API tools faq
paste
Advertisement
Guest User

TTLS, Android

a guest
Jun 28th, 2016
319
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 52.76 KB | None | 0 0
raw download clone embed print report
  1.  
  2. root@s1:/var/lib/dpkg/info# freeradius -X
  3. freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on Apr 5 2016 at 13:39:42
  4. Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
  5. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  6. PARTICULAR PURPOSE.
  7. You may redistribute copies of FreeRADIUS under the terms of the
  8. GNU General Public License.
  9. For more information about these matters, see the file named COPYRIGHT.
  10. Starting - reading configuration files ...
  11. including configuration file /etc/freeradius/radiusd.conf
  12. including configuration file /etc/freeradius/proxy.conf
  13. including configuration file /etc/freeradius/clients.conf
  14. including files in directory /etc/freeradius/modules/
  15. including configuration file /etc/freeradius/modules/cache
  16. including configuration file /etc/freeradius/modules/mac2ip
  17. including configuration file /etc/freeradius/modules/replicate
  18. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  19. including configuration file /etc/freeradius/modules/preprocess
  20. including configuration file /etc/freeradius/modules/ldap
  21. including configuration file /etc/freeradius/modules/ntlm_auth
  22. including configuration file /etc/freeradius/modules/always
  23. including configuration file /etc/freeradius/modules/ippool
  24. including configuration file /etc/freeradius/modules/dhcp_sqlippool
  25. including configuration file /etc/freeradius/modules/detail.log
  26. including configuration file /etc/freeradius/modules/digest
  27. including configuration file /etc/freeradius/modules/rediswho
  28. including configuration file /etc/freeradius/modules/policy
  29. including configuration file /etc/freeradius/modules/chap
  30. including configuration file /etc/freeradius/modules/checkval
  31. including configuration file /etc/freeradius/modules/radutmp
  32. including configuration file /etc/freeradius/modules/expiration
  33. including configuration file /etc/freeradius/modules/files
  34. including configuration file /etc/freeradius/modules/echo
  35. including configuration file /etc/freeradius/modules/detail.example.com
  36. including configuration file /etc/freeradius/modules/realm
  37. including configuration file /etc/freeradius/modules/otp
  38. including configuration file /etc/freeradius/modules/perl
  39. including configuration file /etc/freeradius/modules/attr_rewrite
  40. including configuration file /etc/freeradius/modules/pap
  41. including configuration file /etc/freeradius/modules/cui
  42. including configuration file /etc/freeradius/modules/smsotp
  43. including configuration file /etc/freeradius/modules/sql_log
  44. including configuration file /etc/freeradius/modules/passwd
  45. including configuration file /etc/freeradius/modules/acct_unique
  46. including configuration file /etc/freeradius/modules/dynamic_clients
  47. including configuration file /etc/freeradius/modules/opendirectory
  48. including configuration file /etc/freeradius/modules/krb5
  49. including configuration file /etc/freeradius/modules/expr
  50. including configuration file /etc/freeradius/modules/detail
  51. including configuration file /etc/freeradius/modules/soh
  52. including configuration file /etc/freeradius/modules/attr_filter
  53. including configuration file /etc/freeradius/modules/mschap
  54. including configuration file /etc/freeradius/modules/sradutmp
  55. including configuration file /etc/freeradius/modules/radrelay
  56. including configuration file /etc/freeradius/modules/etc_group
  57. including configuration file /etc/freeradius/modules/smbpasswd
  58. including configuration file /etc/freeradius/modules/counter
  59. including configuration file /etc/freeradius/modules/unix
  60. including configuration file /etc/freeradius/modules/wimax
  61. including configuration file /etc/freeradius/modules/mac2vlan
  62. including configuration file /etc/freeradius/modules/inner-eap
  63. including configuration file /etc/freeradius/modules/exec
  64. including configuration file /etc/freeradius/modules/linelog
  65. including configuration file /etc/freeradius/modules/redis
  66. including configuration file /etc/freeradius/modules/pam
  67. including configuration file /etc/freeradius/modules/logintime
  68. including configuration file /etc/freeradius/eap.conf
  69. including configuration file /etc/freeradius/policy.conf
  70. including files in directory /etc/freeradius/sites-enabled/
  71. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  72. including configuration file /etc/freeradius/sites-enabled/default
  73. main {
  74. user = "freerad"
  75. group = "freerad"
  76. allow_core_dumps = no
  77. }
  78. including dictionary file /etc/freeradius/dictionary
  79. main {
  80. name = "freeradius"
  81. prefix = "/usr"
  82. localstatedir = "/var"
  83. sbindir = "/usr/sbin"
  84. logdir = "/var/log/freeradius"
  85. run_dir = "/var/run/freeradius"
  86. libdir = "/usr/lib/freeradius"
  87. radacctdir = "/var/log/freeradius/radacct"
  88. hostname_lookups = no
  89. max_request_time = 30
  90. cleanup_delay = 5
  91. max_requests = 1024
  92. pidfile = "/var/run/freeradius/freeradius.pid"
  93. checkrad = "/usr/sbin/checkrad"
  94. debug_level = 0
  95. proxy_requests = yes
  96. log {
  97. stripped_names = no
  98. auth = no
  99. auth_badpass = no
  100. auth_goodpass = no
  101. }
  102. security {
  103. max_attributes = 200
  104. reject_delay = 1
  105. status_server = yes
  106. allow_vulnerable_openssl = no
  107. }
  108. }
  109. radiusd: #### Loading Realms and Home Servers ####
  110. proxy server {
  111. retry_delay = 5
  112. retry_count = 3
  113. default_fallback = no
  114. dead_time = 120
  115. wake_all_if_all_dead = no
  116. }
  117. home_server localhost {
  118. ipaddr = 127.0.0.1
  119. port = 1812
  120. type = "auth"
  121. secret = "testing123"
  122. response_window = 20
  123. max_outstanding = 65536
  124. require_message_authenticator = yes
  125. zombie_period = 40
  126. status_check = "status-server"
  127. ping_interval = 30
  128. check_interval = 30
  129. num_answers_to_alive = 3
  130. num_pings_to_alive = 3
  131. revive_interval = 120
  132. status_check_timeout = 4
  133. coa {
  134. irt = 2
  135. mrt = 16
  136. mrc = 5
  137. mrd = 30
  138. }
  139. }
  140. home_server_pool my_auth_failover {
  141. type = fail-over
  142. home_server = localhost
  143. }
  144. realm example.com {
  145. auth_pool = my_auth_failover
  146. }
  147. realm LOCAL {
  148. }
  149. radiusd: #### Loading Clients ####
  150. client localhost {
  151. ipaddr = 127.0.0.1
  152. require_message_authenticator = no
  153. secret = "testing123"
  154. nastype = "other"
  155. }
  156. client 192.168.1.0/24 {
  157. require_message_authenticator = no
  158. secret = "M13n14e5"
  159. nastype = "other"
  160. }
  161. radiusd: #### Instantiating modules ####
  162. instantiate {
  163. Module: Linked to module rlm_exec
  164. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  165. exec {
  166. wait = no
  167. input_pairs = "request"
  168. shell_escape = yes
  169. timeout = 10
  170. }
  171. Module: Linked to module rlm_expr
  172. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  173. Module: Linked to module rlm_expiration
  174. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  175. expiration {
  176. reply-message = "Password Has Expired "
  177. }
  178. Module: Linked to module rlm_logintime
  179. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  180. logintime {
  181. reply-message = "You are calling outside your allowed timespan "
  182. minimum-timeout = 60
  183. }
  184. }
  185. radiusd: #### Loading Virtual Servers ####
  186. server { # from file /etc/freeradius/radiusd.conf
  187. modules {
  188. Module: Creating Auth-Type = digest
  189. Module: Creating Auth-Type = LDAP
  190. Module: Checking authenticate {...} for more modules to load
  191. Module: Linked to module rlm_pap
  192. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  193. pap {
  194. encryption_scheme = "auto"
  195. auto_header = no
  196. }
  197. Module: Linked to module rlm_chap
  198. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  199. Module: Linked to module rlm_mschap
  200. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  201. mschap {
  202. use_mppe = yes
  203. require_encryption = no
  204. require_strong = no
  205. with_ntdomain_hack = no
  206. allow_retry = yes
  207. }
  208. Module: Linked to module rlm_digest
  209. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  210. Module: Linked to module rlm_unix
  211. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  212. unix {
  213. radwtmp = "/var/log/freeradius/radwtmp"
  214. }
  215. Module: Linked to module rlm_ldap
  216. Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  217. ldap {
  218. server = "s1.noureldin.local"
  219. port = 389
  220. password = "p@s$W0rd"
  221. expect_password = yes
  222. identity = "cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local"
  223. net_timeout = 1
  224. timeout = 4
  225. timelimit = 3
  226. max_uses = 0
  227. tls_mode = no
  228. start_tls = no
  229. tls_require_cert = "allow"
  230. tls {
  231. start_tls = yes
  232. cacertfile = "/etc/ssl/noureldin/certs/ca.crt"
  233. cacertdir = "/etc/ssl/noureldin/certs/"
  234. certfile = "/etc/ssl/noureldin/certs/freeradius.crt"
  235. keyfile = "/etc/ssl/noureldin/private/freeradius.key"
  236. randfile = "/dev/urandom"
  237. require_cert = "allow"
  238. }
  239. basedn = "ou=Users,ou=S1,DC=noureldin,DC=local"
  240. filter = "(samAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
  241. base_filter = "(objectclass=radiusprofile)"
  242. auto_header = no
  243. access_attr_used_for_allow = yes
  244. groupname_attribute = "cn"
  245. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  246. dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  247. ldap_debug = 0
  248. ldap_connections_number = 5
  249. compare_check_items = no
  250. do_xlat = yes
  251. edir_account_policy_check = no
  252. set_auth_type = yes
  253. keepalive {
  254. idle = 60
  255. probes = 3
  256. interval = 3
  257. }
  258. }
  259. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  260. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  261. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
  262. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  263. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  264. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  265. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  266. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  267. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  268. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  269. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  270. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  271. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  272. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  273. rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
  274. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  275. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  276. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  277. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  278. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  279. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  280. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  281. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  282. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  283. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  284. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  285. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  286. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  287. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  288. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  289. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  290. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  291. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  292. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  293. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  294. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  295. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  296. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  297. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  298. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  299. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  300. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  301. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  302. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  303. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  304. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  305. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  306. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  307. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
  308. conns: 0x8e20b38
  309. Module: Linked to module rlm_eap
  310. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  311. eap {
  312. default_eap_type = "ttls"
  313. timer_expire = 60
  314. ignore_unknown_eap_types = no
  315. cisco_accounting_username_bug = no
  316. max_sessions = 1024
  317. }
  318. Module: Linked to sub-module rlm_eap_md5
  319. Module: Instantiating eap-md5
  320. Module: Linked to sub-module rlm_eap_leap
  321. Module: Instantiating eap-leap
  322. Module: Linked to sub-module rlm_eap_gtc
  323. Module: Instantiating eap-gtc
  324. gtc {
  325. challenge = "Password: "
  326. auth_type = "PAP"
  327. }
  328. Module: Linked to sub-module rlm_eap_tls
  329. Module: Instantiating eap-tls
  330. tls {
  331. rsa_key_exchange = no
  332. dh_key_exchange = yes
  333. rsa_key_length = 512
  334. dh_key_length = 512
  335. verify_depth = 0
  336. CA_path = "/etc/ssl/noureldin/certs"
  337. pem_file_type = yes
  338. private_key_file = "/etc/ssl/noureldin/private/freeradius.key"
  339. certificate_file = "/etc/ssl/noureldin/certs/freeradius.crt"
  340. private_key_password = ""
  341. dh_file = "/etc/ssl/noureldin/private/dh2048.pem"
  342. random_file = "/dev/urandom"
  343. fragment_size = 1024
  344. include_length = yes
  345. check_crl = no
  346. check_all_crl = no
  347. cipher_list = "DEFAULT"
  348. make_cert_command = "/etc/ssl/noureldin/certs/bootstrap"
  349. ecdh_curve = "prime256v1"
  350. cache {
  351. enable = no
  352. lifetime = 24
  353. max_entries = 255
  354. }
  355. verify {
  356. }
  357. ocsp {
  358. enable = no
  359. override_cert_url = yes
  360. url = "http://127.0.0.1/ocsp/"
  361. use_nonce = yes
  362. timeout = 0
  363. softfail = no
  364. }
  365. }
  366. Module: Linked to sub-module rlm_eap_ttls
  367. Module: Instantiating eap-ttls
  368. ttls {
  369. default_eap_type = "md5"
  370. copy_request_to_tunnel = no
  371. use_tunneled_reply = no
  372. virtual_server = "inner-tunnel"
  373. include_length = yes
  374. }
  375. Module: Linked to sub-module rlm_eap_peap
  376. Module: Instantiating eap-peap
  377. peap {
  378. default_eap_type = "mschapv2"
  379. copy_request_to_tunnel = no
  380. use_tunneled_reply = no
  381. proxy_tunneled_request_as_eap = yes
  382. virtual_server = "inner-tunnel"
  383. soh = no
  384. }
  385. Module: Linked to sub-module rlm_eap_mschapv2
  386. Module: Instantiating eap-mschapv2
  387. mschapv2 {
  388. with_ntdomain_hack = no
  389. send_error = no
  390. }
  391. Module: Checking authorize {...} for more modules to load
  392. Module: Linked to module rlm_preprocess
  393. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  394. preprocess {
  395. huntgroups = "/etc/freeradius/huntgroups"
  396. hints = "/etc/freeradius/hints"
  397. with_ascend_hack = no
  398. ascend_channels_per_line = 23
  399. with_ntdomain_hack = no
  400. with_specialix_jetstream_hack = no
  401. with_cisco_vsa_hack = no
  402. with_alvarion_vsa_hack = no
  403. }
  404. reading pairlist file /etc/freeradius/huntgroups
  405. reading pairlist file /etc/freeradius/hints
  406. Module: Linked to module rlm_realm
  407. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  408. realm suffix {
  409. format = "suffix"
  410. delimiter = "@"
  411. ignore_default = no
  412. ignore_null = no
  413. }
  414. Module: Linked to module rlm_files
  415. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  416. files {
  417. usersfile = "/etc/freeradius/users"
  418. acctusersfile = "/etc/freeradius/acct_users"
  419. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  420. compat = "no"
  421. }
  422. reading pairlist file /etc/freeradius/users
  423. reading pairlist file /etc/freeradius/acct_users
  424. reading pairlist file /etc/freeradius/preproxy_users
  425. Module: Checking preacct {...} for more modules to load
  426. Module: Linked to module rlm_acct_unique
  427. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  428. acct_unique {
  429. key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
  430. }
  431. Module: Checking accounting {...} for more modules to load
  432. Module: Linked to module rlm_detail
  433. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  434. detail {
  435. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  436. header = "%t"
  437. detailperm = 384
  438. dirperm = 493
  439. locking = no
  440. log_packet_header = no
  441. escape_filenames = no
  442. }
  443. Module: Linked to module rlm_attr_filter
  444. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  445. attr_filter attr_filter.accounting_response {
  446. attrsfile = "/etc/freeradius/attrs.accounting_response"
  447. key = "%{User-Name}"
  448. relaxed = no
  449. }
  450. reading pairlist file /etc/freeradius/attrs.accounting_response
  451. Module: Checking session {...} for more modules to load
  452. Module: Linked to module rlm_radutmp
  453. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  454. radutmp {
  455. filename = "/var/log/freeradius/radutmp"
  456. username = "%{User-Name}"
  457. case_sensitive = yes
  458. check_with_nas = yes
  459. perm = 384
  460. callerid = yes
  461. }
  462. Module: Checking post-proxy {...} for more modules to load
  463. Module: Checking post-auth {...} for more modules to load
  464. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  465. attr_filter attr_filter.access_reject {
  466. attrsfile = "/etc/freeradius/attrs.access_reject"
  467. key = "%{User-Name}"
  468. relaxed = no
  469. }
  470. reading pairlist file /etc/freeradius/attrs.access_reject
  471. } # modules
  472. } # server
  473. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  474. modules {
  475. Module: Checking authenticate {...} for more modules to load
  476. Module: Checking authorize {...} for more modules to load
  477. Module: Checking session {...} for more modules to load
  478. Module: Checking post-proxy {...} for more modules to load
  479. Module: Checking post-auth {...} for more modules to load
  480. } # modules
  481. } # server
  482. radiusd: #### Opening IP addresses and Ports ####
  483. listen {
  484. type = "auth"
  485. ipaddr = *
  486. port = 0
  487. }
  488. listen {
  489. type = "acct"
  490. ipaddr = *
  491. port = 0
  492. }
  493. listen {
  494. type = "auth"
  495. ipaddr = 127.0.0.1
  496. port = 18120
  497. }
  498. ... adding new socket proxy address * port 56028
  499. Listening on authentication address * port 1812
  500. Listening on accounting address * port 1813
  501. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  502. Listening on proxy address * port 1814
  503. Ready to process requests.
  504. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=165, length=189
  505. User-Name = "mnoureldin"
  506. NAS-IP-Address = 78.104.82.107
  507. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  508. NAS-Port-Type = Wireless-802.11
  509. NAS-Port = 1
  510. Calling-Station-Id = "80-13-82-DF-B8-A0"
  511. Connect-Info = "CONNECT 54Mbps 802.11g"
  512. Acct-Session-Id = "576FE7D8-00000048"
  513. Framed-MTU = 1400
  514. EAP-Message = 0x0239000f016d6e6f7572656c64696e
  515. Message-Authenticator = 0xc0dcfa1726631828d18db414918a2cd7
  516. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  517. +group authorize {
  518. ++[preprocess] = ok
  519. ++[chap] = noop
  520. ++[mschap] = noop
  521. ++[digest] = noop
  522. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  523. [suffix] No such realm "NULL"
  524. ++[suffix] = noop
  525. [eap] EAP packet type response id 57 length 15
  526. [eap] No EAP Start, assuming it's an on-going EAP conversation
  527. ++[eap] = updated
  528. ++[files] = noop
  529. [ldap] performing user authorization for mnoureldin
  530. [ldap] expand: %{Stripped-User-Name} ->
  531. [ldap] ... expanding second conditional
  532. [ldap] expand: %{User-Name} -> mnoureldin
  533. [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
  534. [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
  535. [ldap] ldap_get_conn: Checking Id: 0
  536. [ldap] ldap_get_conn: Got Id: 0
  537. [ldap] attempting LDAP reconnection
  538. [ldap] (re)connect to s1.noureldin.local:389, authentication 0
  539. [ldap] setting TLS CACert File to /etc/ssl/noureldin/certs/ca.crt
  540. [ldap] setting TLS CACert Directory to /etc/ssl/noureldin/certs/
  541. [ldap] setting TLS Cert File to /etc/ssl/noureldin/certs/freeradius.crt
  542. [ldap] setting TLS Key File to /etc/ssl/noureldin/private/freeradius.key
  543. [ldap] setting TLS Rand File to /dev/urandom
  544. [ldap] starting TLS
  545. [ldap] bind as cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local/p@s$W0rd to s1.noureldin.local:389
  546. [ldap] waiting for bind result ...
  547. [ldap] Bind was successful
  548. [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
  549. [ldap] No default NMAS login sequence
  550. [ldap] looking for check items in directory...
  551. [ldap] looking for reply items in directory...
  552. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  553. [ldap] ldap_release_conn: Release Id: 0
  554. ++[ldap] = ok
  555. ++[expiration] = noop
  556. ++[logintime] = noop
  557. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  558. ++[pap] = noop
  559. +} # group authorize = updated
  560. Found Auth-Type = EAP
  561. # Executing group from file /etc/freeradius/sites-enabled/default
  562. +group authenticate {
  563. [eap] EAP Identity
  564. [eap] processing type tls
  565. [tls] Initiate
  566. [tls] Start returned 1
  567. ++[eap] = handled
  568. +} # group authenticate = handled
  569. Sending Access-Challenge of id 165 to 192.168.1.1 port 55872
  570. EAP-Message = 0x013a00061520
  571. Message-Authenticator = 0x00000000000000000000000000000000
  572. State = 0xb1d52fc1b1ef3a5d3b83cf401fd9cda6
  573. Finished request 0.
  574. Going to the next request
  575. Waking up in 4.9 seconds.
  576. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=166, length=198
  577. User-Name = "mnoureldin"
  578. NAS-IP-Address = 78.104.82.107
  579. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  580. NAS-Port-Type = Wireless-802.11
  581. NAS-Port = 1
  582. Calling-Station-Id = "80-13-82-DF-B8-A0"
  583. Connect-Info = "CONNECT 54Mbps 802.11g"
  584. Acct-Session-Id = "576FE7D8-00000048"
  585. Framed-MTU = 1400
  586. EAP-Message = 0x023a00060319
  587. State = 0xb1d52fc1b1ef3a5d3b83cf401fd9cda6
  588. Message-Authenticator = 0x63eb0852c4acb29be2068743527ebdd3
  589. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  590. +group authorize {
  591. ++[preprocess] = ok
  592. ++[chap] = noop
  593. ++[mschap] = noop
  594. ++[digest] = noop
  595. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  596. [suffix] No such realm "NULL"
  597. ++[suffix] = noop
  598. [eap] EAP packet type response id 58 length 6
  599. [eap] No EAP Start, assuming it's an on-going EAP conversation
  600. ++[eap] = updated
  601. ++[files] = noop
  602. [ldap] performing user authorization for mnoureldin
  603. [ldap] expand: %{Stripped-User-Name} ->
  604. [ldap] ... expanding second conditional
  605. [ldap] expand: %{User-Name} -> mnoureldin
  606. [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
  607. [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
  608. [ldap] ldap_get_conn: Checking Id: 0
  609. [ldap] ldap_get_conn: Got Id: 0
  610. [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
  611. [ldap] No default NMAS login sequence
  612. [ldap] looking for check items in directory...
  613. [ldap] looking for reply items in directory...
  614. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  615. [ldap] ldap_release_conn: Release Id: 0
  616. ++[ldap] = ok
  617. ++[expiration] = noop
  618. ++[logintime] = noop
  619. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  620. ++[pap] = noop
  621. +} # group authorize = updated
  622. Found Auth-Type = EAP
  623. # Executing group from file /etc/freeradius/sites-enabled/default
  624. +group authenticate {
  625. [eap] Request found, released from the list
  626. [eap] EAP NAK
  627. [eap] EAP-NAK asked for EAP-Type/peap
  628. [eap] processing type tls
  629. [tls] Initiate
  630. [tls] Start returned 1
  631. ++[eap] = handled
  632. +} # group authenticate = handled
  633. Sending Access-Challenge of id 166 to 192.168.1.1 port 55872
  634. EAP-Message = 0x013b00061920
  635. Message-Authenticator = 0x00000000000000000000000000000000
  636. State = 0xb1d52fc1b0ee365d3b83cf401fd9cda6
  637. Finished request 1.
  638. Going to the next request
  639. Waking up in 4.9 seconds.
  640. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=167, length=400
  641. User-Name = "mnoureldin"
  642. NAS-IP-Address = 78.104.82.107
  643. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  644. NAS-Port-Type = Wireless-802.11
  645. NAS-Port = 1
  646. Calling-Station-Id = "80-13-82-DF-B8-A0"
  647. Connect-Info = "CONNECT 54Mbps 802.11g"
  648. Acct-Session-Id = "576FE7D8-00000048"
  649. Framed-MTU = 1400
  650. EAP-Message = 0x023b00d01980000000c616030100c1010000bd03019cd03ffaee2fcd855bc6e1aaf63b616ee3d87ac8358f63508676e3be9d0c958f000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
  651. State = 0xb1d52fc1b0ee365d3b83cf401fd9cda6
  652. Message-Authenticator = 0x4b551714bc81ce082effc92a53d173a5
  653. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  654. +group authorize {
  655. ++[preprocess] = ok
  656. ++[chap] = noop
  657. ++[mschap] = noop
  658. ++[digest] = noop
  659. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  660. [suffix] No such realm "NULL"
  661. ++[suffix] = noop
  662. [eap] EAP packet type response id 59 length 208
  663. [eap] Continuing tunnel setup.
  664. ++[eap] = ok
  665. +} # group authorize = ok
  666. Found Auth-Type = EAP
  667. # Executing group from file /etc/freeradius/sites-enabled/default
  668. +group authenticate {
  669. [eap] Request found, released from the list
  670. [eap] EAP/peap
  671. [eap] processing type peap
  672. [peap] processing EAP-TLS
  673. TLS Length 198
  674. [peap] Length Included
  675. [peap] eaptls_verify returned 11
  676. [peap] (other): before/accept initialization
  677. [peap] TLS_accept: before/accept initialization
  678. [peap] <<< Unknown TLS version [length 0005]
  679. [peap] <<< TLS 1.0 Handshake [length 00c1], ClientHello
  680. [peap] TLS_accept: unknown state
  681. [peap] >>> Unknown TLS version [length 0005]
  682. [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
  683. [peap] TLS_accept: unknown state
  684. [peap] >>> Unknown TLS version [length 0005]
  685. [peap] >>> TLS 1.0 Handshake [length 054b], Certificate
  686. [peap] TLS_accept: unknown state
  687. [peap] >>> Unknown TLS version [length 0005]
  688. [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
  689. [peap] TLS_accept: unknown state
  690. [peap] >>> Unknown TLS version [length 0005]
  691. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  692. [peap] TLS_accept: unknown state
  693. [peap] TLS_accept: unknown state
  694. [peap] TLS_accept: unknown state
  695. [peap] TLS_accept: Need to read more data: unknown state
  696. [peap] TLS_accept: Need to read more data: unknown state
  697. In SSL Handshake Phase
  698. In SSL Accept mode
  699. [peap] eaptls_process returned 13
  700. [peap] EAPTLS_HANDLED
  701. ++[eap] = handled
  702. +} # group authenticate = handled
  703. Sending Access-Challenge of id 167 to 192.168.1.1 port 55872
  704. EAP-Message = 0x013c040019c0000006e71603010039020000350301c6732e14e668a02c1880af83015569f923a7e447f9a2c49782f97c5ae538899d00c01400000dff01000100000b000403000102160301054b0b0005470005440005413082053d30820425a003020102020103300d06092a864886f70d01010b05003081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f7572656c64696e2e6d6f6f6f2e636f6d311530130603550429130c4e6f7572656c64696e2d4341312630240609
  705. EAP-Message = 0x2a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d301e170d3136303632383031313135315a170d3236303632363031313135315a3081a4310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b30190603550403131273312e6e6f7572656c64696e2e6c6f63616c311330110603550429130a467265655261646975733126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d30820122300d06092a864886f70d010101050003
  706. EAP-Message = 0x82010f003082010a0282010100d0c8167cd016c22ea1f69c49b90e4d5a8fc1dc78302a12b6b865f6115ed493b4ee4acacad89fe1e691a995664f99c2f3f1aa4998181c53e954a07323645a1babf68927b0326b216c9b097b8e0847854536d87fa133a44c91c229c670b63f30e1ec6b73d9a4aa2e069243e39377afd9eded2cd528c6f7012b4218c57a21ba3f003567138828f5f95652358c2400d750ad446830c5ecd2f13262db1e75b2e212c8b17e97824d892efc7b0bbd23d1d662710193fec2afcd1d51ba227c08c64f7a0e0a5c31ae732df11286ef415a0d751433f90e8c8629ad10befd4a819f0a14c2702525cfaac44a9f8448055e73ccf04b09
  707. EAP-Message = 0x95c487f4e15066cf8e1c869ee892573f0203010001a38201743082017030090603551d1304023000302d06096086480186f842010d0420161e456173792d5253412047656e657261746564204365727469666963617465301d0603551d0e04160414a2ef447c9dd3ae3e7db5aa3c13b8c1a5480d96413081db0603551d230481d33081d080146f2de03109800172170cbf8b514733cdca045827a181aca481a93081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f757265
  708. EAP-Message = 0x6c64696e2e6d6f6f6f2e636f
  709. Message-Authenticator = 0x00000000000000000000000000000000
  710. State = 0xb1d52fc1b3e9365d3b83cf401fd9cda6
  711. Finished request 2.
  712. Going to the next request
  713. Waking up in 4.9 seconds.
  714. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=168, length=198
  715. User-Name = "mnoureldin"
  716. NAS-IP-Address = 78.104.82.107
  717. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  718. NAS-Port-Type = Wireless-802.11
  719. NAS-Port = 1
  720. Calling-Station-Id = "80-13-82-DF-B8-A0"
  721. Connect-Info = "CONNECT 54Mbps 802.11g"
  722. Acct-Session-Id = "576FE7D8-00000048"
  723. Framed-MTU = 1400
  724. EAP-Message = 0x023c00061900
  725. State = 0xb1d52fc1b3e9365d3b83cf401fd9cda6
  726. Message-Authenticator = 0x06032cccfbc1293d755616187efd418d
  727. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  728. +group authorize {
  729. ++[preprocess] = ok
  730. ++[chap] = noop
  731. ++[mschap] = noop
  732. ++[digest] = noop
  733. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  734. [suffix] No such realm "NULL"
  735. ++[suffix] = noop
  736. [eap] EAP packet type response id 60 length 6
  737. [eap] Continuing tunnel setup.
  738. ++[eap] = ok
  739. +} # group authorize = ok
  740. Found Auth-Type = EAP
  741. # Executing group from file /etc/freeradius/sites-enabled/default
  742. +group authenticate {
  743. [eap] Request found, released from the list
  744. [eap] EAP/peap
  745. [eap] processing type peap
  746. [peap] processing EAP-TLS
  747. [peap] Received TLS ACK
  748. [peap] ACK handshake fragment handler
  749. [peap] eaptls_verify returned 1
  750. [peap] eaptls_process returned 13
  751. [peap] EAPTLS_HANDLED
  752. ++[eap] = handled
  753. +} # group authenticate = handled
  754. Sending Access-Challenge of id 168 to 192.168.1.1 port 55872
  755. EAP-Message = 0x013d02f719006d311530130603550429130c4e6f7572656c64696e2d43413126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d8209009bc1911e86f743fc30130603551d25040c300a06082b06010505070302300b0603551d0f04040302078030150603551d11040e300c820a66726565726164697573300d06092a864886f70d01010b0500038201010006e189c91e6f1e902208af2c98495e51cdaafb5900c3a6daee40ae518cede1769179ce31940d28032293ef08bda1d3db1677448225bc8758cbd867bb278b91cf303123e05438de3333ce787979efee1cede115201acde6bad1f785d551b353
  756. EAP-Message = 0xdafd0ae465f21d5709bcd2f878c2915f90d5b245f93521b86dba3bf4d6179adb16d1a5393c73afb68e205048cbdd5b4a8a434ffb346661b53716acee0f32d367bc4a4bf80a694597001b901c3194016582197f8e91f811758235fce0084f815fa1bacbac17c004802c994fef049df829f8a0d24d888f8c10b46b5121381739995fb87bd00b74ba92eec39495f542ab33e533941a41b9312d348f6bfebe5bf84d16160301014b0c0001470300174104bd3196e98b222d00bf5a7516aac22b5d40d865519143f8103d8f46c2c08e5408663f83066ce46c78422291ef1bade31a4f9b61428e45a98f42ccf28d34b6a6e10100cc872a6cf2a22b05798439f6
  757. EAP-Message = 0xfd06d390ba21cc33633c9b04151a91d45b48bf2737b6ad32b1a4888459d522c2105b9c28be2c1d21ec3ef0d641be6f2a7d23ed6218ab1cfc6cd9181001d26dbbadb3fe686a9df33f8626fbfa48f814f366e22fcb805590f3f4449cd924d39d3eb7ebfd76e8e79109f5d2370df47211d7ddb9ae03f0ee094bcd245874b74b391291e5d0640f15150d1d96b88fb8c913f99d9100d29e01920d9dc84aa0b8256145c2705696873256ff069bec65b5b2fd911973e04f995747d5d975eb9bf1b8a02017f197f5c5d5d1e13202fb45c8d05158756ae23b84c3b1337aa7c2b5f34b3db7646f34bf4735490485bad6cf215eca56519fc94916030100040e000000
  758. Message-Authenticator = 0x00000000000000000000000000000000
  759. State = 0xb1d52fc1b2e8365d3b83cf401fd9cda6
  760. Finished request 3.
  761. Going to the next request
  762. Waking up in 4.9 seconds.
  763. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=169, length=336
  764. User-Name = "mnoureldin"
  765. NAS-IP-Address = 78.104.82.107
  766. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  767. NAS-Port-Type = Wireless-802.11
  768. NAS-Port = 1
  769. Calling-Station-Id = "80-13-82-DF-B8-A0"
  770. Connect-Info = "CONNECT 54Mbps 802.11g"
  771. Acct-Session-Id = "576FE7D8-00000048"
  772. Framed-MTU = 1400
  773. EAP-Message = 0x023d0090198000000086160301004610000042410456d65401fb04a552c1847467064844c11ac3758def43c285ae464df19c234aeb78b1a4ad4d6e9e4a5a272c94aa2a45284ec8fd0800613046d347b0f0b21668801403010001011603010030f496740e47bb502e1f2b41cff1080de0bc5931c98c44733963c5311ce22e532f5be2a7bb4324c5fa632f88b8bf867c67
  774. State = 0xb1d52fc1b2e8365d3b83cf401fd9cda6
  775. Message-Authenticator = 0x1dacb681bd30fbc4a197ad05667dd952
  776. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  777. +group authorize {
  778. ++[preprocess] = ok
  779. ++[chap] = noop
  780. ++[mschap] = noop
  781. ++[digest] = noop
  782. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  783. [suffix] No such realm "NULL"
  784. ++[suffix] = noop
  785. [eap] EAP packet type response id 61 length 144
  786. [eap] Continuing tunnel setup.
  787. ++[eap] = ok
  788. +} # group authorize = ok
  789. Found Auth-Type = EAP
  790. # Executing group from file /etc/freeradius/sites-enabled/default
  791. +group authenticate {
  792. [eap] Request found, released from the list
  793. [eap] EAP/peap
  794. [eap] processing type peap
  795. [peap] processing EAP-TLS
  796. TLS Length 134
  797. [peap] Length Included
  798. [peap] eaptls_verify returned 11
  799. [peap] <<< Unknown TLS version [length 0005]
  800. [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
  801. [peap] TLS_accept: unknown state
  802. [peap] TLS_accept: unknown state
  803. [peap] <<< Unknown TLS version [length 0005]
  804. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  805. [peap] <<< Unknown TLS version [length 0005]
  806. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  807. [peap] TLS_accept: unknown state
  808. [peap] >>> Unknown TLS version [length 0005]
  809. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  810. [peap] TLS_accept: unknown state
  811. [peap] >>> Unknown TLS version [length 0005]
  812. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  813. [peap] TLS_accept: unknown state
  814. [peap] TLS_accept: unknown state
  815. [peap] (other): SSL negotiation finished successfully
  816. SSL Connection Established
  817. [peap] eaptls_process returned 13
  818. [peap] EAPTLS_HANDLED
  819. ++[eap] = handled
  820. +} # group authenticate = handled
  821. Sending Access-Challenge of id 169 to 192.168.1.1 port 55872
  822. EAP-Message = 0x013e004119001403010001011603010030bfcecf9501692c4b09f83aefb389281b675952740065658c09152177f6e77071adc5f5b0acacf9aae72f9d0c6d6c9270
  823. Message-Authenticator = 0x00000000000000000000000000000000
  824. State = 0xb1d52fc1b5eb365d3b83cf401fd9cda6
  825. Finished request 4.
  826. Going to the next request
  827. Waking up in 4.8 seconds.
  828. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=170, length=198
  829. User-Name = "mnoureldin"
  830. NAS-IP-Address = 78.104.82.107
  831. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  832. NAS-Port-Type = Wireless-802.11
  833. NAS-Port = 1
  834. Calling-Station-Id = "80-13-82-DF-B8-A0"
  835. Connect-Info = "CONNECT 54Mbps 802.11g"
  836. Acct-Session-Id = "576FE7D8-00000048"
  837. Framed-MTU = 1400
  838. EAP-Message = 0x023e00061900
  839. State = 0xb1d52fc1b5eb365d3b83cf401fd9cda6
  840. Message-Authenticator = 0x1902ac84ed969a055461ea776c6cf79f
  841. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  842. +group authorize {
  843. ++[preprocess] = ok
  844. ++[chap] = noop
  845. ++[mschap] = noop
  846. ++[digest] = noop
  847. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  848. [suffix] No such realm "NULL"
  849. ++[suffix] = noop
  850. [eap] EAP packet type response id 62 length 6
  851. [eap] Continuing tunnel setup.
  852. ++[eap] = ok
  853. +} # group authorize = ok
  854. Found Auth-Type = EAP
  855. # Executing group from file /etc/freeradius/sites-enabled/default
  856. +group authenticate {
  857. [eap] Request found, released from the list
  858. [eap] EAP/peap
  859. [eap] processing type peap
  860. [peap] processing EAP-TLS
  861. [peap] Received TLS ACK
  862. [peap] ACK handshake is finished
  863. [peap] eaptls_verify returned 3
  864. [peap] eaptls_process returned 3
  865. [peap] EAPTLS_SUCCESS
  866. [peap] Session established. Decoding tunneled attributes.
  867. [peap] Peap state TUNNEL ESTABLISHED
  868. [peap] >>> Unknown TLS version [length 0005]
  869. ++[eap] = handled
  870. +} # group authenticate = handled
  871. Sending Access-Challenge of id 170 to 192.168.1.1 port 55872
  872. EAP-Message = 0x013f002b19001703010020852082fdefe9a77c59a93cca8318e6f56ea8096af1eca20e22c629cd97eae14d
  873. Message-Authenticator = 0x00000000000000000000000000000000
  874. State = 0xb1d52fc1b4ea365d3b83cf401fd9cda6
  875. Finished request 5.
  876. Going to the next request
  877. Waking up in 4.8 seconds.
  878. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=171, length=235
  879. User-Name = "mnoureldin"
  880. NAS-IP-Address = 78.104.82.107
  881. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  882. NAS-Port-Type = Wireless-802.11
  883. NAS-Port = 1
  884. Calling-Station-Id = "80-13-82-DF-B8-A0"
  885. Connect-Info = "CONNECT 54Mbps 802.11g"
  886. Acct-Session-Id = "576FE7D8-00000048"
  887. Framed-MTU = 1400
  888. EAP-Message = 0x023f002b190017030100204dfe288b32bedee1f43ebe342cedf2a54a766731812c56e24ef26da8321463b4
  889. State = 0xb1d52fc1b4ea365d3b83cf401fd9cda6
  890. Message-Authenticator = 0xa4fef542f7a7c78067c6e90b8fb0bb1d
  891. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  892. +group authorize {
  893. ++[preprocess] = ok
  894. ++[chap] = noop
  895. ++[mschap] = noop
  896. ++[digest] = noop
  897. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  898. [suffix] No such realm "NULL"
  899. ++[suffix] = noop
  900. [eap] EAP packet type response id 63 length 43
  901. [eap] Continuing tunnel setup.
  902. ++[eap] = ok
  903. +} # group authorize = ok
  904. Found Auth-Type = EAP
  905. # Executing group from file /etc/freeradius/sites-enabled/default
  906. +group authenticate {
  907. [eap] Request found, released from the list
  908. [eap] EAP/peap
  909. [eap] processing type peap
  910. [peap] processing EAP-TLS
  911. [peap] eaptls_verify returned 7
  912. [peap] Done initial handshake
  913. [peap] <<< Unknown TLS version [length 0005]
  914. [peap] eaptls_process returned 7
  915. [peap] EAPTLS_OK
  916. [peap] Session established. Decoding tunneled attributes.
  917. [peap] Peap state WAITING FOR INNER IDENTITY
  918. [peap] Identity - mnoureldin
  919. [peap] Got inner identity 'mnoureldin'
  920. [peap] Setting default EAP type for tunneled EAP session.
  921. [peap] Got tunneled request
  922. EAP-Message = 0x023f000f016d6e6f7572656c64696e
  923. server {
  924. [peap] Setting User-Name to mnoureldin
  925. Sending tunneled request
  926. EAP-Message = 0x023f000f016d6e6f7572656c64696e
  927. FreeRADIUS-Proxied-To = 127.0.0.1
  928. User-Name = "mnoureldin"
  929. server inner-tunnel {
  930. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  931. +group authorize {
  932. ++[chap] = noop
  933. ++[mschap] = noop
  934. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  935. [suffix] No such realm "NULL"
  936. ++[suffix] = noop
  937. ++update control {
  938. ++} # update control = noop
  939. [eap] EAP packet type response id 63 length 15
  940. [eap] No EAP Start, assuming it's an on-going EAP conversation
  941. ++[eap] = updated
  942. ++[files] = noop
  943. [ldap] performing user authorization for mnoureldin
  944. [ldap] expand: %{Stripped-User-Name} ->
  945. [ldap] ... expanding second conditional
  946. [ldap] expand: %{User-Name} -> mnoureldin
  947. [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
  948. [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
  949. [ldap] ldap_get_conn: Checking Id: 0
  950. [ldap] ldap_get_conn: Got Id: 0
  951. [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
  952. [ldap] No default NMAS login sequence
  953. [ldap] looking for check items in directory...
  954. [ldap] looking for reply items in directory...
  955. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  956. [ldap] ldap_release_conn: Release Id: 0
  957. ++[ldap] = ok
  958. ++[expiration] = noop
  959. ++[logintime] = noop
  960. ++[pap] = noop
  961. +} # group authorize = updated
  962. Found Auth-Type = EAP
  963. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  964. +group authenticate {
  965. [eap] EAP Identity
  966. [eap] processing type mschapv2
  967. rlm_eap_mschapv2: Issuing Challenge
  968. ++[eap] = handled
  969. +} # group authenticate = handled
  970. } # server inner-tunnel
  971. [peap] Got tunneled reply code 11
  972. EAP-Message = 0x014000241a0140001f102dfe18767bebae56423f0e4a9a7cc7b06d6e6f7572656c64696e
  973. Message-Authenticator = 0x00000000000000000000000000000000
  974. State = 0x97d409ac97941342d402c6401a2c3ec7
  975. [peap] Got tunneled reply RADIUS code Access-Challenge
  976. EAP-Message = 0x014000241a0140001f102dfe18767bebae56423f0e4a9a7cc7b06d6e6f7572656c64696e
  977. Message-Authenticator = 0x00000000000000000000000000000000
  978. State = 0x97d409ac97941342d402c6401a2c3ec7
  979. [peap] Got tunneled Access-Challenge
  980. [peap] >>> Unknown TLS version [length 0005]
  981. ++[eap] = handled
  982. +} # group authenticate = handled
  983. Sending Access-Challenge of id 171 to 192.168.1.1 port 55872
  984. EAP-Message = 0x0140004b19001703010040a0bf7a371d08622514bdf255410266c57fafc7f21416a379844b37de44f2443e5c5e65499e47e00695c13c9ae51faca70644aac66fe117ae0b9db2b399784b10
  985. Message-Authenticator = 0x00000000000000000000000000000000
  986. State = 0xb1d52fc1b795365d3b83cf401fd9cda6
  987. Finished request 6.
  988. Going to the next request
  989. Waking up in 4.8 seconds.
  990. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=172, length=299
  991. User-Name = "mnoureldin"
  992. NAS-IP-Address = 78.104.82.107
  993. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  994. NAS-Port-Type = Wireless-802.11
  995. NAS-Port = 1
  996. Calling-Station-Id = "80-13-82-DF-B8-A0"
  997. Connect-Info = "CONNECT 54Mbps 802.11g"
  998. Acct-Session-Id = "576FE7D8-00000048"
  999. Framed-MTU = 1400
  1000. EAP-Message = 0x0240006b1900170301006039d28381c8b35d646ce8d7b2f3b62b981ecf5ea058eb10d644628c2546842075fb3bebdab712c4b1c88e653a929379ffee98ed2db1644a36a43fb4702d149d5c4a9899ad40dc152bdeb86c6928c4f402a10678e2b3b4cf43363eeaf8e2124827
  1001. State = 0xb1d52fc1b795365d3b83cf401fd9cda6
  1002. Message-Authenticator = 0x72f14a2285fccd97ef4605722ba8dc8c
  1003. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  1004. +group authorize {
  1005. ++[preprocess] = ok
  1006. ++[chap] = noop
  1007. ++[mschap] = noop
  1008. ++[digest] = noop
  1009. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  1010. [suffix] No such realm "NULL"
  1011. ++[suffix] = noop
  1012. [eap] EAP packet type response id 64 length 107
  1013. [eap] Continuing tunnel setup.
  1014. ++[eap] = ok
  1015. +} # group authorize = ok
  1016. Found Auth-Type = EAP
  1017. # Executing group from file /etc/freeradius/sites-enabled/default
  1018. +group authenticate {
  1019. [eap] Request found, released from the list
  1020. [eap] EAP/peap
  1021. [eap] processing type peap
  1022. [peap] processing EAP-TLS
  1023. [peap] eaptls_verify returned 7
  1024. [peap] Done initial handshake
  1025. [peap] <<< Unknown TLS version [length 0005]
  1026. [peap] eaptls_process returned 7
  1027. [peap] EAPTLS_OK
  1028. [peap] Session established. Decoding tunneled attributes.
  1029. [peap] Peap state phase2
  1030. [peap] EAP type mschapv2
  1031. [peap] Got tunneled request
  1032. EAP-Message = 0x024000451a02400040315374e88fd2258822a6401cfb251a0622000000000000000006c1ef5ceaaaef0e08db76e2b65ea82220aca1602baa196c006d6e6f7572656c64696e
  1033. server {
  1034. [peap] Setting User-Name to mnoureldin
  1035. Sending tunneled request
  1036. EAP-Message = 0x024000451a02400040315374e88fd2258822a6401cfb251a0622000000000000000006c1ef5ceaaaef0e08db76e2b65ea82220aca1602baa196c006d6e6f7572656c64696e
  1037. FreeRADIUS-Proxied-To = 127.0.0.1
  1038. User-Name = "mnoureldin"
  1039. State = 0x97d409ac97941342d402c6401a2c3ec7
  1040. server inner-tunnel {
  1041. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  1042. +group authorize {
  1043. ++[chap] = noop
  1044. ++[mschap] = noop
  1045. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  1046. [suffix] No such realm "NULL"
  1047. ++[suffix] = noop
  1048. ++update control {
  1049. ++} # update control = noop
  1050. [eap] EAP packet type response id 64 length 69
  1051. [eap] No EAP Start, assuming it's an on-going EAP conversation
  1052. ++[eap] = updated
  1053. ++[files] = noop
  1054. [ldap] performing user authorization for mnoureldin
  1055. [ldap] expand: %{Stripped-User-Name} ->
  1056. [ldap] ... expanding second conditional
  1057. [ldap] expand: %{User-Name} -> mnoureldin
  1058. [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
  1059. [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
  1060. [ldap] ldap_get_conn: Checking Id: 0
  1061. [ldap] ldap_get_conn: Got Id: 0
  1062. [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
  1063. [ldap] No default NMAS login sequence
  1064. [ldap] looking for check items in directory...
  1065. [ldap] looking for reply items in directory...
  1066. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  1067. [ldap] ldap_release_conn: Release Id: 0
  1068. ++[ldap] = ok
  1069. ++[expiration] = noop
  1070. ++[logintime] = noop
  1071. ++[pap] = noop
  1072. +} # group authorize = updated
  1073. Found Auth-Type = EAP
  1074. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1075. +group authenticate {
  1076. [eap] Request found, released from the list
  1077. [eap] EAP/mschapv2
  1078. [eap] processing type mschapv2
  1079. [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1080. [mschapv2] +group MS-CHAP {
  1081. [mschap] No Cleartext-Password configured. Cannot create LM-Password.
  1082. [mschap] No Cleartext-Password configured. Cannot create NT-Password.
  1083. [mschap] Creating challenge hash with username: mnoureldin
  1084. [mschap] Client is using MS-CHAPv2 for mnoureldin, we need NT-Password
  1085. [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
  1086. [mschap] FAILED: MS-CHAP2-Response is incorrect
  1087. ++[mschap] = reject
  1088. +} # group MS-CHAP = reject
  1089. [eap] Freeing handler
  1090. ++[eap] = reject
  1091. +} # group authenticate = reject
  1092. Failed to authenticate the user.
  1093. Using Post-Auth-Type Reject
  1094. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1095. +group REJECT {
  1096. [attr_filter.access_reject] expand: %{User-Name} -> mnoureldin
  1097. attr_filter: Matched entry DEFAULT at line 11
  1098. ++[attr_filter.access_reject] = updated
  1099. +} # group REJECT = updated
  1100. } # server inner-tunnel
  1101. [peap] Got tunneled reply code 3
  1102. MS-CHAP-Error = "@E=691 R=1"
  1103. EAP-Message = 0x04400004
  1104. Message-Authenticator = 0x00000000000000000000000000000000
  1105. [peap] Got tunneled reply RADIUS code Access-Reject
  1106. MS-CHAP-Error = "@E=691 R=1"
  1107. EAP-Message = 0x04400004
  1108. Message-Authenticator = 0x00000000000000000000000000000000
  1109. [peap] Tunneled authentication was rejected.
  1110. [peap] FAILURE
  1111. [peap] >>> Unknown TLS version [length 0005]
  1112. ++[eap] = handled
  1113. +} # group authenticate = handled
  1114. Sending Access-Challenge of id 172 to 192.168.1.1 port 55872
  1115. EAP-Message = 0x0141002b19001703010020983a79dd83aab34a85be3947c7d50fd66317a887ee53a53342767a9bef61d030
  1116. Message-Authenticator = 0x00000000000000000000000000000000
  1117. State = 0xb1d52fc1b694365d3b83cf401fd9cda6
  1118. Finished request 7.
  1119. Going to the next request
  1120. Waking up in 4.7 seconds.
  1121. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=173, length=235
  1122. User-Name = "mnoureldin"
  1123. NAS-IP-Address = 78.104.82.107
  1124. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  1125. NAS-Port-Type = Wireless-802.11
  1126. NAS-Port = 1
  1127. Calling-Station-Id = "80-13-82-DF-B8-A0"
  1128. Connect-Info = "CONNECT 54Mbps 802.11g"
  1129. Acct-Session-Id = "576FE7D8-00000048"
  1130. Framed-MTU = 1400
  1131. EAP-Message = 0x0241002b19001703010020f248b258ad3bf1633b8414b538525e83c0e7d0df104b615a5dfd011d3765a353
  1132. State = 0xb1d52fc1b694365d3b83cf401fd9cda6
  1133. Message-Authenticator = 0xa82f65ba8ee3a81fe8a40397f502c169
  1134. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  1135. +group authorize {
  1136. ++[preprocess] = ok
  1137. ++[chap] = noop
  1138. ++[mschap] = noop
  1139. ++[digest] = noop
  1140. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  1141. [suffix] No such realm "NULL"
  1142. ++[suffix] = noop
  1143. [eap] EAP packet type response id 65 length 43
  1144. [eap] Continuing tunnel setup.
  1145. ++[eap] = ok
  1146. +} # group authorize = ok
  1147. Found Auth-Type = EAP
  1148. # Executing group from file /etc/freeradius/sites-enabled/default
  1149. +group authenticate {
  1150. [eap] Request found, released from the list
  1151. [eap] EAP/peap
  1152. [eap] processing type peap
  1153. [peap] processing EAP-TLS
  1154. [peap] eaptls_verify returned 7
  1155. [peap] Done initial handshake
  1156. [peap] <<< Unknown TLS version [length 0005]
  1157. [peap] eaptls_process returned 7
  1158. [peap] EAPTLS_OK
  1159. [peap] Session established. Decoding tunneled attributes.
  1160. [peap] Peap state send tlv failure
  1161. [peap] Received EAP-TLV response.
  1162. [peap] The users session was previously rejected: returning reject (again.)
  1163. [peap] *** This means you need to read the PREVIOUS messages in the debug output
  1164. [peap] *** to find out the reason why the user was rejected.
  1165. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
  1166. [peap] *** what went wrong, and how to fix the problem.
  1167. [eap] Handler failed in EAP/peap
  1168. [eap] Failed in EAP select
  1169. ++[eap] = invalid
  1170. +} # group authenticate = invalid
  1171. Failed to authenticate the user.
  1172. Using Post-Auth-Type Reject
  1173. # Executing group from file /etc/freeradius/sites-enabled/default
  1174. +group REJECT {
  1175. [eap] Reply already contained an EAP-Message, not inserting EAP-Failure
  1176. ++[eap] = noop
  1177. [attr_filter.access_reject] expand: %{User-Name} -> mnoureldin
  1178. attr_filter: Matched entry DEFAULT at line 11
  1179. ++[attr_filter.access_reject] = updated
  1180. +} # group REJECT = updated
  1181. Delaying reject of request 8 for 1 seconds
  1182. Going to the next request
  1183. Waking up in 0.9 seconds.
  1184. Sending delayed reject for request 8
  1185. Sending Access-Reject of id 173 to 192.168.1.1 port 55872
  1186. EAP-Message = 0x04410004
  1187. Message-Authenticator = 0x00000000000000000000000000000000
  1188. Waking up in 3.7 seconds.
  1189. Cleaning up request 0 ID 165 with timestamp +1
  1190. Cleaning up request 1 ID 166 with timestamp +1
  1191. Cleaning up request 2 ID 167 with timestamp +1
  1192. Cleaning up request 3 ID 168 with timestamp +1
  1193. Cleaning up request 4 ID 169 with timestamp +1
  1194. Cleaning up request 5 ID 170 with timestamp +1
  1195. Cleaning up request 6 ID 171 with timestamp +1
  1196. Cleaning up request 7 ID 172 with timestamp +1
  1197. Waking up in 1.0 seconds.
  1198. Cleaning up request 8 ID 173 with timestamp +1
  1199. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!