to 10.0.20.36 port 51361
  660. Session-Timeout = 4000
  661. EAP-Message = 0x01d8007e19002c1ba6edb823247c8f7477b3548a70b23d8d7058dabd786ff60a1a1cdc845507ac40072fff3fec285f4daa989a6691c242db7d99cae10af0c1bab0db12c3ac47868fc149b2a3a0c20e1a07f6c8093cca4368607f0d98349d48ec9e5b2b40e3313edc2ec9428caaacb6b8d42045581f16030100040e000000
  662. Message-Authenticator = 0x00000000000000000000000000000000
  663. State = 0x273c30fd24e42964cbd64c0a8a081c71
  664. Finished request 3.
  665. Going to the next request
  666. Waking up in 4.9 seconds.
  667. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=188, length=325
  668. User-Name = "Deeptwix"
  669. NAS-IP-Address = 10.0.20.36
  670. NAS-Identifier = "f09fc2a37292"
  671. NAS-Port = 0
  672. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  673. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  674. Framed-MTU = 1400
  675. NAS-Port-Type = Wireless-802.11
  676. Connect-Info = "CONNECT 0Mbps 802.11b"
  677. EAP-Message = 0x02d800901980000000861603010046100000424104967a88d4e4b7caf0e8516e5a9ca5d66eaf73eb1ea106ce4b989744be2f1cd4f85e8908e8c9148acd353bc1655b41dc58e4fd032d8c2d66d964d92e25f98c3ffa1403010001011603010030678074c716e48f1dc486d2a9eb6ad384225114db3822f75000fc611dd89bd3835400b68dfcab30bbc601a80c075c9267
  678. State = 0x273c30fd24e42964cbd64c0a8a081c71
  679. Message-Authenticator = 0xaba53030167ac8e6ebb243e479e8c545
  680. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  681. +group authorize {
  682. rlm_python:authorize: 'Session-Timeout' = '4000'
  683. rlm_python:authorize: 'Auth-Type' = 'python'
  684. ++[python] = updated
  685. ++[chap] = noop
  686. ++[mschap] = noop
  687. ++[digest] = noop
  688. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  689. [suffix] No such realm "NULL"
  690. ++[suffix] = noop
  691. [eap] EAP packet type response id 216 length 144
  692. [eap] Continuing tunnel setup.
  693. ++[eap] = ok
  694. +} # group authorize = ok
  695. Found Auth-Type = python
  696. Found Auth-Type = EAP
  697. Warning: Found 2 auth-types on request for user 'Deeptwix'
  698. # Executing group from file /etc/freeradius/sites-enabled/default
  699. +group authenticate {
  700. [eap] Request found, released from the list
  701. [eap] EAP/peap
  702. [eap] processing type peap
  703. [peap] processing EAP-TLS
  704. TLS Length 134
  705. [peap] Length Included
  706. [peap] eaptls_verify returned 11
  707. [peap] <<< Unknown TLS version [length 0005]
  708. [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
  709. [peap] TLS_accept: unknown state
  710. [peap] TLS_accept: unknown state
  711. [peap] <<< Unknown TLS version [length 0005]
  712. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  713. [peap] <<< Unknown TLS version [length 0005]
  714. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  715. [peap] TLS_accept: unknown state
  716. [peap] >>> Unknown TLS version [length 0005]
  717. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  718. [peap] TLS_accept: unknown state
  719. [peap] >>> Unknown TLS version [length 0005]
  720. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  721. [peap] TLS_accept: unknown state
  722. [peap] TLS_accept: unknown state
  723. [peap] (other): SSL negotiation finished successfully
  724. SSL Connection Established
  725. [peap] eaptls_process returned 13
  726. [peap] EAPTLS_HANDLED
  727. ++[eap] = handled
  728. +} # group authenticate = handled
  729. Sending Access-Challenge of id 188 to 10.0.20.36 port 51361
  730. Session-Timeout = 4000
  731. EAP-Message = 0x01d90041190014030100010116030100309debc395c30a77e10d74f6e3620333085efaf3fc0aa93ddee62c7534dd7777b7b0400ba215a4c10ce09a67f88c981698
  732. Message-Authenticator = 0x00000000000000000000000000000000
  733. State = 0x273c30fd23e52964cbd64c0a8a081c71
  734. Finished request 4.
  735. Going to the next request
  736. Waking up in 4.9 seconds.
  737. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=189, length=187
  738. User-Name = "Deeptwix"
  739. NAS-IP-Address = 10.0.20.36
  740. NAS-Identifier = "f09fc2a37292"
  741. NAS-Port = 0
  742. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  743. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  744. Framed-MTU = 1400
  745. NAS-Port-Type = Wireless-802.11
  746. Connect-Info = "CONNECT 0Mbps 802.11b"
  747. EAP-Message = 0x02d900061900
  748. State = 0x273c30fd23e52964cbd64c0a8a081c71
  749. Message-Authenticator = 0xac03f0ebc0820ec67721f9959ab07d09
  750. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  751. +group authorize {
  752. rlm_python:authorize: 'Session-Timeout' = '4000'
  753. rlm_python:authorize: 'Auth-Type' = 'python'
  754. ++[python] = updated
  755. ++[chap] = noop
  756. ++[mschap] = noop
  757. ++[digest] = noop
  758. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  759. [suffix] No such realm "NULL"
  760. ++[suffix] = noop
  761. [eap] EAP packet type response id 217 length 6
  762. [eap] Continuing tunnel setup.
  763. ++[eap] = ok
  764. +} # group authorize = ok
  765. Found Auth-Type = python
  766. Found Auth-Type = EAP
  767. Warning: Found 2 auth-types on request for user 'Deeptwix'
  768. # Executing group from file /etc/freeradius/sites-enabled/default
  769. +group authenticate {
  770. [eap] Request found, released from the list
  771. [eap] EAP/peap
  772. [eap] processing type peap
  773. [peap] processing EAP-TLS
  774. [peap] Received TLS ACK
  775. [peap] ACK handshake is finished
  776. [peap] eaptls_verify returned 3
  777. [peap] eaptls_process returned 3
  778. [peap] EAPTLS_SUCCESS
  779. [peap] Session established. Decoding tunneled attributes.
  780. [peap] Peap state TUNNEL ESTABLISHED
  781. [peap] >>> Unknown TLS version [length 0005]
  782. ++[eap] = handled
  783. +} # group authenticate = handled
  784. Sending Access-Challenge of id 189 to 10.0.20.36 port 51361
  785. Session-Timeout = 4000
  786. EAP-Message = 0x01da002b1900170301002082a522e601a612a6d5ad2dbe66ed07901ecd3a9bd001c1fb69654792270009df
  787. Message-Authenticator = 0x00000000000000000000000000000000
  788. State = 0x273c30fd22e62964cbd64c0a8a081c71
  789. Finished request 5.
  790. Going to the next request
  791. Waking up in 4.9 seconds.
  792. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=190, length=224
  793. User-Name = "Deeptwix"
  794. NAS-IP-Address = 10.0.20.36
  795. NAS-Identifier = "f09fc2a37292"
  796. NAS-Port = 0
  797. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  798. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  799. Framed-MTU = 1400
  800. NAS-Port-Type = Wireless-802.11
  801. Connect-Info = "CONNECT 0Mbps 802.11b"
  802. EAP-Message = 0x02da002b19001703010020d4a397a095fd8f29e82a4e7f3a390c74fe33d63c793946fe022d0d409fe4400f
  803. State = 0x273c30fd22e62964cbd64c0a8a081c71
  804. Message-Authenticator = 0xc544430623efffc47fd37db2af2ad476
  805. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  806. +group authorize {
  807. rlm_python:authorize: 'Session-Timeout' = '4000'
  808. rlm_python:authorize: 'Auth-Type' = 'python'
  809. ++[python] = updated
  810. ++[chap] = noop
  811. ++[mschap] = noop
  812. ++[digest] = noop
  813. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  814. [suffix] No such realm "NULL"
  815. ++[suffix] = noop
  816. [eap] EAP packet type response id 218 length 43
  817. [eap] Continuing tunnel setup.
  818. ++[eap] = ok
  819. +} # group authorize = ok
  820. Found Auth-Type = python
  821. Found Auth-Type = EAP
  822. Warning: Found 2 auth-types on request for user 'Deeptwix'
  823. # Executing group from file /etc/freeradius/sites-enabled/default
  824. +group authenticate {
  825. [eap] Request found, released from the list
  826. [eap] EAP/peap
  827. [eap] processing type peap
  828. [peap] processing EAP-TLS
  829. [peap] eaptls_verify returned 7
  830. [peap] Done initial handshake
  831. [peap] <<< Unknown TLS version [length 0005]
  832. [peap] eaptls_process returned 7
  833. [peap] EAPTLS_OK
  834. [peap] Session established. Decoding tunneled attributes.
  835. [peap] Peap state WAITING FOR INNER IDENTITY
  836. [peap] Identity - Deeptwix
  837. [peap] Got inner identity 'Deeptwix'
  838. [peap] Setting default EAP type for tunneled EAP session.
  839. [peap] Got tunneled request
  840. EAP-Message = 0x02da000d014465657074776978
  841. server {
  842. [peap] Setting User-Name to Deeptwix
  843. Sending tunneled request
  844. EAP-Message = 0x02da000d014465657074776978
  845. FreeRADIUS-Proxied-To = 127.0.0.1
  846. User-Name = "Deeptwix"
  847. NAS-IP-Address = 10.0.20.36
  848. NAS-Identifier = "f09fc2a37292"
  849. NAS-Port = 0
  850. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  851. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  852. Framed-MTU = 1400
  853. NAS-Port-Type = Wireless-802.11
  854. Connect-Info = "CONNECT 0Mbps 802.11b"
  855. server inner-tunnel {
  856. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  857. +group authorize {
  858. ++[mschap] = noop
  859. [eap] EAP packet type response id 218 length 13
  860. [eap] No EAP Start, assuming it's an on-going EAP conversation
  861. ++[eap] = updated
  862. ++[files] = noop
  863. ++[expiration] = noop
  864. ++[logintime] = noop
  865. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  866. ++[pap] = noop
  867. +} # group authorize = updated
  868. Found Auth-Type = EAP
  869. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  870. +group authenticate {
  871. [eap] EAP Identity
  872. [eap] processing type mschapv2
  873. rlm_eap_mschapv2: Issuing Challenge
  874. ++[eap] = handled
  875. +} # group authenticate = handled
  876. } # server inner-tunnel
  877. [peap] Got tunneled reply code 11
  878. EAP-Message = 0x01db00221a01db001d1084a83d746ba55c2002ae3f40260c4e584465657074776978
  879. Message-Authenticator = 0x00000000000000000000000000000000
  880. State = 0x73ce834f731599b345b3a8609f5fa6d7
  881. [peap] Got tunneled reply RADIUS code Access-Challenge
  882. EAP-Message = 0x01db00221a01db001d1084a83d746ba55c2002ae3f40260c4e584465657074776978
  883. Message-Authenticator = 0x00000000000000000000000000000000
  884. State = 0x73ce834f731599b345b3a8609f5fa6d7
  885. [peap] Got tunneled Access-Challenge
  886. [peap] >>> Unknown TLS version [length 0005]
  887. ++[eap] = handled
  888. +} # group authenticate = handled
  889. Sending Access-Challenge of id 190 to 10.0.20.36 port 51361
  890. Session-Timeout = 4000
  891. EAP-Message = 0x01db004b1900170301004078d5598e6a84476a8c8d97443e46e3fe6e63034dab431b0da723f85b4836a66a27e666165fe57fa40b414ab4580ae187f4bfa9e31ba1b4e6a0fec29bf9dd9da8
  892. Message-Authenticator = 0x00000000000000000000000000000000
  893. State = 0x273c30fd21e72964cbd64c0a8a081c71
  894. Finished request 6.
  895. Going to the next request
  896. Waking up in 4.8 seconds.
  897. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=191, length=288
  898. User-Name = "Deeptwix"
  899. NAS-IP-Address = 10.0.20.36
  900. NAS-Identifier = "f09fc2a37292"
  901. NAS-Port = 0
  902. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  903. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  904. Framed-MTU = 1400
  905. NAS-Port-Type = Wireless-802.11
  906. Connect-Info = "CONNECT 0Mbps 802.11b"
  907. EAP-Message = 0x02db006b19001703010060da8eb12d0f27be393a4fa07e4242e62e2e866a94f1281717ede9becbfe0aceb0a49bac466a034c02f42364da79e34ee5a8e7ac52add6b07303ccab4dbddeb0ae972d5a90f47bd7bcc2f33507a1f5fcb7e358f7f43c0d06553c61915762bff4d2
  908. State = 0x273c30fd21e72964cbd64c0a8a081c71
  909. Message-Authenticator = 0xb6ca7ae63cc65ebddbdbeaaa9724765e
  910. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  911. +group authorize {
  912. rlm_python:authorize: 'Session-Timeout' = '4000'
  913. rlm_python:authorize: 'Auth-Type' = 'python'
  914. ++[python] = updated
  915. ++[chap] = noop
  916. ++[mschap] = noop
  917. ++[digest] = noop
  918. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  919. [suffix] No such realm "NULL"
  920. ++[suffix] = noop
  921. [eap] EAP packet type response id 219 length 107
  922. [eap] Continuing tunnel setup.
  923. ++[eap] = ok
  924. +} # group authorize = ok
  925. Found Auth-Type = python
  926. Found Auth-Type = EAP
  927. Warning: Found 2 auth-types on request for user 'Deeptwix'
  928. # Executing group from file /etc/freeradius/sites-enabled/default
  929. +group authenticate {
  930. [eap] Request found, released from the list
  931. [eap] EAP/peap
  932. [eap] processing type peap
  933. [peap] processing EAP-TLS
  934. [peap] eaptls_verify returned 7
  935. [peap] Done initial handshake
  936. [peap] <<< Unknown TLS version [length 0005]
  937. [peap] eaptls_process returned 7
  938. [peap] EAPTLS_OK
  939. [peap] Session established. Decoding tunneled attributes.
  940. [peap] Peap state phase2
  941. [peap] EAP type mschapv2
  942. [peap] Got tunneled request
  943. EAP-Message = 0x02db00431a02db003e3115746837a19bf7c6f099ec5b5f83b2ba000000000000000001b5c736dbc689dfddf38dbdb32232c0023f0ed6944f0efa004465657074776978
  944. server {
  945. [peap] Setting User-Name to Deeptwix
  946. Sending tunneled request
  947. EAP-Message = 0x02db00431a02db003e3115746837a19bf7c6f099ec5b5f83b2ba000000000000000001b5c736dbc689dfddf38dbdb32232c0023f0ed6944f0efa004465657074776978
  948. FreeRADIUS-Proxied-To = 127.0.0.1
  949. User-Name = "Deeptwix"
  950. State = 0x73ce834f731599b345b3a8609f5fa6d7
  951. NAS-IP-Address = 10.0.20.36
  952. NAS-Identifier = "f09fc2a37292"
  953. NAS-Port = 0
  954. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  955. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  956. Framed-MTU = 1400
  957. NAS-Port-Type = Wireless-802.11
  958. Connect-Info = "CONNECT 0Mbps 802.11b"
  959. server inner-tunnel {
  960. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  961. +group authorize {
  962. ++[mschap] = noop
  963. [eap] EAP packet type response id 219 length 67
  964. [eap] No EAP Start, assuming it's an on-going EAP conversation
  965. ++[eap] = updated
  966. ++[files] = noop
  967. ++[expiration] = noop
  968. ++[logintime] = noop
  969. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  970. ++[pap] = noop
  971. +} # group authorize = updated
  972. Found Auth-Type = EAP
  973. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  974. +group authenticate {
  975. [eap] Request found, released from the list
  976. [eap] EAP/mschapv2
  977. [eap] processing type mschapv2
  978. [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  979. [mschapv2] +group MS-CHAP {
  980. ++[python] = reject
  981. +} # group MS-CHAP = reject
  982. [eap] Freeing handler
  983. ++[eap] = reject
  984. +} # group authenticate = reject
  985. Failed to authenticate the user.
  986. Using Post-Auth-Type Reject
  987. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  988. +group REJECT {
  989. [attr_filter.access_reject] expand: %{User-Name} -> Deeptwix
  990. attr_filter: Matched entry DEFAULT at line 11
  991. ++[attr_filter.access_reject] = updated
  992. +} # group REJECT = updated
  993. } # server inner-tunnel
  994. [peap] Got tunneled reply code 3
  995. EAP-Message = 0x04db0004
  996. Message-Authenticator = 0x00000000000000000000000000000000
  997. [peap] Got tunneled reply RADIUS code Access-Reject
  998. EAP-Message = 0x04db0004
  999. Message-Authenticator = 0x00000000000000000000000000000000
  1000. [peap] Tunneled authentication was rejected.
  1001. [peap] FAILURE
  1002. [peap] >>> Unknown TLS version [length 0005]
  1003. ++[eap] = handled
  1004. +} # group authenticate = handled
  1005. Sending Access-Challenge of id 191 to 10.0.20.36 port 51361
  1006. Session-Timeout = 4000
  1007. EAP-Message = 0x01dc002b190017030100201c0b7296552f30fbffe08b177fb038516e09f071d2e3c1cd8931e82c15668ba1
  1008. Message-Authenticator = 0x00000000000000000000000000000000
  1009. State = 0x273c30fd20e02964cbd64c0a8a081c71
  1010. Finished request 7.
  1011. Going to the next request
  1012. Waking up in 4.8 seconds.
  1013. rad_recv: Access-Request packet from host 10.0.20.36 port 51361, id=192, length=224
  1014. User-Name = "Deeptwix"
  1015. NAS-IP-Address = 10.0.20.36
  1016. NAS-Identifier = "f09fc2a37292"
  1017. NAS-Port = 0
  1018. Called-Station-Id = "F2-9F-C2-A5-72-92:polylan-gamer"
  1019. Calling-Station-Id = "78-31-C1-CE-BE-5C"
  1020. Framed-MTU = 1400
  1021. NAS-Port-Type = Wireless-802.11
  1022. Connect-Info = "CONNECT 0Mbps 802.11b"
  1023. EAP-Message = 0x02dc002b190017030100207f5f4b70d316c2d69583793f9fc71bcbb12b3e476c056e9ec59d89f022623a3a
  1024. State = 0x273c30fd20e02964cbd64c0a8a081c71
  1025. Message-Authenticator = 0x645b55a32e3237dade3a86ce5580c26a
  1026. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  1027. +group authorize {
  1028. rlm_python:authorize: 'Session-Timeout' = '4000'
  1029. rlm_python:authorize: 'Auth-Type' = 'python'
  1030. ++[python] = updated
  1031. ++[chap] = noop
  1032. ++[mschap] = noop
  1033. ++[digest] = noop
  1034. [suffix] No '@' in User-Name = "Deeptwix", looking up realm NULL
  1035. [suffix] No such realm "NULL"
  1036. ++[suffix] = noop
  1037. [eap] EAP packet type response id 220 length 43
  1038. [eap] Continuing tunnel setup.
  1039. ++[eap] = ok
  1040. +} # group authorize = ok
  1041. Found Auth-Type = python
  1042. Found Auth-Type = EAP
  1043. Warning: Found 2 auth-types on request for user 'Deeptwix'
  1044. # Executing group from file /etc/freeradius/sites-enabled/default
  1045. +group authenticate {
  1046. [eap] Request found, released from the list
  1047. [eap] EAP/peap
  1048. [eap] processing type peap
  1049. [peap] processing EAP-TLS
  1050. [peap] eaptls_verify returned 7
  1051. [peap] Done initial handshake
  1052. [peap] <<< Unknown TLS version [length 0005]
  1053. [peap] eaptls_process returned 7
  1054. [peap] EAPTLS_OK
  1055. [peap] Session established. Decoding tunneled attributes.
  1056. [peap] Peap state send tlv failure
  1057. [peap] Received EAP-TLV response.
  1058. [peap] The users session was previously rejected: returning reject (again.)
  1059. [peap] *** This means you need to read the PREVIOUS messages in the debug output
  1060. [peap] *** to find out the reason why the user was rejected.
  1061. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
  1062. [peap] *** what went wrong, and how to fix the problem.
  1063. [eap] Handler failed in EAP/peap
  1064. [eap] Failed in EAP select
  1065. ++[eap] = invalid
  1066. +} # group authenticate = invalid
  1067. Failed to authenticate the user.
  1068. Using Post-Auth-Type Reject
  1069. # Executing group from file /etc/freeradius/sites-enabled/default
  1070. +group REJECT {
  1071. [attr_filter.access_reject] expand: %{User-Name} -> Deeptwix
  1072. attr_filter: Matched entry DEFAULT at line 11
  1073. ++[attr_filter.access_reject] = updated
  1074. +} # group REJECT = updated
  1075. Delaying reject of request 8 for 1 seconds
  1076. Going to the next request
  1077. Waking up in 0.9 seconds.
  1078. Sending delayed reject for request 8
  1079. Sending Access-Reject of id 192 to 10.0.20.36 port 51361
  1080. EAP-Message = 0x04dc0004
  1081. Message-Authenticator = 0x00000000000000000000000000000000
  1082. Waking up in 3.8 seconds.
  1083. Cleaning up request 0 ID 184 with timestamp +14
  1084. Cleaning up request 1 ID 185 with timestamp +14
  1085. Cleaning up request 2 ID 186 with timestamp +14
  1086. Cleaning up request 3 ID 187 with timestamp +14
  1087. Cleaning up request 4 ID 188 with timestamp +14
  1088. Cleaning up request 5 ID 189 with timestamp +14
  1089. Cleaning up request 6 ID 190 with timestamp +14
  1090. Cleaning up request 7 ID 191 with timestamp +14
  1091. Waking up in 1.0 seconds.
  1092. Cleaning up request 8 ID 192 with timestamp +14
  1093. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!