Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FreeRADIUS Version 2.1.12, for host i686-pc-linux-gnu, built on Feb 27 2015 at 1 2:38:42
- Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License v2.
- Starting - reading configuration files ...
- including configuration file /etc/freeradius/radiusd.conf
- including configuration file /etc/freeradius/proxy.conf
- including configuration file /etc/freeradius/clients.conf
- including files in directory /etc/freeradius/modules/
- including configuration file /etc/freeradius/modules/detail
- including configuration file /etc/freeradius/modules/cui
- including configuration file /etc/freeradius/modules/smsotp
- including configuration file /etc/freeradius/modules/expiration
- including configuration file /etc/freeradius/modules/unix
- including configuration file /etc/freeradius/modules/replicate
- including configuration file /etc/freeradius/modules/detail.example.com
- including configuration file /etc/freeradius/modules/passwd
- including configuration file /etc/freeradius/modules/opendirectory
- including configuration file /etc/freeradius/modules/ippool
- including configuration file /etc/freeradius/modules/chap
- including configuration file /etc/freeradius/modules/mschap
- including configuration file /etc/freeradius/modules/soh
- including configuration file /etc/freeradius/modules/etc_group
- including configuration file /etc/freeradius/modules/logintime
- including configuration file /etc/freeradius/modules/radutmp
- including configuration file /etc/freeradius/modules/exec
- including configuration file /etc/freeradius/modules/counter
- including configuration file /etc/freeradius/modules/inner-eap
- including configuration file /etc/freeradius/modules/mac2vlan
- including configuration file /etc/freeradius/modules/files
- including configuration file /etc/freeradius/modules/perl
- including configuration file /etc/freeradius/modules/mac2ip
- including configuration file /etc/freeradius/modules/krb5
- including configuration file /etc/freeradius/modules/ntlm_auth
- including configuration file /etc/freeradius/modules/preprocess
- including configuration file /etc/freeradius/modules/ldap
- including configuration file /etc/freeradius/modules/sql_log
- including configuration file /etc/freeradius/modules/dynamic_clients
- including configuration file /etc/freeradius/modules/policy
- including configuration file /etc/freeradius/modules/smbpasswd
- including configuration file /etc/freeradius/modules/linelog
- including configuration file /etc/freeradius/modules/pap
- including configuration file /etc/freeradius/modules/sradutmp
- including configuration file /etc/freeradius/modules/always
- including configuration file /etc/freeradius/modules/pam
- including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
- including configuration file /etc/freeradius/modules/echo
- including configuration file /etc/freeradius/modules/rediswho
- including configuration file /etc/freeradius/modules/redis
- including configuration file /etc/freeradius/modules/attr_rewrite
- including configuration file /etc/freeradius/modules/realm
- including configuration file /etc/freeradius/modules/attr_filter
- including configuration file /etc/freeradius/modules/expr
- including configuration file /etc/freeradius/modules/otp
- including configuration file /etc/freeradius/modules/detail.log
- including configuration file /etc/freeradius/modules/digest
- including configuration file /etc/freeradius/modules/wimax
- including configuration file /etc/freeradius/modules/acct_unique
- including configuration file /etc/freeradius/modules/checkval
- including configuration file /etc/freeradius/eap.conf
- including configuration file /etc/freeradius/policy.conf
- including files in directory /etc/freeradius/sites-enabled/
- including configuration file /etc/freeradius/sites-enabled/default
- including configuration file /etc/freeradius/sites-enabled/inner-tunnel
- main {
- user = "freerad"
- group = "freerad"
- allow_core_dumps = no
- }
- including dictionary file /etc/freeradius/dictionary
- main {
- name = "freeradius"
- prefix = "/usr"
- localstatedir = "/var"
- sbindir = "/usr/sbin"
- logdir = "/var/log/freeradius"
- run_dir = "/var/run/freeradius"
- libdir = "/usr/lib/freeradius"
- radacctdir = "/var/log/freeradius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- pidfile = "/var/run/freeradius/freeradius.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = no
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- require_message_authenticator = yes
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- coa {
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "testing123"
- nastype = "other"
- }
- client 192.168.1.0/24 {
- require_message_authenticator = no
- secret = "testing123"
- shortname = "private-network-1"
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- }
- Module: Linked to module rlm_expr
- Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
- Module: Linked to module rlm_expiration
- Module: Instantiating module "expiration" from file /etc/freeradius/modules/exp iration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating module "logintime" from file /etc/freeradius/modules/logi ntime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server { # from file /etc/freeradius/radiusd.conf
- modules {
- Module: Creating Auth-Type = digest
- Module: Creating Auth-Type = LDAP
- Module: Creating Post-Auth-Type = REJECT
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_pap
- Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
- Module: Linked to module rlm_mschap
- Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = no
- allow_retry = yes
- }
- Module: Linked to module rlm_digest
- Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
- Module: Linked to module rlm_unix
- Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
- unix {
- radwtmp = "/var/log/freeradius/radwtmp"
- }
- Module: Linked to module rlm_ldap
- Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
- ldap {
- server = "192.168.1.110"
- port = 389
- password = "M13n14e5"
- identity = "cn=admin,dc=example,dc=com"
- net_timeout = 1
- timeout = 4
- timelimit = 3
- tls_mode = no
- start_tls = no
- tls_require_cert = "allow"
- tls {
- start_tls = no
- require_cert = "allow"
- }
- basedn = "ou=people,dc=example,dc=com"
- filter = "(uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}})"
- base_filter = "(objectclass=radiusprofile)"
- auto_header = no
- access_attr_used_for_allow = yes
- groupname_attribute = "cn"
- groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-U serDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
- dictionary_mapping = "/etc/freeradius/ldap.attrmap"
- ldap_debug = 0
- ldap_connections_number = 5
- compare_check_items = no
- do_xlat = yes
- edir_account_policy_check = no
- set_auth_type = yes
- keepalive {
- idle = 60
- probes = 3
- interval = 3
- }
- }
- rlm_ldap: Registering ldap_groupcmp for Ldap-Group
- rlm_ldap: Registering ldap_xlat with xlat_name ldap
- rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
- rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
- rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
- rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
- rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
- rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
- rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
- rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
- rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
- rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
- rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
- rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
- rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
- rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
- rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
- rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
- rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
- rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
- rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
- rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
- rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
- rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
- rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
- rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
- rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
- rlm_ldap: LDAP radiusClass mapped to RADIUS Class
- rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
- rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
- rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
- rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
- rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
- rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
- rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
- rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Ne twork
- rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
- rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
- rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
- rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
- rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
- rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
- rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group- Id
- conns: 0x99993f0
- Module: Linked to module rlm_eap
- Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
- eap {
- default_eap_type = "md5"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 4096
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- Module: Linked to sub-module rlm_eap_tls
- Module: Instantiating eap-tls
- tls {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- CA_path = "/etc/freeradius/certs"
- pem_file_type = yes
- private_key_file = "/etc/freeradius/certs/server.key"
- certificate_file = "/etc/freeradius/certs/server.pem"
- CA_file = "/etc/freeradius/certs/ca.pem"
- private_key_password = "whatever"
- dh_file = "/etc/freeradius/certs/dh"
- random_file = "/dev/urandom"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- cipher_list = "DEFAULT"
- make_cert_command = "/etc/freeradius/certs/bootstrap"
- ecdh_curve = "prime256v1"
- cache {
- enable = no
- lifetime = 24
- max_entries = 255
- }
- verify {
- }
- ocsp {
- enable = no
- override_cert_url = yes
- url = "http://127.0.0.1/ocsp/"
- }
- }
- Module: Linked to sub-module rlm_eap_ttls
- Module: Instantiating eap-ttls
- ttls {
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- }
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- soh = no
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- send_error = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating module "preprocess" from file /etc/freeradius/modules/pre process
- preprocess {
- huntgroups = "/etc/freeradius/huntgroups"
- hints = "/etc/freeradius/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- Module: Linked to module rlm_realm
- Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_files
- Module: Instantiating module "files" from file /etc/freeradius/modules/files
- files {
- usersfile = "/etc/freeradius/users"
- acctusersfile = "/etc/freeradius/acct_users"
- preproxy_usersfile = "/etc/freeradius/preproxy_users"
- compat = "no"
- }
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/ac ct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NA S-Port"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_detail
- Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
- detail {
- detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{ Packet-Src-IPv6-Address}}/detail-%Y%m%d"
- header = "%t"
- detailperm = 384
- dirperm = 493
- locking = no
- log_packet_header = no
- }
- Module: Linked to module rlm_radutmp
- Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutm p
- radutmp {
- filename = "/var/log/freeradius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Linked to module rlm_attr_filter
- Module: Instantiating module "attr_filter.accounting_response" from file /etc/f reeradius/modules/attr_filter
- attr_filter attr_filter.accounting_response {
- attrsfile = "/etc/freeradius/attrs.accounting_response"
- key = "%{User-Name}"
- relaxed = no
- }
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Linked to module rlm_ippool
- Module: Instantiating module "main_pool" from file /etc/freeradius/modules/ippo ol
- ippool main_pool {
- session-db = "/etc/freeradius/db.ippool"
- ip-index = "/etc/freeradius/db.ipindex"
- key = "%{NAS-IP-Address} %{NAS-Port}"
- range-start = 192.168.1.1
- range-stop = 192.168.3.254
- netmask = 255.255.255.0
- cache-size = 800
- override = no
- maximum-timeout = 0
- }
- Module: Instantiating module "attr_filter.access_reject" from file /etc/freerad ius/modules/attr_filter
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/freeradius/attrs.access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- } # modules
- } # server
- server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- listen {
- type = "auth"
- ipaddr = 127.0.0.1
- port = 18120
- }
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
- Ready to process requests.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=13, length=154
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02c5000a01616c696365
- Message-Authenticator = 0x8ccc4ffd253e776d923fa0bd1bb76135
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 197 length 10
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- [ldap] performing user authorization for alice
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> alice
- [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
- [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] attempting LDAP reconnection
- [ldap] (re)connect to 192.168.1.110:389, authentication 0
- [ldap] bind as cn=admin,dc=example,dc=com/M13n14e5 to 192.168.1.110:389
- [ldap] waiting for bind result ...
- [ldap] Bind was successful
- [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
- [ldap] No default NMAS login sequence
- [ldap] looking for check items in directory...
- [ldap] userPassword -> Password-With-Header == "123"
- [ldap] looking for reply items in directory...
- [ldap] user alice authorized to use remote access
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] Failed to decode Password-With-Header = "123"
- [pap] WARNING: Auth-Type already set. Not setting to PAP
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type md5
- rlm_eap_md5: Issuing Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 13 to 192.168.1.1 port 43233
- EAP-Message = 0x01c6001604108e1ae796413fe2e1c87441622675b0c0
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad59713ecd177b855c7b0b365d049
- Finished request 0.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=14, length=168
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02c600060319
- State = 0x132ad59713ecd177b855c7b0b365d049
- Message-Authenticator = 0x8812aa3e8398a053c40c41cfc5d40d30
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 198 length 6
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- [ldap] performing user authorization for alice
- [ldap] expand: %{Stripped-User-Name} ->
- [ldap] ... expanding second conditional
- [ldap] expand: %{User-Name} -> alice
- [ldap] expand: (uniqueIdentifier=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uniqueIdentifier=alice)
- [ldap] expand: ou=people,dc=example,dc=com -> ou=people,dc=example,dc=com
- [ldap] ldap_get_conn: Checking Id: 0
- [ldap] ldap_get_conn: Got Id: 0
- [ldap] performing search in ou=people,dc=example,dc=com, with filter (uniqueIdentifier=alice)
- [ldap] No default NMAS login sequence
- [ldap] looking for check items in directory...
- [ldap] userPassword -> Password-With-Header == "123"
- [ldap] looking for reply items in directory...
- [ldap] user alice authorized to use remote access
- [ldap] ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] Failed to decode Password-With-Header = "123"
- [pap] WARNING: Auth-Type already set. Not setting to PAP
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP NAK
- [eap] EAP-NAK asked for EAP-Type/peap
- [eap] processing type tls
- [tls] Initiate
- [tls] Start returned 1
- ++[eap] returns handled
- Sending Access-Challenge of id 14 to 192.168.1.1 port 43233
- EAP-Message = 0x01c700061920
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad59712edcc77b855c7b0b365d049
- Finished request 1.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=15, length=358
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02c700c41980000000ba16030100b5010000b1030117d919090853e344ab39a82bec22927358a2a1056500fdd9fb648cf00475bb7e000048c014c00a00390038c00fc0050035c013c00900330032c00ec004002fc011c007c00cc00200050004c012c00800160013c00dc003000a0015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
- State = 0x132ad59712edcc77b855c7b0b365d049
- Message-Authenticator = 0x476d841fec307e168c9b1ef62c53b142
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 199 length 196
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 186
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] (other): before/accept initialization
- [peap] TLS_accept: before/accept initialization
- [peap] <<< TLS 1.0 Handshake [length 00b5], ClientHello
- [peap] TLS_accept: SSLv3 read client hello A
- [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
- [peap] TLS_accept: SSLv3 write server hello A
- [peap] >>> TLS 1.0 Handshake [length 02ca], Certificate
- [peap] TLS_accept: SSLv3 write certificate A
- [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
- [peap] TLS_accept: SSLv3 write key exchange A
- [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
- [peap] TLS_accept: SSLv3 write server done A
- [peap] TLS_accept: SSLv3 flush data
- [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
- In SSL Handshake Phase
- In SSL Accept mode
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 15 to 192.168.1.1 port 43233
- EAP-Message = 0x01c8040019c0000004661603010039020000350301dc858d50fd51985b142da3a4c0ae344a92f323cb6ce651a3ef05a71576f4edd200c01400000dff01000100000b00040300010216030102ca0b0002c60002c30002c0308202bc308201a4a003020102020900d8fffb2ce37c816e300d06092a864886f70d01010b05003016311430120603550403130b6c696e7578736572766572301e170d3135313031383232343233315a170d3235313031353232343233315a3016311430120603550403130b6c696e757873657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100a33f4717e994096300100201c659
- EAP-Message = 0xe060f87a80c37f446fcf399b0e38865bbeccd402a792060d7fad938aa8e618ab69f092c4e66a5566944ea8889951f7455e26d8c16c5caf44cb77ada6b22c8f09395d088389c807f05795993131216f529f03f026f201d132b2d46792e5e061715d57d789ad2635913be9f2707edb56ec46640d5e7e10114fdd926aeb077219288e12def007c276cb094492f6324177a34acc4f6bd0ae42bd33f8c146c3459a6729fbae330a50c850c6168f639393b1df61b4844ba3817c1d1ae9372fd748974b759fe004fc7896fd836cf2c451b9b839676a7daf3f159a25556786004477806a2d7e4533082fc65f54ff962c9d8b1b4024970203010001a30d300b3009
- EAP-Message = 0x0603551d1304023000300d06092a864886f70d01010b05000382010100096042f13ba70b77da7f7776664837865d6e5aba369ec417a35b2dfb7a133d3e8dbd5a8206112ae45d2e0f5229c6dd6af7d2c65d069127bf4d14310362320ccc6cfe604c84afbe9a710450c7ba8e2566e796339ce6755e475cd617e238979ae4105bba8a4cee6beef40b73284a9a8543f468c285cb57e2c8a6793fce7adcca70b61097bda46ba3574a27f57f3d41644325f77342426e67866d0ba1278cf42078042a82e87fbaa3e60c443411c954bee628f20b5cccbd9a4d366724f7306bb12f91dd12388cdf83d83407aa0d9cf73b114f7000b1e6ff7bceffce75b3fee35aed
- EAP-Message = 0x73d9164c24d9786fdab5a9db0ab89f202f96f6cd0be79956fa33fe13644244ad160301014b0c0001470300174104e6e857836a3ded77a34b7e371dce3690630408acd4abb4792468e22a0e03560126f764174dd8c1069372097beb833ae3ba13de94c462947da00dcca52c973bd101009498fa15bb9382adb9c985f5fc48368a0b3dcc15181bb9aa510abccefc2cc6ff8d8be4d116cc555821edb92ed04360c0a95ca4a61588775a5bc5b2203619c7aeadc6490c876a68770ab5efaad768da56fff676aa90af8a69c1edc1c65514ce617d36681746a8f48f6c9a796b7bce37e9c1baee9d3e12d60e125c24fecb89d3eb658130686640d9afc291f66b58
- EAP-Message = 0x9d68424206ec4ca4d07e8ba3
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad59711e2cc77b855c7b0b365d049
- Finished request 2.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=16, length=168
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02c800061900
- State = 0x132ad59711e2cc77b855c7b0b365d049
- Message-Authenticator = 0xe22a4dd9ee05350e65fe3461973c8b3c
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 200 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 16 to 192.168.1.1 port 43233
- EAP-Message = 0x01c9007619006a1e2796b7aacdf861c55711084d0d2269ccf08d793151b63ecd49d0d58410268f350c5b1a416beaadfde05f884af01bfeb2fbebe134c32e9a1a0d012a4a91ec6c647b21c8a8bb8a0227cb22f3ac0132387a18cc91042d020e39edd45108184a61c9c5f2854f4016030100040e000000
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad59710e3cc77b855c7b0b365d049
- Finished request 3.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=17, length=306
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02c9009019800000008616030100461000004241045e27e0dcba4be960a43e3eae8fc835338ae29ab8403975fbae1a48ea30f6adde3ea24bc0aaa39ef24a591e5c5d6332f61db9a082ce11077cde3f134e99644efa1403010001011603010030269410f33e5ae66f0543460effa4c22be587910c9741182d7d15d6f272fed336393cbce7d4f1fbbd28f9214eec60d76f
- State = 0x132ad59710e3cc77b855c7b0b365d049
- Message-Authenticator = 0x0129a7f45692dbf77f01848317c9a753
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 201 length 144
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 134
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
- [peap] TLS_accept: SSLv3 read client key exchange A
- [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] <<< TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: SSLv3 read finished A
- [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] TLS_accept: SSLv3 write change cipher spec A
- [peap] >>> TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: SSLv3 write finished A
- [peap] TLS_accept: SSLv3 flush data
- [peap] (other): SSL negotiation finished successfully
- SSL Connection Established
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 17 to 192.168.1.1 port 43233
- EAP-Message = 0x01ca0041190014030100010116030100302a406248cd0e0e7f8ff4ed29ff4d40ef372a314bdd40d591fc01d2bd82ab84d6ab52213d9c9652558c8409b950144152
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad59717e0cc77b855c7b0b365d049
- Finished request 4.
- Going to the next request
- Waking up in 4.8 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=18, length=168
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02ca00061900
- State = 0x132ad59717e0cc77b855c7b0b365d049
- Message-Authenticator = 0x9392cce2c83165e548d338dd4e6d9048
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 202 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake is finished
- [peap] eaptls_verify returned 3
- [peap] eaptls_process returned 3
- [peap] EAPTLS_SUCCESS
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state TUNNEL ESTABLISHED
- ++[eap] returns handled
- Sending Access-Challenge of id 18 to 192.168.1.1 port 43233
- EAP-Message = 0x01cb002b190017030100204bc2991fcaea9604f4383f622a6df726889959d28411fe8c3b9706ff25237c46
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad59716e1cc77b855c7b0b365d049
- Finished request 5.
- Going to the next request
- Waking up in 4.8 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=19, length=205
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02cb002b1900170301002010b621fb94a16d0dcbe24745c7054158401ecfd8e495a525bbc63c7ba0878385
- State = 0x132ad59716e1cc77b855c7b0b365d049
- Message-Authenticator = 0xb004f20fa2372a26ee71397f4bbe065c
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 203 length 43
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state WAITING FOR INNER IDENTITY
- [peap] Identity - alice
- [peap] Got inner identity 'alice'
- [peap] Setting default EAP type for tunneled EAP session.
- [peap] Got tunneled request
- EAP-Message = 0x02cb000a01616c696365
- server {
- [peap] Setting User-Name to alice
- Sending tunneled request
- EAP-Message = 0x02cb000a01616c696365
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "alice"
- server inner-tunnel {
- # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 203 length 10
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type mschapv2
- rlm_eap_mschapv2: Issuing Challenge
- ++[eap] returns handled
- } # server inner-tunnel
- [peap] Got tunneled reply code 11
- EAP-Message = 0x01cc001f1a01cc001a1067296be9e3620b79d7395850d2245e72616c696365
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xca60d996caacc3cb8b8622953f881714
- [peap] Got tunneled reply RADIUS code 11
- EAP-Message = 0x01cc001f1a01cc001a1067296be9e3620b79d7395850d2245e72616c696365
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xca60d996caacc3cb8b8622953f881714
- [peap] Got tunneled Access-Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 19 to 192.168.1.1 port 43233
- EAP-Message = 0x01cc003b19001703010030599d1f539210879f90eead60dace903b038134c9cb71974da9675c0b62e210d17324491e3ca281ee5686ed1cc8ae4272
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad59715e6cc77b855c7b0b365d049
- Finished request 6.
- Going to the next request
- Waking up in 4.8 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=20, length=205
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02cc002b19001703010020e62e8de7e9460f344f134d0a6c5729365e51161c028a2a0ce265b7f8e0e1117c
- State = 0x132ad59715e6cc77b855c7b0b365d049
- Message-Authenticator = 0x1948854479f3a1fa688f62537e7dbf2f
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 204 length 43
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state phase2
- [peap] EAP type nak
- [peap] Got tunneled request
- EAP-Message = 0x02cc00060306
- server {
- [peap] Setting User-Name to alice
- Sending tunneled request
- EAP-Message = 0x02cc00060306
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "alice"
- State = 0xca60d996caacc3cb8b8622953f881714
- server inner-tunnel {
- # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 204 length 6
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP NAK
- [eap] EAP-NAK asked for EAP-Type/gtc
- [eap] processing type gtc
- [gtc] expand: Password: -> Password:
- ++[eap] returns handled
- } # server inner-tunnel
- [peap] Got tunneled reply code 11
- EAP-Message = 0x01cd000f0650617373776f72643a20
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xca60d996cbaddfcb8b8622953f881714
- [peap] Got tunneled reply RADIUS code 11
- EAP-Message = 0x01cd000f0650617373776f72643a20
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xca60d996cbaddfcb8b8622953f881714
- [peap] Got tunneled Access-Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 20 to 192.168.1.1 port 43233
- EAP-Message = 0x01cd002b19001703010020a4194d2e326da9ee4e6cd69a873265ea7aff51db7858f3b7441ea4c27530288b
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad59714e7cc77b855c7b0b365d049
- Finished request 7.
- Going to the next request
- Waking up in 4.8 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=21, length=205
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02cd002b1900170301002084da3aff74af15c1791e733b66a3f04293d8a317ad2e9420ba1b6604d0b33571
- State = 0x132ad59714e7cc77b855c7b0b365d049
- Message-Authenticator = 0x7c5ccded2a726f2989d6a0d18cf67470
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 205 length 43
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state phase2
- [peap] EAP type gtc
- [peap] Got tunneled request
- EAP-Message = 0x02cd000806313233
- server {
- [peap] Setting User-Name to alice
- Sending tunneled request
- EAP-Message = 0x02cd000806313233
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "alice"
- State = 0xca60d996cbaddfcb8b8622953f881714
- server inner-tunnel {
- # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 205 length 8
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/gtc
- [eap] processing type gtc
- [gtc] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- [gtc] +- entering group PAP {...}
- [pap] login attempt with password "123"
- [pap] No password configured for the user. Cannot do authentication
- ++[pap] returns fail
- [eap] Handler failed in EAP/gtc
- [eap] Failed in EAP select
- ++[eap] returns invalid
- Failed to authenticate the user.
- } # server inner-tunnel
- [peap] Got tunneled reply code 3
- EAP-Message = 0x04cd0004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Got tunneled reply RADIUS code 3
- EAP-Message = 0x04cd0004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Tunneled authentication was rejected.
- [peap] FAILURE
- ++[eap] returns handled
- Sending Access-Challenge of id 21 to 192.168.1.1 port 43233
- EAP-Message = 0x01ce002b1900170301002043461ef3330adccf2f2b61e09f76c6e177fb5da8652740551ca224e182082943
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x132ad5971be4cc77b855c7b0b365d049
- Finished request 8.
- Going to the next request
- Waking up in 4.8 seconds.
- rad_recv: Access-Request packet from host 192.168.1.1 port 43233, id=22, length=205
- User-Name = "alice"
- NAS-IP-Address = 193.171.242.72
- Called-Station-Id = "A2-F3-C1-67-EC-68:MNE-Guests"
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 1
- Calling-Station-Id = "C0-EE-FB-04-60-6A"
- Connect-Info = "CONNECT 54Mbps 802.11g"
- Framed-MTU = 1400
- EAP-Message = 0x02ce002b190017030100204aed78362b6ae651fc8a2040e9822ffb18d68a039c469dc9da35aff37c4dff40
- State = 0x132ad5971be4cc77b855c7b0b365d049
- Message-Authenticator = 0xfd07be960a3eab39e5a889363440f778
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "alice", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 206 length 43
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state send tlv failure
- [peap] Received EAP-TLV response.
- [peap] The users session was previously rejected: returning reject (again.)
- [peap] *** This means you need to read the PREVIOUS messages in the debug output
- [peap] *** to find out the reason why the user was rejected.
- [peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
- [peap] *** what went wrong, and how to fix the problem.
- [eap] Handler failed in EAP/peap
- [eap] Failed in EAP select
- ++[eap] returns invalid
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group REJECT {...}
- [attr_filter.access_reject] expand: %{User-Name} -> alice
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] returns updated
- Delaying reject of request 9 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 9
- Sending Access-Reject of id 22 to 192.168.1.1 port 43233
- EAP-Message = 0x04ce0004
- Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 3.8 seconds.
- Cleaning up request 0 ID 13 with timestamp +146
- Cleaning up request 1 ID 14 with timestamp +146
- Cleaning up request 2 ID 15 with timestamp +146
- Cleaning up request 3 ID 16 with timestamp +146
- Cleaning up request 4 ID 17 with timestamp +146
- Cleaning up request 5 ID 18 with timestamp +146
- Cleaning up request 6 ID 19 with timestamp +146
- Cleaning up request 7 ID 20 with timestamp +146
- Cleaning up request 8 ID 21 with timestamp +146
- Waking up in 1.0 seconds.
- Cleaning up request 9 ID 22 with timestamp +146
- Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement