Advertisement
Guest User

fajar

a guest
Feb 25th, 2009
211
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. FreeRADIUS Version 2.1.3, for host x86_64-redhat-linux-gnu, built on Feb 12 2009 at 17:33:29
  2. Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE.
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License v2.
  7. Starting - reading configuration files ...
  8. including configuration file /etc/raddb/radiusd.conf
  9. including configuration file /etc/raddb/proxy.conf
  10. including configuration file /etc/raddb/clients.conf
  11. including files in directory /etc/raddb/modules/
  12. including configuration file /etc/raddb/modules/checkval
  13. including configuration file /etc/raddb/modules/always
  14. including configuration file /etc/raddb/modules/mac2ip
  15. including configuration file /etc/raddb/modules/pap
  16. including configuration file /etc/raddb/modules/ippool
  17. including configuration file /etc/raddb/modules/sql_log
  18. including configuration file /etc/raddb/modules/realm
  19. including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
  20. including configuration file /etc/raddb/modules/mschap
  21. including configuration file /etc/raddb/modules/digest
  22. including configuration file /etc/raddb/modules/echo
  23. including configuration file /etc/raddb/modules/smbpasswd
  24. including configuration file /etc/raddb/modules/perl
  25. including configuration file /etc/raddb/modules/passwd
  26. including configuration file /etc/raddb/modules/preprocess
  27. including configuration file /etc/raddb/modules/detail.log
  28. including configuration file /etc/raddb/modules/exec
  29. including configuration file /etc/raddb/modules/policy
  30. including configuration file /etc/raddb/modules/radutmp
  31. including configuration file /etc/raddb/modules/files
  32. including configuration file /etc/raddb/modules/detail
  33. including configuration file /etc/raddb/modules/sradutmp
  34. including configuration file /etc/raddb/modules/pam
  35. including configuration file /etc/raddb/modules/attr_filter
  36. including configuration file /etc/raddb/modules/expr
  37. including configuration file /etc/raddb/modules/mac2vlan
  38. including configuration file /etc/raddb/modules/acct_unique
  39. including configuration file /etc/raddb/modules/inner-eap
  40. including configuration file /etc/raddb/modules/detail.example.com
  41. including configuration file /etc/raddb/modules/wimax
  42. including configuration file /etc/raddb/modules/chap
  43. including configuration file /etc/raddb/modules/ldap
  44. including configuration file /etc/raddb/modules/unix
  45. including configuration file /etc/raddb/modules/attr_rewrite
  46. including configuration file /etc/raddb/modules/counter
  47. including configuration file /etc/raddb/modules/logintime
  48. including configuration file /etc/raddb/modules/expiration
  49. including configuration file /etc/raddb/modules/linelog
  50. including configuration file /etc/raddb/modules/etc_group
  51. including configuration file /etc/raddb/eap.conf
  52. including configuration file /etc/raddb/policy.conf
  53. including files in directory /etc/raddb/sites-enabled/
  54. including configuration file /etc/raddb/sites-enabled/control-socket
  55. including configuration file /etc/raddb/sites-enabled/inner-tunnel
  56. including configuration file /etc/raddb/sites-enabled/default
  57. group = root
  58. user = root
  59. including dictionary file /etc/raddb/dictionary
  60. main {
  61. prefix = "/usr"
  62. localstatedir = "/var"
  63. logdir = "/var/log/radius"
  64. libdir = "/usr/lib64/freeradius"
  65. radacctdir = "/var/log/radius/radacct"
  66. hostname_lookups = no
  67. max_request_time = 30
  68. cleanup_delay = 5
  69. max_requests = 1024
  70. allow_core_dumps = no
  71. pidfile = "/var/run/radiusd/radiusd.pid"
  72. checkrad = "/usr/sbin/checkrad"
  73. debug_level = 0
  74. proxy_requests = yes
  75. log {
  76. stripped_names = no
  77. auth = yes
  78. auth_badpass = no
  79. auth_goodpass = no
  80. }
  81. security {
  82. max_attributes = 200
  83. reject_delay = 0
  84. status_server = yes
  85. }
  86. }
  87. client localhost {
  88. ipaddr = 127.0.0.1
  89. require_message_authenticator = no
  90. secret = "testing123"
  91. nastype = "other"
  92. }
  93. client 10.11.23.57 {
  94. require_message_authenticator = no
  95. secret = "testing123"
  96. shortname = "<CLIENT>"
  97. }
  98. radiusd: #### Loading Realms and Home Servers ####
  99. proxy server {
  100. retry_delay = 5
  101. retry_count = 3
  102. default_fallback = no
  103. dead_time = 120
  104. wake_all_if_all_dead = no
  105. }
  106. home_server localhost {
  107. ipaddr = 127.0.0.1
  108. port = 1812
  109. type = "auth"
  110. secret = "testing123"
  111. response_window = 20
  112. max_outstanding = 65536
  113. zombie_period = 40
  114. status_check = "status-server"
  115. ping_interval = 30
  116. check_interval = 30
  117. num_answers_to_alive = 3
  118. num_pings_to_alive = 3
  119. revive_interval = 120
  120. status_check_timeout = 4
  121. }
  122. home_server_pool my_auth_failover {
  123. type = fail-over
  124. home_server = localhost
  125. }
  126. realm example.com {
  127. auth_pool = my_auth_failover
  128. }
  129. realm LOCAL {
  130. }
  131. radiusd: #### Instantiating modules ####
  132. instantiate {
  133. Module: Linked to module rlm_exec
  134. Module: Instantiating exec
  135. exec {
  136. wait = no
  137. input_pairs = "request"
  138. shell_escape = yes
  139. }
  140. Module: Linked to module rlm_expr
  141. Module: Instantiating expr
  142. Module: Linked to module rlm_expiration
  143. Module: Instantiating expiration
  144. expiration {
  145. reply-message = "Password Has Expired "
  146. }
  147. Module: Linked to module rlm_logintime
  148. Module: Instantiating logintime
  149. logintime {
  150. reply-message = "You are calling outside your allowed timespan "
  151. minimum-timeout = 60
  152. }
  153. }
  154. radiusd: #### Loading Virtual Servers ####
  155. server inner-tunnel {
  156. modules {
  157. Module: Checking authenticate {...} for more modules to load
  158. Module: Linked to module rlm_pap
  159. Module: Instantiating pap
  160. pap {
  161. encryption_scheme = "auto"
  162. auto_header = no
  163. }
  164. Module: Linked to module rlm_chap
  165. Module: Instantiating chap
  166. Module: Linked to module rlm_mschap
  167. Module: Instantiating mschap
  168. mschap {
  169. use_mppe = yes
  170. require_encryption = no
  171. require_strong = no
  172. with_ntdomain_hack = no
  173. }
  174. Module: Linked to module rlm_unix
  175. Module: Instantiating unix
  176. unix {
  177. radwtmp = "/var/log/radius/radwtmp"
  178. }
  179. Module: Linked to module rlm_eap
  180. Module: Instantiating eap
  181. eap {
  182. default_eap_type = "peap"
  183. timer_expire = 60
  184. ignore_unknown_eap_types = no
  185. cisco_accounting_username_bug = no
  186. max_sessions = 2048
  187. }
  188. Module: Linked to sub-module rlm_eap_md5
  189. Module: Instantiating eap-md5
  190. Module: Linked to sub-module rlm_eap_leap
  191. Module: Instantiating eap-leap
  192. Module: Linked to sub-module rlm_eap_gtc
  193. Module: Instantiating eap-gtc
  194. gtc {
  195. challenge = "Password: "
  196. auth_type = "PAP"
  197. }
  198. Module: Linked to sub-module rlm_eap_tls
  199. Module: Instantiating eap-tls
  200. tls {
  201. rsa_key_exchange = no
  202. dh_key_exchange = yes
  203. rsa_key_length = 512
  204. dh_key_length = 512
  205. verify_depth = 0
  206. pem_file_type = yes
  207. private_key_file = "/etc/raddb/certs/server.pem"
  208. certificate_file = "/etc/raddb/certs/server.pem"
  209. CA_file = "/etc/raddb/certs/ca.pem"
  210. private_key_password = "whatever"
  211. dh_file = "/etc/raddb/certs/dh"
  212. random_file = "/etc/raddb/certs/random"
  213. fragment_size = 1024
  214. include_length = yes
  215. check_crl = no
  216. cipher_list = "DEFAULT"
  217. make_cert_command = "/etc/raddb/certs/bootstrap"
  218. cache {
  219. enable = no
  220. lifetime = 24
  221. max_entries = 255
  222. }
  223. }
  224. Module: Linked to sub-module rlm_eap_peap
  225. Module: Instantiating eap-peap
  226. peap {
  227. default_eap_type = "gtc"
  228. copy_request_to_tunnel = no
  229. use_tunneled_reply = no
  230. proxy_tunneled_request_as_eap = yes
  231. virtual_server = "inner-tunnel"
  232. }
  233. Module: Linked to sub-module rlm_eap_mschapv2
  234. Module: Instantiating eap-mschapv2
  235. mschapv2 {
  236. with_ntdomain_hack = no
  237. }
  238. Module: Checking authorize {...} for more modules to load
  239. Module: Linked to module rlm_realm
  240. Module: Instantiating suffix
  241. realm suffix {
  242. format = "suffix"
  243. delimiter = "@"
  244. ignore_default = no
  245. ignore_null = no
  246. }
  247. Module: Linked to module rlm_files
  248. Module: Instantiating files
  249. files {
  250. usersfile = "/etc/raddb/users"
  251. acctusersfile = "/etc/raddb/acct_users"
  252. preproxy_usersfile = "/etc/raddb/preproxy_users"
  253. compat = "no"
  254. }
  255. Module: Checking session {...} for more modules to load
  256. Module: Linked to module rlm_radutmp
  257. Module: Instantiating radutmp
  258. radutmp {
  259. filename = "/var/log/radius/radutmp"
  260. username = "%{User-Name}"
  261. case_sensitive = yes
  262. check_with_nas = yes
  263. perm = 384
  264. callerid = yes
  265. }
  266. Module: Checking post-proxy {...} for more modules to load
  267. Module: Checking post-auth {...} for more modules to load
  268. Module: Linked to module rlm_attr_filter
  269. Module: Instantiating attr_filter.access_reject
  270. attr_filter attr_filter.access_reject {
  271. attrsfile = "/etc/raddb/attrs.access_reject"
  272. key = "%{User-Name}"
  273. }
  274. }
  275. }
  276. modules {
  277. Module: Checking authenticate {...} for more modules to load
  278. Module: Linked to module rlm_pam
  279. Module: Instantiating pam
  280. pam {
  281. pam_auth = "radiusd"
  282. }
  283. Module: Linked to module rlm_ldap
  284. Module: Instantiating ldap
  285. ldap {
  286. server = "<LDAP_SERVER>"
  287. port = 389
  288. password = ""
  289. identity = ""
  290. net_timeout = 1
  291. timeout = 4
  292. timelimit = 3
  293. tls_mode = no
  294. start_tls = no
  295. tls_require_cert = "allow"
  296. tls {
  297. start_tls = no
  298. require_cert = "allow"
  299. }
  300. basedn = "o=Telkom"
  301. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  302. base_filter = "(objectclass=radiusprofile)"
  303. auto_header = no
  304. access_attr_used_for_allow = yes
  305. groupname_attribute = "cn"
  306. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  307. dictionary_mapping = "/etc/raddb/ldap.attrmap"
  308. ldap_debug = 0
  309. ldap_connections_number = 5
  310. compare_check_items = no
  311. do_xlat = yes
  312. set_auth_type = yes
  313. }
  314. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  315. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  316. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
  317. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  318. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  319. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  320. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  321. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  322. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  323. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  324. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  325. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  326. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  327. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  328. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  329. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  330. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  331. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  332. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  333. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  334. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  335. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  336. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  337. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  338. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  339. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  340. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  341. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  342. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  343. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  344. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  345. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  346. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  347. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  348. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  349. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  350. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  351. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  352. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  353. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  354. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  355. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  356. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  357. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  358. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  359. conns: 0x1b807470
  360. Module: Checking authorize {...} for more modules to load
  361. Module: Linked to module rlm_preprocess
  362. Module: Instantiating preprocess
  363. preprocess {
  364. huntgroups = "/etc/raddb/huntgroups"
  365. hints = "/etc/raddb/hints"
  366. with_ascend_hack = no
  367. ascend_channels_per_line = 23
  368. with_ntdomain_hack = no
  369. with_specialix_jetstream_hack = no
  370. with_cisco_vsa_hack = no
  371. with_alvarion_vsa_hack = no
  372. }
  373. Module: Checking preacct {...} for more modules to load
  374. Module: Linked to module rlm_acct_unique
  375. Module: Instantiating acct_unique
  376. acct_unique {
  377. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  378. }
  379. Module: Checking accounting {...} for more modules to load
  380. Module: Linked to module rlm_detail
  381. Module: Instantiating detail
  382. detail {
  383. detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
  384. header = "%t"
  385. detailperm = 384
  386. dirperm = 493
  387. locking = no
  388. log_packet_header = no
  389. }
  390. Module: Instantiating attr_filter.accounting_response
  391. attr_filter attr_filter.accounting_response {
  392. attrsfile = "/etc/raddb/attrs.accounting_response"
  393. key = "%{User-Name}"
  394. }
  395. Module: Checking session {...} for more modules to load
  396. Module: Checking post-proxy {...} for more modules to load
  397. Module: Checking post-auth {...} for more modules to load
  398. }
  399. radiusd: #### Opening IP addresses and Ports ####
  400. listen {
  401. type = "auth"
  402. ipaddr = *
  403. port = 0
  404. }
  405. listen {
  406. type = "acct"
  407. ipaddr = *
  408. port = 0
  409. }
  410. listen {
  411. type = "control"
  412. listen {
  413. socket = "/var/run/radiusd/radiusd.sock"
  414. }
  415. }
  416. Listening on authentication address * port 1812
  417. Listening on accounting address * port 1813
  418. Listening on command file /var/run/radiusd/radiusd.sock
  419. Listening on proxy address * port 1814
  420. Ready to process requests.
  421. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=125
  422. User-Name = "<USER>"
  423. NAS-IP-Address = 192.168.6.11
  424. Called-Station-Id = "001839edc159"
  425. Calling-Station-Id = "002269607a74"
  426. NAS-Identifier = "001839edc159"
  427. NAS-Port = 46
  428. Framed-MTU = 1400
  429. NAS-Port-Type = Wireless-802.11
  430. EAP-Message = 0x0200000b01383030303432
  431. Message-Authenticator = 0x2b7f25c453eb1c0303454b95c1b44d71
  432. +- entering group authorize {...}
  433. ++[preprocess] returns ok
  434. ++[chap] returns noop
  435. ++[mschap] returns noop
  436. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  437. [suffix] No such realm "NULL"
  438. ++[suffix] returns noop
  439. [eap] EAP packet type response id 0 length 11
  440. [eap] No EAP Start, assuming it's an on-going EAP conversation
  441. ++[eap] returns updated
  442. ++[unix] returns notfound
  443. ++[files] returns noop
  444. [ldap] performing user authorization for <USER>
  445. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  446. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=<USER>)
  447. [ldap] expand: o=Telkom -> o=Telkom
  448. rlm_ldap: ldap_get_conn: Checking Id: 0
  449. rlm_ldap: ldap_get_conn: Got Id: 0
  450. rlm_ldap: attempting LDAP reconnection
  451. rlm_ldap: (re)connect to <LDAP_SERVER>:389, authentication 0
  452. rlm_ldap: bind as / to <LDAP_SERVER>:389
  453. rlm_ldap: waiting for bind result ...
  454. rlm_ldap: Bind was successful
  455. rlm_ldap: performing search in o=Telkom, with filter (uid=<USER>)
  456. [ldap] looking for check items in directory...
  457. [ldap] looking for reply items in directory...
  458. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  459. [ldap] user <USER> authorized to use remote access
  460. rlm_ldap: ldap_release_conn: Release Id: 0
  461. ++[ldap] returns ok
  462. ++[expiration] returns noop
  463. ++[logintime] returns noop
  464. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  465. ++[pap] returns noop
  466. ++? if (!control:Auth-Type)
  467. ? Evaluating !(control:Auth-Type) -> TRUE
  468. ++? if (!control:Auth-Type) -> FALSE
  469. Found Auth-Type = EAP
  470. +- entering group authenticate {...}
  471. [eap] EAP Identity
  472. [eap] processing type tls
  473. [tls] Initiate
  474. [tls] Start returned 1
  475. ++[eap] returns handled
  476. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  477. EAP-Message = 0x010100061920
  478. Message-Authenticator = 0x00000000000000000000000000000000
  479. State = 0x3b32b8053b33a1597e93aeb15ced1048
  480. Finished request 0.
  481. Going to the next request
  482. Waking up in 4.9 seconds.
  483. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=231
  484. Cleaning up request 0 ID 0 with timestamp +43
  485. User-Name = "<USER>"
  486. NAS-IP-Address = 192.168.6.11
  487. Called-Station-Id = "001839edc159"
  488. Calling-Station-Id = "002269607a74"
  489. NAS-Identifier = "001839edc159"
  490. NAS-Port = 46
  491. Framed-MTU = 1400
  492. State = 0x3b32b8053b33a1597e93aeb15ced1048
  493. NAS-Port-Type = Wireless-802.11
  494. EAP-Message = 0x020100631900160301005801000054030149a51ef25d50f2d8c4ad1483556c5d7b7e5d0d5c9ccd10f35c267455a5bd757f00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100000400230000
  495. Message-Authenticator = 0x6f60bb34657fc39b3da28becbbfebc66
  496. +- entering group authorize {...}
  497. ++[preprocess] returns ok
  498. ++[chap] returns noop
  499. ++[mschap] returns noop
  500. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  501. [suffix] No such realm "NULL"
  502. ++[suffix] returns noop
  503. [eap] EAP packet type response id 1 length 99
  504. [eap] Continuing tunnel setup.
  505. ++[eap] returns ok
  506. Found Auth-Type = EAP
  507. +- entering group authenticate {...}
  508. [eap] Request found, released from the list
  509. [eap] EAP/peap
  510. [eap] processing type peap
  511. [peap] processing EAP-TLS
  512. [peap] eaptls_verify returned 7
  513. [peap] Done initial handshake
  514. [peap] (other): before/accept initialization
  515. [peap] TLS_accept: before/accept initialization
  516. [peap] <<< TLS 1.0 Handshake [length 0058], ClientHello
  517. [peap] TLS_accept: SSLv3 read client hello A
  518. [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
  519. [peap] TLS_accept: SSLv3 write server hello A
  520. [peap] >>> TLS 1.0 Handshake [length 085e], Certificate
  521. [peap] TLS_accept: SSLv3 write certificate A
  522. [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
  523. [peap] TLS_accept: SSLv3 write key exchange A
  524. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  525. [peap] TLS_accept: SSLv3 write server done A
  526. [peap] TLS_accept: SSLv3 flush data
  527. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
  528. In SSL Handshake Phase
  529. In SSL Accept mode
  530. [peap] eaptls_process returned 13
  531. [peap] EAPTLS_HANDLED
  532. ++[eap] returns handled
  533. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  534. EAP-Message = 0x0102040019c000000aad160301002a02000026030149a51ef2bef7d82df13691208c39fc57f314217c3553a8d0421f41bc079defa200003901160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
  535. EAP-Message = 0x301e170d3039303232353037343535315a170d3130303232353037343535315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b88e250c6b203f28fe99acbc8b0183df2612e3fe504e509143256e6b2c9dfeb40e23b089d0f6e9a0a18998376e337ed911b3add9aff3929a70b10c826945
  536. EAP-Message = 0xc83934df4d491fba58d26f24ea48c8370152b82ac342ef518b5eb3b09f8c7e9c596cf62d5d8c50533bb196478e51546513310aec86f3492be772942656c04b642e077dab15101471a9fe09997817f404743d0a52f22c720b9f26496ba49529476ea71626afe98a6d2ee60a2b954634011260998202225da4c7207335e0aa053cff72080bfaa2cad44d4a792b8e5cb823658f1ba87aef1a903eaf91af6ef7380da8f6b98cb8df22f0b53545dc32aae30c9d07f5adbb72648b629d0c6623269dc79ab10203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c883a8f493e9746e73
  537. EAP-Message = 0x3b2f6df490b8b094e05d26705d903912bec8cc89b71464ba0ce346e362eff823fa1cfd999fa4c092bfe2f041b4bf494563d530dc388cc3d62db05a645c47baf1783470cf81607736be78d680173f32b2493631d8df6ab0d0f8fdc2a5faa9a8960bf9d82f9ee93805b720f4a8c0b281c046756baf2876a3f906fca579b280ccd2ba145df44c4b27d94f510e4d61f80470489d2ecdf9af5ff3e2311c2082c78645bacb05fbf62c026f59afd126a476b8aa8f9e52327ed1dd33e86e974271904cad0e0754551ec67bb0ec0ab589c91398f337063b1e7595a51294e4966229999c8278ca562eaa6a2ce44c6999594f5ff9030119f2743985e60004ab308204
  538. EAP-Message = 0xa73082038fa0030201020209
  539. Message-Authenticator = 0x00000000000000000000000000000000
  540. State = 0x3b32b8053a30a1597e93aeb15ced1048
  541. Finished request 1.
  542. Going to the next request
  543. Waking up in 4.9 seconds.
  544. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=138
  545. Cleaning up request 1 ID 0 with timestamp +43
  546. User-Name = "<USER>"
  547. NAS-IP-Address = 192.168.6.11
  548. Called-Station-Id = "001839edc159"
  549. Calling-Station-Id = "002269607a74"
  550. NAS-Identifier = "001839edc159"
  551. NAS-Port = 46
  552. Framed-MTU = 1400
  553. State = 0x3b32b8053a30a1597e93aeb15ced1048
  554. NAS-Port-Type = Wireless-802.11
  555. EAP-Message = 0x020200061900
  556. Message-Authenticator = 0x14a5a1570fe1230590cdaad8c5b606d3
  557. +- entering group authorize {...}
  558. ++[preprocess] returns ok
  559. ++[chap] returns noop
  560. ++[mschap] returns noop
  561. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  562. [suffix] No such realm "NULL"
  563. ++[suffix] returns noop
  564. [eap] EAP packet type response id 2 length 6
  565. [eap] Continuing tunnel setup.
  566. ++[eap] returns ok
  567. Found Auth-Type = EAP
  568. +- entering group authenticate {...}
  569. [eap] Request found, released from the list
  570. [eap] EAP/peap
  571. [eap] processing type peap
  572. [peap] processing EAP-TLS
  573. [peap] Received TLS ACK
  574. [peap] ACK handshake fragment handler
  575. [peap] eaptls_verify returned 1
  576. [peap] eaptls_process returned 13
  577. [peap] EAPTLS_HANDLED
  578. ++[eap] returns handled
  579. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  580. EAP-Message = 0x010303fc194000d462167527c1c1af300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303232353037343535315a170d3130303232353037343535315a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
  581. EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ca1e14f6797ed0f6ed9eac1d441662147f1e07dc70ede42a0512810ba9662bede309fa4d74654b85fa47c57f3867ef41ee24981ab55530df8cbb992ddca00fd7f741918f8dd529d6182443bb6162424238bbdb12f6f4a362ac5e3573782e4df2fd5db7b2033eddaca7c036ae670411
  582. EAP-Message = 0xc267bc353de1ca9107d2069bf5e4bf4b3950957fd1af4f2bd99b82eb7f8209df8140d8a92abff4f8471bdb441e4fcd2112cd455737cd995785e3469638dc2731ff09d7f2916e8c26b824de8504e0d7d47e4bb897c9e8c091cc93314e60751fa7806579a3101213aaa291ca6f5cd9b70c343a4607b863aae82e82a15465c7934ecd5bb2569867170adfc19ce69f8358a3fb0203010001a381fb3081f8301d0603551d0e04160414ed23222159f52c449662870ecef10140254552333081c80603551d230481c03081bd8014ed23222159f52c449662870ecef1014025455233a18199a48196308193310b3009060355040613024652310f300d06035504
  583. EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d462167527c1c1af300c0603551d13040530030101ff300d06092a864886f70d010105050003820101002e94a4725f3433215f111d93c267ba1af192af0e5636c5109d2e17ac607a48edfc7634d7daf0e7e9cde494ca03f8ee050058d004ae34fd9ed31ed09c3c50811f0844cca46e9377719d42b6d49869aa932c72
  584. EAP-Message = 0xf70a1d8d93adb077
  585. Message-Authenticator = 0x00000000000000000000000000000000
  586. State = 0x3b32b8053931a1597e93aeb15ced1048
  587. Finished request 2.
  588. Going to the next request
  589. Waking up in 4.9 seconds.
  590. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=138
  591. Cleaning up request 2 ID 0 with timestamp +43
  592. User-Name = "<USER>"
  593. NAS-IP-Address = 192.168.6.11
  594. Called-Station-Id = "001839edc159"
  595. Calling-Station-Id = "002269607a74"
  596. NAS-Identifier = "001839edc159"
  597. NAS-Port = 46
  598. Framed-MTU = 1400
  599. State = 0x3b32b8053931a1597e93aeb15ced1048
  600. NAS-Port-Type = Wireless-802.11
  601. EAP-Message = 0x020300061900
  602. Message-Authenticator = 0x567bfd86e1106c82a0a035fadba673da
  603. +- entering group authorize {...}
  604. ++[preprocess] returns ok
  605. ++[chap] returns noop
  606. ++[mschap] returns noop
  607. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  608. [suffix] No such realm "NULL"
  609. ++[suffix] returns noop
  610. [eap] EAP packet type response id 3 length 6
  611. [eap] Continuing tunnel setup.
  612. ++[eap] returns ok
  613. Found Auth-Type = EAP
  614. +- entering group authenticate {...}
  615. [eap] Request found, released from the list
  616. [eap] EAP/peap
  617. [eap] processing type peap
  618. [peap] processing EAP-TLS
  619. [peap] Received TLS ACK
  620. [peap] ACK handshake fragment handler
  621. [peap] eaptls_verify returned 1
  622. [peap] eaptls_process returned 13
  623. [peap] EAPTLS_HANDLED
  624. ++[eap] returns handled
  625. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  626. EAP-Message = 0x010402c7190057fe996ed18b8e878332d5ce0dcd51027fd97500368d80ee4121b2d45380d4d9f00e7d878c722c74ffd18cb21b7ef89b47a3bbe842f2c1d76866c2f56f6a56be43717bbc96267b2ce59026a1632d29ddd54163f31633e63abcebe013db77b35b9e9587adb8b465844a08687e2976af17cbc979e68bbce29c0cfe47272d62f9cc41d3a7df162607e851655cfdeedf5244823aa49f7cd754c119b3ef675540b69cb2a7d4bd7c63160301020d0c00020900808bf80d1651af42ca0ea4042ac7a30b8888065ac42fdd8f4eee8b687bda068144c37eefa94e3f77ab828cf83b38f5f37475cd84e29dfcb71b7ff8d231703c80bbe4769a817911
  627. EAP-Message = 0x51668373f666cfaa0f59c5c8814d02be0f0ccdc0ce9843f9d3c6b3e93bb690d8c570218f35160892a8cc78cd4047d920b8d23516343c7f9e793b00010200801cb1ce7ae8e70263576eb27f0427d67e603c8053a50fd424c08c33f119c6610b82897d3efbe1c09482536205b3edc6f1110196dfbbb96ac64ebb02bf400d21216ab64dd5d12857257a057cd8d74dc68f1609844f5fa24c3f3288404f9deebe439f9f878606951b2a50a3710c4451bf4d78a79bbcc8922ba3677d4b9db2a186c401002953d7906c787646a44d708a99dbc9c2f1ed0123ee986f69003ac390635b7b5f9077b2100bacfaaec806aafa52188120d60729ced05d1cafbbfae280
  628. EAP-Message = 0x9606d13e31496e966461e54908ecdd33781e4b5926c8010d4b38b77c1d641add78f4854a62fed91943919b5aa5386b45497974664e2c2a6e9a2af7e538fb8a4dd13800bde3d258428319a15899079c65e68982738ccf2c3ad5a90b0fd428a702bd1b4b6cbdab86e7998e6fabe5dc21246f45f2b8313d0faeb24da0d7652066ae0122d1a4921ec9fc46ccb99605682859dc8b747ac358cbe6cb80137c24b48fcb07349c3c59e207e164f9801df60726425ee79edba2574ffd325a6a49722b74edc2057cba16030100040e000000
  629. Message-Authenticator = 0x00000000000000000000000000000000
  630. State = 0x3b32b8053836a1597e93aeb15ced1048
  631. Finished request 3.
  632. Going to the next request
  633. Waking up in 4.9 seconds.
  634. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=336
  635. Cleaning up request 3 ID 0 with timestamp +43
  636. User-Name = "<USER>"
  637. NAS-IP-Address = 192.168.6.11
  638. Called-Station-Id = "001839edc159"
  639. Calling-Station-Id = "002269607a74"
  640. NAS-Identifier = "001839edc159"
  641. NAS-Port = 46
  642. Framed-MTU = 1400
  643. State = 0x3b32b8053836a1597e93aeb15ced1048
  644. NAS-Port-Type = Wireless-802.11
  645. EAP-Message = 0x020400cc1900160301008610000082008065ada6468a1a6ca73590f0bed60e3ea9245012e10261406f5f35c1dad33f638a293e1523f874aa46f9f48525855c44c27b7456c3b862ce6dc88ab91b6f2a7191be226d7cea78b455b7e9c8285b23ce43f4e1f914fcf46d878a7ed8fb2872976cd4b8bcef8f70f49a4f1dd9d9c183799c8ebae80bb182b29fb3c6ad1a54f01f0d1403010001011603010030c7200510d067e83bedcc6a75b3483ee8724356d31fc0d6956a5392803322dd65aa50c8ddf211997e7d130f46c67cb443
  646. Message-Authenticator = 0x30ba21be3f1a368a78a4d8a9c1749dbc
  647. +- entering group authorize {...}
  648. ++[preprocess] returns ok
  649. ++[chap] returns noop
  650. ++[mschap] returns noop
  651. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  652. [suffix] No such realm "NULL"
  653. ++[suffix] returns noop
  654. [eap] EAP packet type response id 4 length 204
  655. [eap] Continuing tunnel setup.
  656. ++[eap] returns ok
  657. Found Auth-Type = EAP
  658. +- entering group authenticate {...}
  659. [eap] Request found, released from the list
  660. [eap] EAP/peap
  661. [eap] processing type peap
  662. [peap] processing EAP-TLS
  663. [peap] eaptls_verify returned 7
  664. [peap] Done initial handshake
  665. [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
  666. [peap] TLS_accept: SSLv3 read client key exchange A
  667. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  668. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  669. [peap] TLS_accept: SSLv3 read finished A
  670. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  671. [peap] TLS_accept: SSLv3 write change cipher spec A
  672. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  673. [peap] TLS_accept: SSLv3 write finished A
  674. [peap] TLS_accept: SSLv3 flush data
  675. [peap] (other): SSL negotiation finished successfully
  676. SSL Connection Established
  677. [peap] eaptls_process returned 13
  678. [peap] EAPTLS_HANDLED
  679. ++[eap] returns handled
  680. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  681. EAP-Message = 0x01050041190014030100010116030100308cd7718960ec671993c4325627cd0595b80724507a38e5b451038b818382906da13a50b92fe2400e38ea74b3c3a550e6
  682. Message-Authenticator = 0x00000000000000000000000000000000
  683. State = 0x3b32b8053f37a1597e93aeb15ced1048
  684. Finished request 4.
  685. Going to the next request
  686. Waking up in 4.9 seconds.
  687. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=138
  688. Cleaning up request 4 ID 0 with timestamp +43
  689. User-Name = "<USER>"
  690. NAS-IP-Address = 192.168.6.11
  691. Called-Station-Id = "001839edc159"
  692. Calling-Station-Id = "002269607a74"
  693. NAS-Identifier = "001839edc159"
  694. NAS-Port = 46
  695. Framed-MTU = 1400
  696. State = 0x3b32b8053f37a1597e93aeb15ced1048
  697. NAS-Port-Type = Wireless-802.11
  698. EAP-Message = 0x020500061900
  699. Message-Authenticator = 0xb652caa9e83c1a46ef0c11874990be51
  700. +- entering group authorize {...}
  701. ++[preprocess] returns ok
  702. ++[chap] returns noop
  703. ++[mschap] returns noop
  704. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  705. [suffix] No such realm "NULL"
  706. ++[suffix] returns noop
  707. [eap] EAP packet type response id 5 length 6
  708. [eap] Continuing tunnel setup.
  709. ++[eap] returns ok
  710. Found Auth-Type = EAP
  711. +- entering group authenticate {...}
  712. [eap] Request found, released from the list
  713. [eap] EAP/peap
  714. [eap] processing type peap
  715. [peap] processing EAP-TLS
  716. [peap] Received TLS ACK
  717. [peap] ACK handshake is finished
  718. [peap] eaptls_verify returned 3
  719. [peap] eaptls_process returned 3
  720. [peap] EAPTLS_SUCCESS
  721. ++[eap] returns handled
  722. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  723. EAP-Message = 0x0106002b190017030100206e932ef975e63c81601fe35e85ff0061d9127fc3c76c22181d07afa7fb3f1c09
  724. Message-Authenticator = 0x00000000000000000000000000000000
  725. State = 0x3b32b8053e34a1597e93aeb15ced1048
  726. Finished request 5.
  727. Going to the next request
  728. Waking up in 4.9 seconds.
  729. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=228
  730. Cleaning up request 5 ID 0 with timestamp +43
  731. User-Name = "<USER>"
  732. NAS-IP-Address = 192.168.6.11
  733. Called-Station-Id = "001839edc159"
  734. Calling-Station-Id = "002269607a74"
  735. NAS-Identifier = "001839edc159"
  736. NAS-Port = 46
  737. Framed-MTU = 1400
  738. State = 0x3b32b8053e34a1597e93aeb15ced1048
  739. NAS-Port-Type = Wireless-802.11
  740. EAP-Message = 0x02060060190017030100206e2de0904f9953fc163dad932f1bd31d57371e49c42981397f84a0841172dc39170301003054074f91c21fa56f74a85a9619b1da78f830d2893cbf178d7b522be35ed287601b611f14d8f9df513cdb587195958fc1
  741. Message-Authenticator = 0xda78c3b48397d890ac96f563e7639dc2
  742. +- entering group authorize {...}
  743. ++[preprocess] returns ok
  744. ++[chap] returns noop
  745. ++[mschap] returns noop
  746. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  747. [suffix] No such realm "NULL"
  748. ++[suffix] returns noop
  749. [eap] EAP packet type response id 6 length 96
  750. [eap] Continuing tunnel setup.
  751. ++[eap] returns ok
  752. Found Auth-Type = EAP
  753. +- entering group authenticate {...}
  754. [eap] Request found, released from the list
  755. [eap] EAP/peap
  756. [eap] processing type peap
  757. [peap] processing EAP-TLS
  758. [peap] eaptls_verify returned 7
  759. [peap] Done initial handshake
  760. [peap] eaptls_process returned 7
  761. [peap] EAPTLS_OK
  762. [peap] Session established. Decoding tunneled attributes.
  763. [peap] Identity - <USER>
  764. [peap] Got tunneled request
  765. EAP-Message = 0x0206000b01383030303432
  766. server {
  767. PEAP: Got tunneled identity of <USER>
  768. PEAP: Setting default EAP type for tunneled EAP session.
  769. PEAP: Setting User-Name to <USER>
  770. Sending tunneled request
  771. EAP-Message = 0x0206000b01383030303432
  772. FreeRADIUS-Proxied-To = 127.0.0.1
  773. User-Name = "<USER>"
  774. server inner-tunnel {
  775. +- entering group authorize {...}
  776. ++[chap] returns noop
  777. ++[mschap] returns noop
  778. ++[unix] returns notfound
  779. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  780. [suffix] No such realm "NULL"
  781. ++[suffix] returns noop
  782. ++[control] returns noop
  783. [eap] EAP packet type response id 6 length 11
  784. [eap] No EAP Start, assuming it's an on-going EAP conversation
  785. ++[eap] returns updated
  786. ++[files] returns noop
  787. ++[expiration] returns noop
  788. ++[logintime] returns noop
  789. ++[pap] returns noop
  790. Found Auth-Type = EAP
  791. +- entering group authenticate {...}
  792. [eap] EAP Identity
  793. [eap] processing type gtc
  794. ++[eap] returns handled
  795. } # server inner-tunnel
  796. [peap] Got tunneled reply code 11
  797. EAP-Message = 0x0107000f0650617373776f72643a20
  798. Message-Authenticator = 0x00000000000000000000000000000000
  799. State = 0x29c3aad629c4ac82cf75d1666ecdce24
  800. [peap] Got tunneled reply RADIUS code 11
  801. EAP-Message = 0x0107000f0650617373776f72643a20
  802. Message-Authenticator = 0x00000000000000000000000000000000
  803. State = 0x29c3aad629c4ac82cf75d1666ecdce24
  804. [peap] Got tunneled Access-Challenge
  805. ++[eap] returns handled
  806. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  807. EAP-Message = 0x0107003b19001703010030853027027f48b85ddc12f67ab32119f3a1d12a6c90ff12f08f388bfc10e9a148346eea000076d50d4ba48f7fe7f4ce0b
  808. Message-Authenticator = 0x00000000000000000000000000000000
  809. State = 0x3b32b8053d35a1597e93aeb15ced1048
  810. Finished request 6.
  811. Going to the next request
  812. Waking up in 4.9 seconds.
  813. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=228
  814. Cleaning up request 6 ID 0 with timestamp +43
  815. User-Name = "<USER>"
  816. NAS-IP-Address = 192.168.6.11
  817. Called-Station-Id = "001839edc159"
  818. Calling-Station-Id = "002269607a74"
  819. NAS-Identifier = "001839edc159"
  820. NAS-Port = 46
  821. Framed-MTU = 1400
  822. State = 0x3b32b8053d35a1597e93aeb15ced1048
  823. NAS-Port-Type = Wireless-802.11
  824. EAP-Message = 0x020700601900170301002065498c2b66596d99eb42ff44caee54d82bfc9518bd4b9f41ead01a387aa88d1b17030100308c18f5efdbd7c9426c46cb5c4da9c4726c634b5d2f61ae8f31dd8894d2c385ff9e0d95bc014d88fa0c5ed1bb9496a14c
  825. Message-Authenticator = 0x3af4b2f86ed8015d344cb3724c0cb350
  826. +- entering group authorize {...}
  827. ++[preprocess] returns ok
  828. ++[chap] returns noop
  829. ++[mschap] returns noop
  830. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  831. [suffix] No such realm "NULL"
  832. ++[suffix] returns noop
  833. [eap] EAP packet type response id 7 length 96
  834. [eap] Continuing tunnel setup.
  835. ++[eap] returns ok
  836. Found Auth-Type = EAP
  837. +- entering group authenticate {...}
  838. [eap] Request found, released from the list
  839. [eap] EAP/peap
  840. [eap] processing type peap
  841. [peap] processing EAP-TLS
  842. [peap] eaptls_verify returned 7
  843. [peap] Done initial handshake
  844. [peap] eaptls_process returned 7
  845. [peap] EAPTLS_OK
  846. [peap] Session established. Decoding tunneled attributes.
  847. [peap] EAP type gtc
  848. [peap] Got tunneled request
  849. EAP-Message = 0x0207000b067372626c6677
  850. server {
  851. PEAP: Setting User-Name to <USER>
  852. Sending tunneled request
  853. EAP-Message = 0x0207000b067372626c6677
  854. FreeRADIUS-Proxied-To = 127.0.0.1
  855. User-Name = "<USER>"
  856. State = 0x29c3aad629c4ac82cf75d1666ecdce24
  857. server inner-tunnel {
  858. +- entering group authorize {...}
  859. ++[chap] returns noop
  860. ++[mschap] returns noop
  861. ++[unix] returns notfound
  862. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  863. [suffix] No such realm "NULL"
  864. ++[suffix] returns noop
  865. ++[control] returns noop
  866. [eap] EAP packet type response id 7 length 11
  867. [eap] No EAP Start, assuming it's an on-going EAP conversation
  868. ++[eap] returns updated
  869. ++[files] returns noop
  870. ++[expiration] returns noop
  871. ++[logintime] returns noop
  872. ++[pap] returns noop
  873. Found Auth-Type = EAP
  874. +- entering group authenticate {...}
  875. [eap] Request found, released from the list
  876. [eap] EAP/gtc
  877. [eap] processing type gtc
  878. [gtc] +- entering group PAP {...}
  879. [pap] login attempt with password "<PASSWORD>"
  880. [pap] No password configured for the user. Cannot do authentication
  881. ++[pap] returns fail
  882. [eap] Handler failed in EAP/gtc
  883. [eap] Failed in EAP select
  884. ++[eap] returns invalid
  885. Failed to authenticate the user.
  886. Login incorrect: [<USER>] (from client <CLIENT> port 0 via TLS tunnel)
  887. } # server inner-tunnel
  888. [peap] Got tunneled reply code 3
  889. EAP-Message = 0x04070004
  890. Message-Authenticator = 0x00000000000000000000000000000000
  891. [peap] Got tunneled reply RADIUS code 3
  892. EAP-Message = 0x04070004
  893. Message-Authenticator = 0x00000000000000000000000000000000
  894. [peap] Tunneled authentication was rejected.
  895. [peap] FAILURE
  896. ++[eap] returns handled
  897. Sending Access-Challenge of id 0 to 10.11.23.57 port 2050
  898. EAP-Message = 0x0108003b19001703010030f10f471fc1902569031f1adc0d268757a118a0a985151c35493c14683827f83d086fc506b357ca1ae8b2492ddacbcd44
  899. Message-Authenticator = 0x00000000000000000000000000000000
  900. State = 0x3b32b8053c3aa1597e93aeb15ced1048
  901. Finished request 7.
  902. Going to the next request
  903. Waking up in 4.9 seconds.
  904. rad_recv: Access-Request packet from host 10.11.23.57 port 2050, id=0, length=228
  905. Cleaning up request 7 ID 0 with timestamp +43
  906. User-Name = "<USER>"
  907. NAS-IP-Address = 192.168.6.11
  908. Called-Station-Id = "001839edc159"
  909. Calling-Station-Id = "002269607a74"
  910. NAS-Identifier = "001839edc159"
  911. NAS-Port = 46
  912. Framed-MTU = 1400
  913. State = 0x3b32b8053c3aa1597e93aeb15ced1048
  914. NAS-Port-Type = Wireless-802.11
  915. EAP-Message = 0x02080060190017030100200c31161fe0df8e4d97927bd0685ad8da6e711f237632c87896c196b82f0fc5411703010030041789764ed83986a389c83fd45ccb460158bca2dcb46c24c89ad564906b2553e4003b072c84729a8c24a59914819652
  916. Message-Authenticator = 0xd2858994eb82c2d86eb59137b255fe38
  917. +- entering group authorize {...}
  918. ++[preprocess] returns ok
  919. ++[chap] returns noop
  920. ++[mschap] returns noop
  921. [suffix] No '@' in User-Name = "<USER>", looking up realm NULL
  922. [suffix] No such realm "NULL"
  923. ++[suffix] returns noop
  924. [eap] EAP packet type response id 8 length 96
  925. [eap] Continuing tunnel setup.
  926. ++[eap] returns ok
  927. Found Auth-Type = EAP
  928. +- entering group authenticate {...}
  929. [eap] Request found, released from the list
  930. [eap] EAP/peap
  931. [eap] processing type peap
  932. [peap] processing EAP-TLS
  933. [peap] eaptls_verify returned 7
  934. [peap] Done initial handshake
  935. [peap] eaptls_process returned 7
  936. [peap] EAPTLS_OK
  937. [peap] Session established. Decoding tunneled attributes.
  938. [peap] Received EAP-TLV response.
  939. [peap] Had sent TLV failure. User was rejected earlier in this session.
  940. [eap] Handler failed in EAP/peap
  941. [eap] Failed in EAP select
  942. ++[eap] returns invalid
  943. Failed to authenticate the user.
  944. Login incorrect: [<USER>] (from client <CLIENT> port 46 cli 002269607a74)
  945. Using Post-Auth-Type Reject
  946. +- entering group REJECT {...}
  947. [attr_filter.access_reject] expand: %{User-Name} -> <USER>
  948. attr_filter: Matched entry DEFAULT at line 11
  949. ++[attr_filter.access_reject] returns updated
  950. Sending Access-Reject of id 0 to 10.11.23.57 port 2050
  951. EAP-Message = 0x04080004
  952. Message-Authenticator = 0x00000000000000000000000000000000
  953. Finished request 8.
  954. Going to the next request
  955. Waking up in 4.9 seconds.
  956. Cleaning up request 8 ID 0 with timestamp +43
  957. Ready to process requests.
  958.  
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement