API tools faq
paste
Advertisement
Guest User

PEAP, Windows

a guest
Jun 28th, 2016
161
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 37.15 KB | None | 0 0
raw download clone embed print report
  1. oot@s1:/var/lib/dpkg/info# freeradius -X
  2. freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on Apr 5 2016 at 13:39:42
  3. Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE.
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License.
  8. For more information about these matters, see the file named COPYRIGHT.
  9. Starting - reading configuration files ...
  10. including configuration file /etc/freeradius/radiusd.conf
  11. including configuration file /etc/freeradius/proxy.conf
  12. including configuration file /etc/freeradius/clients.conf
  13. including files in directory /etc/freeradius/modules/
  14. including configuration file /etc/freeradius/modules/cache
  15. including configuration file /etc/freeradius/modules/mac2ip
  16. including configuration file /etc/freeradius/modules/replicate
  17. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  18. including configuration file /etc/freeradius/modules/preprocess
  19. including configuration file /etc/freeradius/modules/ldap
  20. including configuration file /etc/freeradius/modules/ntlm_auth
  21. including configuration file /etc/freeradius/modules/always
  22. including configuration file /etc/freeradius/modules/ippool
  23. including configuration file /etc/freeradius/modules/dhcp_sqlippool
  24. including configuration file /etc/freeradius/modules/detail.log
  25. including configuration file /etc/freeradius/modules/digest
  26. including configuration file /etc/freeradius/modules/rediswho
  27. including configuration file /etc/freeradius/modules/policy
  28. including configuration file /etc/freeradius/modules/chap
  29. including configuration file /etc/freeradius/modules/checkval
  30. including configuration file /etc/freeradius/modules/radutmp
  31. including configuration file /etc/freeradius/modules/expiration
  32. including configuration file /etc/freeradius/modules/files
  33. including configuration file /etc/freeradius/modules/echo
  34. including configuration file /etc/freeradius/modules/detail.example.com
  35. including configuration file /etc/freeradius/modules/realm
  36. including configuration file /etc/freeradius/modules/otp
  37. including configuration file /etc/freeradius/modules/perl
  38. including configuration file /etc/freeradius/modules/attr_rewrite
  39. including configuration file /etc/freeradius/modules/pap
  40. including configuration file /etc/freeradius/modules/cui
  41. including configuration file /etc/freeradius/modules/smsotp
  42. including configuration file /etc/freeradius/modules/sql_log
  43. including configuration file /etc/freeradius/modules/passwd
  44. including configuration file /etc/freeradius/modules/acct_unique
  45. including configuration file /etc/freeradius/modules/dynamic_clients
  46. including configuration file /etc/freeradius/modules/opendirectory
  47. including configuration file /etc/freeradius/modules/krb5
  48. including configuration file /etc/freeradius/modules/expr
  49. including configuration file /etc/freeradius/modules/detail
  50. including configuration file /etc/freeradius/modules/soh
  51. including configuration file /etc/freeradius/modules/attr_filter
  52. including configuration file /etc/freeradius/modules/mschap
  53. including configuration file /etc/freeradius/modules/sradutmp
  54. including configuration file /etc/freeradius/modules/radrelay
  55. including configuration file /etc/freeradius/modules/etc_group
  56. including configuration file /etc/freeradius/modules/smbpasswd
  57. including configuration file /etc/freeradius/modules/counter
  58. including configuration file /etc/freeradius/modules/unix
  59. including configuration file /etc/freeradius/modules/wimax
  60. including configuration file /etc/freeradius/modules/mac2vlan
  61. including configuration file /etc/freeradius/modules/inner-eap
  62. including configuration file /etc/freeradius/modules/exec
  63. including configuration file /etc/freeradius/modules/linelog
  64. including configuration file /etc/freeradius/modules/redis
  65. including configuration file /etc/freeradius/modules/pam
  66. including configuration file /etc/freeradius/modules/logintime
  67. including configuration file /etc/freeradius/eap.conf
  68. including configuration file /etc/freeradius/policy.conf
  69. including files in directory /etc/freeradius/sites-enabled/
  70. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  71. including configuration file /etc/freeradius/sites-enabled/default
  72. main {
  73. user = "freerad"
  74. group = "freerad"
  75. allow_core_dumps = no
  76. }
  77. including dictionary file /etc/freeradius/dictionary
  78. main {
  79. name = "freeradius"
  80. prefix = "/usr"
  81. localstatedir = "/var"
  82. sbindir = "/usr/sbin"
  83. logdir = "/var/log/freeradius"
  84. run_dir = "/var/run/freeradius"
  85. libdir = "/usr/lib/freeradius"
  86. radacctdir = "/var/log/freeradius/radacct"
  87. hostname_lookups = no
  88. max_request_time = 30
  89. cleanup_delay = 5
  90. max_requests = 1024
  91. pidfile = "/var/run/freeradius/freeradius.pid"
  92. checkrad = "/usr/sbin/checkrad"
  93. debug_level = 0
  94. proxy_requests = yes
  95. log {
  96. stripped_names = no
  97. auth = no
  98. auth_badpass = no
  99. auth_goodpass = no
  100. }
  101. security {
  102. max_attributes = 200
  103. reject_delay = 1
  104. status_server = yes
  105. allow_vulnerable_openssl = no
  106. }
  107. }
  108. radiusd: #### Loading Realms and Home Servers ####
  109. proxy server {
  110. retry_delay = 5
  111. retry_count = 3
  112. default_fallback = no
  113. dead_time = 120
  114. wake_all_if_all_dead = no
  115. }
  116. home_server localhost {
  117. ipaddr = 127.0.0.1
  118. port = 1812
  119. type = "auth"
  120. secret = "testing123"
  121. response_window = 20
  122. max_outstanding = 65536
  123. require_message_authenticator = yes
  124. zombie_period = 40
  125. status_check = "status-server"
  126. ping_interval = 30
  127. check_interval = 30
  128. num_answers_to_alive = 3
  129. num_pings_to_alive = 3
  130. revive_interval = 120
  131. status_check_timeout = 4
  132. coa {
  133. irt = 2
  134. mrt = 16
  135. mrc = 5
  136. mrd = 30
  137. }
  138. }
  139. home_server_pool my_auth_failover {
  140. type = fail-over
  141. home_server = localhost
  142. }
  143. realm example.com {
  144. auth_pool = my_auth_failover
  145. }
  146. realm LOCAL {
  147. }
  148. radiusd: #### Loading Clients ####
  149. client localhost {
  150. ipaddr = 127.0.0.1
  151. require_message_authenticator = no
  152. secret = "testing123"
  153. nastype = "other"
  154. }
  155. client 192.168.1.0/24 {
  156. require_message_authenticator = no
  157. secret = "M13n14e5"
  158. nastype = "other"
  159. }
  160. radiusd: #### Instantiating modules ####
  161. instantiate {
  162. Module: Linked to module rlm_exec
  163. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  164. exec {
  165. wait = no
  166. input_pairs = "request"
  167. shell_escape = yes
  168. timeout = 10
  169. }
  170. Module: Linked to module rlm_expr
  171. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  172. Module: Linked to module rlm_expiration
  173. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  174. expiration {
  175. reply-message = "Password Has Expired "
  176. }
  177. Module: Linked to module rlm_logintime
  178. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  179. logintime {
  180. reply-message = "You are calling outside your allowed timespan "
  181. minimum-timeout = 60
  182. }
  183. }
  184. radiusd: #### Loading Virtual Servers ####
  185. server { # from file /etc/freeradius/radiusd.conf
  186. modules {
  187. Module: Creating Auth-Type = digest
  188. Module: Creating Auth-Type = LDAP
  189. Module: Checking authenticate {...} for more modules to load
  190. Module: Linked to module rlm_pap
  191. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  192. pap {
  193. encryption_scheme = "auto"
  194. auto_header = no
  195. }
  196. Module: Linked to module rlm_chap
  197. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  198. Module: Linked to module rlm_mschap
  199. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  200. mschap {
  201. use_mppe = yes
  202. require_encryption = no
  203. require_strong = no
  204. with_ntdomain_hack = no
  205. allow_retry = yes
  206. }
  207. Module: Linked to module rlm_digest
  208. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  209. Module: Linked to module rlm_unix
  210. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  211. unix {
  212. radwtmp = "/var/log/freeradius/radwtmp"
  213. }
  214. Module: Linked to module rlm_ldap
  215. Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  216. ldap {
  217. server = "s1.noureldin.local"
  218. port = 389
  219. password = "p@s$W0rd"
  220. expect_password = yes
  221. identity = "cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local"
  222. net_timeout = 1
  223. timeout = 4
  224. timelimit = 3
  225. max_uses = 0
  226. tls_mode = no
  227. start_tls = no
  228. tls_require_cert = "allow"
  229. tls {
  230. start_tls = yes
  231. cacertfile = "/etc/ssl/noureldin/certs/ca.crt"
  232. cacertdir = "/etc/ssl/noureldin/certs/"
  233. certfile = "/etc/ssl/noureldin/certs/freeradius.crt"
  234. keyfile = "/etc/ssl/noureldin/private/freeradius.key"
  235. randfile = "/dev/urandom"
  236. require_cert = "allow"
  237. }
  238. basedn = "ou=Users,ou=S1,DC=noureldin,DC=local"
  239. filter = "(samAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
  240. base_filter = "(objectclass=radiusprofile)"
  241. auto_header = no
  242. access_attr_used_for_allow = yes
  243. groupname_attribute = "cn"
  244. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  245. dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  246. ldap_debug = 0
  247. ldap_connections_number = 5
  248. compare_check_items = no
  249. do_xlat = yes
  250. edir_account_policy_check = no
  251. set_auth_type = yes
  252. keepalive {
  253. idle = 60
  254. probes = 3
  255. interval = 3
  256. }
  257. }
  258. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  259. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  260. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
  261. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  262. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  263. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  264. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  265. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  266. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  267. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  268. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  269. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  270. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  271. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  272. rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
  273. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  274. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  275. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  276. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  277. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  278. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  279. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  280. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  281. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  282. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  283. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  284. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  285. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  286. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  287. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  288. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  289. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  290. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  291. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  292. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  293. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  294. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  295. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  296. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  297. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  298. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  299. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  300. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  301. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  302. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  303. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  304. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  305. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  306. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
  307. conns: 0x9f0cb38
  308. Module: Linked to module rlm_eap
  309. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  310. eap {
  311. default_eap_type = "peap"
  312. timer_expire = 60
  313. ignore_unknown_eap_types = no
  314. cisco_accounting_username_bug = no
  315. max_sessions = 1024
  316. }
  317. Module: Linked to sub-module rlm_eap_md5
  318. Module: Instantiating eap-md5
  319. Module: Linked to sub-module rlm_eap_leap
  320. Module: Instantiating eap-leap
  321. Module: Linked to sub-module rlm_eap_gtc
  322. Module: Instantiating eap-gtc
  323. gtc {
  324. challenge = "Password: "
  325. auth_type = "PAP"
  326. }
  327. Module: Linked to sub-module rlm_eap_tls
  328. Module: Instantiating eap-tls
  329. tls {
  330. rsa_key_exchange = no
  331. dh_key_exchange = yes
  332. rsa_key_length = 512
  333. dh_key_length = 512
  334. verify_depth = 0
  335. CA_path = "/etc/ssl/noureldin/certs"
  336. pem_file_type = yes
  337. private_key_file = "/etc/ssl/noureldin/private/freeradius.key"
  338. certificate_file = "/etc/ssl/noureldin/certs/freeradius.crt"
  339. private_key_password = ""
  340. dh_file = "/etc/ssl/noureldin/private/dh2048.pem"
  341. random_file = "/dev/urandom"
  342. fragment_size = 1024
  343. include_length = yes
  344. check_crl = no
  345. check_all_crl = no
  346. cipher_list = "DEFAULT"
  347. make_cert_command = "/etc/ssl/noureldin/certs/bootstrap"
  348. ecdh_curve = "prime256v1"
  349. cache {
  350. enable = no
  351. lifetime = 24
  352. max_entries = 255
  353. }
  354. verify {
  355. }
  356. ocsp {
  357. enable = no
  358. override_cert_url = yes
  359. url = "http://127.0.0.1/ocsp/"
  360. use_nonce = yes
  361. timeout = 0
  362. softfail = no
  363. }
  364. }
  365. Module: Linked to sub-module rlm_eap_ttls
  366. Module: Instantiating eap-ttls
  367. ttls {
  368. default_eap_type = "md5"
  369. copy_request_to_tunnel = no
  370. use_tunneled_reply = no
  371. virtual_server = "inner-tunnel"
  372. include_length = yes
  373. }
  374. Module: Linked to sub-module rlm_eap_peap
  375. Module: Instantiating eap-peap
  376. peap {
  377. default_eap_type = "mschapv2"
  378. copy_request_to_tunnel = no
  379. use_tunneled_reply = no
  380. proxy_tunneled_request_as_eap = yes
  381. virtual_server = "inner-tunnel"
  382. soh = no
  383. }
  384. Module: Linked to sub-module rlm_eap_mschapv2
  385. Module: Instantiating eap-mschapv2
  386. mschapv2 {
  387. with_ntdomain_hack = no
  388. send_error = no
  389. }
  390. Module: Checking authorize {...} for more modules to load
  391. Module: Linked to module rlm_preprocess
  392. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  393. preprocess {
  394. huntgroups = "/etc/freeradius/huntgroups"
  395. hints = "/etc/freeradius/hints"
  396. with_ascend_hack = no
  397. ascend_channels_per_line = 23
  398. with_ntdomain_hack = no
  399. with_specialix_jetstream_hack = no
  400. with_cisco_vsa_hack = no
  401. with_alvarion_vsa_hack = no
  402. }
  403. reading pairlist file /etc/freeradius/huntgroups
  404. reading pairlist file /etc/freeradius/hints
  405. Module: Linked to module rlm_realm
  406. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  407. realm suffix {
  408. format = "suffix"
  409. delimiter = "@"
  410. ignore_default = no
  411. ignore_null = no
  412. }
  413. Module: Linked to module rlm_files
  414. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  415. files {
  416. usersfile = "/etc/freeradius/users"
  417. acctusersfile = "/etc/freeradius/acct_users"
  418. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  419. compat = "no"
  420. }
  421. reading pairlist file /etc/freeradius/users
  422. reading pairlist file /etc/freeradius/acct_users
  423. reading pairlist file /etc/freeradius/preproxy_users
  424. Module: Checking preacct {...} for more modules to load
  425. Module: Linked to module rlm_acct_unique
  426. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  427. acct_unique {
  428. key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
  429. }
  430. Module: Checking accounting {...} for more modules to load
  431. Module: Linked to module rlm_detail
  432. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  433. detail {
  434. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  435. header = "%t"
  436. detailperm = 384
  437. dirperm = 493
  438. locking = no
  439. log_packet_header = no
  440. escape_filenames = no
  441. }
  442. Module: Linked to module rlm_attr_filter
  443. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  444. attr_filter attr_filter.accounting_response {
  445. attrsfile = "/etc/freeradius/attrs.accounting_response"
  446. key = "%{User-Name}"
  447. relaxed = no
  448. }
  449. reading pairlist file /etc/freeradius/attrs.accounting_response
  450. Module: Checking session {...} for more modules to load
  451. Module: Linked to module rlm_radutmp
  452. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  453. radutmp {
  454. filename = "/var/log/freeradius/radutmp"
  455. username = "%{User-Name}"
  456. case_sensitive = yes
  457. check_with_nas = yes
  458. perm = 384
  459. callerid = yes
  460. }
  461. Module: Checking post-proxy {...} for more modules to load
  462. Module: Checking post-auth {...} for more modules to load
  463. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  464. attr_filter attr_filter.access_reject {
  465. attrsfile = "/etc/freeradius/attrs.access_reject"
  466. key = "%{User-Name}"
  467. relaxed = no
  468. }
  469. reading pairlist file /etc/freeradius/attrs.access_reject
  470. } # modules
  471. } # server
  472. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  473. modules {
  474. Module: Checking authenticate {...} for more modules to load
  475. Module: Checking authorize {...} for more modules to load
  476. Module: Checking session {...} for more modules to load
  477. Module: Checking post-proxy {...} for more modules to load
  478. Module: Checking post-auth {...} for more modules to load
  479. } # modules
  480. } # server
  481. radiusd: #### Opening IP addresses and Ports ####
  482. listen {
  483. type = "auth"
  484. ipaddr = *
  485. port = 0
  486. }
  487. listen {
  488. type = "acct"
  489. ipaddr = *
  490. port = 0
  491. }
  492. listen {
  493. type = "auth"
  494. ipaddr = 127.0.0.1
  495. port = 18120
  496. }
  497. ... adding new socket proxy address * port 52551
  498. Listening on authentication address * port 1812
  499. Listening on accounting address * port 1813
  500. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  501. Listening on proxy address * port 1814
  502. Ready to process requests.
  503. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=174, length=189
  504. User-Name = "mnoureldin"
  505. NAS-IP-Address = 78.104.82.107
  506. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  507. NAS-Port-Type = Wireless-802.11
  508. NAS-Port = 1
  509. Calling-Station-Id = "48-D2-24-3F-55-D4"
  510. Connect-Info = "CONNECT 54Mbps 802.11g"
  511. Acct-Session-Id = "576FE7D8-00000049"
  512. Framed-MTU = 1400
  513. EAP-Message = 0x0211000f016d6e6f7572656c64696e
  514. Message-Authenticator = 0x1ece39e57efd9a4738388d0a31220eb8
  515. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  516. +group authorize {
  517. ++[preprocess] = ok
  518. ++[chap] = noop
  519. ++[mschap] = noop
  520. ++[digest] = noop
  521. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  522. [suffix] No such realm "NULL"
  523. ++[suffix] = noop
  524. [eap] EAP packet type response id 17 length 15
  525. [eap] No EAP Start, assuming it's an on-going EAP conversation
  526. ++[eap] = updated
  527. ++[files] = noop
  528. [ldap] performing user authorization for mnoureldin
  529. [ldap] expand: %{Stripped-User-Name} ->
  530. [ldap] ... expanding second conditional
  531. [ldap] expand: %{User-Name} -> mnoureldin
  532. [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
  533. [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
  534. [ldap] ldap_get_conn: Checking Id: 0
  535. [ldap] ldap_get_conn: Got Id: 0
  536. [ldap] attempting LDAP reconnection
  537. [ldap] (re)connect to s1.noureldin.local:389, authentication 0
  538. [ldap] setting TLS CACert File to /etc/ssl/noureldin/certs/ca.crt
  539. [ldap] setting TLS CACert Directory to /etc/ssl/noureldin/certs/
  540. [ldap] setting TLS Cert File to /etc/ssl/noureldin/certs/freeradius.crt
  541. [ldap] setting TLS Key File to /etc/ssl/noureldin/private/freeradius.key
  542. [ldap] setting TLS Rand File to /dev/urandom
  543. [ldap] starting TLS
  544. [ldap] bind as cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local/p@s$W0rd to s1.noureldin.local:389
  545. [ldap] waiting for bind result ...
  546. [ldap] Bind was successful
  547. [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
  548. [ldap] No default NMAS login sequence
  549. [ldap] looking for check items in directory...
  550. [ldap] looking for reply items in directory...
  551. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  552. [ldap] ldap_release_conn: Release Id: 0
  553. ++[ldap] = ok
  554. ++[expiration] = noop
  555. ++[logintime] = noop
  556. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  557. ++[pap] = noop
  558. +} # group authorize = updated
  559. Found Auth-Type = EAP
  560. # Executing group from file /etc/freeradius/sites-enabled/default
  561. +group authenticate {
  562. [eap] EAP Identity
  563. [eap] processing type tls
  564. [tls] Initiate
  565. [tls] Start returned 1
  566. ++[eap] = handled
  567. +} # group authenticate = handled
  568. Sending Access-Challenge of id 174 to 192.168.1.1 port 55872
  569. EAP-Message = 0x011200061920
  570. Message-Authenticator = 0x00000000000000000000000000000000
  571. State = 0x9566170995740e5c95161a0c1a3a9a8f
  572. Finished request 0.
  573. Going to the next request
  574. Waking up in 4.9 seconds.
  575. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=175, length=374
  576. User-Name = "mnoureldin"
  577. NAS-IP-Address = 78.104.82.107
  578. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  579. NAS-Port-Type = Wireless-802.11
  580. NAS-Port = 1
  581. Calling-Station-Id = "48-D2-24-3F-55-D4"
  582. Connect-Info = "CONNECT 54Mbps 802.11g"
  583. Acct-Session-Id = "576FE7D8-00000049"
  584. Framed-MTU = 1400
  585. EAP-Message = 0x021200b61980000000ac16030300a7010000a3030357727273f67e2a4565a12a711628530623c3c8a9c4ff083caa53078ebd0efc8300003cc02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a0040003800320013000500040100003e000500050100000000000a0006000400170018000b00020100000d001400120401050102010403050302030202060106030023000000170000ff01000100
  586. State = 0x9566170995740e5c95161a0c1a3a9a8f
  587. Message-Authenticator = 0x0ab39df33bae9eeccb1b689f7148be98
  588. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  589. +group authorize {
  590. ++[preprocess] = ok
  591. ++[chap] = noop
  592. ++[mschap] = noop
  593. ++[digest] = noop
  594. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  595. [suffix] No such realm "NULL"
  596. ++[suffix] = noop
  597. [eap] EAP packet type response id 18 length 182
  598. [eap] Continuing tunnel setup.
  599. ++[eap] = ok
  600. +} # group authorize = ok
  601. Found Auth-Type = EAP
  602. # Executing group from file /etc/freeradius/sites-enabled/default
  603. +group authenticate {
  604. [eap] Request found, released from the list
  605. [eap] EAP/peap
  606. [eap] processing type peap
  607. [peap] processing EAP-TLS
  608. TLS Length 172
  609. [peap] Length Included
  610. [peap] eaptls_verify returned 11
  611. [peap] (other): before/accept initialization
  612. [peap] TLS_accept: before/accept initialization
  613. [peap] <<< Unknown TLS version [length 0005]
  614. [peap] <<< Unknown TLS version [length 00a7]
  615. [peap] TLS_accept: unknown state
  616. [peap] >>> Unknown TLS version [length 0005]
  617. [peap] >>> Unknown TLS version [length 0039]
  618. [peap] TLS_accept: unknown state
  619. [peap] >>> Unknown TLS version [length 0005]
  620. [peap] >>> Unknown TLS version [length 054b]
  621. [peap] TLS_accept: unknown state
  622. [peap] >>> Unknown TLS version [length 0005]
  623. [peap] >>> Unknown TLS version [length 014d]
  624. [peap] TLS_accept: unknown state
  625. [peap] >>> Unknown TLS version [length 0005]
  626. [peap] >>> Unknown TLS version [length 0004]
  627. [peap] TLS_accept: unknown state
  628. [peap] TLS_accept: unknown state
  629. [peap] TLS_accept: unknown state
  630. [peap] TLS_accept: Need to read more data: unknown state
  631. [peap] TLS_accept: Need to read more data: unknown state
  632. In SSL Handshake Phase
  633. In SSL Accept mode
  634. [peap] eaptls_process returned 13
  635. [peap] EAPTLS_HANDLED
  636. ++[eap] = handled
  637. +} # group authenticate = handled
  638. Sending Access-Challenge of id 175 to 192.168.1.1 port 55872
  639. EAP-Message = 0x0113040019c0000006e916030300390200003503035da7fa7fdc8c63cd8be8459f301cc7a82aa92a55c7607baa505250a240133ae000c03000000dff01000100000b000403000102160303054b0b0005470005440005413082053d30820425a003020102020103300d06092a864886f70d01010b05003081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f7572656c64696e2e6d6f6f6f2e636f6d311530130603550429130c4e6f7572656c64696e2d4341312630240609
  640. EAP-Message = 0x2a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d301e170d3136303632383031313135315a170d3236303632363031313135315a3081a4310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b30190603550403131273312e6e6f7572656c64696e2e6c6f63616c311330110603550429130a467265655261646975733126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d30820122300d06092a864886f70d010101050003
  641. EAP-Message = 0x82010f003082010a0282010100d0c8167cd016c22ea1f69c49b90e4d5a8fc1dc78302a12b6b865f6115ed493b4ee4acacad89fe1e691a995664f99c2f3f1aa4998181c53e954a07323645a1babf68927b0326b216c9b097b8e0847854536d87fa133a44c91c229c670b63f30e1ec6b73d9a4aa2e069243e39377afd9eded2cd528c6f7012b4218c57a21ba3f003567138828f5f95652358c2400d750ad446830c5ecd2f13262db1e75b2e212c8b17e97824d892efc7b0bbd23d1d662710193fec2afcd1d51ba227c08c64f7a0e0a5c31ae732df11286ef415a0d751433f90e8c8629ad10befd4a819f0a14c2702525cfaac44a9f8448055e73ccf04b09
  642. EAP-Message = 0x95c487f4e15066cf8e1c869ee892573f0203010001a38201743082017030090603551d1304023000302d06096086480186f842010d0420161e456173792d5253412047656e657261746564204365727469666963617465301d0603551d0e04160414a2ef447c9dd3ae3e7db5aa3c13b8c1a5480d96413081db0603551d230481d33081d080146f2de03109800172170cbf8b514733cdca045827a181aca481a93081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f757265
  643. EAP-Message = 0x6c64696e2e6d6f6f6f2e636f
  644. Message-Authenticator = 0x00000000000000000000000000000000
  645. State = 0x9566170994750e5c95161a0c1a3a9a8f
  646. Finished request 1.
  647. Going to the next request
  648. Waking up in 4.9 seconds.
  649. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=176, length=198
  650. User-Name = "mnoureldin"
  651. NAS-IP-Address = 78.104.82.107
  652. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  653. NAS-Port-Type = Wireless-802.11
  654. NAS-Port = 1
  655. Calling-Station-Id = "48-D2-24-3F-55-D4"
  656. Connect-Info = "CONNECT 54Mbps 802.11g"
  657. Acct-Session-Id = "576FE7D8-00000049"
  658. Framed-MTU = 1400
  659. EAP-Message = 0x021300061900
  660. State = 0x9566170994750e5c95161a0c1a3a9a8f
  661. Message-Authenticator = 0x864413ca3c662170c7b81c55dac457f5
  662. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  663. +group authorize {
  664. ++[preprocess] = ok
  665. ++[chap] = noop
  666. ++[mschap] = noop
  667. ++[digest] = noop
  668. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  669. [suffix] No such realm "NULL"
  670. ++[suffix] = noop
  671. [eap] EAP packet type response id 19 length 6
  672. [eap] Continuing tunnel setup.
  673. ++[eap] = ok
  674. +} # group authorize = ok
  675. Found Auth-Type = EAP
  676. # Executing group from file /etc/freeradius/sites-enabled/default
  677. +group authenticate {
  678. [eap] Request found, released from the list
  679. [eap] EAP/peap
  680. [eap] processing type peap
  681. [peap] processing EAP-TLS
  682. [peap] Received TLS ACK
  683. [peap] ACK handshake fragment handler
  684. [peap] eaptls_verify returned 1
  685. [peap] eaptls_process returned 13
  686. [peap] EAPTLS_HANDLED
  687. ++[eap] = handled
  688. +} # group authenticate = handled
  689. Sending Access-Challenge of id 176 to 192.168.1.1 port 55872
  690. EAP-Message = 0x011402f919006d311530130603550429130c4e6f7572656c64696e2d43413126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d8209009bc1911e86f743fc30130603551d25040c300a06082b06010505070302300b0603551d0f04040302078030150603551d11040e300c820a66726565726164697573300d06092a864886f70d01010b0500038201010006e189c91e6f1e902208af2c98495e51cdaafb5900c3a6daee40ae518cede1769179ce31940d28032293ef08bda1d3db1677448225bc8758cbd867bb278b91cf303123e05438de3333ce787979efee1cede115201acde6bad1f785d551b353
  691. EAP-Message = 0xdafd0ae465f21d5709bcd2f878c2915f90d5b245f93521b86dba3bf4d6179adb16d1a5393c73afb68e205048cbdd5b4a8a434ffb346661b53716acee0f32d367bc4a4bf80a694597001b901c3194016582197f8e91f811758235fce0084f815fa1bacbac17c004802c994fef049df829f8a0d24d888f8c10b46b5121381739995fb87bd00b74ba92eec39495f542ab33e533941a41b9312d348f6bfebe5bf84d16160303014d0c0001490300174104c00fc1825e930cf4437d8bb40da9495f79da4464d453a688ec212c203a9174cf6f7b2d9c92997f3b572ff1fdfd68b1d3f92364feec0933e5e9ca50ad85e2cc41040101003c947cd8e487a7d3a0a8
  692. EAP-Message = 0x3db29b36d440a9df480b83a9be3de99fbca1005b9b7a2d16f82084ee9fce1a4c67686fae67b92229bf571bd6e3b4501f2c23ecc9964f8f5a2917e6647373b4ab67aaec9787aede38305cf1bdf6f28055efb3509fa2965162af14399bc12efe79ad87e7338f8e9062ffa64af6b5eb542e451c6f54e7bae8a85ea00f0fdc6f734846fc8376f32a1d3c14196579c568c73a5ec76e7dc3773b62a11988c2ad03f962447900fc582f07f7a70e63b3f8c0a4a4db11d2df20d866e6e8bca7bca6bf14cf1a315ac32ce45034a07427388f3d03fa5773ef153298aa270f556f562b41ef9407ab8217c8d1ae44b939e0618bcce9cd376e920b65e616030300040e00
  693. EAP-Message = 0x0000
  694. Message-Authenticator = 0x00000000000000000000000000000000
  695. State = 0x9566170997720e5c95161a0c1a3a9a8f
  696. Finished request 2.
  697. Going to the next request
  698. Waking up in 4.9 seconds.
  699. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=177, length=328
  700. User-Name = "mnoureldin"
  701. NAS-IP-Address = 78.104.82.107
  702. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  703. NAS-Port-Type = Wireless-802.11
  704. NAS-Port = 1
  705. Calling-Station-Id = "48-D2-24-3F-55-D4"
  706. Connect-Info = "CONNECT 54Mbps 802.11g"
  707. Acct-Session-Id = "576FE7D8-00000049"
  708. Framed-MTU = 1400
  709. EAP-Message = 0x0214008819800000007e1603030046100000424104fdcd7825a48f3564395a0963ef5f0c72d5fe7d7b5b7f75afd94d0ceaea62806611a77613896e3bb26a16b46865a4196cf35b6cbf87d2510ecaef19390a17a73e14030300010116030300280000000000000000f963216788b686dc6cb9a70912b55b7d0602a9d95e91b97623a06ae4ff79172d
  710. State = 0x9566170997720e5c95161a0c1a3a9a8f
  711. Message-Authenticator = 0x81641e89c6fe9356b2b6d947e1738e1f
  712. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  713. +group authorize {
  714. ++[preprocess] = ok
  715. ++[chap] = noop
  716. ++[mschap] = noop
  717. ++[digest] = noop
  718. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  719. [suffix] No such realm "NULL"
  720. ++[suffix] = noop
  721. [eap] EAP packet type response id 20 length 136
  722. [eap] Continuing tunnel setup.
  723. ++[eap] = ok
  724. +} # group authorize = ok
  725. Found Auth-Type = EAP
  726. # Executing group from file /etc/freeradius/sites-enabled/default
  727. +group authenticate {
  728. [eap] Request found, released from the list
  729. [eap] EAP/peap
  730. [eap] processing type peap
  731. [peap] processing EAP-TLS
  732. TLS Length 126
  733. [peap] Length Included
  734. [peap] eaptls_verify returned 11
  735. [peap] <<< Unknown TLS version [length 0005]
  736. [peap] <<< Unknown TLS version [length 0046]
  737. [peap] TLS_accept: unknown state
  738. [peap] TLS_accept: unknown state
  739. [peap] <<< Unknown TLS version [length 0005]
  740. [peap] <<< Unknown TLS version [length 0001]
  741. [peap] <<< Unknown TLS version [length 0005]
  742. [peap] <<< Unknown TLS version [length 0010]
  743. [peap] TLS_accept: unknown state
  744. [peap] >>> Unknown TLS version [length 0005]
  745. [peap] >>> Unknown TLS version [length 0001]
  746. [peap] TLS_accept: unknown state
  747. [peap] >>> Unknown TLS version [length 0005]
  748. [peap] >>> Unknown TLS version [length 0010]
  749. [peap] TLS_accept: unknown state
  750. [peap] TLS_accept: unknown state
  751. [peap] (other): SSL negotiation finished successfully
  752. SSL Connection Established
  753. [peap] eaptls_process returned 13
  754. [peap] EAPTLS_HANDLED
  755. ++[eap] = handled
  756. +} # group authenticate = handled
  757. Sending Access-Challenge of id 177 to 192.168.1.1 port 55872
  758. EAP-Message = 0x01150039190014030300010116030300280e6a2a100d6465828288177d0127066ea2c7c37251cfd6f1290d60cdeddcf9eb7580724fee7fd617
  759. Message-Authenticator = 0x00000000000000000000000000000000
  760. State = 0x9566170996730e5c95161a0c1a3a9a8f
  761. Finished request 3.
  762. Going to the next request
  763. Waking up in 4.9 seconds.
  764. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=178, length=233
  765. User-Name = "mnoureldin"
  766. NAS-IP-Address = 78.104.82.107
  767. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  768. NAS-Port-Type = Wireless-802.11
  769. NAS-Port = 1
  770. Calling-Station-Id = "48-D2-24-3F-55-D4"
  771. Connect-Info = "CONNECT 54Mbps 802.11g"
  772. Acct-Session-Id = "576FE7D8-00000049"
  773. Framed-MTU = 1400
  774. EAP-Message = 0x0215002919800000001f150303001a0000000000000001923dfb8064bff102ce9cbc10120c3c33f795
  775. State = 0x9566170996730e5c95161a0c1a3a9a8f
  776. Message-Authenticator = 0xc916d5f4061f067ea33a2a7e00043792
  777. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  778. +group authorize {
  779. ++[preprocess] = ok
  780. ++[chap] = noop
  781. ++[mschap] = noop
  782. ++[digest] = noop
  783. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  784. [suffix] No such realm "NULL"
  785. ++[suffix] = noop
  786. [eap] EAP packet type response id 21 length 41
  787. [eap] Continuing tunnel setup.
  788. ++[eap] = ok
  789. +} # group authorize = ok
  790. Found Auth-Type = EAP
  791. # Executing group from file /etc/freeradius/sites-enabled/default
  792. +group authenticate {
  793. [eap] Request found, released from the list
  794. [eap] EAP/peap
  795. [eap] processing type peap
  796. [peap] processing EAP-TLS
  797. TLS Length 31
  798. [peap] Length Included
  799. [peap] eaptls_verify returned 11
  800. [peap] <<< Unknown TLS version [length 0005]
  801. [peap] <<< Unknown TLS version [length 0002]
  802. TLS Alert read:fatal:access denied
  803. [peap] WARNING: No data inside of the tunnel.
  804. [peap] eaptls_process returned 7
  805. [peap] EAPTLS_OK
  806. [peap] Session established. Decoding tunneled attributes.
  807. [peap] Peap state ?
  808. [peap] FAILED processing PEAP: Tunneled data is invalid.
  809. [eap] Handler failed in EAP/peap
  810. [eap] Failed in EAP select
  811. ++[eap] = invalid
  812. +} # group authenticate = invalid
  813. Failed to authenticate the user.
  814. Using Post-Auth-Type Reject
  815. # Executing group from file /etc/freeradius/sites-enabled/default
  816. +group REJECT {
  817. [eap] Reply already contained an EAP-Message, not inserting EAP-Failure
  818. ++[eap] = noop
  819. [attr_filter.access_reject] expand: %{User-Name} -> mnoureldin
  820. attr_filter: Matched entry DEFAULT at line 11
  821. ++[attr_filter.access_reject] = updated
  822. +} # group REJECT = updated
  823. Delaying reject of request 4 for 1 seconds
  824. Going to the next request
  825. Waking up in 0.9 seconds.
  826. Sending delayed reject for request 4
  827. Sending Access-Reject of id 178 to 192.168.1.1 port 55872
  828. EAP-Message = 0x04150004
  829. Message-Authenticator = 0x00000000000000000000000000000000
  830. Waking up in 3.8 seconds.
  831. Cleaning up request 0 ID 174 with timestamp +12
  832. Cleaning up request 1 ID 175 with timestamp +12
  833. Cleaning up request 2 ID 176 with timestamp +12
  834. Cleaning up request 3 ID 177 with timestamp +12
  835. Waking up in 1.0 seconds.
  836. Cleaning up request 4 ID 178 with timestamp +12
  837. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!