Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- oot@s1:/var/lib/dpkg/info# freeradius -X
- freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on Apr 5 2016 at 13:39:42
- Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License.
- For more information about these matters, see the file named COPYRIGHT.
- Starting - reading configuration files ...
- including configuration file /etc/freeradius/radiusd.conf
- including configuration file /etc/freeradius/proxy.conf
- including configuration file /etc/freeradius/clients.conf
- including files in directory /etc/freeradius/modules/
- including configuration file /etc/freeradius/modules/cache
- including configuration file /etc/freeradius/modules/mac2ip
- including configuration file /etc/freeradius/modules/replicate
- including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
- including configuration file /etc/freeradius/modules/preprocess
- including configuration file /etc/freeradius/modules/ldap
- including configuration file /etc/freeradius/modules/ntlm_auth
- including configuration file /etc/freeradius/modules/always
- including configuration file /etc/freeradius/modules/ippool
- including configuration file /etc/freeradius/modules/dhcp_sqlippool
- including configuration file /etc/freeradius/modules/detail.log
- including configuration file /etc/freeradius/modules/digest
- including configuration file /etc/freeradius/modules/rediswho
- including configuration file /etc/freeradius/modules/policy
- including configuration file /etc/freeradius/modules/chap
- including configuration file /etc/freeradius/modules/checkval
- including configuration file /etc/freeradius/modules/radutmp
- including configuration file /etc/freeradius/modules/expiration
- including configuration file /etc/freeradius/modules/files
- including configuration file /etc/freeradius/modules/echo
- including configuration file /etc/freeradius/modules/detail.example.com
- including configuration file /etc/freeradius/modules/realm
- including configuration file /etc/freeradius/modules/otp
- including configuration file /etc/freeradius/modules/perl
- including configuration file /etc/freeradius/modules/attr_rewrite
- including configuration file /etc/freeradius/modules/pap
- including configuration file /etc/freeradius/modules/cui
- including configuration file /etc/freeradius/modules/smsotp
- including configuration file /etc/freeradius/modules/sql_log
- including configuration file /etc/freeradius/modules/passwd
- including configuration file /etc/freeradius/modules/acct_unique
- including configuration file /etc/freeradius/modules/dynamic_clients
- including configuration file /etc/freeradius/modules/opendirectory
- including configuration file /etc/freeradius/modules/krb5
- including configuration file /etc/freeradius/modules/expr
- including configuration file /etc/freeradius/modules/detail
- including configuration file /etc/freeradius/modules/soh
- including configuration file /etc/freeradius/modules/attr_filter
- including configuration file /etc/freeradius/modules/mschap
- including configuration file /etc/freeradius/modules/sradutmp
- including configuration file /etc/freeradius/modules/radrelay
- including configuration file /etc/freeradius/modules/etc_group
- including configuration file /etc/freeradius/modules/smbpasswd
- including configuration file /etc/freeradius/modules/counter
- including configuration file /etc/freeradius/modules/unix
- including configuration file /etc/freeradius/modules/wimax
- including configuration file /etc/freeradius/modules/mac2vlan
- including configuration file /etc/freeradius/modules/inner-eap
- including configuration file /etc/freeradius/modules/exec
- including configuration file /etc/freeradius/modules/linelog
- including configuration file /etc/freeradius/modules/redis
- including configuration file /etc/freeradius/modules/pam
- including configuration file /etc/freeradius/modules/logintime
- including configuration file /etc/freeradius/eap.conf
- including configuration file /etc/freeradius/policy.conf
- including files in directory /etc/freeradius/sites-enabled/
- including configuration file /etc/freeradius/sites-enabled/inner-tunnel
- including configuration file /etc/freeradius/sites-enabled/default
- main {
- user = "freerad"
- group = "freerad"
- allow_core_dumps = no
- }
- including dictionary file /etc/freeradius/dictionary
- main {
- name = "freeradius"
- prefix = "/usr"
- localstatedir = "/var"
- sbindir = "/usr/sbin"
- logdir = "/var/log/freeradius"
- run_dir = "/var/run/freeradius"
- libdir = "/usr/lib/freeradius"
- radacctdir = "/var/log/freeradius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- pidfile = "/var/run/freeradius/freeradius.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- allow_vulnerable_openssl = no
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- require_message_authenticator = yes
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- coa {
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "testing123"
- nastype = "other"
- }
- client 192.168.1.0/24 {
- require_message_authenticator = no
- secret = "M13n14e5"
- nastype = "other"
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- timeout = 10
- }
- Module: Linked to module rlm_expr
- Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
- Module: Linked to module rlm_expiration
- Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server { # from file /etc/freeradius/radiusd.conf
- modules {
- Module: Creating Auth-Type = digest
- Module: Creating Auth-Type = LDAP
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_pap
- Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
- Module: Linked to module rlm_mschap
- Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = no
- allow_retry = yes
- }
- Module: Linked to module rlm_digest
- Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
- Module: Linked to module rlm_unix
- Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
- unix {
- radwtmp = "/var/log/freeradius/radwtmp"
- }
- Module: Linked to module rlm_ldap
- Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
- ldap {
- server = "s1.noureldin.local"
- port = 389
- password = "p@s$W0rd"
- expect_password = yes
- identity = "cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local"
- net_timeout = 1
- timeout = 4
- timelimit = 3
- max_uses = 0
- tls_mode = no
- start_tls = no
- tls_require_cert = "allow"
- tls {
- start_tls = yes
- cacertfile = "/etc/ssl/noureldin/certs/ca.crt"
- cacertdir = "/etc/ssl/noureldin/certs/"
- certfile = "/etc/ssl/noureldin/certs/freeradius.crt"
- keyfile = "/etc/ssl/noureldin/private/freeradius.key"
- randfile = "/dev/urandom"
- require_cert = "allow"
- }
- basedn = "ou=Users,ou=S1,DC=noureldin,DC=local"
- filter = "(samAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
- base_filter = "(objectclass=radiusprofile)"
- auto_header = no
- access_attr_used_for_allow = yes
- groupname_attribute = "cn"
- groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
- dictionary_mapping = "/etc/freeradius/ldap.attrmap"
- ldap_debug = 0
- ldap_connections_number = 5
- compare_check_items = no
- do_xlat = yes
- edir_account_policy_check = no
- set_auth_type = yes
- keepalive {
- idle = 60
- probes = 3
- interval = 3
- }
- }
- rlm_ldap: Registering ldap_groupcmp for Ldap-Group
- rlm_ldap: Registering ldap_xlat with xlat_name ldap
- rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
- rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
- rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
- rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
- rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
- rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
- rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
- rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
- rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
- rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
- rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
- rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
- rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
- rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
- rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
- rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
- rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
- rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
- rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
- rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
- rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
- rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
- rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
- rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
- rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
- rlm_ldap: LDAP radiusClass mapped to RADIUS Class
- rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
- rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
- rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
- rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
- rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
- rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
- rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
- rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
- rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
- rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
- rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
- rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
- rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
- rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
- rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
- conns: 0x9f0cb38
- Module: Linked to module rlm_eap
- Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
- eap {
- default_eap_type = "peap"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 1024
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- Module: Linked to sub-module rlm_eap_tls
- Module: Instantiating eap-tls
- tls {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- CA_path = "/etc/ssl/noureldin/certs"
- pem_file_type = yes
- private_key_file = "/etc/ssl/noureldin/private/freeradius.key"
- certificate_file = "/etc/ssl/noureldin/certs/freeradius.crt"
- private_key_password = ""
- dh_file = "/etc/ssl/noureldin/private/dh2048.pem"
- random_file = "/dev/urandom"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- check_all_crl = no
- cipher_list = "DEFAULT"
- make_cert_command = "/etc/ssl/noureldin/certs/bootstrap"
- ecdh_curve = "prime256v1"
- cache {
- enable = no
- lifetime = 24
- max_entries = 255
- }
- verify {
- }
- ocsp {
- enable = no
- override_cert_url = yes
- url = "http://127.0.0.1/ocsp/"
- use_nonce = yes
- timeout = 0
- softfail = no
- }
- }
- Module: Linked to sub-module rlm_eap_ttls
- Module: Instantiating eap-ttls
- ttls {
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- }
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- soh = no
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- send_error = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
- preprocess {
- huntgroups = "/etc/freeradius/huntgroups"
- hints = "/etc/freeradius/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- reading pairlist file /etc/freeradius/huntgroups
- reading pairlist file /etc/freeradius/hints
- Module: Linked to module rlm_realm
- Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_files
- Module: Instantiating module "files" from file /etc/freeradius/modules/files
- files {
- usersfile = "/etc/freeradius/users"
- acctusersfile = "/etc/freeradius/acct_users"
- preproxy_usersfile = "/etc/freeradius/preproxy_users"
- compat = "no"
- }
- reading pairlist file /etc/freeradius/users
- reading pairlist file /etc/freeradius/acct_users
- reading pairlist file /etc/freeradius/preproxy_users
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_detail
- Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
- detail {
- detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
- header = "%t"
- detailperm = 384
- dirperm = 493
- locking = no
- log_packet_header = no
- escape_filenames = no
- }
- Module: Linked to module rlm_attr_filter
- Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
- attr_filter attr_filter.accounting_response {
- attrsfile = "/etc/freeradius/attrs.accounting_response"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /etc/freeradius/attrs.accounting_response
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
- radutmp {
- filename = "/var/log/freeradius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/freeradius/attrs.access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /etc/freeradius/attrs.access_reject
- } # modules
- } # server
- server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- listen {
- type = "auth"
- ipaddr = 127.0.0.1
- port = 18120
- }
- ... adding new socket proxy address * port 52551
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=174, length=189
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "48-D2-24-3F-55-D4"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000049"
- Framed-MTU = 1400
- EAP-Message = 0x0211000f016d6e6f7572656c64696e
- Message-Authenticator = 0x1ece39e57efd9a4738388d0a31220eb8
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 17 length 15
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] = updated
- ++[files] = noop
- [ldap] performing user authorization for mnoureldin
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> mnoureldin
- [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
- [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] attempting LDAP reconnection
- [ldap] (re)connect to s1.noureldin.local:389, authentication 0
- [ldap] setting TLS CACert File to /etc/ssl/noureldin/certs/ca.crt
- [ldap] setting TLS CACert Directory to /etc/ssl/noureldin/certs/
- [ldap] setting TLS Cert File to /etc/ssl/noureldin/certs/freeradius.crt
- [ldap] setting TLS Key File to /etc/ssl/noureldin/private/freeradius.key
- [ldap] setting TLS Rand File to /dev/urandom
- [ldap] starting TLS
- [ldap] bind as cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local/p@s$W0rd to s1.noureldin.local:389
- [ldap] waiting for bind result ...
- [ldap] Bind was successful
- [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
- [ldap] No default NMAS login sequence
- [ldap] looking for check items in directory...
- [ldap] looking for reply items in directory...
- WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] = ok
- ++[expiration] = noop
- ++[logintime] = noop
- [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
- ++[pap] = noop
- +} # group authorize = updated
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] EAP Identity
- [eap] processing type tls
- [tls] Initiate
- [tls] Start returned 1
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 174 to 192.168.1.1 port 55872
- EAP-Message = 0x011200061920
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x9566170995740e5c95161a0c1a3a9a8f
- Finished request 0.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=175, length=374
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "48-D2-24-3F-55-D4"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000049"
- Framed-MTU = 1400
- EAP-Message = 0x021200b61980000000ac16030300a7010000a3030357727273f67e2a4565a12a711628530623c3c8a9c4ff083caa53078ebd0efc8300003cc02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a0040003800320013000500040100003e000500050100000000000a0006000400170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100
- State = 0x9566170995740e5c95161a0c1a3a9a8f
- Message-Authenticator = 0x0ab39df33bae9eeccb1b689f7148be98
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 18 length 182
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 172
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] (other): before/accept initialization
- [peap] TLS_accept: before/accept initialization
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< Unknown TLS version [length 00a7]
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> Unknown TLS version [length 0039]
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> Unknown TLS version [length 054b]
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> Unknown TLS version [length 014d]
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> Unknown TLS version [length 0004]
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: Need to read more data: unknown state
- [peap] TLS_accept: Need to read more data: unknown state
- In SSL Handshake Phase
- In SSL Accept mode
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 175 to 192.168.1.1 port 55872
- EAP-Message = 0x0113040019c0000006e916030300390200003503035da7fa7fdc8c63cd8be8459f301cc7a82aa92a55c7607baa505250a240133ae000c03000000dff01000100000b000403000102160303054b0b0005470005440005413082053d30820425a003020102020103300d06092a864886f70d01010b05003081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f7572656c64696e2e6d6f6f6f2e636f6d311530130603550429130c4e6f7572656c64696e2d4341312630240609
- EAP-Message = 0x2a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d301e170d3136303632383031313135315a170d3236303632363031313135315a3081a4310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b30190603550403131273312e6e6f7572656c64696e2e6c6f63616c311330110603550429130a467265655261646975733126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d30820122300d06092a864886f70d010101050003
- EAP-Message = 0x82010f003082010a0282010100d0c8167cd016c22ea1f69c49b90e4d5a8fc1dc78302a12b6b865f6115ed493b4ee4acacad89fe1e691a995664f99c2f3f1aa4998181c53e954a07323645a1babf68927b0326b216c9b097b8e0847854536d87fa133a44c91c229c670b63f30e1ec6b73d9a4aa2e069243e39377afd9eded2cd528c6f7012b4218c57a21ba3f003567138828f5f95652358c2400d750ad446830c5ecd2f13262db1e75b2e212c8b17e97824d892efc7b0bbd23d1d662710193fec2afcd1d51ba227c08c64f7a0e0a5c31ae732df11286ef415a0d751433f90e8c8629ad10befd4a819f0a14c2702525cfaac44a9f8448055e73ccf04b09
- EAP-Message = 0x95c487f4e15066cf8e1c869ee892573f0203010001a38201743082017030090603551d1304023000302d06096086480186f842010d0420161e456173792d5253412047656e657261746564204365727469666963617465301d0603551d0e04160414a2ef447c9dd3ae3e7db5aa3c13b8c1a5480d96413081db0603551d230481d33081d080146f2de03109800172170cbf8b514733cdca045827a181aca481a93081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f757265
- EAP-Message = 0x6c64696e2e6d6f6f6f2e636f
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x9566170994750e5c95161a0c1a3a9a8f
- Finished request 1.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=176, length=198
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "48-D2-24-3F-55-D4"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000049"
- Framed-MTU = 1400
- EAP-Message = 0x021300061900
- State = 0x9566170994750e5c95161a0c1a3a9a8f
- Message-Authenticator = 0x864413ca3c662170c7b81c55dac457f5
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 19 length 6
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 176 to 192.168.1.1 port 55872
- EAP-Message = 0x011402f919006d311530130603550429130c4e6f7572656c64696e2d43413126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d8209009bc1911e86f743fc30130603551d25040c300a06082b06010505070302300b0603551d0f04040302078030150603551d11040e300c820a66726565726164697573300d06092a864886f70d01010b0500038201010006e189c91e6f1e902208af2c98495e51cdaafb5900c3a6daee40ae518cede1769179ce31940d28032293ef08bda1d3db1677448225bc8758cbd867bb278b91cf303123e05438de3333ce787979efee1cede115201acde6bad1f785d551b353
- EAP-Message = 0xdafd0ae465f21d5709bcd2f878c2915f90d5b245f93521b86dba3bf4d6179adb16d1a5393c73afb68e205048cbdd5b4a8a434ffb346661b53716acee0f32d367bc4a4bf80a694597001b901c3194016582197f8e91f811758235fce0084f815fa1bacbac17c004802c994fef049df829f8a0d24d888f8c10b46b5121381739995fb87bd00b74ba92eec39495f542ab33e533941a41b9312d348f6bfebe5bf84d16160303014d0c0001490300174104c00fc1825e930cf4437d8bb40da9495f79da4464d453a688ec212c203a9174cf6f7b2d9c92997f3b572ff1fdfd68b1d3f92364feec0933e5e9ca50ad85e2cc41040101003c947cd8e487a7d3a0a8
- EAP-Message = 0x3db29b36d440a9df480b83a9be3de99fbca1005b9b7a2d16f82084ee9fce1a4c67686fae67b92229bf571bd6e3b4501f2c23ecc9964f8f5a2917e6647373b4ab67aaec9787aede38305cf1bdf6f28055efb3509fa2965162af14399bc12efe79ad87e7338f8e9062ffa64af6b5eb542e451c6f54e7bae8a85ea00f0fdc6f734846fc8376f32a1d3c14196579c568c73a5ec76e7dc3773b62a11988c2ad03f962447900fc582f07f7a70e63b3f8c0a4a4db11d2df20d866e6e8bca7bca6bf14cf1a315ac32ce45034a07427388f3d03fa5773ef153298aa270f556f562b41ef9407ab8217c8d1ae44b939e0618bcce9cd376e920b65e616030300040e00
- EAP-Message = 0x0000
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x9566170997720e5c95161a0c1a3a9a8f
- Finished request 2.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=177, length=328
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "48-D2-24-3F-55-D4"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000049"
- Framed-MTU = 1400
- EAP-Message = 0x0214008819800000007e1603030046100000424104fdcd7825a48f3564395a0963ef5f0c72d5fe7d7b5b7f75afd94d0ceaea62806611a77613896e3bb26a16b46865a4196cf35b6cbf87d2510ecaef19390a17a73e14030300010116030300280000000000000000f963216788b686dc6cb9a70912b55b7d0602a9d95e91b97623a06ae4ff79172d
- State = 0x9566170997720e5c95161a0c1a3a9a8f
- Message-Authenticator = 0x81641e89c6fe9356b2b6d947e1738e1f
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 20 length 136
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 126
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< Unknown TLS version [length 0046]
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: unknown state
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< Unknown TLS version [length 0001]
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< Unknown TLS version [length 0010]
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> Unknown TLS version [length 0001]
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> Unknown TLS version [length 0010]
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: unknown state
- [peap] (other): SSL negotiation finished successfully
- SSL Connection Established
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 177 to 192.168.1.1 port 55872
- EAP-Message = 0x01150039190014030300010116030300280e6a2a100d6465828288177d0127066ea2c7c37251cfd6f1290d60cdeddcf9eb7580724fee7fd617
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x9566170996730e5c95161a0c1a3a9a8f
- Finished request 3.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=178, length=233
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "48-D2-24-3F-55-D4"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000049"
- Framed-MTU = 1400
- EAP-Message = 0x0215002919800000001f150303001a0000000000000001923dfb8064bff102ce9cbc10120c3c33f795
- State = 0x9566170996730e5c95161a0c1a3a9a8f
- Message-Authenticator = 0xc916d5f4061f067ea33a2a7e00043792
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 21 length 41
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 31
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< Unknown TLS version [length 0002]
- TLS Alert read:fatal:access denied
- [peap] WARNING: No data inside of the tunnel.
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state ?
- [peap] FAILED processing PEAP: Tunneled data is invalid.
- [eap] Handler failed in EAP/peap
- [eap] Failed in EAP select
- ++[eap] = invalid
- +} # group authenticate = invalid
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group REJECT {
- [eap] Reply already contained an EAP-Message, not inserting EAP-Failure
- ++[eap] = noop
- [attr_filter.access_reject] expand: %{User-Name} -> mnoureldin
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] = updated
- +} # group REJECT = updated
- Delaying reject of request 4 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 4
- Sending Access-Reject of id 178 to 192.168.1.1 port 55872
- EAP-Message = 0x04150004
- Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 3.8 seconds.
- Cleaning up request 0 ID 174 with timestamp +12
- Cleaning up request 1 ID 175 with timestamp +12
- Cleaning up request 2 ID 176 with timestamp +12
- Cleaning up request 3 ID 177 with timestamp +12
- Waking up in 1.0 seconds.
- Cleaning up request 4 ID 178 with timestamp +12
- Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement