API tools faq
paste
Advertisement
Guest User

PEAP, Android

a guest
Jun 28th, 2016
302
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 50.05 KB | None | 0 0
raw download clone embed print report
  1. root@s1:/var/lib/dpkg/info# freeradius -X
  2. freeradius: FreeRADIUS Version 2.2.8, for host i686-pc-linux-gnu, built on Apr 5 2016 at 13:39:42
  3. Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
  4. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  5. PARTICULAR PURPOSE.
  6. You may redistribute copies of FreeRADIUS under the terms of the
  7. GNU General Public License.
  8. For more information about these matters, see the file named COPYRIGHT.
  9. Starting - reading configuration files ...
  10. including configuration file /etc/freeradius/radiusd.conf
  11. including configuration file /etc/freeradius/proxy.conf
  12. including configuration file /etc/freeradius/clients.conf
  13. including files in directory /etc/freeradius/modules/
  14. including configuration file /etc/freeradius/modules/cache
  15. including configuration file /etc/freeradius/modules/mac2ip
  16. including configuration file /etc/freeradius/modules/replicate
  17. including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
  18. including configuration file /etc/freeradius/modules/preprocess
  19. including configuration file /etc/freeradius/modules/ldap
  20. including configuration file /etc/freeradius/modules/ntlm_auth
  21. including configuration file /etc/freeradius/modules/always
  22. including configuration file /etc/freeradius/modules/ippool
  23. including configuration file /etc/freeradius/modules/dhcp_sqlippool
  24. including configuration file /etc/freeradius/modules/detail.log
  25. including configuration file /etc/freeradius/modules/digest
  26. including configuration file /etc/freeradius/modules/rediswho
  27. including configuration file /etc/freeradius/modules/policy
  28. including configuration file /etc/freeradius/modules/chap
  29. including configuration file /etc/freeradius/modules/checkval
  30. including configuration file /etc/freeradius/modules/radutmp
  31. including configuration file /etc/freeradius/modules/expiration
  32. including configuration file /etc/freeradius/modules/files
  33. including configuration file /etc/freeradius/modules/echo
  34. including configuration file /etc/freeradius/modules/detail.example.com
  35. including configuration file /etc/freeradius/modules/realm
  36. including configuration file /etc/freeradius/modules/otp
  37. including configuration file /etc/freeradius/modules/perl
  38. including configuration file /etc/freeradius/modules/attr_rewrite
  39. including configuration file /etc/freeradius/modules/pap
  40. including configuration file /etc/freeradius/modules/cui
  41. including configuration file /etc/freeradius/modules/smsotp
  42. including configuration file /etc/freeradius/modules/sql_log
  43. including configuration file /etc/freeradius/modules/passwd
  44. including configuration file /etc/freeradius/modules/acct_unique
  45. including configuration file /etc/freeradius/modules/dynamic_clients
  46. including configuration file /etc/freeradius/modules/opendirectory
  47. including configuration file /etc/freeradius/modules/krb5
  48. including configuration file /etc/freeradius/modules/expr
  49. including configuration file /etc/freeradius/modules/detail
  50. including configuration file /etc/freeradius/modules/soh
  51. including configuration file /etc/freeradius/modules/attr_filter
  52. including configuration file /etc/freeradius/modules/mschap
  53. including configuration file /etc/freeradius/modules/sradutmp
  54. including configuration file /etc/freeradius/modules/radrelay
  55. including configuration file /etc/freeradius/modules/etc_group
  56. including configuration file /etc/freeradius/modules/smbpasswd
  57. including configuration file /etc/freeradius/modules/counter
  58. including configuration file /etc/freeradius/modules/unix
  59. including configuration file /etc/freeradius/modules/wimax
  60. including configuration file /etc/freeradius/modules/mac2vlan
  61. including configuration file /etc/freeradius/modules/inner-eap
  62. including configuration file /etc/freeradius/modules/exec
  63. including configuration file /etc/freeradius/modules/linelog
  64. including configuration file /etc/freeradius/modules/redis
  65. including configuration file /etc/freeradius/modules/pam
  66. including configuration file /etc/freeradius/modules/logintime
  67. including configuration file /etc/freeradius/eap.conf
  68. including configuration file /etc/freeradius/policy.conf
  69. including files in directory /etc/freeradius/sites-enabled/
  70. including configuration file /etc/freeradius/sites-enabled/inner-tunnel
  71. including configuration file /etc/freeradius/sites-enabled/default
  72. main {
  73. user = "freerad"
  74. group = "freerad"
  75. allow_core_dumps = no
  76. }
  77. including dictionary file /etc/freeradius/dictionary
  78. main {
  79. name = "freeradius"
  80. prefix = "/usr"
  81. localstatedir = "/var"
  82. sbindir = "/usr/sbin"
  83. logdir = "/var/log/freeradius"
  84. run_dir = "/var/run/freeradius"
  85. libdir = "/usr/lib/freeradius"
  86. radacctdir = "/var/log/freeradius/radacct"
  87. hostname_lookups = no
  88. max_request_time = 30
  89. cleanup_delay = 5
  90. max_requests = 1024
  91. pidfile = "/var/run/freeradius/freeradius.pid"
  92. checkrad = "/usr/sbin/checkrad"
  93. debug_level = 0
  94. proxy_requests = yes
  95. log {
  96. stripped_names = no
  97. auth = no
  98. auth_badpass = no
  99. auth_goodpass = no
  100. }
  101. security {
  102. max_attributes = 200
  103. reject_delay = 1
  104. status_server = yes
  105. allow_vulnerable_openssl = no
  106. }
  107. }
  108. radiusd: #### Loading Realms and Home Servers ####
  109. proxy server {
  110. retry_delay = 5
  111. retry_count = 3
  112. default_fallback = no
  113. dead_time = 120
  114. wake_all_if_all_dead = no
  115. }
  116. home_server localhost {
  117. ipaddr = 127.0.0.1
  118. port = 1812
  119. type = "auth"
  120. secret = "testing123"
  121. response_window = 20
  122. max_outstanding = 65536
  123. require_message_authenticator = yes
  124. zombie_period = 40
  125. status_check = "status-server"
  126. ping_interval = 30
  127. check_interval = 30
  128. num_answers_to_alive = 3
  129. num_pings_to_alive = 3
  130. revive_interval = 120
  131. status_check_timeout = 4
  132. coa {
  133. irt = 2
  134. mrt = 16
  135. mrc = 5
  136. mrd = 30
  137. }
  138. }
  139. home_server_pool my_auth_failover {
  140. type = fail-over
  141. home_server = localhost
  142. }
  143. realm example.com {
  144. auth_pool = my_auth_failover
  145. }
  146. realm LOCAL {
  147. }
  148. radiusd: #### Loading Clients ####
  149. client localhost {
  150. ipaddr = 127.0.0.1
  151. require_message_authenticator = no
  152. secret = "testing123"
  153. nastype = "other"
  154. }
  155. client 192.168.1.0/24 {
  156. require_message_authenticator = no
  157. secret = "M13n14e5"
  158. nastype = "other"
  159. }
  160. radiusd: #### Instantiating modules ####
  161. instantiate {
  162. Module: Linked to module rlm_exec
  163. Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
  164. exec {
  165. wait = no
  166. input_pairs = "request"
  167. shell_escape = yes
  168. timeout = 10
  169. }
  170. Module: Linked to module rlm_expr
  171. Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
  172. Module: Linked to module rlm_expiration
  173. Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
  174. expiration {
  175. reply-message = "Password Has Expired "
  176. }
  177. Module: Linked to module rlm_logintime
  178. Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
  179. logintime {
  180. reply-message = "You are calling outside your allowed timespan "
  181. minimum-timeout = 60
  182. }
  183. }
  184. radiusd: #### Loading Virtual Servers ####
  185. server { # from file /etc/freeradius/radiusd.conf
  186. modules {
  187. Module: Creating Auth-Type = digest
  188. Module: Creating Auth-Type = LDAP
  189. Module: Checking authenticate {...} for more modules to load
  190. Module: Linked to module rlm_pap
  191. Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
  192. pap {
  193. encryption_scheme = "auto"
  194. auto_header = no
  195. }
  196. Module: Linked to module rlm_chap
  197. Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
  198. Module: Linked to module rlm_mschap
  199. Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
  200. mschap {
  201. use_mppe = yes
  202. require_encryption = no
  203. require_strong = no
  204. with_ntdomain_hack = no
  205. allow_retry = yes
  206. }
  207. Module: Linked to module rlm_digest
  208. Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
  209. Module: Linked to module rlm_unix
  210. Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
  211. unix {
  212. radwtmp = "/var/log/freeradius/radwtmp"
  213. }
  214. Module: Linked to module rlm_ldap
  215. Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
  216. ldap {
  217. server = "s1.noureldin.local"
  218. port = 389
  219. password = "p@s$W0rd"
  220. expect_password = yes
  221. identity = "cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local"
  222. net_timeout = 1
  223. timeout = 4
  224. timelimit = 3
  225. max_uses = 0
  226. tls_mode = no
  227. start_tls = no
  228. tls_require_cert = "allow"
  229. tls {
  230. start_tls = yes
  231. cacertfile = "/etc/ssl/noureldin/certs/ca.crt"
  232. cacertdir = "/etc/ssl/noureldin/certs/"
  233. certfile = "/etc/ssl/noureldin/certs/freeradius.crt"
  234. keyfile = "/etc/ssl/noureldin/private/freeradius.key"
  235. randfile = "/dev/urandom"
  236. require_cert = "allow"
  237. }
  238. basedn = "ou=Users,ou=S1,DC=noureldin,DC=local"
  239. filter = "(samAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
  240. base_filter = "(objectclass=radiusprofile)"
  241. auto_header = no
  242. access_attr_used_for_allow = yes
  243. groupname_attribute = "cn"
  244. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  245. dictionary_mapping = "/etc/freeradius/ldap.attrmap"
  246. ldap_debug = 0
  247. ldap_connections_number = 5
  248. compare_check_items = no
  249. do_xlat = yes
  250. edir_account_policy_check = no
  251. set_auth_type = yes
  252. keepalive {
  253. idle = 60
  254. probes = 3
  255. interval = 3
  256. }
  257. }
  258. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  259. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  260. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
  261. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  262. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  263. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  264. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  265. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  266. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  267. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  268. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  269. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  270. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  271. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  272. rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
  273. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  274. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  275. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  276. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  277. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  278. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  279. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  280. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  281. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  282. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  283. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  284. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  285. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  286. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  287. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  288. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  289. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  290. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  291. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  292. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  293. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  294. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  295. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  296. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  297. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  298. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  299. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  300. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  301. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  302. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  303. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  304. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  305. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  306. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
  307. conns: 0x8617b38
  308. Module: Linked to module rlm_eap
  309. Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
  310. eap {
  311. default_eap_type = "peap"
  312. timer_expire = 60
  313. ignore_unknown_eap_types = no
  314. cisco_accounting_username_bug = no
  315. max_sessions = 1024
  316. }
  317. Module: Linked to sub-module rlm_eap_md5
  318. Module: Instantiating eap-md5
  319. Module: Linked to sub-module rlm_eap_leap
  320. Module: Instantiating eap-leap
  321. Module: Linked to sub-module rlm_eap_gtc
  322. Module: Instantiating eap-gtc
  323. gtc {
  324. challenge = "Password: "
  325. auth_type = "PAP"
  326. }
  327. Module: Linked to sub-module rlm_eap_tls
  328. Module: Instantiating eap-tls
  329. tls {
  330. rsa_key_exchange = no
  331. dh_key_exchange = yes
  332. rsa_key_length = 512
  333. dh_key_length = 512
  334. verify_depth = 0
  335. CA_path = "/etc/ssl/noureldin/certs"
  336. pem_file_type = yes
  337. private_key_file = "/etc/ssl/noureldin/private/freeradius.key"
  338. certificate_file = "/etc/ssl/noureldin/certs/freeradius.crt"
  339. private_key_password = ""
  340. dh_file = "/etc/ssl/noureldin/private/dh2048.pem"
  341. random_file = "/dev/urandom"
  342. fragment_size = 1024
  343. include_length = yes
  344. check_crl = no
  345. check_all_crl = no
  346. cipher_list = "DEFAULT"
  347. make_cert_command = "/etc/ssl/noureldin/certs/bootstrap"
  348. ecdh_curve = "prime256v1"
  349. cache {
  350. enable = no
  351. lifetime = 24
  352. max_entries = 255
  353. }
  354. verify {
  355. }
  356. ocsp {
  357. enable = no
  358. override_cert_url = yes
  359. url = "http://127.0.0.1/ocsp/"
  360. use_nonce = yes
  361. timeout = 0
  362. softfail = no
  363. }
  364. }
  365. Module: Linked to sub-module rlm_eap_ttls
  366. Module: Instantiating eap-ttls
  367. ttls {
  368. default_eap_type = "md5"
  369. copy_request_to_tunnel = no
  370. use_tunneled_reply = no
  371. virtual_server = "inner-tunnel"
  372. include_length = yes
  373. }
  374. Module: Linked to sub-module rlm_eap_peap
  375. Module: Instantiating eap-peap
  376. peap {
  377. default_eap_type = "mschapv2"
  378. copy_request_to_tunnel = no
  379. use_tunneled_reply = no
  380. proxy_tunneled_request_as_eap = yes
  381. virtual_server = "inner-tunnel"
  382. soh = no
  383. }
  384. Module: Linked to sub-module rlm_eap_mschapv2
  385. Module: Instantiating eap-mschapv2
  386. mschapv2 {
  387. with_ntdomain_hack = no
  388. send_error = no
  389. }
  390. Module: Checking authorize {...} for more modules to load
  391. Module: Linked to module rlm_preprocess
  392. Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
  393. preprocess {
  394. huntgroups = "/etc/freeradius/huntgroups"
  395. hints = "/etc/freeradius/hints"
  396. with_ascend_hack = no
  397. ascend_channels_per_line = 23
  398. with_ntdomain_hack = no
  399. with_specialix_jetstream_hack = no
  400. with_cisco_vsa_hack = no
  401. with_alvarion_vsa_hack = no
  402. }
  403. reading pairlist file /etc/freeradius/huntgroups
  404. reading pairlist file /etc/freeradius/hints
  405. Module: Linked to module rlm_realm
  406. Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
  407. realm suffix {
  408. format = "suffix"
  409. delimiter = "@"
  410. ignore_default = no
  411. ignore_null = no
  412. }
  413. Module: Linked to module rlm_files
  414. Module: Instantiating module "files" from file /etc/freeradius/modules/files
  415. files {
  416. usersfile = "/etc/freeradius/users"
  417. acctusersfile = "/etc/freeradius/acct_users"
  418. preproxy_usersfile = "/etc/freeradius/preproxy_users"
  419. compat = "no"
  420. }
  421. reading pairlist file /etc/freeradius/users
  422. reading pairlist file /etc/freeradius/acct_users
  423. reading pairlist file /etc/freeradius/preproxy_users
  424. Module: Checking preacct {...} for more modules to load
  425. Module: Linked to module rlm_acct_unique
  426. Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
  427. acct_unique {
  428. key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
  429. }
  430. Module: Checking accounting {...} for more modules to load
  431. Module: Linked to module rlm_detail
  432. Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
  433. detail {
  434. detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  435. header = "%t"
  436. detailperm = 384
  437. dirperm = 493
  438. locking = no
  439. log_packet_header = no
  440. escape_filenames = no
  441. }
  442. Module: Linked to module rlm_attr_filter
  443. Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
  444. attr_filter attr_filter.accounting_response {
  445. attrsfile = "/etc/freeradius/attrs.accounting_response"
  446. key = "%{User-Name}"
  447. relaxed = no
  448. }
  449. reading pairlist file /etc/freeradius/attrs.accounting_response
  450. Module: Checking session {...} for more modules to load
  451. Module: Linked to module rlm_radutmp
  452. Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
  453. radutmp {
  454. filename = "/var/log/freeradius/radutmp"
  455. username = "%{User-Name}"
  456. case_sensitive = yes
  457. check_with_nas = yes
  458. perm = 384
  459. callerid = yes
  460. }
  461. Module: Checking post-proxy {...} for more modules to load
  462. Module: Checking post-auth {...} for more modules to load
  463. Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
  464. attr_filter attr_filter.access_reject {
  465. attrsfile = "/etc/freeradius/attrs.access_reject"
  466. key = "%{User-Name}"
  467. relaxed = no
  468. }
  469. reading pairlist file /etc/freeradius/attrs.access_reject
  470. } # modules
  471. } # server
  472. server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
  473. modules {
  474. Module: Checking authenticate {...} for more modules to load
  475. Module: Checking authorize {...} for more modules to load
  476. Module: Checking session {...} for more modules to load
  477. Module: Checking post-proxy {...} for more modules to load
  478. Module: Checking post-auth {...} for more modules to load
  479. } # modules
  480. } # server
  481. radiusd: #### Opening IP addresses and Ports ####
  482. listen {
  483. type = "auth"
  484. ipaddr = *
  485. port = 0
  486. }
  487. listen {
  488. type = "acct"
  489. ipaddr = *
  490. port = 0
  491. }
  492. listen {
  493. type = "auth"
  494. ipaddr = 127.0.0.1
  495. port = 18120
  496. }
  497. ... adding new socket proxy address * port 59442
  498. Listening on authentication address * port 1812
  499. Listening on accounting address * port 1813
  500. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
  501. Listening on proxy address * port 1814
  502. Ready to process requests.
  503. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=179, length=189
  504. User-Name = "mnoureldin"
  505. NAS-IP-Address = 78.104.82.107
  506. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  507. NAS-Port-Type = Wireless-802.11
  508. NAS-Port = 1
  509. Calling-Station-Id = "80-13-82-DF-B8-A0"
  510. Connect-Info = "CONNECT 54Mbps 802.11g"
  511. Acct-Session-Id = "576FE7D8-0000004A"
  512. Framed-MTU = 1400
  513. EAP-Message = 0x02d8000f016d6e6f7572656c64696e
  514. Message-Authenticator = 0x3e4ac99f6becb8b5f8fb95a6f21a771c
  515. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  516. +group authorize {
  517. ++[preprocess] = ok
  518. ++[chap] = noop
  519. ++[mschap] = noop
  520. ++[digest] = noop
  521. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  522. [suffix] No such realm "NULL"
  523. ++[suffix] = noop
  524. [eap] EAP packet type response id 216 length 15
  525. [eap] No EAP Start, assuming it's an on-going EAP conversation
  526. ++[eap] = updated
  527. ++[files] = noop
  528. [ldap] performing user authorization for mnoureldin
  529. [ldap] expand: %{Stripped-User-Name} ->
  530. [ldap] ... expanding second conditional
  531. [ldap] expand: %{User-Name} -> mnoureldin
  532. [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
  533. [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
  534. [ldap] ldap_get_conn: Checking Id: 0
  535. [ldap] ldap_get_conn: Got Id: 0
  536. [ldap] attempting LDAP reconnection
  537. [ldap] (re)connect to s1.noureldin.local:389, authentication 0
  538. [ldap] setting TLS CACert File to /etc/ssl/noureldin/certs/ca.crt
  539. [ldap] setting TLS CACert Directory to /etc/ssl/noureldin/certs/
  540. [ldap] setting TLS Cert File to /etc/ssl/noureldin/certs/freeradius.crt
  541. [ldap] setting TLS Key File to /etc/ssl/noureldin/private/freeradius.key
  542. [ldap] setting TLS Rand File to /dev/urandom
  543. [ldap] starting TLS
  544. [ldap] bind as cn=Administrator,ou=Users,ou=S1,DC=noureldin,DC=local/p@s$W0rd to s1.noureldin.local:389
  545. [ldap] waiting for bind result ...
  546. [ldap] Bind was successful
  547. [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
  548. [ldap] No default NMAS login sequence
  549. [ldap] looking for check items in directory...
  550. [ldap] looking for reply items in directory...
  551. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  552. [ldap] ldap_release_conn: Release Id: 0
  553. ++[ldap] = ok
  554. ++[expiration] = noop
  555. ++[logintime] = noop
  556. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  557. ++[pap] = noop
  558. +} # group authorize = updated
  559. Found Auth-Type = EAP
  560. # Executing group from file /etc/freeradius/sites-enabled/default
  561. +group authenticate {
  562. [eap] EAP Identity
  563. [eap] processing type tls
  564. [tls] Initiate
  565. [tls] Start returned 1
  566. ++[eap] = handled
  567. +} # group authenticate = handled
  568. Sending Access-Challenge of id 179 to 192.168.1.1 port 55872
  569. EAP-Message = 0x01d900061920
  570. Message-Authenticator = 0x00000000000000000000000000000000
  571. State = 0x27e52090273c39ee459fab6853db13c2
  572. Finished request 0.
  573. Going to the next request
  574. Waking up in 4.9 seconds.
  575. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=180, length=400
  576. User-Name = "mnoureldin"
  577. NAS-IP-Address = 78.104.82.107
  578. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  579. NAS-Port-Type = Wireless-802.11
  580. NAS-Port = 1
  581. Calling-Station-Id = "80-13-82-DF-B8-A0"
  582. Connect-Info = "CONNECT 54Mbps 802.11g"
  583. Acct-Session-Id = "576FE7D8-0000004A"
  584. Framed-MTU = 1400
  585. EAP-Message = 0x02d900d01980000000c616030100c1010000bd030191c02c5b46a8d5b9d0acbdea735a36333965b23f9a41c7d6d3f2c4427d152579000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
  586. State = 0x27e52090273c39ee459fab6853db13c2
  587. Message-Authenticator = 0x8c41674cef407680a7271727e3cc6488
  588. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  589. +group authorize {
  590. ++[preprocess] = ok
  591. ++[chap] = noop
  592. ++[mschap] = noop
  593. ++[digest] = noop
  594. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  595. [suffix] No such realm "NULL"
  596. ++[suffix] = noop
  597. [eap] EAP packet type response id 217 length 208
  598. [eap] Continuing tunnel setup.
  599. ++[eap] = ok
  600. +} # group authorize = ok
  601. Found Auth-Type = EAP
  602. # Executing group from file /etc/freeradius/sites-enabled/default
  603. +group authenticate {
  604. [eap] Request found, released from the list
  605. [eap] EAP/peap
  606. [eap] processing type peap
  607. [peap] processing EAP-TLS
  608. TLS Length 198
  609. [peap] Length Included
  610. [peap] eaptls_verify returned 11
  611. [peap] (other): before/accept initialization
  612. [peap] TLS_accept: before/accept initialization
  613. [peap] <<< Unknown TLS version [length 0005]
  614. [peap] <<< TLS 1.0 Handshake [length 00c1], ClientHello
  615. [peap] TLS_accept: unknown state
  616. [peap] >>> Unknown TLS version [length 0005]
  617. [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
  618. [peap] TLS_accept: unknown state
  619. [peap] >>> Unknown TLS version [length 0005]
  620. [peap] >>> TLS 1.0 Handshake [length 054b], Certificate
  621. [peap] TLS_accept: unknown state
  622. [peap] >>> Unknown TLS version [length 0005]
  623. [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
  624. [peap] TLS_accept: unknown state
  625. [peap] >>> Unknown TLS version [length 0005]
  626. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  627. [peap] TLS_accept: unknown state
  628. [peap] TLS_accept: unknown state
  629. [peap] TLS_accept: unknown state
  630. [peap] TLS_accept: Need to read more data: unknown state
  631. [peap] TLS_accept: Need to read more data: unknown state
  632. In SSL Handshake Phase
  633. In SSL Accept mode
  634. [peap] eaptls_process returned 13
  635. [peap] EAPTLS_HANDLED
  636. ++[eap] = handled
  637. +} # group authenticate = handled
  638. Sending Access-Challenge of id 180 to 192.168.1.1 port 55872
  639. EAP-Message = 0x01da040019c0000006e71603010039020000350301a180902fd27bf7b0923def332926f4961be53c6a6c5889b08b71136aad04598700c01400000dff01000100000b000403000102160301054b0b0005470005440005413082053d30820425a003020102020103300d06092a864886f70d01010b05003081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f7572656c64696e2e6d6f6f6f2e636f6d311530130603550429130c4e6f7572656c64696e2d4341312630240609
  640. EAP-Message = 0x2a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d301e170d3136303632383031313135315a170d3236303632363031313135315a3081a4310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b30190603550403131273312e6e6f7572656c64696e2e6c6f63616c311330110603550429130a467265655261646975733126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d30820122300d06092a864886f70d010101050003
  641. EAP-Message = 0x82010f003082010a0282010100d0c8167cd016c22ea1f69c49b90e4d5a8fc1dc78302a12b6b865f6115ed493b4ee4acacad89fe1e691a995664f99c2f3f1aa4998181c53e954a07323645a1babf68927b0326b216c9b097b8e0847854536d87fa133a44c91c229c670b63f30e1ec6b73d9a4aa2e069243e39377afd9eded2cd528c6f7012b4218c57a21ba3f003567138828f5f95652358c2400d750ad446830c5ecd2f13262db1e75b2e212c8b17e97824d892efc7b0bbd23d1d662710193fec2afcd1d51ba227c08c64f7a0e0a5c31ae732df11286ef415a0d751433f90e8c8629ad10befd4a819f0a14c2702525cfaac44a9f8448055e73ccf04b09
  642. EAP-Message = 0x95c487f4e15066cf8e1c869ee892573f0203010001a38201743082017030090603551d1304023000302d06096086480186f842010d0420161e456173792d5253412047656e657261746564204365727469666963617465301d0603551d0e04160414a2ef447c9dd3ae3e7db5aa3c13b8c1a5480d96413081db0603551d230481d33081d080146f2de03109800172170cbf8b514733cdca045827a181aca481a93081a6310b3009060355040613024154310b3009060355040813025354310d300b060355040713044772617a31123010060355040a13094e6f7572656c64696e310b3009060355040b13024954311b3019060355040313126e6f757265
  643. EAP-Message = 0x6c64696e2e6d6f6f6f2e636f
  644. Message-Authenticator = 0x00000000000000000000000000000000
  645. State = 0x27e52090263f39ee459fab6853db13c2
  646. Finished request 1.
  647. Going to the next request
  648. Waking up in 4.9 seconds.
  649. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=181, length=198
  650. User-Name = "mnoureldin"
  651. NAS-IP-Address = 78.104.82.107
  652. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  653. NAS-Port-Type = Wireless-802.11
  654. NAS-Port = 1
  655. Calling-Station-Id = "80-13-82-DF-B8-A0"
  656. Connect-Info = "CONNECT 54Mbps 802.11g"
  657. Acct-Session-Id = "576FE7D8-0000004A"
  658. Framed-MTU = 1400
  659. EAP-Message = 0x02da00061900
  660. State = 0x27e52090263f39ee459fab6853db13c2
  661. Message-Authenticator = 0x2c3d5d63db6191a60a610677a2ddc548
  662. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  663. +group authorize {
  664. ++[preprocess] = ok
  665. ++[chap] = noop
  666. ++[mschap] = noop
  667. ++[digest] = noop
  668. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  669. [suffix] No such realm "NULL"
  670. ++[suffix] = noop
  671. [eap] EAP packet type response id 218 length 6
  672. [eap] Continuing tunnel setup.
  673. ++[eap] = ok
  674. +} # group authorize = ok
  675. Found Auth-Type = EAP
  676. # Executing group from file /etc/freeradius/sites-enabled/default
  677. +group authenticate {
  678. [eap] Request found, released from the list
  679. [eap] EAP/peap
  680. [eap] processing type peap
  681. [peap] processing EAP-TLS
  682. [peap] Received TLS ACK
  683. [peap] ACK handshake fragment handler
  684. [peap] eaptls_verify returned 1
  685. [peap] eaptls_process returned 13
  686. [peap] EAPTLS_HANDLED
  687. ++[eap] = handled
  688. +} # group authenticate = handled
  689. Sending Access-Challenge of id 181 to 192.168.1.1 port 55872
  690. EAP-Message = 0x01db02f719006d311530130603550429130c4e6f7572656c64696e2d43413126302406092a864886f70d01090116176d2e692e6e6f7572656c64696e40676d61696c2e636f6d8209009bc1911e86f743fc30130603551d25040c300a06082b06010505070302300b0603551d0f04040302078030150603551d11040e300c820a66726565726164697573300d06092a864886f70d01010b0500038201010006e189c91e6f1e902208af2c98495e51cdaafb5900c3a6daee40ae518cede1769179ce31940d28032293ef08bda1d3db1677448225bc8758cbd867bb278b91cf303123e05438de3333ce787979efee1cede115201acde6bad1f785d551b353
  691. EAP-Message = 0xdafd0ae465f21d5709bcd2f878c2915f90d5b245f93521b86dba3bf4d6179adb16d1a5393c73afb68e205048cbdd5b4a8a434ffb346661b53716acee0f32d367bc4a4bf80a694597001b901c3194016582197f8e91f811758235fce0084f815fa1bacbac17c004802c994fef049df829f8a0d24d888f8c10b46b5121381739995fb87bd00b74ba92eec39495f542ab33e533941a41b9312d348f6bfebe5bf84d16160301014b0c00014703001741045c37b28a28601d00aee92f4cf22d705080539d4a5615fc4a4e612e5aeb7a55f9a25a77f5bca48d1f17c04dbcd1f4f6b46bfd42bfc68cda105780241617aade61010004c211d9dd7644e6e75af60f
  692. EAP-Message = 0x01306f2a2cf67f31b633469792b752356b15f8257e802638a4262817e0f875a3f5d291f26da6dbd19c5bf20c17264d82020baebe7b25aa06c1cba91d7339891e5123a5373878d078f7680ea2bd85fdb47af63092786aec01bef97efd9783b6727d9fe7ad050a4db7c2d8da71f1559a14efeceffe7fb7300c5a00205e7ec763d8f46f96235cdc5abb7186d4ce0ea468b565aebc957044322a825e31327a32effcfe9d4c050d78d6af201e61cbdd49b69a038f38b93b404b2cb95e79ef7e06eb45746fc40aecdcffe80f28f223e66ddb251330584bdd2217750b1b7d79db4a824fda77e7b9c2e18c936fce4f30b3fcdc32f86cca2416030100040e000000
  693. Message-Authenticator = 0x00000000000000000000000000000000
  694. State = 0x27e52090253e39ee459fab6853db13c2
  695. Finished request 2.
  696. Going to the next request
  697. Waking up in 4.9 seconds.
  698. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=182, length=336
  699. User-Name = "mnoureldin"
  700. NAS-IP-Address = 78.104.82.107
  701. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  702. NAS-Port-Type = Wireless-802.11
  703. NAS-Port = 1
  704. Calling-Station-Id = "80-13-82-DF-B8-A0"
  705. Connect-Info = "CONNECT 54Mbps 802.11g"
  706. Acct-Session-Id = "576FE7D8-0000004A"
  707. Framed-MTU = 1400
  708. EAP-Message = 0x02db00901980000000861603010046100000424104ce18637307ed593ccf2a4a156f7d83795ef7c53b7f2feb4767bdbfaa61d1c07337fe949b347f75373be0821da65f8005c2207e9a838cab011e6fec7dffbc3888140301000101160301003082b5140fa780d557174c8dbd51e9bfffd7a93eb2e5a85cf36fdec19adeacb63fe63513aa5cc3bf82b1345e32cd6269b6
  709. State = 0x27e52090253e39ee459fab6853db13c2
  710. Message-Authenticator = 0x019209ec2006a61782c752842831dcf6
  711. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  712. +group authorize {
  713. ++[preprocess] = ok
  714. ++[chap] = noop
  715. ++[mschap] = noop
  716. ++[digest] = noop
  717. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  718. [suffix] No such realm "NULL"
  719. ++[suffix] = noop
  720. [eap] EAP packet type response id 219 length 144
  721. [eap] Continuing tunnel setup.
  722. ++[eap] = ok
  723. +} # group authorize = ok
  724. Found Auth-Type = EAP
  725. # Executing group from file /etc/freeradius/sites-enabled/default
  726. +group authenticate {
  727. [eap] Request found, released from the list
  728. [eap] EAP/peap
  729. [eap] processing type peap
  730. [peap] processing EAP-TLS
  731. TLS Length 134
  732. [peap] Length Included
  733. [peap] eaptls_verify returned 11
  734. [peap] <<< Unknown TLS version [length 0005]
  735. [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
  736. [peap] TLS_accept: unknown state
  737. [peap] TLS_accept: unknown state
  738. [peap] <<< Unknown TLS version [length 0005]
  739. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  740. [peap] <<< Unknown TLS version [length 0005]
  741. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  742. [peap] TLS_accept: unknown state
  743. [peap] >>> Unknown TLS version [length 0005]
  744. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  745. [peap] TLS_accept: unknown state
  746. [peap] >>> Unknown TLS version [length 0005]
  747. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  748. [peap] TLS_accept: unknown state
  749. [peap] TLS_accept: unknown state
  750. [peap] (other): SSL negotiation finished successfully
  751. SSL Connection Established
  752. [peap] eaptls_process returned 13
  753. [peap] EAPTLS_HANDLED
  754. ++[eap] = handled
  755. +} # group authenticate = handled
  756. Sending Access-Challenge of id 182 to 192.168.1.1 port 55872
  757. EAP-Message = 0x01dc00411900140301000101160301003021ae23f0f26a5363ccb9fe1514a7e012d5624b1e0b34fdf275296759fe9bb5eb69e59b22f35e317445ae0d7062272efc
  758. Message-Authenticator = 0x00000000000000000000000000000000
  759. State = 0x27e52090243939ee459fab6853db13c2
  760. Finished request 3.
  761. Going to the next request
  762. Waking up in 4.9 seconds.
  763. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=183, length=198
  764. User-Name = "mnoureldin"
  765. NAS-IP-Address = 78.104.82.107
  766. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  767. NAS-Port-Type = Wireless-802.11
  768. NAS-Port = 1
  769. Calling-Station-Id = "80-13-82-DF-B8-A0"
  770. Connect-Info = "CONNECT 54Mbps 802.11g"
  771. Acct-Session-Id = "576FE7D8-0000004A"
  772. Framed-MTU = 1400
  773. EAP-Message = 0x02dc00061900
  774. State = 0x27e52090243939ee459fab6853db13c2
  775. Message-Authenticator = 0xfdb5d32db93b71f6c0dab8040ad60afa
  776. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  777. +group authorize {
  778. ++[preprocess] = ok
  779. ++[chap] = noop
  780. ++[mschap] = noop
  781. ++[digest] = noop
  782. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  783. [suffix] No such realm "NULL"
  784. ++[suffix] = noop
  785. [eap] EAP packet type response id 220 length 6
  786. [eap] Continuing tunnel setup.
  787. ++[eap] = ok
  788. +} # group authorize = ok
  789. Found Auth-Type = EAP
  790. # Executing group from file /etc/freeradius/sites-enabled/default
  791. +group authenticate {
  792. [eap] Request found, released from the list
  793. [eap] EAP/peap
  794. [eap] processing type peap
  795. [peap] processing EAP-TLS
  796. [peap] Received TLS ACK
  797. [peap] ACK handshake is finished
  798. [peap] eaptls_verify returned 3
  799. [peap] eaptls_process returned 3
  800. [peap] EAPTLS_SUCCESS
  801. [peap] Session established. Decoding tunneled attributes.
  802. [peap] Peap state TUNNEL ESTABLISHED
  803. [peap] >>> Unknown TLS version [length 0005]
  804. ++[eap] = handled
  805. +} # group authenticate = handled
  806. Sending Access-Challenge of id 183 to 192.168.1.1 port 55872
  807. EAP-Message = 0x01dd002b19001703010020f3b91cc045797bd99840451b1210011733ca019fcc8ac78bc6a88de0b51acb69
  808. Message-Authenticator = 0x00000000000000000000000000000000
  809. State = 0x27e52090233839ee459fab6853db13c2
  810. Finished request 4.
  811. Going to the next request
  812. Waking up in 4.8 seconds.
  813. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=184, length=235
  814. User-Name = "mnoureldin"
  815. NAS-IP-Address = 78.104.82.107
  816. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  817. NAS-Port-Type = Wireless-802.11
  818. NAS-Port = 1
  819. Calling-Station-Id = "80-13-82-DF-B8-A0"
  820. Connect-Info = "CONNECT 54Mbps 802.11g"
  821. Acct-Session-Id = "576FE7D8-0000004A"
  822. Framed-MTU = 1400
  823. EAP-Message = 0x02dd002b190017030100204a38167046b4bf95a926628ed11fbb1c7f6e981d291ed8666e625b444bbee780
  824. State = 0x27e52090233839ee459fab6853db13c2
  825. Message-Authenticator = 0xaeab669f3a74f35deca870a30dd75a67
  826. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  827. +group authorize {
  828. ++[preprocess] = ok
  829. ++[chap] = noop
  830. ++[mschap] = noop
  831. ++[digest] = noop
  832. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  833. [suffix] No such realm "NULL"
  834. ++[suffix] = noop
  835. [eap] EAP packet type response id 221 length 43
  836. [eap] Continuing tunnel setup.
  837. ++[eap] = ok
  838. +} # group authorize = ok
  839. Found Auth-Type = EAP
  840. # Executing group from file /etc/freeradius/sites-enabled/default
  841. +group authenticate {
  842. [eap] Request found, released from the list
  843. [eap] EAP/peap
  844. [eap] processing type peap
  845. [peap] processing EAP-TLS
  846. [peap] eaptls_verify returned 7
  847. [peap] Done initial handshake
  848. [peap] <<< Unknown TLS version [length 0005]
  849. [peap] eaptls_process returned 7
  850. [peap] EAPTLS_OK
  851. [peap] Session established. Decoding tunneled attributes.
  852. [peap] Peap state WAITING FOR INNER IDENTITY
  853. [peap] Identity - mnoureldin
  854. [peap] Got inner identity 'mnoureldin'
  855. [peap] Setting default EAP type for tunneled EAP session.
  856. [peap] Got tunneled request
  857. EAP-Message = 0x02dd000f016d6e6f7572656c64696e
  858. server {
  859. [peap] Setting User-Name to mnoureldin
  860. Sending tunneled request
  861. EAP-Message = 0x02dd000f016d6e6f7572656c64696e
  862. FreeRADIUS-Proxied-To = 127.0.0.1
  863. User-Name = "mnoureldin"
  864. server inner-tunnel {
  865. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  866. +group authorize {
  867. ++[chap] = noop
  868. ++[mschap] = noop
  869. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  870. [suffix] No such realm "NULL"
  871. ++[suffix] = noop
  872. ++update control {
  873. ++} # update control = noop
  874. [eap] EAP packet type response id 221 length 15
  875. [eap] No EAP Start, assuming it's an on-going EAP conversation
  876. ++[eap] = updated
  877. ++[files] = noop
  878. [ldap] performing user authorization for mnoureldin
  879. [ldap] expand: %{Stripped-User-Name} ->
  880. [ldap] ... expanding second conditional
  881. [ldap] expand: %{User-Name} -> mnoureldin
  882. [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
  883. [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
  884. [ldap] ldap_get_conn: Checking Id: 0
  885. [ldap] ldap_get_conn: Got Id: 0
  886. [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
  887. [ldap] No default NMAS login sequence
  888. [ldap] looking for check items in directory...
  889. [ldap] looking for reply items in directory...
  890. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  891. [ldap] ldap_release_conn: Release Id: 0
  892. ++[ldap] = ok
  893. ++[expiration] = noop
  894. ++[logintime] = noop
  895. ++[pap] = noop
  896. +} # group authorize = updated
  897. Found Auth-Type = EAP
  898. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  899. +group authenticate {
  900. [eap] EAP Identity
  901. [eap] processing type mschapv2
  902. rlm_eap_mschapv2: Issuing Challenge
  903. ++[eap] = handled
  904. +} # group authenticate = handled
  905. } # server inner-tunnel
  906. [peap] Got tunneled reply code 11
  907. EAP-Message = 0x01de00241a01de001f104e7ccf1acf6eed3e78a07eda9e922ff66d6e6f7572656c64696e
  908. Message-Authenticator = 0x00000000000000000000000000000000
  909. State = 0x52f62d20522837da6d89264e5ba29a1b
  910. [peap] Got tunneled reply RADIUS code Access-Challenge
  911. EAP-Message = 0x01de00241a01de001f104e7ccf1acf6eed3e78a07eda9e922ff66d6e6f7572656c64696e
  912. Message-Authenticator = 0x00000000000000000000000000000000
  913. State = 0x52f62d20522837da6d89264e5ba29a1b
  914. [peap] Got tunneled Access-Challenge
  915. [peap] >>> Unknown TLS version [length 0005]
  916. ++[eap] = handled
  917. +} # group authenticate = handled
  918. Sending Access-Challenge of id 184 to 192.168.1.1 port 55872
  919. EAP-Message = 0x01de004b19001703010040401cb1f6dc8da311d3de16418494bea61c038f2382ac852aceb7918b7e3452f22c60d526937786a125531697a2bb3d1aa981e85ba8b5d56dd691da9c2ea9ce1f
  920. Message-Authenticator = 0x00000000000000000000000000000000
  921. State = 0x27e52090223b39ee459fab6853db13c2
  922. Finished request 5.
  923. Going to the next request
  924. Waking up in 4.8 seconds.
  925. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=185, length=299
  926. User-Name = "mnoureldin"
  927. NAS-IP-Address = 78.104.82.107
  928. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  929. NAS-Port-Type = Wireless-802.11
  930. NAS-Port = 1
  931. Calling-Station-Id = "80-13-82-DF-B8-A0"
  932. Connect-Info = "CONNECT 54Mbps 802.11g"
  933. Acct-Session-Id = "576FE7D8-0000004A"
  934. Framed-MTU = 1400
  935. EAP-Message = 0x02de006b190017030100607dfa63413892e360fa43192e82c965d537df60c639e235612712737f9ff077631e289310db2cafff5b9939a4d736e620b9bbac877e710a9d494ce38ba595a020141129bb4b82ad060337fe3ed29a76b68546ab0c753f36b37581d62e817863a7
  936. State = 0x27e52090223b39ee459fab6853db13c2
  937. Message-Authenticator = 0x3361b4a99d3547e4bd37a3337f153062
  938. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  939. +group authorize {
  940. ++[preprocess] = ok
  941. ++[chap] = noop
  942. ++[mschap] = noop
  943. ++[digest] = noop
  944. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  945. [suffix] No such realm "NULL"
  946. ++[suffix] = noop
  947. [eap] EAP packet type response id 222 length 107
  948. [eap] Continuing tunnel setup.
  949. ++[eap] = ok
  950. +} # group authorize = ok
  951. Found Auth-Type = EAP
  952. # Executing group from file /etc/freeradius/sites-enabled/default
  953. +group authenticate {
  954. [eap] Request found, released from the list
  955. [eap] EAP/peap
  956. [eap] processing type peap
  957. [peap] processing EAP-TLS
  958. [peap] eaptls_verify returned 7
  959. [peap] Done initial handshake
  960. [peap] <<< Unknown TLS version [length 0005]
  961. [peap] eaptls_process returned 7
  962. [peap] EAPTLS_OK
  963. [peap] Session established. Decoding tunneled attributes.
  964. [peap] Peap state phase2
  965. [peap] EAP type mschapv2
  966. [peap] Got tunneled request
  967. EAP-Message = 0x02de00451a02de0040312385fd02ab6e218d271452a8d7059e670000000000000000ed66c6b627609cef862bafe5eac57e7a6e839c0b0da44c72006d6e6f7572656c64696e
  968. server {
  969. [peap] Setting User-Name to mnoureldin
  970. Sending tunneled request
  971. EAP-Message = 0x02de00451a02de0040312385fd02ab6e218d271452a8d7059e670000000000000000ed66c6b627609cef862bafe5eac57e7a6e839c0b0da44c72006d6e6f7572656c64696e
  972. FreeRADIUS-Proxied-To = 127.0.0.1
  973. User-Name = "mnoureldin"
  974. State = 0x52f62d20522837da6d89264e5ba29a1b
  975. server inner-tunnel {
  976. # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
  977. +group authorize {
  978. ++[chap] = noop
  979. ++[mschap] = noop
  980. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  981. [suffix] No such realm "NULL"
  982. ++[suffix] = noop
  983. ++update control {
  984. ++} # update control = noop
  985. [eap] EAP packet type response id 222 length 69
  986. [eap] No EAP Start, assuming it's an on-going EAP conversation
  987. ++[eap] = updated
  988. ++[files] = noop
  989. [ldap] performing user authorization for mnoureldin
  990. [ldap] expand: %{Stripped-User-Name} ->
  991. [ldap] ... expanding second conditional
  992. [ldap] expand: %{User-Name} -> mnoureldin
  993. [ldap] expand: (samAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (samAccountName=mnoureldin)
  994. [ldap] expand: ou=Users,ou=S1,DC=noureldin,DC=local -> ou=Users,ou=S1,DC=noureldin,DC=local
  995. [ldap] ldap_get_conn: Checking Id: 0
  996. [ldap] ldap_get_conn: Got Id: 0
  997. [ldap] performing search in ou=Users,ou=S1,DC=noureldin,DC=local, with filter (samAccountName=mnoureldin)
  998. [ldap] No default NMAS login sequence
  999. [ldap] looking for check items in directory...
  1000. [ldap] looking for reply items in directory...
  1001. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  1002. [ldap] ldap_release_conn: Release Id: 0
  1003. ++[ldap] = ok
  1004. ++[expiration] = noop
  1005. ++[logintime] = noop
  1006. ++[pap] = noop
  1007. +} # group authorize = updated
  1008. Found Auth-Type = EAP
  1009. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1010. +group authenticate {
  1011. [eap] Request found, released from the list
  1012. [eap] EAP/mschapv2
  1013. [eap] processing type mschapv2
  1014. [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1015. [mschapv2] +group MS-CHAP {
  1016. [mschap] No Cleartext-Password configured. Cannot create LM-Password.
  1017. [mschap] No Cleartext-Password configured. Cannot create NT-Password.
  1018. [mschap] Creating challenge hash with username: mnoureldin
  1019. [mschap] Client is using MS-CHAPv2 for mnoureldin, we need NT-Password
  1020. [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
  1021. [mschap] FAILED: MS-CHAP2-Response is incorrect
  1022. ++[mschap] = reject
  1023. +} # group MS-CHAP = reject
  1024. [eap] Freeing handler
  1025. ++[eap] = reject
  1026. +} # group authenticate = reject
  1027. Failed to authenticate the user.
  1028. Using Post-Auth-Type Reject
  1029. # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
  1030. +group REJECT {
  1031. [attr_filter.access_reject] expand: %{User-Name} -> mnoureldin
  1032. attr_filter: Matched entry DEFAULT at line 11
  1033. ++[attr_filter.access_reject] = updated
  1034. +} # group REJECT = updated
  1035. } # server inner-tunnel
  1036. [peap] Got tunneled reply code 3
  1037. MS-CHAP-Error = "\336E=691 R=1"
  1038. EAP-Message = 0x04de0004
  1039. Message-Authenticator = 0x00000000000000000000000000000000
  1040. [peap] Got tunneled reply RADIUS code Access-Reject
  1041. MS-CHAP-Error = "\336E=691 R=1"
  1042. EAP-Message = 0x04de0004
  1043. Message-Authenticator = 0x00000000000000000000000000000000
  1044. [peap] Tunneled authentication was rejected.
  1045. [peap] FAILURE
  1046. [peap] >>> Unknown TLS version [length 0005]
  1047. ++[eap] = handled
  1048. +} # group authenticate = handled
  1049. Sending Access-Challenge of id 185 to 192.168.1.1 port 55872
  1050. EAP-Message = 0x01df002b1900170301002029a2c8e10bbb06618ff1183e0f07edaf716c2889f91570acd0de1fc84da60122
  1051. Message-Authenticator = 0x00000000000000000000000000000000
  1052. State = 0x27e52090213a39ee459fab6853db13c2
  1053. Finished request 6.
  1054. Going to the next request
  1055. Waking up in 4.8 seconds.
  1056. rad_recv: Access-Request packet from host 192.168.1.1 port 55872, id=186, length=235
  1057. User-Name = "mnoureldin"
  1058. NAS-IP-Address = 78.104.82.107
  1059. Called-Station-Id = "A2-F3-C1-67-EC-68:Noureldin-Guests"
  1060. NAS-Port-Type = Wireless-802.11
  1061. NAS-Port = 1
  1062. Calling-Station-Id = "80-13-82-DF-B8-A0"
  1063. Connect-Info = "CONNECT 54Mbps 802.11g"
  1064. Acct-Session-Id = "576FE7D8-0000004A"
  1065. Framed-MTU = 1400
  1066. EAP-Message = 0x02df002b1900170301002036722871f2d6d3eb6d6603aa15e852ce26a4ca3e40e20314b5c1c3fe263b387f
  1067. State = 0x27e52090213a39ee459fab6853db13c2
  1068. Message-Authenticator = 0xfe461f978b94a87be79acdcf1088d783
  1069. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  1070. +group authorize {
  1071. ++[preprocess] = ok
  1072. ++[chap] = noop
  1073. ++[mschap] = noop
  1074. ++[digest] = noop
  1075. [suffix] No '@' in User-Name = "mnoureldin", looking up realm NULL
  1076. [suffix] No such realm "NULL"
  1077. ++[suffix] = noop
  1078. [eap] EAP packet type response id 223 length 43
  1079. [eap] Continuing tunnel setup.
  1080. ++[eap] = ok
  1081. +} # group authorize = ok
  1082. Found Auth-Type = EAP
  1083. # Executing group from file /etc/freeradius/sites-enabled/default
  1084. +group authenticate {
  1085. [eap] Request found, released from the list
  1086. [eap] EAP/peap
  1087. [eap] processing type peap
  1088. [peap] processing EAP-TLS
  1089. [peap] eaptls_verify returned 7
  1090. [peap] Done initial handshake
  1091. [peap] <<< Unknown TLS version [length 0005]
  1092. [peap] eaptls_process returned 7
  1093. [peap] EAPTLS_OK
  1094. [peap] Session established. Decoding tunneled attributes.
  1095. [peap] Peap state send tlv failure
  1096. [peap] Received EAP-TLV response.
  1097. [peap] The users session was previously rejected: returning reject (again.)
  1098. [peap] *** This means you need to read the PREVIOUS messages in the debug output
  1099. [peap] *** to find out the reason why the user was rejected.
  1100. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
  1101. [peap] *** what went wrong, and how to fix the problem.
  1102. [eap] Handler failed in EAP/peap
  1103. [eap] Failed in EAP select
  1104. ++[eap] = invalid
  1105. +} # group authenticate = invalid
  1106. Failed to authenticate the user.
  1107. Using Post-Auth-Type Reject
  1108. # Executing group from file /etc/freeradius/sites-enabled/default
  1109. +group REJECT {
  1110. [eap] Reply already contained an EAP-Message, not inserting EAP-Failure
  1111. ++[eap] = noop
  1112. [attr_filter.access_reject] expand: %{User-Name} -> mnoureldin
  1113. attr_filter: Matched entry DEFAULT at line 11
  1114. ++[attr_filter.access_reject] = updated
  1115. +} # group REJECT = updated
  1116. Delaying reject of request 7 for 1 seconds
  1117. Going to the next request
  1118. Waking up in 0.9 seconds.
  1119. Sending delayed reject for request 7
  1120. Sending Access-Reject of id 186 to 192.168.1.1 port 55872
  1121. EAP-Message = 0x04df0004
  1122. Message-Authenticator = 0x00000000000000000000000000000000
  1123. Waking up in 3.8 seconds.
  1124. Cleaning up request 0 ID 179 with timestamp +5
  1125. Cleaning up request 1 ID 180 with timestamp +5
  1126. Cleaning up request 2 ID 181 with timestamp +5
  1127. Cleaning up request 3 ID 182 with timestamp +5
  1128. Cleaning up request 4 ID 183 with timestamp +5
  1129. Cleaning up request 5 ID 184 with timestamp +5
  1130. Cleaning up request 6 ID 185 with timestamp +5
  1131. Waking up in 1.0 seconds.
  1132. Cleaning up request 7 ID 186 with timestamp +5
  1133. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!