Advertisement
Guest User

Untitled

a guest
Jan 21st, 2016
366
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 50.98 KB | None | 0 0
  1. FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 27 2015 at 1 2:38:42
  2. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE.
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License v2.
  7. Starting - reading configuration files ...
  8. including configuration file /etc/freeradius/radiusd.conf
  9. including configuration file /etc/freeradius/proxy.conf
  10. including configuration file /etc/freeradius/clients.conf
  11. including files in directory /etc/freeradius/modules/
  12. including configuration file /etc/freeradius/modules/detail
  13. including configuration file /etc/freeradius/modules/cui
  14. including configuration file /etc/freeradius/modules/smsotp
  15. including configuration file /etc/freeradius/modules/expiration
  16. including configuration file /etc/freeradius/modules/unix
  17. including configuration file /etc/freeradius/modules/replicate
  18. including configuration file /etc/freeradius/modules/detail.example.com
  19. including configuration file /etc/freeradius/modules/passwd
  20. including configuration file /etc/freeradius/modules/opendirectory
  21. including configuration file /etc/freeradius/modules/ippool
  22. including configuration file /etc/freeradius/modules/chap
  23. including configuration file /etc/freeradius/modules/mschap
  24. including configuration file /etc/freeradius/modules/soh
  25. including configuration file /etc/freeradius/modules/etc_group
  26. including configuration file /etc/freeradius/modules/logintime
  27. including configuration file /etc/freeradius/modules/radutmp
  28. including configuration file /etc/freeradius/modules/exec
  29. including configuration file /etc/freeradius/modules/counter
  30. including configuration file /etc/freeradius/modules/inner-eap
  31. including configuration file /etc/freeradius/modules/mac2vlan
  32. including configuration file /etc/freeradius/modules/files
  33. including configuration file /etc/freeradius/modules/perl
  34. including configuration file /etc/freeradius/modules/mac2ip
  35. including configuration file /etc/freeradius/modules/krb5
  36. including configuration file /etc/freeradius/modules/ntlm_auth
  37. including configuration file /etc/freeradius/modules/preprocess
  38. including configuration file /etc/freeradius/modules/ldap
  39. including configuration file /etc/freeradius/modules/sql_log
  40. including configuration file /etc/freeradius/modules/dynamic_clients
  41. including configuration file /etc/freeradius/modules/policy
  42. including configuration file /etc/freeradius/modules/smbpasswd
  43. including configuration file /etc/freeradius/modules/linelog
  44. including configuration file /etc/freeradius/modules/pap
  45. including configuration file /etc/freeradius/modules/sradutmp
  46. including configuration file /etc/freeradius/modules/always
  47. including configuration file /etc/freeradius/modules/pam
  48. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  49. including configuration file /etc/freeradius/modules/echo
  50. including configuration file /etc/freeradius/modules/rediswho
  51. including configuration file /etc/freeradius/modules/redis
  52. including configuration file /etc/freeradius/modules/attr_rewrite
  53. including configuration file /etc/freeradius/modules/realm
  54. including configuration file /etc/freeradius/modules/attr_filter
  55. including configuration file /etc/freeradius/modules/expr
  56. including configuration file /etc/freeradius/modules/otp
  57. including configuration file /etc/freeradius/modules/detail.log
  58. including configuration file /etc/freeradius/modules/digest
  59. including configuration file /etc/freeradius/modules/wimax
  60. including configuration file /etc/freeradius/modules/acct_unique
  61. including configuration file /etc/freeradius/modules/checkval
  62. including configuration file /etc/freeradius/eap.conf
  63. including configuration file /etc/freeradius/policy.conf
  64. including files in directory /etc/freeradius/sites-enabled/
  65. including configuration file /etc/freeradius/sites-enabled/default
  66. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  67. main {
  68. user = "freerad"
  69. group = "freerad"
  70. allow_core_dumps = no
  71. }
  72. including dictionary file /etc/freeradius/dictionary
  73. main {
  74. name = "freeradius"
  75. prefix = "/usr"
  76. localstatedir = "/var"
  77. sbindir = "/usr/sbin"
  78. logdir = "/var/log/freeradius"
  79. run_dir = "/var/run/freeradius"
  80. libdir = "/usr/lib/freeradius"
  81. radacctdir = "/var/log/freeradius/radacct"
  82. hostname_lookups = no
  83. max_request_time = 30
  84. cleanup_delay = 5
  85. max_requests = 1024
  86. pidfile = "/var/run/freeradius/freeradius.pid"
  87. checkrad = "/usr/sbin/checkrad"
  88. debug_level = 0
  89. proxy_requests = no
  90. log {
  91. stripped_names = no
  92. auth = no
  93. auth_badpass = no
  94. auth_goodpass = no
  95. }
  96. security {
  97. max_attributes = 200
  98. reject_delay = 1
  99. status_server = yes
  100. }
  101. }
  102. radiusd: #### Loading Realms and Home Servers ####
  103. proxy server {
  104. retry_delay = 5
  105. retry_count = 3
  106. default_fallback = no
  107. dead_time = 120
  108. wake_all_if_all_dead = no
  109. }
  110. home_server localhost {
  111. ipaddr = 127.0.0.1
  112. port = 1812
  113. type = "auth"
  114. secret = "testing123"
  115. response_window = 20
  116. max_outstanding = 65536
  117. require_message_authenticator = yes
  118. zombie_period = 40
  119. status_check = "status-server"
  120. ping_interval = 30
  121. check_interval = 30
  122. num_answers_to_alive = 3
  123. num_pings_to_alive = 3
  124. revive_interval = 120
  125. status_check_timeout = 4
  126. coa {
  127. irt = 2
  128. mrt = 16
  129. mrc = 5
  130. mrd = 30
  131. }
  132. }
  133. home_server_pool my_auth_failover {
  134. type = fail-over
  135. home_server = localhost
  136. }
  137. realm example.com {
  138. auth_pool = my_auth_failover
  139. }
  140. realm LOCAL {
  141. }
  142. radiusd: #### Loading Clients ####
  143. client localhost {
  144. ipaddr = 127.0.0.1
  145. require_message_authenticator = no
  146. secret = "testing123"
  147. nastype = "other"
  148. }
  149. client 192.168.1.0/24 {
  150. require_message_authenticator = no
  151. secret = "testing123"
  152. shortname = "private-network-1"
  153. }
  154. radiusd: #### Instantiating modules ####
  155. instantiate {
  156. Module: Linked to module rlm_exec
  157. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  158. exec {
  159. wait = no
  160. input_pairs = "request"
  161. shell_escape = yes
  162. }
  163. Module: Linked to module rlm_expr
  164. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  165. Module: Linked to module rlm_expiration
  166. Module: Instantiating module "expiration" from file /etc/freeradius/modules/exp iration
  167. expiration {
  168. reply-message = "Password Has Expired "
  169. }
  170. Module: Linked to module rlm_logintime
  171. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logi ntime
  172. logintime {
  173. reply-message = "You are calling outside your allowed timespan "
  174. minimum-timeout = 60
  175. }
  176. }
  177. radiusd: #### Loading Virtual Servers ####
  178. server { # from file /etc/freeradius/radiusd.conf
  179. modules {
  180. Module: Creating Auth-Type = digest
  181. Module: Creating Auth-Type = LDAP
  182. Module: Creating Post-Auth-Type = REJECT
  183. Module: Checking authenticate {...} for more modules to load
  184. Module: Linked to module rlm_pap
  185. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  186. pap {
  187. encryption_scheme = "auto"
  188. auto_header = no
  189. }
  190. Module: Linked to module rlm_chap
  191. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  192. Module: Linked to module rlm_mschap
  193. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  194. mschap {
  195. use_mppe = yes
  196. require_encryption = no
  197. require_strong = no
  198. with_ntdomain_hack = no
  199. allow_retry = yes
  200. }
  201. Module: Linked to module rlm_digest
  202. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  203. Module: Linked to module rlm_unix
  204. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  205. unix {
  206. radwtmp = "/var/log/freeradius/radwtmp"
  207. }
  208. Module: Linked to module rlm_ldap
  209. Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  210. ldap {
  211. server = "192.168.1.110"
  212. port = 389
  213. password = "M13n14e5"
  214. identity = "cn=admin,dc=example,dc=com"
  215. net_timeout = 1
  216. timeout = 4
  217. timelimit = 3
  218. tls_mode = no
  219. start_tls = no
  220. tls_require_cert = "allow"
  221. tls {
  222. start_tls = no
  223. require_cert = "allow"
  224. }
  225. basedn = "ou=people,dc=example,dc=com"
  226. filter = "(uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}})"
  227. base_filter = "(objectclass=radiusprofile)"
  228. auto_header = no
  229. access_attr_used_for_allow = yes
  230. groupname_attribute = "cn"
  231. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-U serDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  232. dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  233. ldap_debug = 0
  234. ldap_connections_number = 5
  235. compare_check_items = no
  236. do_xlat = yes
  237. edir_account_policy_check = no
  238. set_auth_type = yes
  239. keepalive {
  240. idle = 60
  241. probes = 3
  242. interval = 3
  243. }
  244. }
  245. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  246. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  247. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
  248. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  249. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  250. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  251. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  252. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  253. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  254. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  255. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  256. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  257. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  258. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  259. rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
  260. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  261. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  262. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  263. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  264. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  265. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  266. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  267. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  268. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  269. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  270. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  271. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  272. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  273. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  274. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  275. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  276. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  277. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  278. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  279. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  280. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  281. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  282. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  283. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  284. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  285. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  286. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Ne twork
  287. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  288. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  289. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  290. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  291. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  292. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  293. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group- Id
  294. conns: 0x99993f0
  295. Module: Linked to module rlm_eap
  296. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  297. eap {
  298. default_eap_type = "md5"
  299. timer_expire = 60
  300. ignore_unknown_eap_types = no
  301. cisco_accounting_username_bug = no
  302. max_sessions = 4096
  303. }
  304. Module: Linked to sub-module rlm_eap_md5
  305. Module: Instantiating eap-md5
  306. Module: Linked to sub-module rlm_eap_leap
  307. Module: Instantiating eap-leap
  308. Module: Linked to sub-module rlm_eap_gtc
  309. Module: Instantiating eap-gtc
  310. gtc {
  311. challenge = "Password: "
  312. auth_type = "PAP"
  313. }
  314. Module: Linked to sub-module rlm_eap_tls
  315. Module: Instantiating eap-tls
  316. tls {
  317. rsa_key_exchange = no
  318. dh_key_exchange = yes
  319. rsa_key_length = 512
  320. dh_key_length = 512
  321. verify_depth = 0
  322. CA_path = "/etc/freeradius/certs"
  323. pem_file_type = yes
  324. private_key_file = "/etc/freeradius/certs/server.key"
  325. certificate_file = "/etc/freeradius/certs/server.pem"
  326. CA_file = "/etc/freeradius/certs/ca.pem"
  327. private_key_password = "whatever"
  328. dh_file = "/etc/freeradius/certs/dh"
  329. random_file = "/dev/urandom"
  330. fragment_size = 1024
  331. include_length = yes
  332. check_crl = no
  333. cipher_list = "DEFAULT"
  334. make_cert_command = "/etc/freeradius/certs/bootstrap"
  335. ecdh_curve = "prime256v1"
  336. cache {
  337. enable = no
  338. lifetime = 24
  339. max_entries = 255
  340. }
  341. verify {
  342. }
  343. ocsp {
  344. enable = no
  345. override_cert_url = yes
  346. url = "http://127.0.0.1/ocsp/"
  347. }
  348. }
  349. Module: Linked to sub-module rlm_eap_ttls
  350. Module: Instantiating eap-ttls
  351. ttls {
  352. default_eap_type = "md5"
  353. copy_request_to_tunnel = no
  354. use_tunneled_reply = no
  355. virtual_server = "inner-tunnel"
  356. include_length = yes
  357. }
  358. Module: Linked to sub-module rlm_eap_peap
  359. Module: Instantiating eap-peap
  360. peap {
  361. default_eap_type = "mschapv2"
  362. copy_request_to_tunnel = no
  363. use_tunneled_reply = no
  364. proxy_tunneled_request_as_eap = yes
  365. virtual_server = "inner-tunnel"
  366. soh = no
  367. }
  368. Module: Linked to sub-module rlm_eap_mschapv2
  369. Module: Instantiating eap-mschapv2
  370. mschapv2 {
  371. with_ntdomain_hack = no
  372. send_error = no
  373. }
  374. Module: Checking authorize {...} for more modules to load
  375. Module: Linked to module rlm_preprocess
  376. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/pre process
  377. preprocess {
  378. huntgroups = "/etc/freeradius/huntgroups"
  379. hints = "/etc/freeradius/hints"
  380. with_ascend_hack = no
  381. ascend_channels_per_line = 23
  382. with_ntdomain_hack = no
  383. with_specialix_jetstream_hack = no
  384. with_cisco_vsa_hack = no
  385. with_alvarion_vsa_hack = no
  386. }
  387. Module: Linked to module rlm_realm
  388. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  389. realm suffix {
  390. format = "suffix"
  391. delimiter = "@"
  392. ignore_default = no
  393. ignore_null = no
  394. }
  395. Module: Linked to module rlm_files
  396. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  397. files {
  398. usersfile = "/etc/freeradius/users"
  399. acctusersfile = "/etc/freeradius/acct_users"
  400. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  401. compat = "no"
  402. }
  403. Module: Checking preacct {...} for more modules to load
  404. Module: Linked to module rlm_acct_unique
  405. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/ac ct_unique
  406. acct_unique {
  407. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NA S-Port"
  408. }
  409. Module: Checking accounting {...} for more modules to load
  410. Module: Linked to module rlm_detail
  411. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  412. detail {
  413. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{ Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  414. header = "%t"
  415. detailperm = 384
  416. dirperm = 493
  417. locking = no
  418. log_packet_header = no
  419. }
  420. Module: Linked to module rlm_radutmp
  421. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutm p
  422. radutmp {
  423. filename = "/var/log/freeradius/radutmp"
  424. username = "%{User-Name}"
  425. case_sensitive = yes
  426. check_with_nas = yes
  427. perm = 384
  428. callerid = yes
  429. }
  430. Module: Linked to module rlm_attr_filter
  431. Module: Instantiating module "attr_filter.accounting_response" from file /etc/f reeradius/modules/attr_filter
  432. attr_filter attr_filter.accounting_response {
  433. attrsfile = "/etc/freeradius/attrs.accounting_response"
  434. key = "%{User-Name}"
  435. relaxed = no
  436. }
  437. Module: Checking session {...} for more modules to load
  438. Module: Checking post-proxy {...} for more modules to load
  439. Module: Checking post-auth {...} for more modules to load
  440. Module: Linked to module rlm_ippool
  441. Module: Instantiating module "main_pool" from file /etc/freeradius/modules/ippo ol
  442. ippool main_pool {
  443. session-db = "/etc/freeradius/db.ippool"
  444. ip-index = "/etc/freeradius/db.ipindex"
  445. key = "%{NAS-IP-Address} %{NAS-Port}"
  446. range-start = 192.168.1.1
  447. range-stop = 192.168.3.254
  448. netmask = 255.255.255.0
  449. cache-size = 800
  450. override = no
  451. maximum-timeout = 0
  452. }
  453. Module: Instantiating module "attr_filter.access_reject" from file /etc/freerad ius/modules/attr_filter
  454. attr_filter attr_filter.access_reject {
  455. attrsfile = "/etc/freeradius/attrs.access_reject"
  456. key = "%{User-Name}"
  457. relaxed = no
  458. }
  459. } # modules
  460. } # server
  461. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  462. modules {
  463. Module: Checking authenticate {...} for more modules to load
  464. Module: Checking authorize {...} for more modules to load
  465. Module: Checking session {...} for more modules to load
  466. Module: Checking post-proxy {...} for more modules to load
  467. Module: Checking post-auth {...} for more modules to load
  468. } # modules
  469. } # server
  470. radiusd: #### Opening IP addresses and Ports ####
  471. listen {
  472. type = "auth"
  473. ipaddr = *
  474. port = 0
  475. }
  476. listen {
  477. type = "acct"
  478. ipaddr = *
  479. port = 0
  480. }
  481. listen {
  482. type = "auth"
  483. ipaddr = 127.0.0.1
  484. port = 18120
  485. }
  486. Listening on authentication address * port 1812
  487. Listening on accounting address * port 1813
  488. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  489. Ready to process requests.
  490. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=13, length=154
  491. User-Name = "alice"
  492. NAS-IP-Address = 193.171.242.72
  493. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  494. NAS-Port-Type = Wireless-802.11
  495. NAS-Port = 1
  496. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  497. Connect-Info = "CONNECT 54Mbps 802.11g"
  498. Framed-MTU = 1400
  499. EAP-Message = 0x02c5000a01616c696365
  500. Message-Authenticator = 0x8ccc4ffd253e776d923fa0bd1bb76135
  501. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  502. +- entering group authorize {...}
  503. ++[preprocess] returns ok
  504. ++[chap] returns noop
  505. ++[mschap] returns noop
  506. ++[digest] returns noop
  507. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  508. [suffix] No such realm "NULL"
  509. ++[suffix] returns noop
  510. [eap] EAP packet type response id 197 length 10
  511. [eap] No EAP Start, assuming it's an on-going EAP conversation
  512. ++[eap] returns updated
  513. ++[files] returns noop
  514. [ldap] performing user authorization for alice
  515. [ldap] expand: %{Stripped-User-Name} ->
  516. [ldap] ... expanding second conditional
  517. [ldap] expand: %{User-Name} -> alice
  518. [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
  519. [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
  520. [ldap] ldap_get_conn: Checking Id: 0
  521. [ldap] ldap_get_conn: Got Id: 0
  522. [ldap] attempting LDAP reconnection
  523. [ldap] (re)connect to 192.168.1.110:389, authentication 0
  524. [ldap] bind as cn=admin,dc=example,dc=com/M13n14e5 to 192.168.1.110:389
  525. [ldap] waiting for bind result ...
  526. [ldap] Bind was successful
  527. [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
  528. [ldap] No default NMAS login sequence
  529. [ldap] looking for check items in directory...
  530. [ldap] userPassword -> Password-With-Header == "123"
  531. [ldap] looking for reply items in directory...
  532. [ldap] user alice authorized to use remote access
  533. [ldap] ldap_release_conn: Release Id: 0
  534. ++[ldap] returns ok
  535. ++[expiration] returns noop
  536. ++[logintime] returns noop
  537. [pap] Failed to decode Password-With-Header = "123"
  538. [pap] WARNING: Auth-Type already set. Not setting to PAP
  539. ++[pap] returns noop
  540. Found Auth-Type = EAP
  541. # Executing group from file /etc/freeradius/sites-enabled/default
  542. +- entering group authenticate {...}
  543. [eap] EAP Identity
  544. [eap] processing type md5
  545. rlm_eap_md5: Issuing Challenge
  546. ++[eap] returns handled
  547. Sending Access-Challenge of id 13 to 192.168.1.1 port 43233
  548. EAP-Message = 0x01c6001604108e1ae796413fe2e1c87441622675b0c0
  549. Message-Authenticator = 0x00000000000000000000000000000000
  550. State = 0x132ad59713ecd177b855c7b0b365d049
  551. Finished request 0.
  552. Going to the next request
  553. Waking up in 4.9 seconds.
  554. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=14, length=168
  555. User-Name = "alice"
  556. NAS-IP-Address = 193.171.242.72
  557. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  558. NAS-Port-Type = Wireless-802.11
  559. NAS-Port = 1
  560. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  561. Connect-Info = "CONNECT 54Mbps 802.11g"
  562. Framed-MTU = 1400
  563. EAP-Message = 0x02c600060319
  564. State = 0x132ad59713ecd177b855c7b0b365d049
  565. Message-Authenticator = 0x8812aa3e8398a053c40c41cfc5d40d30
  566. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  567. +- entering group authorize {...}
  568. ++[preprocess] returns ok
  569. ++[chap] returns noop
  570. ++[mschap] returns noop
  571. ++[digest] returns noop
  572. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  573. [suffix] No such realm "NULL"
  574. ++[suffix] returns noop
  575. [eap] EAP packet type response id 198 length 6
  576. [eap] No EAP Start, assuming it's an on-going EAP conversation
  577. ++[eap] returns updated
  578. ++[files] returns noop
  579. [ldap] performing user authorization for alice
  580. [ldap] expand: %{Stripped-User-Name} ->
  581. [ldap] ... expanding second conditional
  582. [ldap] expand: %{User-Name} -> alice
  583. [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
  584. [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
  585. [ldap] ldap_get_conn: Checking Id: 0
  586. [ldap] ldap_get_conn: Got Id: 0
  587. [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
  588. [ldap] No default NMAS login sequence
  589. [ldap] looking for check items in directory...
  590. [ldap] userPassword -> Password-With-Header == "123"
  591. [ldap] looking for reply items in directory...
  592. [ldap] user alice authorized to use remote access
  593. [ldap] ldap_release_conn: Release Id: 0
  594. ++[ldap] returns ok
  595. ++[expiration] returns noop
  596. ++[logintime] returns noop
  597. [pap] Failed to decode Password-With-Header = "123"
  598. [pap] WARNING: Auth-Type already set. Not setting to PAP
  599. ++[pap] returns noop
  600. Found Auth-Type = EAP
  601. # Executing group from file /etc/freeradius/sites-enabled/default
  602. +- entering group authenticate {...}
  603. [eap] Request found, released from the list
  604. [eap] EAP NAK
  605. [eap] EAP-NAK asked for EAP-Type/peap
  606. [eap] processing type tls
  607. [tls] Initiate
  608. [tls] Start returned 1
  609. ++[eap] returns handled
  610. Sending Access-Challenge of id 14 to 192.168.1.1 port 43233
  611. EAP-Message = 0x01c700061920
  612. Message-Authenticator = 0x00000000000000000000000000000000
  613. State = 0x132ad59712edcc77b855c7b0b365d049
  614. Finished request 1.
  615. Going to the next request
  616. Waking up in 4.9 seconds.
  617. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=15, length=358
  618. User-Name = "alice"
  619. NAS-IP-Address = 193.171.242.72
  620. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  621. NAS-Port-Type = Wireless-802.11
  622. NAS-Port = 1
  623. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  624. Connect-Info = "CONNECT 54Mbps 802.11g"
  625. Framed-MTU = 1400
  626. EAP-Message = 0x02c700c41980000000ba16030100b5010000b1030117d919090853e344ab39a82bec22927358a2a1056500fdd9fb648cf00475bb7e000048c014c00a00390038c00fc0050035c013c00900330032c00ec004002fc011c007c00cc00200050004c012c00800160013c00dc003000a0015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
  627. State = 0x132ad59712edcc77b855c7b0b365d049
  628. Message-Authenticator = 0x476d841fec307e168c9b1ef62c53b142
  629. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  630. +- entering group authorize {...}
  631. ++[preprocess] returns ok
  632. ++[chap] returns noop
  633. ++[mschap] returns noop
  634. ++[digest] returns noop
  635. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  636. [suffix] No such realm "NULL"
  637. ++[suffix] returns noop
  638. [eap] EAP packet type response id 199 length 196
  639. [eap] Continuing tunnel setup.
  640. ++[eap] returns ok
  641. Found Auth-Type = EAP
  642. # Executing group from file /etc/freeradius/sites-enabled/default
  643. +- entering group authenticate {...}
  644. [eap] Request found, released from the list
  645. [eap] EAP/peap
  646. [eap] processing type peap
  647. [peap] processing EAP-TLS
  648. TLS Length 186
  649. [peap] Length Included
  650. [peap] eaptls_verify returned 11
  651. [peap] (other): before/accept initialization
  652. [peap] TLS_accept: before/accept initialization
  653. [peap] <<< TLS 1.0 Handshake [length 00b5], ClientHello
  654. [peap] TLS_accept: SSLv3 read client hello A
  655. [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
  656. [peap] TLS_accept: SSLv3 write server hello A
  657. [peap] >>> TLS 1.0 Handshake [length 02ca], Certificate
  658. [peap] TLS_accept: SSLv3 write certificate A
  659. [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
  660. [peap] TLS_accept: SSLv3 write key exchange A
  661. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  662. [peap] TLS_accept: SSLv3 write server done A
  663. [peap] TLS_accept: SSLv3 flush data
  664. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
  665. In SSL Handshake Phase
  666. In SSL Accept mode
  667. [peap] eaptls_process returned 13
  668. [peap] EAPTLS_HANDLED
  669. ++[eap] returns handled
  670. Sending Access-Challenge of id 15 to 192.168.1.1 port 43233
  671. EAP-Message = 0x01c8040019c0000004661603010039020000350301dc858d50fd51985b142da3a4c0ae344a92f323cb6ce651a3ef05a71576f4edd200c01400000dff01000100000b00040300010216030102ca0b0002c60002c30002c0308202bc308201a4a003020102020900d8fffb2ce37c816e300d06092a864886f70d01010b05003016311430120603550403130b6c696e7578736572766572301e170d3135313031383232343233315a170d3235313031353232343233315a3016311430120603550403130b6c696e757873657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100a33f4717e994096300100201c659
  672. EAP-Message = 0xe060f87a80c37f446fcf399b0e38865bbeccd402a792060d7fad938aa8e618ab69f092c4e66a5566944ea8889951f7455e26d8c16c5caf44cb77ada6b22c8f09395d088389c807f05795993131216f529f03f026f201d132b2d46792e5e061715d57d789ad2635913be9f2707edb56ec46640d5e7e10114fdd926aeb077219288e12def007c276cb094492f6324177a34acc4f6bd0ae42bd33f8c146c3459a6729fbae330a50c850c6168f639393b1df61b4844ba3817c1d1ae9372fd748974b759fe004fc7896fd836cf2c451b9b839676a7daf3f159a25556786004477806a2d7e4533082fc65f54ff962c9d8b1b4024970203010001a30d300b3009
  673. EAP-Message = 0x0603551d1304023000300d06092a864886f70d01010b05000382010100096042f13ba70b77da7f7776664837865d6e5aba369ec417a35b2dfb7a133d3e8dbd5a8206112ae45d2e0f5229c6dd6af7d2c65d069127bf4d14310362320ccc6cfe604c84afbe9a710450c7ba8e2566e796339ce6755e475cd617e238979ae4105bba8a4cee6beef40b73284a9a8543f468c285cb57e2c8a6793fce7adcca70b61097bda46ba3574a27f57f3d41644325f77342426e67866d0ba1278cf42078042a82e87fbaa3e60c443411c954bee628f20b5cccbd9a4d366724f7306bb12f91dd12388cdf83d83407aa0d9cf73b114f7000b1e6ff7bceffce75b3fee35aed
  674. EAP-Message = 0x73d9164c24d9786fdab5a9db0ab89f202f96f6cd0be79956fa33fe13644244ad160301014b0c0001470300174104e6e857836a3ded77a34b7e371dce3690630408acd4abb4792468e22a0e03560126f764174dd8c1069372097beb833ae3ba13de94c462947da00dcca52c973bd101009498fa15bb9382adb9c985f5fc48368a0b3dcc15181bb9aa510abccefc2cc6ff8d8be4d116cc555821edb92ed04360c0a95ca4a61588775a5bc5b2203619c7aeadc6490c876a68770ab5efaad768da56fff676aa90af8a69c1edc1c65514ce617d36681746a8f48f6c9a796b7bce37e9c1baee9d3e12d60e125c24fecb89d3eb658130686640d9afc291f66b58
  675. EAP-Message = 0x9d68424206ec4ca4d07e8ba3
  676. Message-Authenticator = 0x00000000000000000000000000000000
  677. State = 0x132ad59711e2cc77b855c7b0b365d049
  678. Finished request 2.
  679. Going to the next request
  680. Waking up in 4.9 seconds.
  681. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=16, length=168
  682. User-Name = "alice"
  683. NAS-IP-Address = 193.171.242.72
  684. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  685. NAS-Port-Type = Wireless-802.11
  686. NAS-Port = 1
  687. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  688. Connect-Info = "CONNECT 54Mbps 802.11g"
  689. Framed-MTU = 1400
  690. EAP-Message = 0x02c800061900
  691. State = 0x132ad59711e2cc77b855c7b0b365d049
  692. Message-Authenticator = 0xe22a4dd9ee05350e65fe3461973c8b3c
  693. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  694. +- entering group authorize {...}
  695. ++[preprocess] returns ok
  696. ++[chap] returns noop
  697. ++[mschap] returns noop
  698. ++[digest] returns noop
  699. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  700. [suffix] No such realm "NULL"
  701. ++[suffix] returns noop
  702. [eap] EAP packet type response id 200 length 6
  703. [eap] Continuing tunnel setup.
  704. ++[eap] returns ok
  705. Found Auth-Type = EAP
  706. # Executing group from file /etc/freeradius/sites-enabled/default
  707. +- entering group authenticate {...}
  708. [eap] Request found, released from the list
  709. [eap] EAP/peap
  710. [eap] processing type peap
  711. [peap] processing EAP-TLS
  712. [peap] Received TLS ACK
  713. [peap] ACK handshake fragment handler
  714. [peap] eaptls_verify returned 1
  715. [peap] eaptls_process returned 13
  716. [peap] EAPTLS_HANDLED
  717. ++[eap] returns handled
  718. Sending Access-Challenge of id 16 to 192.168.1.1 port 43233
  719. EAP-Message = 0x01c9007619006a1e2796b7aacdf861c55711084d0d2269ccf08d793151b63ecd49d0d58410268f350c5b1a416beaadfde05f884af01bfeb2fbebe134c32e9a1a0d012a4a91ec6c647b21c8a8bb8a0227cb22f3ac0132387a18cc91042d020e39edd45108184a61c9c5f2854f4016030100040e000000
  720. Message-Authenticator = 0x00000000000000000000000000000000
  721. State = 0x132ad59710e3cc77b855c7b0b365d049
  722. Finished request 3.
  723. Going to the next request
  724. Waking up in 4.9 seconds.
  725. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=17, length=306
  726. User-Name = "alice"
  727. NAS-IP-Address = 193.171.242.72
  728. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  729. NAS-Port-Type = Wireless-802.11
  730. NAS-Port = 1
  731. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  732. Connect-Info = "CONNECT 54Mbps 802.11g"
  733. Framed-MTU = 1400
  734. EAP-Message = 0x02c9009019800000008616030100461000004241045e27e0dcba4be960a43e3eae8fc835338ae29ab8403975fbae1a48ea30f6adde3ea24bc0aaa39ef24a591e5c5d6332f61db9a082ce11077cde3f134e99644efa1403010001011603010030269410f33e5ae66f0543460effa4c22be587910c9741182d7d15d6f272fed336393cbce7d4f1fbbd28f9214eec60d76f
  735. State = 0x132ad59710e3cc77b855c7b0b365d049
  736. Message-Authenticator = 0x0129a7f45692dbf77f01848317c9a753
  737. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  738. +- entering group authorize {...}
  739. ++[preprocess] returns ok
  740. ++[chap] returns noop
  741. ++[mschap] returns noop
  742. ++[digest] returns noop
  743. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  744. [suffix] No such realm "NULL"
  745. ++[suffix] returns noop
  746. [eap] EAP packet type response id 201 length 144
  747. [eap] Continuing tunnel setup.
  748. ++[eap] returns ok
  749. Found Auth-Type = EAP
  750. # Executing group from file /etc/freeradius/sites-enabled/default
  751. +- entering group authenticate {...}
  752. [eap] Request found, released from the list
  753. [eap] EAP/peap
  754. [eap] processing type peap
  755. [peap] processing EAP-TLS
  756. TLS Length 134
  757. [peap] Length Included
  758. [peap] eaptls_verify returned 11
  759. [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
  760. [peap] TLS_accept: SSLv3 read client key exchange A
  761. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  762. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  763. [peap] TLS_accept: SSLv3 read finished A
  764. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  765. [peap] TLS_accept: SSLv3 write change cipher spec A
  766. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  767. [peap] TLS_accept: SSLv3 write finished A
  768. [peap] TLS_accept: SSLv3 flush data
  769. [peap] (other): SSL negotiation finished successfully
  770. SSL Connection Established
  771. [peap] eaptls_process returned 13
  772. [peap] EAPTLS_HANDLED
  773. ++[eap] returns handled
  774. Sending Access-Challenge of id 17 to 192.168.1.1 port 43233
  775. EAP-Message = 0x01ca0041190014030100010116030100302a406248cd0e0e7f8ff4ed29ff4d40ef372a314bdd40d591fc01d2bd82ab84d6ab52213d9c9652558c8409b950144152
  776. Message-Authenticator = 0x00000000000000000000000000000000
  777. State = 0x132ad59717e0cc77b855c7b0b365d049
  778. Finished request 4.
  779. Going to the next request
  780. Waking up in 4.8 seconds.
  781. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=18, length=168
  782. User-Name = "alice"
  783. NAS-IP-Address = 193.171.242.72
  784. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  785. NAS-Port-Type = Wireless-802.11
  786. NAS-Port = 1
  787. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  788. Connect-Info = "CONNECT 54Mbps 802.11g"
  789. Framed-MTU = 1400
  790. EAP-Message = 0x02ca00061900
  791. State = 0x132ad59717e0cc77b855c7b0b365d049
  792. Message-Authenticator = 0x9392cce2c83165e548d338dd4e6d9048
  793. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  794. +- entering group authorize {...}
  795. ++[preprocess] returns ok
  796. ++[chap] returns noop
  797. ++[mschap] returns noop
  798. ++[digest] returns noop
  799. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  800. [suffix] No such realm "NULL"
  801. ++[suffix] returns noop
  802. [eap] EAP packet type response id 202 length 6
  803. [eap] Continuing tunnel setup.
  804. ++[eap] returns ok
  805. Found Auth-Type = EAP
  806. # Executing group from file /etc/freeradius/sites-enabled/default
  807. +- entering group authenticate {...}
  808. [eap] Request found, released from the list
  809. [eap] EAP/peap
  810. [eap] processing type peap
  811. [peap] processing EAP-TLS
  812. [peap] Received TLS ACK
  813. [peap] ACK handshake is finished
  814. [peap] eaptls_verify returned 3
  815. [peap] eaptls_process returned 3
  816. [peap] EAPTLS_SUCCESS
  817. [peap] Session established. Decoding tunneled attributes.
  818. [peap] Peap state TUNNEL ESTABLISHED
  819. ++[eap] returns handled
  820. Sending Access-Challenge of id 18 to 192.168.1.1 port 43233
  821. EAP-Message = 0x01cb002b190017030100204bc2991fcaea9604f4383f622a6df726889959d28411fe8c3b9706ff25237c46
  822. Message-Authenticator = 0x00000000000000000000000000000000
  823. State = 0x132ad59716e1cc77b855c7b0b365d049
  824. Finished request 5.
  825. Going to the next request
  826. Waking up in 4.8 seconds.
  827. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=19, length=205
  828. User-Name = "alice"
  829. NAS-IP-Address = 193.171.242.72
  830. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  831. NAS-Port-Type = Wireless-802.11
  832. NAS-Port = 1
  833. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  834. Connect-Info = "CONNECT 54Mbps 802.11g"
  835. Framed-MTU = 1400
  836. EAP-Message = 0x02cb002b1900170301002010b621fb94a16d0dcbe24745c7054158401ecfd8e495a525bbc63c7ba0878385
  837. State = 0x132ad59716e1cc77b855c7b0b365d049
  838. Message-Authenticator = 0xb004f20fa2372a26ee71397f4bbe065c
  839. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  840. +- entering group authorize {...}
  841. ++[preprocess] returns ok
  842. ++[chap] returns noop
  843. ++[mschap] returns noop
  844. ++[digest] returns noop
  845. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  846. [suffix] No such realm "NULL"
  847. ++[suffix] returns noop
  848. [eap] EAP packet type response id 203 length 43
  849. [eap] Continuing tunnel setup.
  850. ++[eap] returns ok
  851. Found Auth-Type = EAP
  852. # Executing group from file /etc/freeradius/sites-enabled/default
  853. +- entering group authenticate {...}
  854. [eap] Request found, released from the list
  855. [eap] EAP/peap
  856. [eap] processing type peap
  857. [peap] processing EAP-TLS
  858. [peap] eaptls_verify returned 7
  859. [peap] Done initial handshake
  860. [peap] eaptls_process returned 7
  861. [peap] EAPTLS_OK
  862. [peap] Session established. Decoding tunneled attributes.
  863. [peap] Peap state WAITING FOR INNER IDENTITY
  864. [peap] Identity - alice
  865. [peap] Got inner identity 'alice'
  866. [peap] Setting default EAP type for tunneled EAP session.
  867. [peap] Got tunneled request
  868. EAP-Message = 0x02cb000a01616c696365
  869. server {
  870. [peap] Setting User-Name to alice
  871. Sending tunneled request
  872. EAP-Message = 0x02cb000a01616c696365
  873. FreeRADIUS-Proxied-To = 127.0.0.1
  874. User-Name = "alice"
  875. server inner-tunnel {
  876. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  877. +- entering group authorize {...}
  878. ++[chap] returns noop
  879. ++[mschap] returns noop
  880. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  881. [suffix] No such realm "NULL"
  882. ++[suffix] returns noop
  883. ++[control] returns noop
  884. [eap] EAP packet type response id 203 length 10
  885. [eap] No EAP Start, assuming it's an on-going EAP conversation
  886. ++[eap] returns updated
  887. ++[files] returns noop
  888. ++[expiration] returns noop
  889. ++[logintime] returns noop
  890. ++[pap] returns noop
  891. Found Auth-Type = EAP
  892. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  893. +- entering group authenticate {...}
  894. [eap] EAP Identity
  895. [eap] processing type mschapv2
  896. rlm_eap_mschapv2: Issuing Challenge
  897. ++[eap] returns handled
  898. } # server inner-tunnel
  899. [peap] Got tunneled reply code 11
  900. EAP-Message = 0x01cc001f1a01cc001a1067296be9e3620b79d7395850d2245e72616c696365
  901. Message-Authenticator = 0x00000000000000000000000000000000
  902. State = 0xca60d996caacc3cb8b8622953f881714
  903. [peap] Got tunneled reply RADIUS code 11
  904. EAP-Message = 0x01cc001f1a01cc001a1067296be9e3620b79d7395850d2245e72616c696365
  905. Message-Authenticator = 0x00000000000000000000000000000000
  906. State = 0xca60d996caacc3cb8b8622953f881714
  907. [peap] Got tunneled Access-Challenge
  908. ++[eap] returns handled
  909. Sending Access-Challenge of id 19 to 192.168.1.1 port 43233
  910. EAP-Message = 0x01cc003b19001703010030599d1f539210879f90eead60dace903b038134c9cb71974da9675c0b62e210d17324491e3ca281ee5686ed1cc8ae4272
  911. Message-Authenticator = 0x00000000000000000000000000000000
  912. State = 0x132ad59715e6cc77b855c7b0b365d049
  913. Finished request 6.
  914. Going to the next request
  915. Waking up in 4.8 seconds.
  916. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=20, length=205
  917. User-Name = "alice"
  918. NAS-IP-Address = 193.171.242.72
  919. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  920. NAS-Port-Type = Wireless-802.11
  921. NAS-Port = 1
  922. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  923. Connect-Info = "CONNECT 54Mbps 802.11g"
  924. Framed-MTU = 1400
  925. EAP-Message = 0x02cc002b19001703010020e62e8de7e9460f344f134d0a6c5729365e51161c028a2a0ce265b7f8e0e1117c
  926. State = 0x132ad59715e6cc77b855c7b0b365d049
  927. Message-Authenticator = 0x1948854479f3a1fa688f62537e7dbf2f
  928. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  929. +- entering group authorize {...}
  930. ++[preprocess] returns ok
  931. ++[chap] returns noop
  932. ++[mschap] returns noop
  933. ++[digest] returns noop
  934. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  935. [suffix] No such realm "NULL"
  936. ++[suffix] returns noop
  937. [eap] EAP packet type response id 204 length 43
  938. [eap] Continuing tunnel setup.
  939. ++[eap] returns ok
  940. Found Auth-Type = EAP
  941. # Executing group from file /etc/freeradius/sites-enabled/default
  942. +- entering group authenticate {...}
  943. [eap] Request found, released from the list
  944. [eap] EAP/peap
  945. [eap] processing type peap
  946. [peap] processing EAP-TLS
  947. [peap] eaptls_verify returned 7
  948. [peap] Done initial handshake
  949. [peap] eaptls_process returned 7
  950. [peap] EAPTLS_OK
  951. [peap] Session established. Decoding tunneled attributes.
  952. [peap] Peap state phase2
  953. [peap] EAP type nak
  954. [peap] Got tunneled request
  955. EAP-Message = 0x02cc00060306
  956. server {
  957. [peap] Setting User-Name to alice
  958. Sending tunneled request
  959. EAP-Message = 0x02cc00060306
  960. FreeRADIUS-Proxied-To = 127.0.0.1
  961. User-Name = "alice"
  962. State = 0xca60d996caacc3cb8b8622953f881714
  963. server inner-tunnel {
  964. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  965. +- entering group authorize {...}
  966. ++[chap] returns noop
  967. ++[mschap] returns noop
  968. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  969. [suffix] No such realm "NULL"
  970. ++[suffix] returns noop
  971. ++[control] returns noop
  972. [eap] EAP packet type response id 204 length 6
  973. [eap] No EAP Start, assuming it's an on-going EAP conversation
  974. ++[eap] returns updated
  975. ++[files] returns noop
  976. ++[expiration] returns noop
  977. ++[logintime] returns noop
  978. ++[pap] returns noop
  979. Found Auth-Type = EAP
  980. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  981. +- entering group authenticate {...}
  982. [eap] Request found, released from the list
  983. [eap] EAP NAK
  984. [eap] EAP-NAK asked for EAP-Type/gtc
  985. [eap] processing type gtc
  986. [gtc] expand: Password: -> Password:
  987. ++[eap] returns handled
  988. } # server inner-tunnel
  989. [peap] Got tunneled reply code 11
  990. EAP-Message = 0x01cd000f0650617373776f72643a20
  991. Message-Authenticator = 0x00000000000000000000000000000000
  992. State = 0xca60d996cbaddfcb8b8622953f881714
  993. [peap] Got tunneled reply RADIUS code 11
  994. EAP-Message = 0x01cd000f0650617373776f72643a20
  995. Message-Authenticator = 0x00000000000000000000000000000000
  996. State = 0xca60d996cbaddfcb8b8622953f881714
  997. [peap] Got tunneled Access-Challenge
  998. ++[eap] returns handled
  999. Sending Access-Challenge of id 20 to 192.168.1.1 port 43233
  1000. EAP-Message = 0x01cd002b19001703010020a4194d2e326da9ee4e6cd69a873265ea7aff51db7858f3b7441ea4c27530288b
  1001. Message-Authenticator = 0x00000000000000000000000000000000
  1002. State = 0x132ad59714e7cc77b855c7b0b365d049
  1003. Finished request 7.
  1004. Going to the next request
  1005. Waking up in 4.8 seconds.
  1006. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=21, length=205
  1007. User-Name = "alice"
  1008. NAS-IP-Address = 193.171.242.72
  1009. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  1010. NAS-Port-Type = Wireless-802.11
  1011. NAS-Port = 1
  1012. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  1013. Connect-Info = "CONNECT 54Mbps 802.11g"
  1014. Framed-MTU = 1400
  1015. EAP-Message = 0x02cd002b1900170301002084da3aff74af15c1791e733b66a3f04293d8a317ad2e9420ba1b6604d0b33571
  1016. State = 0x132ad59714e7cc77b855c7b0b365d049
  1017. Message-Authenticator = 0x7c5ccded2a726f2989d6a0d18cf67470
  1018. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  1019. +- entering group authorize {...}
  1020. ++[preprocess] returns ok
  1021. ++[chap] returns noop
  1022. ++[mschap] returns noop
  1023. ++[digest] returns noop
  1024. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  1025. [suffix] No such realm "NULL"
  1026. ++[suffix] returns noop
  1027. [eap] EAP packet type response id 205 length 43
  1028. [eap] Continuing tunnel setup.
  1029. ++[eap] returns ok
  1030. Found Auth-Type = EAP
  1031. # Executing group from file /etc/freeradius/sites-enabled/default
  1032. +- entering group authenticate {...}
  1033. [eap] Request found, released from the list
  1034. [eap] EAP/peap
  1035. [eap] processing type peap
  1036. [peap] processing EAP-TLS
  1037. [peap] eaptls_verify returned 7
  1038. [peap] Done initial handshake
  1039. [peap] eaptls_process returned 7
  1040. [peap] EAPTLS_OK
  1041. [peap] Session established. Decoding tunneled attributes.
  1042. [peap] Peap state phase2
  1043. [peap] EAP type gtc
  1044. [peap] Got tunneled request
  1045. EAP-Message = 0x02cd000806313233
  1046. server {
  1047. [peap] Setting User-Name to alice
  1048. Sending tunneled request
  1049. EAP-Message = 0x02cd000806313233
  1050. FreeRADIUS-Proxied-To = 127.0.0.1
  1051. User-Name = "alice"
  1052. State = 0xca60d996cbaddfcb8b8622953f881714
  1053. server inner-tunnel {
  1054. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  1055. +- entering group authorize {...}
  1056. ++[chap] returns noop
  1057. ++[mschap] returns noop
  1058. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  1059. [suffix] No such realm "NULL"
  1060. ++[suffix] returns noop
  1061. ++[control] returns noop
  1062. [eap] EAP packet type response id 205 length 8
  1063. [eap] No EAP Start, assuming it's an on-going EAP conversation
  1064. ++[eap] returns updated
  1065. ++[files] returns noop
  1066. ++[expiration] returns noop
  1067. ++[logintime] returns noop
  1068. ++[pap] returns noop
  1069. Found Auth-Type = EAP
  1070. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1071. +- entering group authenticate {...}
  1072. [eap] Request found, released from the list
  1073. [eap] EAP/gtc
  1074. [eap] processing type gtc
  1075. [gtc] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1076. [gtc] +- entering group PAP {...}
  1077. [pap] login attempt with password "123"
  1078. [pap] No password configured for the user. Cannot do authentication
  1079. ++[pap] returns fail
  1080. [eap] Handler failed in EAP/gtc
  1081. [eap] Failed in EAP select
  1082. ++[eap] returns invalid
  1083. Failed to authenticate the user.
  1084. } # server inner-tunnel
  1085. [peap] Got tunneled reply code 3
  1086. EAP-Message = 0x04cd0004
  1087. Message-Authenticator = 0x00000000000000000000000000000000
  1088. [peap] Got tunneled reply RADIUS code 3
  1089. EAP-Message = 0x04cd0004
  1090. Message-Authenticator = 0x00000000000000000000000000000000
  1091. [peap] Tunneled authentication was rejected.
  1092. [peap] FAILURE
  1093. ++[eap] returns handled
  1094. Sending Access-Challenge of id 21 to 192.168.1.1 port 43233
  1095. EAP-Message = 0x01ce002b1900170301002043461ef3330adccf2f2b61e09f76c6e177fb5da8652740551ca224e182082943
  1096. Message-Authenticator = 0x00000000000000000000000000000000
  1097. State = 0x132ad5971be4cc77b855c7b0b365d049
  1098. Finished request 8.
  1099. Going to the next request
  1100. Waking up in 4.8 seconds.
  1101. rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=22, length=205
  1102. User-Name = "alice"
  1103. NAS-IP-Address = 193.171.242.72
  1104. Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
  1105. NAS-Port-Type = Wireless-802.11
  1106. NAS-Port = 1
  1107. Calling-Station-Id = "C0-EE-FB-04-60-6A"
  1108. Connect-Info = "CONNECT 54Mbps 802.11g"
  1109. Framed-MTU = 1400
  1110. EAP-Message = 0x02ce002b190017030100204aed78362b6ae651fc8a2040e9822ffb18d68a039c469dc9da35aff37c4dff40
  1111. State = 0x132ad5971be4cc77b855c7b0b365d049
  1112. Message-Authenticator = 0xfd07be960a3eab39e5a889363440f778
  1113. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  1114. +- entering group authorize {...}
  1115. ++[preprocess] returns ok
  1116. ++[chap] returns noop
  1117. ++[mschap] returns noop
  1118. ++[digest] returns noop
  1119. [suffix] No '@' in User-Name = "alice", looking up realm NULL
  1120. [suffix] No such realm "NULL"
  1121. ++[suffix] returns noop
  1122. [eap] EAP packet type response id 206 length 43
  1123. [eap] Continuing tunnel setup.
  1124. ++[eap] returns ok
  1125. Found Auth-Type = EAP
  1126. # Executing group from file /etc/freeradius/sites-enabled/default
  1127. +- entering group authenticate {...}
  1128. [eap] Request found, released from the list
  1129. [eap] EAP/peap
  1130. [eap] processing type peap
  1131. [peap] processing EAP-TLS
  1132. [peap] eaptls_verify returned 7
  1133. [peap] Done initial handshake
  1134. [peap] eaptls_process returned 7
  1135. [peap] EAPTLS_OK
  1136. [peap] Session established. Decoding tunneled attributes.
  1137. [peap] Peap state send tlv failure
  1138. [peap] Received EAP-TLV response.
  1139. [peap] The users session was previously rejected: returning reject (again.)
  1140. [peap] *** This means you need to read the PREVIOUS messages in the debug output
  1141. [peap] *** to find out the reason why the user was rejected.
  1142. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
  1143. [peap] *** what went wrong, and how to fix the problem.
  1144. [eap] Handler failed in EAP/peap
  1145. [eap] Failed in EAP select
  1146. ++[eap] returns invalid
  1147. Failed to authenticate the user.
  1148. Using Post-Auth-Type Reject
  1149. # Executing group from file /etc/freeradius/sites-enabled/default
  1150. +- entering group REJECT {...}
  1151. [attr_filter.access_reject] expand: %{User-Name} -> alice
  1152. attr_filter: Matched entry DEFAULT at line 11
  1153. ++[attr_filter.access_reject] returns updated
  1154. Delaying reject of request 9 for 1 seconds
  1155. Going to the next request
  1156. Waking up in 0.9 seconds.
  1157. Sending delayed reject for request 9
  1158. Sending Access-Reject of id 22 to 192.168.1.1 port 43233
  1159. EAP-Message = 0x04ce0004
  1160. Message-Authenticator = 0x00000000000000000000000000000000
  1161. Waking up in 3.8 seconds.
  1162. Cleaning up request 0 ID 13 with timestamp +146
  1163. Cleaning up request 1 ID 14 with timestamp +146
  1164. Cleaning up request 2 ID 15 with timestamp +146
  1165. Cleaning up request 3 ID 16 with timestamp +146
  1166. Cleaning up request 4 ID 17 with timestamp +146
  1167. Cleaning up request 5 ID 18 with timestamp +146
  1168. Cleaning up request 6 ID 19 with timestamp +146
  1169. Cleaning up request 7 ID 20 with timestamp +146
  1170. Cleaning up request 8 ID 21 with timestamp +146
  1171. Waking up in 1.0 seconds.
  1172. Cleaning up request 9 ID 22 with timestamp +146
  1173. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement