Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@s1:/var/lib/dpkg/info# freeradius -X
- freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on Apr 5 2016 at 13:39:42
- Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License.
- For more information about these matters, see the file named COPYRIGHT.
- Starting - reading configuration files ...
- including configuration file /etc/freeradius/radiusd.conf
- including configuration file /etc/freeradius/proxy.conf
- including configuration file /etc/freeradius/clients.conf
- including files in directory /etc/freeradius/modules/
- including configuration file /etc/freeradius/modules/cache
- including configuration file /etc/freeradius/modules/mac2ip
- including configuration file /etc/freeradius/modules/replicate
- including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
- including configuration file /etc/freeradius/modules/preprocess
- including configuration file /etc/freeradius/modules/ldap
- including configuration file /etc/freeradius/modules/ntlm_auth
- including configuration file /etc/freeradius/modules/always
- including configuration file /etc/freeradius/modules/ippool
- including configuration file /etc/freeradius/modules/dhcp_sqlippool
- including configuration file /etc/freeradius/modules/detail.log
- including configuration file /etc/freeradius/modules/digest
- including configuration file /etc/freeradius/modules/rediswho
- including configuration file /etc/freeradius/modules/policy
- including configuration file /etc/freeradius/modules/chap
- including configuration file /etc/freeradius/modules/checkval
- including configuration file /etc/freeradius/modules/radutmp
- including configuration file /etc/freeradius/modules/expiration
- including configuration file /etc/freeradius/modules/files
- including configuration file /etc/freeradius/modules/echo
- including configuration file /etc/freeradius/modules/detail.example.com
- including configuration file /etc/freeradius/modules/realm
- including configuration file /etc/freeradius/modules/otp
- including configuration file /etc/freeradius/modules/perl
- including configuration file /etc/freeradius/modules/attr_rewrite
- including configuration file /etc/freeradius/modules/pap
- including configuration file /etc/freeradius/modules/cui
- including configuration file /etc/freeradius/modules/smsotp
- including configuration file /etc/freeradius/modules/sql_log
- including configuration file /etc/freeradius/modules/passwd
- including configuration file /etc/freeradius/modules/acct_unique
- including configuration file /etc/freeradius/modules/dynamic_clients
- including configuration file /etc/freeradius/modules/opendirectory
- including configuration file /etc/freeradius/modules/krb5
- including configuration file /etc/freeradius/modules/expr
- including configuration file /etc/freeradius/modules/detail
- including configuration file /etc/freeradius/modules/soh
- including configuration file /etc/freeradius/modules/attr_filter
- including configuration file /etc/freeradius/modules/mschap
- including configuration file /etc/freeradius/modules/sradutmp
- including configuration file /etc/freeradius/modules/radrelay
- including configuration file /etc/freeradius/modules/etc_group
- including configuration file /etc/freeradius/modules/smbpasswd
- including configuration file /etc/freeradius/modules/counter
- including configuration file /etc/freeradius/modules/unix
- including configuration file /etc/freeradius/modules/wimax
- including configuration file /etc/freeradius/modules/mac2vlan
- including configuration file /etc/freeradius/modules/inner-eap
- including configuration file /etc/freeradius/modules/exec
- including configuration file /etc/freeradius/modules/linelog
- including configuration file /etc/freeradius/modules/redis
- including configuration file /etc/freeradius/modules/pam
- including configuration file /etc/freeradius/modules/logintime
- including configuration file /etc/freeradius/eap.conf
- including configuration file /etc/freeradius/policy.conf
- including files in directory /etc/freeradius/sites-enabled/
- including configuration file /etc/freeradius/sites-enabled/inner-tunnel
- including configuration file /etc/freeradius/sites-enabled/default
- main {
- user = "freerad"
- group = "freerad"
- allow_core_dumps = no
- }
- including dictionary file /etc/freeradius/dictionary
- main {
- name = "freeradius"
- prefix = "/usr"
- localstatedir = "/var"
- sbindir = "/usr/sbin"
- logdir = "/var/log/freeradius"
- run_dir = "/var/run/freeradius"
- libdir = "/usr/lib/freeradius"
- radacctdir = "/var/log/freeradius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- pidfile = "/var/run/freeradius/freeradius.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- allow_vulnerable_openssl = no
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- require_message_authenticator = yes
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- coa {
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "testing123"
- nastype = "other"
- }
- client 192.168.1.0/24 {
- require_message_authenticator = no
- secret = "M13n14e5"
- nastype = "other"
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- timeout = 10
- }
- Module: Linked to module rlm_expr
- Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
- Module: Linked to module rlm_expiration
- Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server { # from file /etc/freeradius/radiusd.conf
- modules {
- Module: Creating Auth-Type = digest
- Module: Creating Auth-Type = LDAP
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_pap
- Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
- Module: Linked to module rlm_mschap
- Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = no
- allow_retry = yes
- }
- Module: Linked to module rlm_digest
- Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
- Module: Linked to module rlm_unix
- Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
- unix {
- radwtmp = "/var/log/freeradius/radwtmp"
- }
- Module: Linked to module rlm_ldap
- Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
- ldap {
- server = "s1.noureldin.local"
- port = 389
- password = "p@s$W0rd"
- expect_password = yes
- identity = "cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local"
- net_timeout = 1
- timeout = 4
- timelimit = 3
- max_uses = 0
- tls_mode = no
- start_tls = no
- tls_require_cert = "allow"
- tls {
- start_tls = yes
- cacertfile = "/etc/ssl/noureldin/certs/ca.crt"
- cacertdir = "/etc/ssl/noureldin/certs/"
- certfile = "/etc/ssl/noureldin/certs/freeradius.crt"
- keyfile = "/etc/ssl/noureldin/private/freeradius.key"
- randfile = "/dev/urandom"
- require_cert = "allow"
- }
- basedn = "ou=Users,ou=S1,DC=noureldin,DC=local"
- filter = "(samAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
- base_filter = "(objectclass=radiusprofile)"
- auto_header = no
- access_attr_used_for_allow = yes
- groupname_attribute = "cn"
- groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
- dictionary_mapping = "/etc/freeradius/ldap.attrmap"
- ldap_debug = 0
- ldap_connections_number = 5
- compare_check_items = no
- do_xlat = yes
- edir_account_policy_check = no
- set_auth_type = yes
- keepalive {
- idle = 60
- probes = 3
- interval = 3
- }
- }
- rlm_ldap: Registering ldap_groupcmp for Ldap-Group
- rlm_ldap: Registering ldap_xlat with xlat_name ldap
- rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
- rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
- rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
- rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
- rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
- rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
- rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
- rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
- rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
- rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
- rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
- rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
- rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
- rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
- rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
- rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
- rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
- rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
- rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
- rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
- rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
- rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
- rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
- rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
- rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
- rlm_ldap: LDAP radiusClass mapped to RADIUS Class
- rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
- rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
- rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
- rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
- rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
- rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
- rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
- rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
- rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
- rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
- rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
- rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
- rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
- rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
- rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
- conns: 0x8e20b38
- Module: Linked to module rlm_eap
- Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
- eap {
- default_eap_type = "ttls"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 1024
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- Module: Linked to sub-module rlm_eap_tls
- Module: Instantiating eap-tls
- tls {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- CA_path = "/etc/ssl/noureldin/certs"
- pem_file_type = yes
- private_key_file = "/etc/ssl/noureldin/private/freeradius.key"
- certificate_file = "/etc/ssl/noureldin/certs/freeradius.crt"
- private_key_password = ""
- dh_file = "/etc/ssl/noureldin/private/dh2048.pem"
- random_file = "/dev/urandom"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- check_all_crl = no
- cipher_list = "DEFAULT"
- make_cert_command = "/etc/ssl/noureldin/certs/bootstrap"
- ecdh_curve = "prime256v1"
- cache {
- enable = no
- lifetime = 24
- max_entries = 255
- }
- verify {
- }
- ocsp {
- enable = no
- override_cert_url = yes
- url = "http://127.0.0.1/ocsp/"
- use_nonce = yes
- timeout = 0
- softfail = no
- }
- }
- Module: Linked to sub-module rlm_eap_ttls
- Module: Instantiating eap-ttls
- ttls {
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- }
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- soh = no
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- send_error = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
- preprocess {
- huntgroups = "/etc/freeradius/huntgroups"
- hints = "/etc/freeradius/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- reading pairlist file /etc/freeradius/huntgroups
- reading pairlist file /etc/freeradius/hints
- Module: Linked to module rlm_realm
- Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_files
- Module: Instantiating module "files" from file /etc/freeradius/modules/files
- files {
- usersfile = "/etc/freeradius/users"
- acctusersfile = "/etc/freeradius/acct_users"
- preproxy_usersfile = "/etc/freeradius/preproxy_users"
- compat = "no"
- }
- reading pairlist file /etc/freeradius/users
- reading pairlist file /etc/freeradius/acct_users
- reading pairlist file /etc/freeradius/preproxy_users
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_detail
- Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
- detail {
- detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
- header = "%t"
- detailperm = 384
- dirperm = 493
- locking = no
- log_packet_header = no
- escape_filenames = no
- }
- Module: Linked to module rlm_attr_filter
- Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
- attr_filter attr_filter.accounting_response {
- attrsfile = "/etc/freeradius/attrs.accounting_response"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /etc/freeradius/attrs.accounting_response
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
- radutmp {
- filename = "/var/log/freeradius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/freeradius/attrs.access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- reading pairlist file /etc/freeradius/attrs.access_reject
- } # modules
- } # server
- server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- listen {
- type = "auth"
- ipaddr = 127.0.0.1
- port = 18120
- }
- ... adding new socket proxy address * port 56028
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=165, length=189
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x0239000f016d6e6f7572656c64696e
- Message-Authenticator = 0xc0dcfa1726631828d18db414918a2cd7
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 57 length 15
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] = updated
- ++[files] = noop
- [ldap] performing user authorization for mnoureldin
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> mnoureldin
- [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
- [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] attempting LDAP reconnection
- [ldap] (re)connect to s1.noureldin.local:389, authentication 0
- [ldap] setting TLS CACert File to /etc/ssl/noureldin/certs/ca.crt
- [ldap] setting TLS CACert Directory to /etc/ssl/noureldin/certs/
- [ldap] setting TLS Cert File to /etc/ssl/noureldin/certs/freeradius.crt
- [ldap] setting TLS Key File to /etc/ssl/noureldin/private/freeradius.key
- [ldap] setting TLS Rand File to /dev/urandom
- [ldap] starting TLS
- [ldap] bind as cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local/p@s$W0rd to s1.noureldin.local:389
- [ldap] waiting for bind result ...
- [ldap] Bind was successful
- [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
- [ldap] No default NMAS login sequence
- [ldap] looking for check items in directory...
- [ldap] looking for reply items in directory...
- WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] = ok
- ++[expiration] = noop
- ++[logintime] = noop
- [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
- ++[pap] = noop
- +} # group authorize = updated
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] EAP Identity
- [eap] processing type tls
- [tls] Initiate
- [tls] Start returned 1
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 165 to 192.168.1.1 port 55872
- EAP-Message = 0x013a00061520
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb1d52fc1b1ef3a5d3b83cf401fd9cda6
- Finished request 0.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=166, length=198
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x023a00060319
- State = 0xb1d52fc1b1ef3a5d3b83cf401fd9cda6
- Message-Authenticator = 0x63eb0852c4acb29be2068743527ebdd3
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 58 length 6
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] = updated
- ++[files] = noop
- [ldap] performing user authorization for mnoureldin
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> mnoureldin
- [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
- [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
- [ldap] No default NMAS login sequence
- [ldap] looking for check items in directory...
- [ldap] looking for reply items in directory...
- WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] = ok
- ++[expiration] = noop
- ++[logintime] = noop
- [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
- ++[pap] = noop
- +} # group authorize = updated
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP NAK
- [eap] EAP-NAK asked for EAP-Type/peap
- [eap] processing type tls
- [tls] Initiate
- [tls] Start returned 1
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 166 to 192.168.1.1 port 55872
- EAP-Message = 0x013b00061920
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb1d52fc1b0ee365d3b83cf401fd9cda6
- Finished request 1.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=167, length=400
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x023b00d01980000000c616030100c1010000bd03019cd03ffaee2fcd855bc6e1aaf63b616ee3d87ac8358f63508676e3be9d0c958f000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
- State = 0xb1d52fc1b0ee365d3b83cf401fd9cda6
- Message-Authenticator = 0x4b551714bc81ce082effc92a53d173a5
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 59 length 208
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 198
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] (other): before/accept initialization
- [peap] TLS_accept: before/accept initialization
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< TLS 1.0 Handshake [length 00c1], ClientHello
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> TLS 1.0 Handshake [length 054b], Certificate
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: Need to read more data: unknown state
- [peap] TLS_accept: Need to read more data: unknown state
- In SSL Handshake Phase
- In SSL Accept mode
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 167 to 192.168.1.1 port 55872
- EAP-Message = 0x013c040019c0000006e71603010039020000350301c6732e14e668a02c1880af83015569f923a7e447f9a2c49782f97c5ae538899d00c01400000dff01000100000b000403000102160301054b0b0005470005440005413082053d30820425a003020102020103300d06092a864886f70d01010b05003081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f7572656c64696e2e6d6f6f6f2e636f6d311530130603550429130c4e6f7572656c64696e2d4341312630240609
- EAP-Message = 0x2a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d301e170d3136303632383031313135315a170d3236303632363031313135315a3081a4310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b30190603550403131273312e6e6f7572656c64696e2e6c6f63616c311330110603550429130a467265655261646975733126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d30820122300d06092a864886f70d010101050003
- EAP-Message = 0x82010f003082010a0282010100d0c8167cd016c22ea1f69c49b90e4d5a8fc1dc78302a12b6b865f6115ed493b4ee4acacad89fe1e691a995664f99c2f3f1aa4998181c53e954a07323645a1babf68927b0326b216c9b097b8e0847854536d87fa133a44c91c229c670b63f30e1ec6b73d9a4aa2e069243e39377afd9eded2cd528c6f7012b4218c57a21ba3f003567138828f5f95652358c2400d750ad446830c5ecd2f13262db1e75b2e212c8b17e97824d892efc7b0bbd23d1d662710193fec2afcd1d51ba227c08c64f7a0e0a5c31ae732df11286ef415a0d751433f90e8c8629ad10befd4a819f0a14c2702525cfaac44a9f8448055e73ccf04b09
- EAP-Message = 0x95c487f4e15066cf8e1c869ee892573f0203010001a38201743082017030090603551d1304023000302d06096086480186f842010d0420161e456173792d5253412047656e657261746564204365727469666963617465301d0603551d0e04160414a2ef447c9dd3ae3e7db5aa3c13b8c1a5480d96413081db0603551d230481d33081d080146f2de03109800172170cbf8b514733cdca045827a181aca481a93081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f757265
- EAP-Message = 0x6c64696e2e6d6f6f6f2e636f
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb1d52fc1b3e9365d3b83cf401fd9cda6
- Finished request 2.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=168, length=198
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x023c00061900
- State = 0xb1d52fc1b3e9365d3b83cf401fd9cda6
- Message-Authenticator = 0x06032cccfbc1293d755616187efd418d
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 60 length 6
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 168 to 192.168.1.1 port 55872
- EAP-Message = 0x013d02f719006d311530130603550429130c4e6f7572656c64696e2d43413126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d8209009bc1911e86f743fc30130603551d25040c300a06082b06010505070302300b0603551d0f04040302078030150603551d11040e300c820a66726565726164697573300d06092a864886f70d01010b0500038201010006e189c91e6f1e902208af2c98495e51cdaafb5900c3a6daee40ae518cede1769179ce31940d28032293ef08bda1d3db1677448225bc8758cbd867bb278b91cf303123e05438de3333ce787979efee1cede115201acde6bad1f785d551b353
- EAP-Message = 0xdafd0ae465f21d5709bcd2f878c2915f90d5b245f93521b86dba3bf4d6179adb16d1a5393c73afb68e205048cbdd5b4a8a434ffb346661b53716acee0f32d367bc4a4bf80a694597001b901c3194016582197f8e91f811758235fce0084f815fa1bacbac17c004802c994fef049df829f8a0d24d888f8c10b46b5121381739995fb87bd00b74ba92eec39495f542ab33e533941a41b9312d348f6bfebe5bf84d16160301014b0c0001470300174104bd3196e98b222d00bf5a7516aac22b5d40d865519143f8103d8f46c2c08e5408663f83066ce46c78422291ef1bade31a4f9b61428e45a98f42ccf28d34b6a6e10100cc872a6cf2a22b05798439f6
- EAP-Message = 0xfd06d390ba21cc33633c9b04151a91d45b48bf2737b6ad32b1a4888459d522c2105b9c28be2c1d21ec3ef0d641be6f2a7d23ed6218ab1cfc6cd9181001d26dbbadb3fe686a9df33f8626fbfa48f814f366e22fcb805590f3f4449cd924d39d3eb7ebfd76e8e79109f5d2370df47211d7ddb9ae03f0ee094bcd245874b74b391291e5d0640f15150d1d96b88fb8c913f99d9100d29e01920d9dc84aa0b8256145c2705696873256ff069bec65b5b2fd911973e04f995747d5d975eb9bf1b8a02017f197f5c5d5d1e13202fb45c8d05158756ae23b84c3b1337aa7c2b5f34b3db7646f34bf4735490485bad6cf215eca56519fc94916030100040e000000
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb1d52fc1b2e8365d3b83cf401fd9cda6
- Finished request 3.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=169, length=336
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x023d0090198000000086160301004610000042410456d65401fb04a552c1847467064844c11ac3758def43c285ae464df19c234aeb78b1a4ad4d6e9e4a5a272c94aa2a45284ec8fd0800613046d347b0f0b21668801403010001011603010030f496740e47bb502e1f2b41cff1080de0bc5931c98c44733963c5311ce22e532f5be2a7bb4324c5fa632f88b8bf867c67
- State = 0xb1d52fc1b2e8365d3b83cf401fd9cda6
- Message-Authenticator = 0x1dacb681bd30fbc4a197ad05667dd952
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 61 length 144
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 134
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: unknown state
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] <<< Unknown TLS version [length 0005]
- [peap] <<< TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] TLS_accept: unknown state
- [peap] >>> Unknown TLS version [length 0005]
- [peap] >>> TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: unknown state
- [peap] TLS_accept: unknown state
- [peap] (other): SSL negotiation finished successfully
- SSL Connection Established
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 169 to 192.168.1.1 port 55872
- EAP-Message = 0x013e004119001403010001011603010030bfcecf9501692c4b09f83aefb389281b675952740065658c09152177f6e77071adc5f5b0acacf9aae72f9d0c6d6c9270
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb1d52fc1b5eb365d3b83cf401fd9cda6
- Finished request 4.
- Going to the next request
- Waking up in 4.8 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=170, length=198
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x023e00061900
- State = 0xb1d52fc1b5eb365d3b83cf401fd9cda6
- Message-Authenticator = 0x1902ac84ed969a055461ea776c6cf79f
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 62 length 6
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake is finished
- [peap] eaptls_verify returned 3
- [peap] eaptls_process returned 3
- [peap] EAPTLS_SUCCESS
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state TUNNEL ESTABLISHED
- [peap] >>> Unknown TLS version [length 0005]
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 170 to 192.168.1.1 port 55872
- EAP-Message = 0x013f002b19001703010020852082fdefe9a77c59a93cca8318e6f56ea8096af1eca20e22c629cd97eae14d
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb1d52fc1b4ea365d3b83cf401fd9cda6
- Finished request 5.
- Going to the next request
- Waking up in 4.8 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=171, length=235
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x023f002b190017030100204dfe288b32bedee1f43ebe342cedf2a54a766731812c56e24ef26da8321463b4
- State = 0xb1d52fc1b4ea365d3b83cf401fd9cda6
- Message-Authenticator = 0xa4fef542f7a7c78067c6e90b8fb0bb1d
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 63 length 43
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] <<< Unknown TLS version [length 0005]
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state WAITING FOR INNER IDENTITY
- [peap] Identity - mnoureldin
- [peap] Got inner identity 'mnoureldin'
- [peap] Setting default EAP type for tunneled EAP session.
- [peap] Got tunneled request
- EAP-Message = 0x023f000f016d6e6f7572656c64696e
- server {
- [peap] Setting User-Name to mnoureldin
- Sending tunneled request
- EAP-Message = 0x023f000f016d6e6f7572656c64696e
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "mnoureldin"
- server inner-tunnel {
- # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
- +group authorize {
- ++[chap] = noop
- ++[mschap] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- ++update control {
- ++} # update control = noop
- [eap] EAP packet type response id 63 length 15
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] = updated
- ++[files] = noop
- [ldap] performing user authorization for mnoureldin
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> mnoureldin
- [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
- [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
- [ldap] No default NMAS login sequence
- [ldap] looking for check items in directory...
- [ldap] looking for reply items in directory...
- WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] = ok
- ++[expiration] = noop
- ++[logintime] = noop
- ++[pap] = noop
- +} # group authorize = updated
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- +group authenticate {
- [eap] EAP Identity
- [eap] processing type mschapv2
- rlm_eap_mschapv2: Issuing Challenge
- ++[eap] = handled
- +} # group authenticate = handled
- } # server inner-tunnel
- [peap] Got tunneled reply code 11
- EAP-Message = 0x014000241a0140001f102dfe18767bebae56423f0e4a9a7cc7b06d6e6f7572656c64696e
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x97d409ac97941342d402c6401a2c3ec7
- [peap] Got tunneled reply RADIUS code Access-Challenge
- EAP-Message = 0x014000241a0140001f102dfe18767bebae56423f0e4a9a7cc7b06d6e6f7572656c64696e
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x97d409ac97941342d402c6401a2c3ec7
- [peap] Got tunneled Access-Challenge
- [peap] >>> Unknown TLS version [length 0005]
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 171 to 192.168.1.1 port 55872
- EAP-Message = 0x0140004b19001703010040a0bf7a371d08622514bdf255410266c57fafc7f21416a379844b37de44f2443e5c5e65499e47e00695c13c9ae51faca70644aac66fe117ae0b9db2b399784b10
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb1d52fc1b795365d3b83cf401fd9cda6
- Finished request 6.
- Going to the next request
- Waking up in 4.8 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=172, length=299
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x0240006b1900170301006039d28381c8b35d646ce8d7b2f3b62b981ecf5ea058eb10d644628c2546842075fb3bebdab712c4b1c88e653a929379ffee98ed2db1644a36a43fb4702d149d5c4a9899ad40dc152bdeb86c6928c4f402a10678e2b3b4cf43363eeaf8e2124827
- State = 0xb1d52fc1b795365d3b83cf401fd9cda6
- Message-Authenticator = 0x72f14a2285fccd97ef4605722ba8dc8c
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 64 length 107
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] <<< Unknown TLS version [length 0005]
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state phase2
- [peap] EAP type mschapv2
- [peap] Got tunneled request
- EAP-Message = 0x024000451a02400040315374e88fd2258822a6401cfb251a0622000000000000000006c1ef5ceaaaef0e08db76e2b65ea82220aca1602baa196c006d6e6f7572656c64696e
- server {
- [peap] Setting User-Name to mnoureldin
- Sending tunneled request
- EAP-Message = 0x024000451a02400040315374e88fd2258822a6401cfb251a0622000000000000000006c1ef5ceaaaef0e08db76e2b65ea82220aca1602baa196c006d6e6f7572656c64696e
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "mnoureldin"
- State = 0x97d409ac97941342d402c6401a2c3ec7
- server inner-tunnel {
- # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
- +group authorize {
- ++[chap] = noop
- ++[mschap] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- ++update control {
- ++} # update control = noop
- [eap] EAP packet type response id 64 length 69
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] = updated
- ++[files] = noop
- [ldap] performing user authorization for mnoureldin
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> mnoureldin
- [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
- [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
- [ldap] No default NMAS login sequence
- [ldap] looking for check items in directory...
- [ldap] looking for reply items in directory...
- WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] = ok
- ++[expiration] = noop
- ++[logintime] = noop
- ++[pap] = noop
- +} # group authorize = updated
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/mschapv2
- [eap] processing type mschapv2
- [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- [mschapv2] +group MS-CHAP {
- [mschap] No Cleartext-Password configured. Cannot create LM-Password.
- [mschap] No Cleartext-Password configured. Cannot create NT-Password.
- [mschap] Creating challenge hash with username: mnoureldin
- [mschap] Client is using MS-CHAPv2 for mnoureldin, we need NT-Password
- [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
- [mschap] FAILED: MS-CHAP2-Response is incorrect
- ++[mschap] = reject
- +} # group MS-CHAP = reject
- [eap] Freeing handler
- ++[eap] = reject
- +} # group authenticate = reject
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- +group REJECT {
- [attr_filter.access_reject] expand: %{User-Name} -> mnoureldin
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] = updated
- +} # group REJECT = updated
- } # server inner-tunnel
- [peap] Got tunneled reply code 3
- MS-CHAP-Error = "@E=691 R=1"
- EAP-Message = 0x04400004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Got tunneled reply RADIUS code Access-Reject
- MS-CHAP-Error = "@E=691 R=1"
- EAP-Message = 0x04400004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Tunneled authentication was rejected.
- [peap] FAILURE
- [peap] >>> Unknown TLS version [length 0005]
- ++[eap] = handled
- +} # group authenticate = handled
- Sending Access-Challenge of id 172 to 192.168.1.1 port 55872
- EAP-Message = 0x0141002b19001703010020983a79dd83aab34a85be3947c7d50fd66317a887ee53a53342767a9bef61d030
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb1d52fc1b694365d3b83cf401fd9cda6
- Finished request 7.
- Going to the next request
- Waking up in 4.7 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=173, length=235
- User-Name = "mnoureldin"
- NAS-IP-Address = 78.104.82.107
- Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "80-13-82-DF-B8-A0"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Acct-Session-Id = "576FE7D8-00000048"
- Framed-MTU = 1400
- EAP-Message = 0x0241002b19001703010020f248b258ad3bf1633b8414b538525e83c0e7d0df104b615a5dfd011d3765a353
- State = 0xb1d52fc1b694365d3b83cf401fd9cda6
- Message-Authenticator = 0xa82f65ba8ee3a81fe8a40397f502c169
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +group authorize {
- ++[preprocess] = ok
- ++[chap] = noop
- ++[mschap] = noop
- ++[digest] = noop
- [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] = noop
- [eap] EAP packet type response id 65 length 43
- [eap] Continuing tunnel setup.
- ++[eap] = ok
- +} # group authorize = ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group authenticate {
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] <<< Unknown TLS version [length 0005]
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state send tlv failure
- [peap] Received EAP-TLV response.
- [peap] The users session was previously rejected: returning reject (again.)
- [peap] *** This means you need to read the PREVIOUS messages in the debug output
- [peap] *** to find out the reason why the user was rejected.
- [peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
- [peap] *** what went wrong, and how to fix the problem.
- [eap] Handler failed in EAP/peap
- [eap] Failed in EAP select
- ++[eap] = invalid
- +} # group authenticate = invalid
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- # Executing group from file /etc/freeradius/sites-enabled/default
- +group REJECT {
- [eap] Reply already contained an EAP-Message, not inserting EAP-Failure
- ++[eap] = noop
- [attr_filter.access_reject] expand: %{User-Name} -> mnoureldin
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] = updated
- +} # group REJECT = updated
- Delaying reject of request 8 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 8
- Sending Access-Reject of id 173 to 192.168.1.1 port 55872
- EAP-Message = 0x04410004
- Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 3.7 seconds.
- Cleaning up request 0 ID 165 with timestamp +1
- Cleaning up request 1 ID 166 with timestamp +1
- Cleaning up request 2 ID 167 with timestamp +1
- Cleaning up request 3 ID 168 with timestamp +1
- Cleaning up request 4 ID 169 with timestamp +1
- Cleaning up request 5 ID 170 with timestamp +1
- Cleaning up request 6 ID 171 with timestamp +1
- Cleaning up request 7 ID 172 with timestamp +1
- Waking up in 1.0 seconds.
- Cleaning up request 8 ID 173 with timestamp +1
- Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement