Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- radiusd: FreeRADIUS Version 3.0.4, for host x86_64-redhat-linux-gnu, built on Jan 17 2017 at 18:49:55
- Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License
- For more information about these matters, see the file named COPYRIGHT
- Starting - reading configuration files ...
- including dictionary file /usr/share/freeradius/dictionary
- including dictionary file /usr/share/freeradius/dictionary.dhcp
- including dictionary file /usr/share/freeradius/dictionary.vqp
- including dictionary file /etc/raddb/dictionary
- including configuration file /etc/raddb/radiusd.conf
- including configuration file /etc/raddb/proxy.conf
- including configuration file /etc/raddb/clients.conf
- including files in directory /etc/raddb/mods-enabled/
- including configuration file /etc/raddb/mods-enabled/always
- including configuration file /etc/raddb/mods-enabled/attr_filter
- including configuration file /etc/raddb/mods-enabled/cache_eap
- including configuration file /etc/raddb/mods-enabled/chap
- including configuration file /etc/raddb/mods-enabled/detail
- including configuration file /etc/raddb/mods-enabled/detail.log
- including configuration file /etc/raddb/mods-enabled/dhcp
- including configuration file /etc/raddb/mods-enabled/digest
- including configuration file /etc/raddb/mods-enabled/dynamic_clients
- including configuration file /etc/raddb/mods-enabled/eap
- including configuration file /etc/raddb/mods-enabled/echo
- including configuration file /etc/raddb/mods-enabled/exec
- including configuration file /etc/raddb/mods-enabled/expiration
- including configuration file /etc/raddb/mods-enabled/expr
- including configuration file /etc/raddb/mods-enabled/files
- including configuration file /etc/raddb/mods-enabled/linelog
- including configuration file /etc/raddb/mods-enabled/logintime
- including configuration file /etc/raddb/mods-enabled/mschap
- including configuration file /etc/raddb/mods-enabled/ntlm_auth
- including configuration file /etc/raddb/mods-enabled/pap
- including configuration file /etc/raddb/mods-enabled/passwd
- including configuration file /etc/raddb/mods-enabled/preprocess
- including configuration file /etc/raddb/mods-enabled/radutmp
- including configuration file /etc/raddb/mods-enabled/realm
- including configuration file /etc/raddb/mods-enabled/replicate
- including configuration file /etc/raddb/mods-enabled/soh
- including configuration file /etc/raddb/mods-enabled/sradutmp
- including configuration file /etc/raddb/mods-enabled/unix
- including configuration file /etc/raddb/mods-enabled/unpack
- including configuration file /etc/raddb/mods-enabled/utf8
- including configuration file /etc/raddb/mods-enabled/ldap
- including files in directory /etc/raddb/policy.d/
- including configuration file /etc/raddb/policy.d/accounting
- including configuration file /etc/raddb/policy.d/canonicalization
- including configuration file /etc/raddb/policy.d/control
- including configuration file /etc/raddb/policy.d/cui
- including configuration file /etc/raddb/policy.d/debug
- including configuration file /etc/raddb/policy.d/dhcp
- including configuration file /etc/raddb/policy.d/eap
- including configuration file /etc/raddb/policy.d/filter
- including configuration file /etc/raddb/policy.d/operator-name
- including files in directory /etc/raddb/sites-enabled/
- including configuration file /etc/raddb/sites-enabled/default
- including configuration file /etc/raddb/sites-enabled/inner-tunnel
- main {
- security {
- user = "radiusd"
- group = "radiusd"
- allow_core_dumps = no
- }
- }
- main {
- name = "radiusd"
- prefix = "/usr"
- localstatedir = "/var"
- sbindir = "/usr/sbin"
- logdir = "/var/log/radius"
- run_dir = "/var/run/radiusd"
- libdir = "/usr/lib64/freeradius"
- radacctdir = "/var/log/radius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- pidfile = "/var/run/radiusd/radiusd.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- colourise = yes
- msg_denied = "You are already logged in - access denied"
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = <<< secret >>>
- response_window = 20.000000
- response_timeouts = 1
- max_outstanding = 65536
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- check_timeout = 4
- num_answers_to_alive = 3
- revive_interval = 120
- coa {
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- limit {
- max_connections = 16
- max_requests = 0
- lifetime = 0
- idle_timeout = 0
- }
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client asus {
- ipaddr = 10.0.0.2
- require_message_authenticator = no
- secret = <<< secret >>>
- nas_type = "other<------>#"
- proto = "*"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = <<< secret >>>
- nas_type = "other"
- proto = "*"
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- client localhost_ipv6 {
- ipv6addr = ::1
- require_message_authenticator = no
- secret = <<< secret >>>
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- }
- modules {
- # Loaded module rlm_always
- # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
- always reject {
- rcode = "reject"
- simulcount = 0
- mpp = no
- }
- # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
- always fail {
- rcode = "fail"
- simulcount = 0
- mpp = no
- }
- # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
- always ok {
- rcode = "ok"
- simulcount = 0
- mpp = no
- }
- # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
- always handled {
- rcode = "handled"
- simulcount = 0
- mpp = no
- }
- # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
- always invalid {
- rcode = "invalid"
- simulcount = 0
- mpp = no
- }
- # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
- always userlock {
- rcode = "userlock"
- simulcount = 0
- mpp = no
- }
- # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
- always notfound {
- rcode = "notfound"
- simulcount = 0
- mpp = no
- }
- # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
- always noop {
- rcode = "noop"
- simulcount = 0
- mpp = no
- }
- # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
- always updated {
- rcode = "updated"
- simulcount = 0
- mpp = no
- }
- # Loaded module rlm_attr_filter
- # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.post-proxy {
- filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
- key = "%{Realm}"
- relaxed = no
- }
- reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
- # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.pre-proxy {
- filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
- key = "%{Realm}"
- relaxed = no
- }
- reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
- # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.access_reject {
- filename = "/etc/raddb/mods-config/attr_filter/access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
- # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.access_challenge {
- filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
- # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
- attr_filter attr_filter.accounting_response {
- filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
- # Loaded module rlm_cache
- # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
- cache cache_eap {
- key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
- ttl = 15
- max_entries = 16384
- epoch = 0
- add_stats = no
- }
- # Loaded module rlm_chap
- # Instantiating module "chap" from file /etc/raddb/mods-enabled/chap
- # Loaded module rlm_detail
- # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
- detail {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- log_packet_header = no
- }
- # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
- detail auth_log {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- log_packet_header = no
- }
- rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
- # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
- detail reply_log {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- log_packet_header = no
- }
- # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
- detail pre_proxy_log {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- log_packet_header = no
- }
- # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
- detail post_proxy_log {
- filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
- header = "%t"
- permissions = 384
- locking = no
- log_packet_header = no
- }
- # Loaded module rlm_dhcp
- # Instantiating module "dhcp" from file /etc/raddb/mods-enabled/dhcp
- # Loaded module rlm_digest
- # Instantiating module "digest" from file /etc/raddb/mods-enabled/digest
- # Loaded module rlm_dynamic_clients
- # Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
- # Loaded module rlm_eap
- # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
- eap {
- default_eap_type = "md5"
- timer_expire = 60
- ignore_unknown_eap_types = no
- mod_accounting_username_bug = no
- max_sessions = 1024
- }
- # Linked to sub-module rlm_eap_md5
- # Linked to sub-module rlm_eap_leap
- # Linked to sub-module rlm_eap_gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- # Linked to sub-module rlm_eap_tls
- tls {
- tls = "tls-common"
- }
- tls-config tls-common {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- ca_path = "/etc/raddb/certs"
- pem_file_type = yes
- private_key_file = "/etc/raddb/certs/server.pem"
- certificate_file = "/etc/raddb/certs/server.pem"
- ca_file = "/etc/raddb/certs/ca.pem"
- private_key_password = <<< secret >>>
- dh_file = "/etc/raddb/certs/dh"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- cipher_list = "DEFAULT"
- ecdh_curve = "prime256v1"
- cache {
- enable = yes
- lifetime = 24
- max_entries = 255
- }
- verify {
- }
- ocsp {
- enable = no
- override_cert_url = yes
- url = "http://127.0.0.1/ocsp/"
- use_nonce = yes
- timeout = 0
- softfail = yes
- }
- }
- # Linked to sub-module rlm_eap_ttls
- ttls {
- tls = "tls-common"
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- require_client_cert = no
- }
- Using cached TLS configuration from previous invocation
- # Linked to sub-module rlm_eap_peap
- peap {
- tls = "tls-common"
- default_method = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- soh = no
- require_client_cert = no
- }
- Using cached TLS configuration from previous invocation
- # Linked to sub-module rlm_eap_mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- send_error = no
- }
- # Loaded module rlm_exec
- # Instantiating module "echo" from file /etc/raddb/mods-enabled/echo
- exec echo {
- wait = yes
- program = "/bin/echo %{User-Name}"
- input_pairs = "request"
- output_pairs = "reply"
- shell_escape = yes
- }
- # Instantiating module "exec" from file /etc/raddb/mods-enabled/exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- timeout = 10
- }
- # Loaded module rlm_expiration
- # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
- # Loaded module rlm_expr
- # Instantiating module "expr" from file /etc/raddb/mods-enabled/expr
- expr {
- safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
- }
- # Loaded module rlm_files
- # Instantiating module "files" from file /etc/raddb/mods-enabled/files
- files {
- filename = "/etc/raddb/mods-config/files/authorize"
- usersfile = "/etc/raddb/mods-config/files/authorize"
- acctusersfile = "/etc/raddb/mods-config/files/accounting"
- preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
- compat = "cistron"
- }
- reading pairlist file /etc/raddb/mods-config/files/authorize
- [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ...
- [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ...
- [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ...
- reading pairlist file /etc/raddb/mods-config/files/authorize
- [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ...
- [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ...
- [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ...
- reading pairlist file /etc/raddb/mods-config/files/accounting
- reading pairlist file /etc/raddb/mods-config/files/pre-proxy
- # Loaded module rlm_linelog
- # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
- linelog {
- filename = "/var/log/radius/linelog"
- permissions = 384
- format = "This is a log message for %{User-Name}"
- reference = "messages.%{%{Packet-Type}:-default}"
- }
- # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
- linelog log_accounting {
- filename = "/var/log/radius/linelog-accounting"
- permissions = 384
- format = ""
- reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
- }
- # Loaded module rlm_logintime
- # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
- logintime {
- minimum_timeout = 60
- }
- # Loaded module rlm_mschap
- # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = yes
- passchange {
- }
- allow_retry = yes
- }
- # Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
- exec ntlm_auth {
- wait = yes
- program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
- shell_escape = yes
- }
- # Loaded module rlm_pap
- # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
- pap {
- normalise = yes
- }
- # Loaded module rlm_passwd
- # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
- passwd etc_passwd {
- filename = "/etc/passwd"
- format = "*User-Name:Crypt-Password:"
- delimiter = ":"
- ignore_nislike = no
- ignore_empty = yes
- allow_multiple_keys = no
- hash_size = 100
- }
- rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
- # Loaded module rlm_preprocess
- # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
- preprocess {
- huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
- hints = "/etc/raddb/mods-config/preprocess/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
- reading pairlist file /etc/raddb/mods-config/preprocess/hints
- # Loaded module rlm_radutmp
- # Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp
- radutmp {
- filename = "/var/log/radius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- permissions = 384
- caller_id = yes
- }
- # Loaded module rlm_realm
- # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
- realm IPASS {
- format = "prefix"
- delimiter = "/"
- ignore_default = no
- ignore_null = no
- }
- # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
- realm realmpercent {
- format = "suffix"
- delimiter = "%"
- ignore_default = no
- ignore_null = no
- }
- # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
- realm ntdomain {
- format = "prefix"
- delimiter = "\"
- ignore_default = no
- ignore_null = no
- }
- # Loaded module rlm_replicate
- # Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate
- # Loaded module rlm_soh
- # Instantiating module "soh" from file /etc/raddb/mods-enabled/soh
- soh {
- dhcp = yes
- }
- # Instantiating module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
- radutmp sradutmp {
- filename = "/var/log/radius/sradutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- permissions = 420
- caller_id = no
- }
- # Loaded module rlm_unix
- # Instantiating module "unix" from file /etc/raddb/mods-enabled/unix
- unix {
- radwtmp = "/var/log/radius/radwtmp"
- }
- # Loaded module rlm_unpack
- # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack
- # Loaded module rlm_utf8
- # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8
- # Loaded module rlm_ldap
- # Instantiating module "ldap" from file /etc/raddb/mods-enabled/ldap
- ldap {
- server = "ipa.home.stegard.nu"
- port = 389
- password = <<< secret >>>
- identity = ""
- user {
- filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
- scope = "sub"
- base_dn = "dc=home,dc=stegard,dc=nu"
- access_positive = yes
- }
- group {
- filter = "(objectClass=posixGroup)"
- scope = "sub"
- base_dn = "dc=home,dc=stegard,dc=nu"
- name_attribute = "cn"
- membership_attribute = "memberOf"
- cacheable_name = no
- cacheable_dn = no
- }
- client {
- filter = "(objectClass=frClient)"
- scope = "sub"
- base_dn = "dc=home,dc=stegard,dc=nu"
- attribute {
- identifier = "radiusClientIdentifier"
- shortname = "cn"
- secret = "radiusClientSecret"
- }
- }
- profile {
- filter = "(&)"
- }
- options {
- ldap_debug = 40
- chase_referrals = yes
- rebind = yes
- net_timeout = 1
- res_timeout = 20
- srv_timelimit = 20
- idle = 60
- probes = 3
- interval = 3
- }
- tls {
- start_tls = no
- }
- }
- rlm_ldap: Falling back to build time libldap version info. Query for LDAP_OPT_API_INFO returned: -1
- rlm_ldap: libldap vendor: OpenLDAP version: 20440
- accounting {
- reference = "%{tolower:type.%{Acct-Status-Type}}"
- }
- post-auth {
- reference = "."
- }
- rlm_ldap (ldap): Initialising connection pool
- pool {
- start = 5
- min = 4
- max = 32
- spare = 3
- uses = 0
- lifetime = 0
- cleanup_interval = 30
- idle_timeout = 60
- retry_delay = 1
- spread = no
- }
- rlm_ldap (ldap): Opening additional connection (0)
- rlm_ldap (ldap): Connecting to ipa.home.stegard.nu:389
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- rlm_ldap (ldap): Opening additional connection (1)
- rlm_ldap (ldap): Connecting to ipa.home.stegard.nu:389
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- rlm_ldap (ldap): Opening additional connection (2)
- rlm_ldap (ldap): Connecting to ipa.home.stegard.nu:389
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- rlm_ldap (ldap): Opening additional connection (3)
- rlm_ldap (ldap): Connecting to ipa.home.stegard.nu:389
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- rlm_ldap (ldap): Opening additional connection (4)
- rlm_ldap (ldap): Connecting to ipa.home.stegard.nu:389
- rlm_ldap (ldap): Waiting for bind result...
- rlm_ldap (ldap): Bind successful
- } # modules
- radiusd: #### Loading Virtual Servers ####
- server { # from file /etc/raddb/radiusd.conf
- } # server
- server default { # from file /etc/raddb/sites-enabled/default
- # Creating Auth-Type = digest
- # Creating Auth-Type = LDAP
- # Loading authenticate {...}
- # Loading authorize {...}
- Ignoring "sql" (see raddb/mods-available/README.rst)
- # Loading preacct {...}
- # Loading accounting {...}
- # Loading post-proxy {...}
- # Loading post-auth {...}
- } # server default
- server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
- # Loading authenticate {...}
- # Loading authorize {...}
- # Loading session {...}
- # Loading post-proxy {...}
- # Loading post-auth {...}
- } # server inner-tunnel
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- listen {
- type = "auth"
- ipv6addr = ::
- port = 0
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- listen {
- type = "acct"
- ipv6addr = ::
- port = 0
- limit {
- max_connections = 16
- lifetime = 0
- idle_timeout = 30
- }
- }
- listen {
- type = "auth"
- ipaddr = 127.0.0.1
- port = 18120
- }
- Listening on auth address * port 1812 as server default
- Listening on acct address * port 1813 as server default
- Listening on auth address :: port 1812 as server default
- Listening on acct address :: port 1813 as server default
- Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
- Opening new proxy socket 'proxy address * port 0'
- Listening on proxy address * port 33835
- Ready to process requests
- Received Access-Request Id 202 from 10.0.0.2:57819 to 10.0.0.30:1812 length 130
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x0201000a0161646d696e
- Message-Authenticator = 0x8b1a867d79ea27d8575f243474b3b903
- (0) Received Access-Request packet from host 10.0.0.2 port 57819, id=202, length=130
- (0) User-Name = 'admin'
- (0) NAS-IP-Address = 10.0.0.2
- (0) NAS-Identifier = 'RalinkAP0'
- (0) NAS-Port = 0
- (0) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (0) Calling-Station-Id = '88-79-7E-99-D4-47'
- (0) Framed-MTU = 1400
- (0) NAS-Port-Type = Wireless-802.11
- (0) EAP-Message = 0x0201000a0161646d696e
- (0) Message-Authenticator = 0x8b1a867d79ea27d8575f243474b3b903
- (0) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (0) authorize {
- (0) filter_username filter_username {
- (0) if (!&User-Name)
- (0) if (!&User-Name) -> FALSE
- (0) if (&User-Name =~ / /)
- (0) if (&User-Name =~ / /) -> FALSE
- (0) if (&User-Name =~ /@.*@/ )
- (0) if (&User-Name =~ /@.*@/ ) -> FALSE
- (0) if (&User-Name =~ /\\.\\./ )
- (0) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (0) if (&User-Name =~ /\\.$/)
- (0) if (&User-Name =~ /\\.$/) -> FALSE
- (0) if (&User-Name =~ /@\\./)
- (0) if (&User-Name =~ /@\\./) -> FALSE
- (0) } # filter_username filter_username = notfound
- (0) [preprocess] = ok
- (0) [chap] = noop
- (0) [mschap] = noop
- (0) [digest] = noop
- (0) suffix : Checking for suffix after "@"
- (0) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (0) suffix : No such realm "NULL"
- (0) [suffix] = noop
- (0) eap : Peer sent code Response (2) ID 1 length 10
- (0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (0) [eap] = ok
- (0) } # authorize = ok
- (0) Found Auth-Type = EAP
- (0) # Executing group from file /etc/raddb/sites-enabled/default
- (0) authenticate {
- (0) eap : Peer sent method Identity (1)
- (0) eap : Calling eap_md5 to process EAP data
- (0) eap_md5 : Issuing MD5 Challenge
- (0) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62461f0e2bc
- (0) [eap] = handled
- (0) } # authenticate = handled
- (0) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=202, length=0
- (0) EAP-Message = 0x01020016041038b2b21facb5920d51585072cd01e2e2
- (0) Message-Authenticator = 0x00000000000000000000000000000000
- (0) State = 0x61f2e62461f0e2bc47493858800a8868
- Sending Access-Challenge Id 202 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x01020016041038b2b21facb5920d51585072cd01e2e2
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62461f0e2bc47493858800a8868
- (0) Finished request
- Waking up in 0.3 seconds.
- Received Access-Request Id 203 from 10.0.0.2:57819 to 10.0.0.30:1812 length 144
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020200060319
- State = 0x61f2e62461f0e2bc47493858800a8868
- Message-Authenticator = 0x9b8c5f6ad614a7897edc36da438735ef
- (1) Received Access-Request packet from host 10.0.0.2 port 57819, id=203, length=144
- (1) User-Name = 'admin'
- (1) NAS-IP-Address = 10.0.0.2
- (1) NAS-Identifier = 'RalinkAP0'
- (1) NAS-Port = 0
- (1) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (1) Calling-Station-Id = '88-79-7E-99-D4-47'
- (1) Framed-MTU = 1400
- (1) NAS-Port-Type = Wireless-802.11
- (1) EAP-Message = 0x020200060319
- (1) State = 0x61f2e62461f0e2bc47493858800a8868
- (1) Message-Authenticator = 0x9b8c5f6ad614a7897edc36da438735ef
- (1) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (1) authorize {
- (1) filter_username filter_username {
- (1) if (!&User-Name)
- (1) if (!&User-Name) -> FALSE
- (1) if (&User-Name =~ / /)
- (1) if (&User-Name =~ / /) -> FALSE
- (1) if (&User-Name =~ /@.*@/ )
- (1) if (&User-Name =~ /@.*@/ ) -> FALSE
- (1) if (&User-Name =~ /\\.\\./ )
- (1) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (1) if (&User-Name =~ /\\.$/)
- (1) if (&User-Name =~ /\\.$/) -> FALSE
- (1) if (&User-Name =~ /@\\./)
- (1) if (&User-Name =~ /@\\./) -> FALSE
- (1) } # filter_username filter_username = notfound
- (1) [preprocess] = ok
- (1) [chap] = noop
- (1) [mschap] = noop
- (1) [digest] = noop
- (1) suffix : Checking for suffix after "@"
- (1) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (1) suffix : No such realm "NULL"
- (1) [suffix] = noop
- (1) eap : Peer sent code Response (2) ID 2 length 6
- (1) eap : No EAP Start, assuming it's an on-going EAP conversation
- (1) [eap] = updated
- (1) [files] = noop
- rlm_ldap (ldap): Reserved connection (4)
- (1) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (1) ldap : --> (uid=admin)
- (1) ldap : EXPAND dc=home,dc=stegard,dc=nu
- (1) ldap : --> dc=home,dc=stegard,dc=nu
- (1) ldap : Performing search in 'dc=home,dc=stegard,dc=nu' with filter '(uid=admin)', scope 'sub'
- (1) ldap : Waiting for search result...
- (1) ldap : User object found at DN "uid=admin,cn=users,cn=compat,dc=home,dc=stegard,dc=nu"
- (1) ldap : Processing user attributes
- (1) WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute
- (1) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
- rlm_ldap (ldap): Released connection (4)
- (1) [ldap] = ok
- (1) if ((ok || updated) && User-Password)
- (1) if ((ok || updated) && User-Password) -> FALSE
- (1) [expiration] = noop
- (1) [logintime] = noop
- (1) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type
- (1) WARNING: pap : Authentication will fail unless a "known good" password is available
- (1) [pap] = noop
- (1) } # authorize = updated
- (1) Found Auth-Type = EAP
- (1) # Executing group from file /etc/raddb/sites-enabled/default
- (1) authenticate {
- (1) eap : Expiring EAP session with state 0x61f2e62461f0e2bc
- (1) eap : Finished EAP session with state 0x61f2e62461f0e2bc
- (1) eap : Previous EAP request found for state 0x61f2e62461f0e2bc, released from the list
- (1) eap : Peer sent method NAK (3)
- (1) eap : Found mutually acceptable type PEAP (25)
- (1) eap : Calling eap_peap to process EAP data
- (1) eap_peap : Flushing SSL sessions (of #0)
- (1) eap_peap : Initiate
- (1) eap_peap : Start returned 1
- (1) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62460f1ffbc
- (1) [eap] = handled
- (1) } # authenticate = handled
- (1) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=203, length=0
- (1) EAP-Message = 0x010300061920
- (1) Message-Authenticator = 0x00000000000000000000000000000000
- (1) State = 0x61f2e62460f1ffbc47493858800a8868
- Sending Access-Challenge Id 203 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x010300061920
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62460f1ffbc47493858800a8868
- (1) Finished request
- Waking up in 0.3 seconds.
- Received Access-Request Id 204 from 10.0.0.2:57819 to 10.0.0.30:1812 length 313
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020300af1980000000a516030100a00100009c0303ec8f5638b349f7a3a3ba33d06dfef4abb4adb21059c37a550379de35789651dd00003ecca9cca8c02cc030009fc02bc02f009ec00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019
- State = 0x61f2e62460f1ffbc47493858800a8868
- Message-Authenticator = 0x0b2ecc615cef876c72ab6f864af9bb2d
- (2) Received Access-Request packet from host 10.0.0.2 port 57819, id=204, length=313
- (2) User-Name = 'admin'
- (2) NAS-IP-Address = 10.0.0.2
- (2) NAS-Identifier = 'RalinkAP0'
- (2) NAS-Port = 0
- (2) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (2) Calling-Station-Id = '88-79-7E-99-D4-47'
- (2) Framed-MTU = 1400
- (2) NAS-Port-Type = Wireless-802.11
- (2) EAP-Message = 0x020300af1980000000a516030100a00100009c0303ec8f5638b349f7a3a3ba33d06dfef4abb4adb21059c37a550379de35789651dd00003ecca9cca8c02cc030009fc02bc02f009ec00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019
- (2) State = 0x61f2e62460f1ffbc47493858800a8868
- (2) Message-Authenticator = 0x0b2ecc615cef876c72ab6f864af9bb2d
- (2) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (2) authorize {
- (2) filter_username filter_username {
- (2) if (!&User-Name)
- (2) if (!&User-Name) -> FALSE
- (2) if (&User-Name =~ / /)
- (2) if (&User-Name =~ / /) -> FALSE
- (2) if (&User-Name =~ /@.*@/ )
- (2) if (&User-Name =~ /@.*@/ ) -> FALSE
- (2) if (&User-Name =~ /\\.\\./ )
- (2) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (2) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (2) if (&User-Name =~ /\\.$/)
- (2) if (&User-Name =~ /\\.$/) -> FALSE
- (2) if (&User-Name =~ /@\\./)
- (2) if (&User-Name =~ /@\\./) -> FALSE
- (2) } # filter_username filter_username = notfound
- (2) [preprocess] = ok
- (2) [chap] = noop
- (2) [mschap] = noop
- (2) [digest] = noop
- (2) suffix : Checking for suffix after "@"
- (2) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (2) suffix : No such realm "NULL"
- (2) [suffix] = noop
- (2) eap : Peer sent code Response (2) ID 3 length 175
- (2) eap : Continuing tunnel setup
- (2) [eap] = ok
- (2) } # authorize = ok
- (2) Found Auth-Type = EAP
- (2) # Executing group from file /etc/raddb/sites-enabled/default
- (2) authenticate {
- (2) eap : Expiring EAP session with state 0x61f2e62460f1ffbc
- (2) eap : Finished EAP session with state 0x61f2e62460f1ffbc
- (2) eap : Previous EAP request found for state 0x61f2e62460f1ffbc, released from the list
- (2) eap : Peer sent method PEAP (25)
- (2) eap : EAP PEAP (25)
- (2) eap : Calling eap_peap to process EAP data
- (2) eap_peap : processing EAP-TLS
- TLS Length 165
- (2) eap_peap : Length Included
- (2) eap_peap : eaptls_verify returned 11
- (2) eap_peap : (other): before/accept initialization
- (2) eap_peap : TLS_accept: before/accept initialization
- (2) eap_peap : <<< TLS 1.0 Handshake [length 00a0], ClientHello
- (2) eap_peap : TLS_accept: SSLv3 read client hello A
- (2) eap_peap : >>> TLS 1.0 Handshake [length 0059], ServerHello
- (2) eap_peap : TLS_accept: SSLv3 write server hello A
- (2) eap_peap : >>> TLS 1.0 Handshake [length 08d0], Certificate
- (2) eap_peap : TLS_accept: SSLv3 write certificate A
- (2) eap_peap : >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
- (2) eap_peap : TLS_accept: SSLv3 write key exchange A
- (2) eap_peap : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
- (2) eap_peap : TLS_accept: SSLv3 write server done A
- (2) eap_peap : TLS_accept: SSLv3 flush data
- (2) eap_peap : TLS_accept: Need to read more data: SSLv3 read client certificate A
- In SSL Handshake Phase
- In SSL Accept mode
- (2) eap_peap : eaptls_process returned 13
- (2) eap_peap : FR_TLS_HANDLED
- (2) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62463f6ffbc
- (2) [eap] = handled
- (2) } # authenticate = handled
- (2) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=204, length=0
- (2) EAP-Message = 0x010403ec19c000000a8c160301005902000055030159176813cb589f8f065ca853bff34f0b7e9cbb82fdbfa1513e2ba6ee42ca8ca820b8aa8379aecf7b1117f556ecb78c601fd19a0b81437e91f268515cf956c3ee82c01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303531333132343634355a170d3137303731323132343634355a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100919ad7364a9035e9ae860915
- (2) Message-Authenticator = 0x00000000000000000000000000000000
- (2) State = 0x61f2e62463f6ffbc47493858800a8868
- Sending Access-Challenge Id 204 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x010403ec19c000000a8c160301005902000055030159176813cb589f8f065ca853bff34f0b7e9cbb82fdbfa1513e2ba6ee42ca8ca820b8aa8379aecf7b1117f556ecb78c601fd19a0b81437e91f268515cf956c3ee82c01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303531333132343634355a170d3137303731323132343634355a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100919ad7364a9035e9ae86091
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62463f6ffbc47493858800a8868
- (2) Finished request
- Waking up in 0.3 seconds.
- Received Access-Request Id 205 from 10.0.0.2:57819 to 10.0.0.30:1812 length 144
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020400061900
- State = 0x61f2e62463f6ffbc47493858800a8868
- Message-Authenticator = 0xf25f1e39be03338fb45d0386219a5802
- (3) Received Access-Request packet from host 10.0.0.2 port 57819, id=205, length=144
- (3) User-Name = 'admin'
- (3) NAS-IP-Address = 10.0.0.2
- (3) NAS-Identifier = 'RalinkAP0'
- (3) NAS-Port = 0
- (3) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (3) Calling-Station-Id = '88-79-7E-99-D4-47'
- (3) Framed-MTU = 1400
- (3) NAS-Port-Type = Wireless-802.11
- (3) EAP-Message = 0x020400061900
- (3) State = 0x61f2e62463f6ffbc47493858800a8868
- (3) Message-Authenticator = 0xf25f1e39be03338fb45d0386219a5802
- (3) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (3) authorize {
- (3) filter_username filter_username {
- (3) if (!&User-Name)
- (3) if (!&User-Name) -> FALSE
- (3) if (&User-Name =~ / /)
- (3) if (&User-Name =~ / /) -> FALSE
- (3) if (&User-Name =~ /@.*@/ )
- (3) if (&User-Name =~ /@.*@/ ) -> FALSE
- (3) if (&User-Name =~ /\\.\\./ )
- (3) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (3) if (&User-Name =~ /\\.$/)
- (3) if (&User-Name =~ /\\.$/) -> FALSE
- (3) if (&User-Name =~ /@\\./)
- (3) if (&User-Name =~ /@\\./) -> FALSE
- (3) } # filter_username filter_username = notfound
- (3) [preprocess] = ok
- (3) [chap] = noop
- (3) [mschap] = noop
- (3) [digest] = noop
- (3) suffix : Checking for suffix after "@"
- (3) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (3) suffix : No such realm "NULL"
- (3) [suffix] = noop
- (3) eap : Peer sent code Response (2) ID 4 length 6
- (3) eap : Continuing tunnel setup
- (3) [eap] = ok
- (3) } # authorize = ok
- (3) Found Auth-Type = EAP
- (3) # Executing group from file /etc/raddb/sites-enabled/default
- (3) authenticate {
- (3) eap : Expiring EAP session with state 0x61f2e62463f6ffbc
- (3) eap : Finished EAP session with state 0x61f2e62463f6ffbc
- (3) eap : Previous EAP request found for state 0x61f2e62463f6ffbc, released from the list
- (3) eap : Peer sent method PEAP (25)
- (3) eap : EAP PEAP (25)
- (3) eap : Calling eap_peap to process EAP data
- (3) eap_peap : processing EAP-TLS
- (3) eap_peap : Received TLS ACK
- (3) eap_peap : Received TLS ACK
- (3) eap_peap : ACK handshake fragment handler
- (3) eap_peap : eaptls_verify returned 1
- (3) eap_peap : eaptls_process returned 13
- (3) eap_peap : FR_TLS_HANDLED
- (3) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62462f7ffbc
- (3) [eap] = handled
- (3) } # authenticate = handled
- (3) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=205, length=0
- (3) EAP-Message = 0x010503e81940164f7b5b8d5ebf1aa9e05728ec44fbda1ac4256a30691853bd36a96bfc23f6ce77e8b340a2ed64990b214be45c0b68acd2773de7c228031560661f82f00b4fcce894b131b15fdb1c5b71ab67bfc22335adcfbf29019b35ad4f41c1c2ef14808cfd999a68814e9b03130004e5308204e1308203c9a003020102020900898eeca177633531300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303531333132343634355a170d3137303731323132343634355a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105
- (3) Message-Authenticator = 0x00000000000000000000000000000000
- (3) State = 0x61f2e62462f7ffbc47493858800a8868
- Sending Access-Challenge Id 205 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x010503e81940164f7b5b8d5ebf1aa9e05728ec44fbda1ac4256a30691853bd36a96bfc23f6ce77e8b340a2ed64990b214be45c0b68acd2773de7c228031560661f82f00b4fcce894b131b15fdb1c5b71ab67bfc22335adcfbf29019b35ad4f41c1c2ef14808cfd999a68814e9b03130004e5308204e1308203c9a003020102020900898eeca177633531300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3137303531333132343634355a170d3137303731323132343634355a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d0101010
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62462f7ffbc47493858800a8868
- (3) Finished request
- Waking up in 0.2 seconds.
- Received Access-Request Id 206 from 10.0.0.2:57819 to 10.0.0.30:1812 length 144
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020500061900
- State = 0x61f2e62462f7ffbc47493858800a8868
- Message-Authenticator = 0x9425043b049ba944652870e36b14c373
- (4) Received Access-Request packet from host 10.0.0.2 port 57819, id=206, length=144
- (4) User-Name = 'admin'
- (4) NAS-IP-Address = 10.0.0.2
- (4) NAS-Identifier = 'RalinkAP0'
- (4) NAS-Port = 0
- (4) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (4) Calling-Station-Id = '88-79-7E-99-D4-47'
- (4) Framed-MTU = 1400
- (4) NAS-Port-Type = Wireless-802.11
- (4) EAP-Message = 0x020500061900
- (4) State = 0x61f2e62462f7ffbc47493858800a8868
- (4) Message-Authenticator = 0x9425043b049ba944652870e36b14c373
- (4) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (4) authorize {
- (4) filter_username filter_username {
- (4) if (!&User-Name)
- (4) if (!&User-Name) -> FALSE
- (4) if (&User-Name =~ / /)
- (4) if (&User-Name =~ / /) -> FALSE
- (4) if (&User-Name =~ /@.*@/ )
- (4) if (&User-Name =~ /@.*@/ ) -> FALSE
- (4) if (&User-Name =~ /\\.\\./ )
- (4) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (4) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (4) if (&User-Name =~ /\\.$/)
- (4) if (&User-Name =~ /\\.$/) -> FALSE
- (4) if (&User-Name =~ /@\\./)
- (4) if (&User-Name =~ /@\\./) -> FALSE
- (4) } # filter_username filter_username = notfound
- (4) [preprocess] = ok
- (4) [chap] = noop
- (4) [mschap] = noop
- (4) [digest] = noop
- (4) suffix : Checking for suffix after "@"
- (4) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (4) suffix : No such realm "NULL"
- (4) [suffix] = noop
- (4) eap : Peer sent code Response (2) ID 5 length 6
- (4) eap : Continuing tunnel setup
- (4) [eap] = ok
- (4) } # authorize = ok
- (4) Found Auth-Type = EAP
- (4) # Executing group from file /etc/raddb/sites-enabled/default
- (4) authenticate {
- (4) eap : Expiring EAP session with state 0x61f2e62462f7ffbc
- (4) eap : Finished EAP session with state 0x61f2e62462f7ffbc
- (4) eap : Previous EAP request found for state 0x61f2e62462f7ffbc, released from the list
- (4) eap : Peer sent method PEAP (25)
- (4) eap : EAP PEAP (25)
- (4) eap : Calling eap_peap to process EAP data
- (4) eap_peap : processing EAP-TLS
- (4) eap_peap : Received TLS ACK
- (4) eap_peap : Received TLS ACK
- (4) eap_peap : ACK handshake fragment handler
- (4) eap_peap : eaptls_verify returned 1
- (4) eap_peap : eaptls_process returned 13
- (4) eap_peap : FR_TLS_HANDLED
- (4) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62465f4ffbc
- (4) [eap] = handled
- (4) } # authenticate = handled
- (4) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=206, length=0
- (4) EAP-Message = 0x010602ce190020417574686f72697479820900898eeca177633531300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101003e6dc4de0916ac40d33ca25ded5000888a112ecab8451c4ab79a0d39d713164169c9425fce37c4a94534c58b990bc544cb704eff290df17e5662b5a0c65db22593e28c5b7d59dce63b2502b8d82ccdab4cfaafaec3cf1f36d1eef20a0cb908012f366c7433198c7f4c37c6464cfa15c64affbe83ddb2a42e2b50e3a3d31fa022fc48415faac341074539ae2d39b0ed62e3582cd12ae39cdc7eefda27da5eaec2e402ef307b188f92915888c44faa3e64949a538b241defb1c588467d9548f026786d7c2080c47c6f6ef9199fbaed464ad0b6134843eebe2dc3343b844592c55430419a96a320854a1333f4e3fe6bbc44c0688ff2ce2e9d6d9ecf61be39d1c2c4160301014b0c0001470300174104b9a7b00d278a09ae90fca4abb99287e82bb09d8b0c41b647af8256503125dd461804e724c1a55d0787c412a2e55a3431140e61886063b1bd82b0738c79c34dd70100215bfe38197b2f8a2011fdcf80968d385eff349c4a319ee8caee5ce201e3dccc84025c5ba3012d1b48f69cd37ce47e6a6d3e
- (4) Message-Authenticator = 0x00000000000000000000000000000000
- (4) State = 0x61f2e62465f4ffbc47493858800a8868
- Sending Access-Challenge Id 206 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x010602ce190020417574686f72697479820900898eeca177633531300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d010105050003820101003e6dc4de0916ac40d33ca25ded5000888a112ecab8451c4ab79a0d39d713164169c9425fce37c4a94534c58b990bc544cb704eff290df17e5662b5a0c65db22593e28c5b7d59dce63b2502b8d82ccdab4cfaafaec3cf1f36d1eef20a0cb908012f366c7433198c7f4c37c6464cfa15c64affbe83ddb2a42e2b50e3a3d31fa022fc48415faac341074539ae2d39b0ed62e3582cd12ae39cdc7eefda27da5eaec2e402ef307b188f92915888c44faa3e64949a538b241defb1c588467d9548f026786d7c2080c47c6f6ef9199fbaed464ad0b6134843eebe2dc3343b844592c55430419a96a320854a1333f4e3fe6bbc44c0688ff2ce2e9d6d9ecf61be39d1c2c4160301014b0c0001470300174104b9a7b00d278a09ae90fca4abb99287e82bb09d8b0c41b647af8256503125dd461804e724c1a55d0787c412a2e55a3431140e61886063b1bd82b0738c79c34dd70100215bfe38197b2f8a2011fdcf80968d385eff349c4a319ee8caee5ce201e3dccc84025c5ba3012d1b48f69cd37ce47e6a6d3
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62465f4ffbc47493858800a8868
- (4) Finished request
- Waking up in 0.2 seconds.
- Received Access-Request Id 207 from 10.0.0.2:57819 to 10.0.0.30:1812 length 282
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x0206009019800000008616030100461000004241048479772e29267a11acb2551ab15f4c0e83d791a3669c3893fad95fda05ad81f8a6933c286ce7a3113c18e21bae51acea34b7917925bb7ccf35615382ca08f9b21403010001011603010030a4a9ea18655ee51eb778602fbe42cab139a21245d9d8b609d6f5341af3dcf907832cc5d2551f41538920fe0613a9b1ae
- State = 0x61f2e62465f4ffbc47493858800a8868
- Message-Authenticator = 0xbf506b6dca95dc4d9447c6fb0e31a6eb
- (5) Received Access-Request packet from host 10.0.0.2 port 57819, id=207, length=282
- (5) User-Name = 'admin'
- (5) NAS-IP-Address = 10.0.0.2
- (5) NAS-Identifier = 'RalinkAP0'
- (5) NAS-Port = 0
- (5) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (5) Calling-Station-Id = '88-79-7E-99-D4-47'
- (5) Framed-MTU = 1400
- (5) NAS-Port-Type = Wireless-802.11
- (5) EAP-Message = 0x0206009019800000008616030100461000004241048479772e29267a11acb2551ab15f4c0e83d791a3669c3893fad95fda05ad81f8a6933c286ce7a3113c18e21bae51acea34b7917925bb7ccf35615382ca08f9b21403010001011603010030a4a9ea18655ee51eb778602fbe42cab139a21245d9d8b609d6f5341af3dcf907832cc5d2551f41538920fe0613a9b1ae
- (5) State = 0x61f2e62465f4ffbc47493858800a8868
- (5) Message-Authenticator = 0xbf506b6dca95dc4d9447c6fb0e31a6eb
- (5) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (5) authorize {
- (5) filter_username filter_username {
- (5) if (!&User-Name)
- (5) if (!&User-Name) -> FALSE
- (5) if (&User-Name =~ / /)
- (5) if (&User-Name =~ / /) -> FALSE
- (5) if (&User-Name =~ /@.*@/ )
- (5) if (&User-Name =~ /@.*@/ ) -> FALSE
- (5) if (&User-Name =~ /\\.\\./ )
- (5) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (5) if (&User-Name =~ /\\.$/)
- (5) if (&User-Name =~ /\\.$/) -> FALSE
- (5) if (&User-Name =~ /@\\./)
- (5) if (&User-Name =~ /@\\./) -> FALSE
- (5) } # filter_username filter_username = notfound
- (5) [preprocess] = ok
- (5) [chap] = noop
- (5) [mschap] = noop
- (5) [digest] = noop
- (5) suffix : Checking for suffix after "@"
- (5) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (5) suffix : No such realm "NULL"
- (5) [suffix] = noop
- (5) eap : Peer sent code Response (2) ID 6 length 144
- (5) eap : Continuing tunnel setup
- (5) [eap] = ok
- (5) } # authorize = ok
- (5) Found Auth-Type = EAP
- (5) # Executing group from file /etc/raddb/sites-enabled/default
- (5) authenticate {
- (5) eap : Expiring EAP session with state 0x61f2e62465f4ffbc
- (5) eap : Finished EAP session with state 0x61f2e62465f4ffbc
- (5) eap : Previous EAP request found for state 0x61f2e62465f4ffbc, released from the list
- (5) eap : Peer sent method PEAP (25)
- (5) eap : EAP PEAP (25)
- (5) eap : Calling eap_peap to process EAP data
- (5) eap_peap : processing EAP-TLS
- TLS Length 134
- (5) eap_peap : Length Included
- (5) eap_peap : eaptls_verify returned 11
- (5) eap_peap : <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
- (5) eap_peap : TLS_accept: SSLv3 read client key exchange A
- (5) eap_peap : <<< TLS 1.0 ChangeCipherSpec [length 0001]
- (5) eap_peap : <<< TLS 1.0 Handshake [length 0010], Finished
- (5) eap_peap : TLS_accept: SSLv3 read finished A
- (5) eap_peap : >>> TLS 1.0 ChangeCipherSpec [length 0001]
- (5) eap_peap : TLS_accept: SSLv3 write change cipher spec A
- (5) eap_peap : >>> TLS 1.0 Handshake [length 0010], Finished
- (5) eap_peap : TLS_accept: SSLv3 write finished A
- (5) eap_peap : TLS_accept: SSLv3 flush data
- SSL: adding session b8aa8379aecf7b1117f556ecb78c601fd19a0b81437e91f268515cf956c3ee82 to cache
- (5) eap_peap : (other): SSL negotiation finished successfully
- SSL Connection Established
- (5) eap_peap : eaptls_process returned 13
- (5) eap_peap : FR_TLS_HANDLED
- (5) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62464f5ffbc
- (5) [eap] = handled
- (5) } # authenticate = handled
- (5) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=207, length=0
- (5) EAP-Message = 0x010700411900140301000101160301003018651a5834dfcd8d6fc7467b6c9456cba8826614b32ecbdb9f15241592af1ecde6c5d608f70be18e322b7dc584b8687f
- (5) Message-Authenticator = 0x00000000000000000000000000000000
- (5) State = 0x61f2e62464f5ffbc47493858800a8868
- Sending Access-Challenge Id 207 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x010700411900140301000101160301003018651a5834dfcd8d6fc7467b6c9456cba8826614b32ecbdb9f15241592af1ecde6c5d608f70be18e322b7dc584b8687f
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62464f5ffbc47493858800a8868
- (5) Finished request
- Waking up in 0.2 seconds.
- Received Access-Request Id 208 from 10.0.0.2:57819 to 10.0.0.30:1812 length 144
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020700061900
- State = 0x61f2e62464f5ffbc47493858800a8868
- Message-Authenticator = 0x684db5e9c7d0aa2e7f94b32e2a866f55
- (6) Received Access-Request packet from host 10.0.0.2 port 57819, id=208, length=144
- (6) User-Name = 'admin'
- (6) NAS-IP-Address = 10.0.0.2
- (6) NAS-Identifier = 'RalinkAP0'
- (6) NAS-Port = 0
- (6) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (6) Calling-Station-Id = '88-79-7E-99-D4-47'
- (6) Framed-MTU = 1400
- (6) NAS-Port-Type = Wireless-802.11
- (6) EAP-Message = 0x020700061900
- (6) State = 0x61f2e62464f5ffbc47493858800a8868
- (6) Message-Authenticator = 0x684db5e9c7d0aa2e7f94b32e2a866f55
- (6) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (6) authorize {
- (6) filter_username filter_username {
- (6) if (!&User-Name)
- (6) if (!&User-Name) -> FALSE
- (6) if (&User-Name =~ / /)
- (6) if (&User-Name =~ / /) -> FALSE
- (6) if (&User-Name =~ /@.*@/ )
- (6) if (&User-Name =~ /@.*@/ ) -> FALSE
- (6) if (&User-Name =~ /\\.\\./ )
- (6) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (6) if (&User-Name =~ /\\.$/)
- (6) if (&User-Name =~ /\\.$/) -> FALSE
- (6) if (&User-Name =~ /@\\./)
- (6) if (&User-Name =~ /@\\./) -> FALSE
- (6) } # filter_username filter_username = notfound
- (6) [preprocess] = ok
- (6) [chap] = noop
- (6) [mschap] = noop
- (6) [digest] = noop
- (6) suffix : Checking for suffix after "@"
- (6) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (6) suffix : No such realm "NULL"
- (6) [suffix] = noop
- (6) eap : Peer sent code Response (2) ID 7 length 6
- (6) eap : Continuing tunnel setup
- (6) [eap] = ok
- (6) } # authorize = ok
- (6) Found Auth-Type = EAP
- (6) # Executing group from file /etc/raddb/sites-enabled/default
- (6) authenticate {
- (6) eap : Expiring EAP session with state 0x61f2e62464f5ffbc
- (6) eap : Finished EAP session with state 0x61f2e62464f5ffbc
- (6) eap : Previous EAP request found for state 0x61f2e62464f5ffbc, released from the list
- (6) eap : Peer sent method PEAP (25)
- (6) eap : EAP PEAP (25)
- (6) eap : Calling eap_peap to process EAP data
- (6) eap_peap : processing EAP-TLS
- (6) eap_peap : Received TLS ACK
- (6) eap_peap : Received TLS ACK
- (6) eap_peap : ACK handshake is finished
- (6) eap_peap : eaptls_verify returned 3
- (6) eap_peap : eaptls_process returned 3
- (6) eap_peap : FR_TLS_SUCCESS
- (6) eap_peap : Session established. Decoding tunneled attributes
- (6) eap_peap : Peap state TUNNEL ESTABLISHED
- (6) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62467faffbc
- (6) [eap] = handled
- (6) } # authenticate = handled
- (6) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=208, length=0
- (6) EAP-Message = 0x0108002b19001703010020d28a3c186b28055077d250e9d48b8707cca6956825db05b45435b61b6e999f22
- (6) Message-Authenticator = 0x00000000000000000000000000000000
- (6) State = 0x61f2e62467faffbc47493858800a8868
- Sending Access-Challenge Id 208 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x0108002b19001703010020d28a3c186b28055077d250e9d48b8707cca6956825db05b45435b61b6e999f22
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62467faffbc47493858800a8868
- (6) Finished request
- Waking up in 0.2 seconds.
- Received Access-Request Id 209 from 10.0.0.2:57819 to 10.0.0.30:1812 length 181
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x0208002b19001703010020457c1c89986291b719e55bf4dca9a1e8cd2892074948cc2efb96d64f38df9710
- State = 0x61f2e62467faffbc47493858800a8868
- Message-Authenticator = 0x8692ab56a5083d567a446410fe3e8ac7
- (7) Received Access-Request packet from host 10.0.0.2 port 57819, id=209, length=181
- (7) User-Name = 'admin'
- (7) NAS-IP-Address = 10.0.0.2
- (7) NAS-Identifier = 'RalinkAP0'
- (7) NAS-Port = 0
- (7) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (7) Calling-Station-Id = '88-79-7E-99-D4-47'
- (7) Framed-MTU = 1400
- (7) NAS-Port-Type = Wireless-802.11
- (7) EAP-Message = 0x0208002b19001703010020457c1c89986291b719e55bf4dca9a1e8cd2892074948cc2efb96d64f38df9710
- (7) State = 0x61f2e62467faffbc47493858800a8868
- (7) Message-Authenticator = 0x8692ab56a5083d567a446410fe3e8ac7
- (7) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (7) authorize {
- (7) filter_username filter_username {
- (7) if (!&User-Name)
- (7) if (!&User-Name) -> FALSE
- (7) if (&User-Name =~ / /)
- (7) if (&User-Name =~ / /) -> FALSE
- (7) if (&User-Name =~ /@.*@/ )
- (7) if (&User-Name =~ /@.*@/ ) -> FALSE
- (7) if (&User-Name =~ /\\.\\./ )
- (7) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (7) if (&User-Name =~ /\\.$/)
- (7) if (&User-Name =~ /\\.$/) -> FALSE
- (7) if (&User-Name =~ /@\\./)
- (7) if (&User-Name =~ /@\\./) -> FALSE
- (7) } # filter_username filter_username = notfound
- (7) [preprocess] = ok
- (7) [chap] = noop
- (7) [mschap] = noop
- (7) [digest] = noop
- (7) suffix : Checking for suffix after "@"
- (7) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (7) suffix : No such realm "NULL"
- (7) [suffix] = noop
- (7) eap : Peer sent code Response (2) ID 8 length 43
- (7) eap : Continuing tunnel setup
- (7) [eap] = ok
- (7) } # authorize = ok
- (7) Found Auth-Type = EAP
- (7) # Executing group from file /etc/raddb/sites-enabled/default
- (7) authenticate {
- (7) eap : Expiring EAP session with state 0x61f2e62467faffbc
- (7) eap : Finished EAP session with state 0x61f2e62467faffbc
- (7) eap : Previous EAP request found for state 0x61f2e62467faffbc, released from the list
- (7) eap : Peer sent method PEAP (25)
- (7) eap : EAP PEAP (25)
- (7) eap : Calling eap_peap to process EAP data
- (7) eap_peap : processing EAP-TLS
- (7) eap_peap : eaptls_verify returned 7
- (7) eap_peap : Done initial handshake
- (7) eap_peap : eaptls_process returned 7
- (7) eap_peap : FR_TLS_OK
- (7) eap_peap : Session established. Decoding tunneled attributes
- (7) eap_peap : Peap state WAITING FOR INNER IDENTITY
- (7) eap_peap : Identity - admin
- (7) eap_peap : Got inner identity 'admin'
- (7) eap_peap : Setting default EAP type for tunneled EAP session
- (7) eap_peap : Got tunneled request
- EAP-Message = 0x0208000a0161646d696e
- server default {
- (7) eap_peap : Setting User-Name to admin
- Sending tunneled request
- EAP-Message = 0x0208000a0161646d696e
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = 'admin'
- server inner-tunnel {
- (7) server inner-tunnel {
- (7) Request:
- EAP-Message = 0x0208000a0161646d696e
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = 'admin'
- (7) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
- (7) authorize {
- (7) [chap] = noop
- (7) [mschap] = noop
- (7) suffix : Checking for suffix after "@"
- (7) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (7) suffix : No such realm "NULL"
- (7) [suffix] = noop
- (7) update control {
- (7) Proxy-To-Realm := 'LOCAL'
- (7) } # update control = noop
- (7) eap : Peer sent code Response (2) ID 8 length 10
- (7) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
- (7) [eap] = ok
- (7) } # authorize = ok
- (7) Found Auth-Type = EAP
- (7) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
- (7) authenticate {
- (7) eap : Peer sent method Identity (1)
- (7) eap : Calling eap_mschapv2 to process EAP data
- (7) eap_mschapv2 : Issuing Challenge
- (7) eap : New EAP session, adding 'State' attribute to reply 0x4c8dda924c84c039
- (7) [eap] = handled
- (7) } # authenticate = handled
- (7) Reply:
- EAP-Message = 0x0109001f1a0109001a10686ef184a486c83987794b19281c7f6361646d696e
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x4c8dda924c84c039ee81a9294737f384
- (7) } # server inner-tunnel
- } # server inner-tunnel
- (7) eap_peap : Got tunneled reply code 11
- EAP-Message = 0x0109001f1a0109001a10686ef184a486c83987794b19281c7f6361646d696e
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x4c8dda924c84c039ee81a9294737f384
- (7) eap_peap : Got tunneled reply RADIUS code 11
- EAP-Message = 0x0109001f1a0109001a10686ef184a486c83987794b19281c7f6361646d696e
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x4c8dda924c84c039ee81a9294737f384
- (7) eap_peap : Got tunneled Access-Challenge
- (7) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62466fbffbc
- (7) [eap] = handled
- (7) } # authenticate = handled
- (7) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=209, length=0
- (7) EAP-Message = 0x0109003b19001703010030120139fe4cd66f873c20d159e93874392c450eb16a9c093e23cd43123b20fc3b2a1edb0f3dd6fce26905b49efdfdf867
- (7) Message-Authenticator = 0x00000000000000000000000000000000
- (7) State = 0x61f2e62466fbffbc47493858800a8868
- Sending Access-Challenge Id 209 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x0109003b19001703010030120139fe4cd66f873c20d159e93874392c450eb16a9c093e23cd43123b20fc3b2a1edb0f3dd6fce26905b49efdfdf867
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62466fbffbc47493858800a8868
- (7) Finished request
- Waking up in 0.2 seconds.
- Received Access-Request Id 210 from 10.0.0.2:57819 to 10.0.0.30:1812 length 245
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x0209006b19001703010060c067d830fe9b589370f79feff736d3b5a51d7489132d3b7c236b499259633dabfc914c8e2d0fe74a39c56b19cfed4fd4099e80aa97a9526bedfa68a55e283982bab1b42e1636bfb9fa4aacc02189c60bf46579ce01cef1060c209b548529f0c9
- State = 0x61f2e62466fbffbc47493858800a8868
- Message-Authenticator = 0x58c536ef01b0d345c17571d7fb936c90
- (8) Received Access-Request packet from host 10.0.0.2 port 57819, id=210, length=245
- (8) User-Name = 'admin'
- (8) NAS-IP-Address = 10.0.0.2
- (8) NAS-Identifier = 'RalinkAP0'
- (8) NAS-Port = 0
- (8) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (8) Calling-Station-Id = '88-79-7E-99-D4-47'
- (8) Framed-MTU = 1400
- (8) NAS-Port-Type = Wireless-802.11
- (8) EAP-Message = 0x0209006b19001703010060c067d830fe9b589370f79feff736d3b5a51d7489132d3b7c236b499259633dabfc914c8e2d0fe74a39c56b19cfed4fd4099e80aa97a9526bedfa68a55e283982bab1b42e1636bfb9fa4aacc02189c60bf46579ce01cef1060c209b548529f0c9
- (8) State = 0x61f2e62466fbffbc47493858800a8868
- (8) Message-Authenticator = 0x58c536ef01b0d345c17571d7fb936c90
- (8) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (8) authorize {
- (8) filter_username filter_username {
- (8) if (!&User-Name)
- (8) if (!&User-Name) -> FALSE
- (8) if (&User-Name =~ / /)
- (8) if (&User-Name =~ / /) -> FALSE
- (8) if (&User-Name =~ /@.*@/ )
- (8) if (&User-Name =~ /@.*@/ ) -> FALSE
- (8) if (&User-Name =~ /\\.\\./ )
- (8) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (8) if (&User-Name =~ /\\.$/)
- (8) if (&User-Name =~ /\\.$/) -> FALSE
- (8) if (&User-Name =~ /@\\./)
- (8) if (&User-Name =~ /@\\./) -> FALSE
- (8) } # filter_username filter_username = notfound
- (8) [preprocess] = ok
- (8) [chap] = noop
- (8) [mschap] = noop
- (8) [digest] = noop
- (8) suffix : Checking for suffix after "@"
- (8) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (8) suffix : No such realm "NULL"
- (8) [suffix] = noop
- (8) eap : Peer sent code Response (2) ID 9 length 107
- (8) eap : Continuing tunnel setup
- (8) [eap] = ok
- (8) } # authorize = ok
- (8) Found Auth-Type = EAP
- (8) # Executing group from file /etc/raddb/sites-enabled/default
- (8) authenticate {
- (8) eap : Expiring EAP session with state 0x4c8dda924c84c039
- (8) eap : Finished EAP session with state 0x61f2e62466fbffbc
- (8) eap : Previous EAP request found for state 0x61f2e62466fbffbc, released from the list
- (8) eap : Peer sent method PEAP (25)
- (8) eap : EAP PEAP (25)
- (8) eap : Calling eap_peap to process EAP data
- (8) eap_peap : processing EAP-TLS
- (8) eap_peap : eaptls_verify returned 7
- (8) eap_peap : Done initial handshake
- (8) eap_peap : eaptls_process returned 7
- (8) eap_peap : FR_TLS_OK
- (8) eap_peap : Session established. Decoding tunneled attributes
- (8) eap_peap : Peap state phase2
- (8) eap_peap : EAP type MSCHAPv2 (26)
- (8) eap_peap : Got tunneled request
- EAP-Message = 0x020900401a0209003b317285b5427bc062c3b1a6cb2437abacea0000000000000000af2bda22c854b980953166152081003ef3c0b2c9a08601840061646d696e
- server default {
- (8) eap_peap : Setting User-Name to admin
- Sending tunneled request
- EAP-Message = 0x020900401a0209003b317285b5427bc062c3b1a6cb2437abacea0000000000000000af2bda22c854b980953166152081003ef3c0b2c9a08601840061646d696e
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = 'admin'
- State = 0x4c8dda924c84c039ee81a9294737f384
- server inner-tunnel {
- (8) server inner-tunnel {
- (8) Request:
- EAP-Message = 0x020900401a0209003b317285b5427bc062c3b1a6cb2437abacea0000000000000000af2bda22c854b980953166152081003ef3c0b2c9a08601840061646d696e
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = 'admin'
- State = 0x4c8dda924c84c039ee81a9294737f384
- (8) # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel
- (8) authorize {
- (8) [chap] = noop
- (8) [mschap] = noop
- (8) suffix : Checking for suffix after "@"
- (8) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (8) suffix : No such realm "NULL"
- (8) [suffix] = noop
- (8) update control {
- (8) Proxy-To-Realm := 'LOCAL'
- (8) } # update control = noop
- (8) eap : Peer sent code Response (2) ID 9 length 64
- (8) eap : No EAP Start, assuming it's an on-going EAP conversation
- (8) [eap] = updated
- (8) [files] = noop
- rlm_ldap (ldap): Reserved connection (4)
- (8) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (8) ldap : --> (uid=admin)
- (8) ldap : EXPAND dc=home,dc=stegard,dc=nu
- (8) ldap : --> dc=home,dc=stegard,dc=nu
- (8) ldap : Performing search in 'dc=home,dc=stegard,dc=nu' with filter '(uid=admin)', scope 'sub'
- (8) ldap : Waiting for search result...
- (8) ldap : User object found at DN "uid=admin,cn=users,cn=compat,dc=home,dc=stegard,dc=nu"
- (8) ldap : Processing user attributes
- (8) WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute
- (8) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
- rlm_ldap (ldap): Released connection (4)
- (8) [ldap] = ok
- (8) [expiration] = noop
- (8) [logintime] = noop
- (8) [pap] = noop
- (8) } # authorize = updated
- (8) Found Auth-Type = EAP
- (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
- (8) authenticate {
- (8) eap : Expiring EAP session with state 0x4c8dda924c84c039
- (8) eap : Finished EAP session with state 0x4c8dda924c84c039
- (8) eap : Previous EAP request found for state 0x4c8dda924c84c039, released from the list
- (8) eap : Peer sent method MSCHAPv2 (26)
- (8) eap : EAP MSCHAPv2 (26)
- (8) eap : Calling eap_mschapv2 to process EAP data
- (8) eap_mschapv2 : # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
- (8) eap_mschapv2 : Auth-Type MS-CHAP {
- (8) WARNING: mschap : No Cleartext-Password configured. Cannot create LM-Password
- (8) WARNING: mschap : No Cleartext-Password configured. Cannot create NT-Password
- (8) mschap : Creating challenge hash with username: admin
- (8) mschap : Client is using MS-CHAPv2
- (8) ERROR: mschap : FAILED: No NT/LM-Password. Cannot perform authentication
- (8) ERROR: mschap : MS-CHAP2-Response is incorrect
- (8) [mschap] = reject
- (8) } # Auth-Type MS-CHAP = reject
- (8) eap : Freeing handler
- (8) [eap] = reject
- (8) } # authenticate = reject
- (8) Failed to authenticate the user
- (8) Using Post-Auth-Type Reject
- (8) # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
- (8) Post-Auth-Type REJECT {
- (8) attr_filter.access_reject : EXPAND %{User-Name}
- (8) attr_filter.access_reject : --> admin
- (8) attr_filter.access_reject : Matched entry DEFAULT at line 11
- (8) [attr_filter.access_reject] = updated
- (8) } # Post-Auth-Type REJECT = updated
- (8) Reply:
- MS-CHAP-Error = '\tE=691 R=1'
- EAP-Message = 0x04090004
- Message-Authenticator = 0x00000000000000000000000000000000
- (8) } # server inner-tunnel
- } # server inner-tunnel
- (8) eap_peap : Got tunneled reply code 3
- MS-CHAP-Error = '\tE=691 R=1'
- EAP-Message = 0x04090004
- Message-Authenticator = 0x00000000000000000000000000000000
- (8) eap_peap : Got tunneled reply RADIUS code 3
- MS-CHAP-Error = '\tE=691 R=1'
- EAP-Message = 0x04090004
- Message-Authenticator = 0x00000000000000000000000000000000
- (8) eap_peap : Tunneled authentication was rejected
- (8) eap_peap : FAILURE
- (8) eap : New EAP session, adding 'State' attribute to reply 0x61f2e62469f8ffbc
- (8) [eap] = handled
- (8) } # authenticate = handled
- (8) Sending Access-Challenge packet to host 10.0.0.2 port 57819, id=210, length=0
- (8) EAP-Message = 0x010a002b190017030100203f4c85e8f4ec609fb6014a96bfdbf4e9499099a99f2f909f42f66c856d7a2523
- (8) Message-Authenticator = 0x00000000000000000000000000000000
- (8) State = 0x61f2e62469f8ffbc47493858800a8868
- Sending Access-Challenge Id 210 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x010a002b190017030100203f4c85e8f4ec609fb6014a96bfdbf4e9499099a99f2f909f42f66c856d7a2523
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x61f2e62469f8ffbc47493858800a8868
- (8) Finished request
- Waking up in 0.2 seconds.
- Received Access-Request Id 211 from 10.0.0.2:57819 to 10.0.0.30:1812 length 181
- User-Name = 'admin'
- NAS-IP-Address = 10.0.0.2
- NAS-Identifier = 'RalinkAP0'
- NAS-Port = 0
- Called-Station-Id = '38-2C-4A-A3-67-E0'
- Calling-Station-Id = '88-79-7E-99-D4-47'
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- EAP-Message = 0x020a002b19001703010020a770eaed6f8fe6fc9edb7564e17c355ae6375abf90775bf47194e13fb96036d2
- State = 0x61f2e62469f8ffbc47493858800a8868
- Message-Authenticator = 0x46792c7873544d5187e489d15a561d17
- (9) Received Access-Request packet from host 10.0.0.2 port 57819, id=211, length=181
- (9) User-Name = 'admin'
- (9) NAS-IP-Address = 10.0.0.2
- (9) NAS-Identifier = 'RalinkAP0'
- (9) NAS-Port = 0
- (9) Called-Station-Id = '38-2C-4A-A3-67-E0'
- (9) Calling-Station-Id = '88-79-7E-99-D4-47'
- (9) Framed-MTU = 1400
- (9) NAS-Port-Type = Wireless-802.11
- (9) EAP-Message = 0x020a002b19001703010020a770eaed6f8fe6fc9edb7564e17c355ae6375abf90775bf47194e13fb96036d2
- (9) State = 0x61f2e62469f8ffbc47493858800a8868
- (9) Message-Authenticator = 0x46792c7873544d5187e489d15a561d17
- (9) # Executing section authorize from file /etc/raddb/sites-enabled/default
- (9) authorize {
- (9) filter_username filter_username {
- (9) if (!&User-Name)
- (9) if (!&User-Name) -> FALSE
- (9) if (&User-Name =~ / /)
- (9) if (&User-Name =~ / /) -> FALSE
- (9) if (&User-Name =~ /@.*@/ )
- (9) if (&User-Name =~ /@.*@/ ) -> FALSE
- (9) if (&User-Name =~ /\\.\\./ )
- (9) if (&User-Name =~ /\\.\\./ ) -> FALSE
- (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/))
- (9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE
- (9) if (&User-Name =~ /\\.$/)
- (9) if (&User-Name =~ /\\.$/) -> FALSE
- (9) if (&User-Name =~ /@\\./)
- (9) if (&User-Name =~ /@\\./) -> FALSE
- (9) } # filter_username filter_username = notfound
- (9) [preprocess] = ok
- (9) [chap] = noop
- (9) [mschap] = noop
- (9) [digest] = noop
- (9) suffix : Checking for suffix after "@"
- (9) suffix : No '@' in User-Name = "admin", looking up realm NULL
- (9) suffix : No such realm "NULL"
- (9) [suffix] = noop
- (9) eap : Peer sent code Response (2) ID 10 length 43
- (9) eap : Continuing tunnel setup
- (9) [eap] = ok
- (9) } # authorize = ok
- (9) Found Auth-Type = EAP
- (9) # Executing group from file /etc/raddb/sites-enabled/default
- (9) authenticate {
- (9) eap : Expiring EAP session with state 0x61f2e62469f8ffbc
- (9) eap : Finished EAP session with state 0x61f2e62469f8ffbc
- (9) eap : Previous EAP request found for state 0x61f2e62469f8ffbc, released from the list
- (9) eap : Peer sent method PEAP (25)
- (9) eap : EAP PEAP (25)
- (9) eap : Calling eap_peap to process EAP data
- (9) eap_peap : processing EAP-TLS
- (9) eap_peap : eaptls_verify returned 7
- (9) eap_peap : Done initial handshake
- (9) eap_peap : eaptls_process returned 7
- (9) eap_peap : FR_TLS_OK
- (9) eap_peap : Session established. Decoding tunneled attributes
- (9) eap_peap : Peap state send tlv failure
- (9) eap_peap : Received EAP-TLV response
- (9) eap_peap : The users session was previously rejected: returning reject (again.)
- (9) eap_peap : *** This means you need to read the PREVIOUS messages in the debug output
- (9) eap_peap : *** to find out the reason why the user was rejected
- (9) eap_peap : *** Look for "reject" or "fail". Those earlier messages will tell you
- (9) eap_peap : *** what went wrong, and how to fix the problem
- SSL: Removing session b8aa8379aecf7b1117f556ecb78c601fd19a0b81437e91f268515cf956c3ee82 from the cache
- (9) ERROR: eap : Failed continuing EAP PEAP (25) session. EAP sub-module failed
- (9) eap : Failed in EAP select
- (9) [eap] = invalid
- (9) } # authenticate = invalid
- (9) Failed to authenticate the user
- (9) Using Post-Auth-Type Reject
- (9) # Executing group from file /etc/raddb/sites-enabled/default
- (9) Post-Auth-Type REJECT {
- (9) attr_filter.access_reject : EXPAND %{User-Name}
- (9) attr_filter.access_reject : --> admin
- (9) attr_filter.access_reject : Matched entry DEFAULT at line 11
- (9) [attr_filter.access_reject] = updated
- (9) eap : Reply already contained an EAP-Message, not inserting EAP-Failure
- (9) [eap] = noop
- (9) remove_reply_message_if_eap remove_reply_message_if_eap {
- (9) if (&reply:EAP-Message && &reply:Reply-Message)
- (9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
- (9) else else {
- (9) [noop] = noop
- (9) } # else else = noop
- (9) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop
- (9) } # Post-Auth-Type REJECT = updated
- (9) Delaying response for 1 seconds
- Waking up in 0.2 seconds.
- Waking up in 0.6 seconds.
- Received Access-Request Id 211 from 10.0.0.2:57819 to 10.0.0.30:1812 length 181
- (9) Discarding duplicate request from client asus port 57819 - ID: 211 due to delayed response
- Waking up in 0.1 seconds.
- (9) Sending delayed response
- (9) Sending Access-Reject packet to host 10.0.0.2 port 57819, id=211, length=0
- (9) EAP-Message = 0x040a0004
- (9) Message-Authenticator = 0x00000000000000000000000000000000
- Sending Access-Reject Id 211 from 10.0.0.30:1812 to 10.0.0.2:57819
- EAP-Message = 0x040a0004
- Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 3.8 seconds.
- (0) Cleaning up request packet ID 202 with timestamp +13
- (1) Cleaning up request packet ID 203 with timestamp +13
- (2) Cleaning up request packet ID 204 with timestamp +13
- (3) Cleaning up request packet ID 205 with timestamp +13
- (4) Cleaning up request packet ID 206 with timestamp +13
- (5) Cleaning up request packet ID 207 with timestamp +13
- (6) Cleaning up request packet ID 208 with timestamp +13
- (7) Cleaning up request packet ID 209 with timestamp +13
- (8) Cleaning up request packet ID 210 with timestamp +13
- (9) Cleaning up request packet ID 211 with timestamp +13
- Ready to process requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement