Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- radius@daloradius:/etc/freeradius/modules$ clear
- radius@daloradius:/etc/freeradius/modules$ sudo freeradius -X
- FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Feb 27 2015 at 12:38:34
- Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License v2.
- Starting - reading configuration files ...
- including configuration file /etc/freeradius/radiusd.conf
- including configuration file /etc/freeradius/proxy.conf
- including configuration file /etc/freeradius/clients.conf
- including files in directory /etc/freeradius/modules/
- including configuration file /etc/freeradius/modules/mschap
- including configuration file /etc/freeradius/modules/opendirectory
- including configuration file /etc/freeradius/modules/checkval
- including configuration file /etc/freeradius/modules/detail.example.com
- including configuration file /etc/freeradius/modules/always
- including configuration file /etc/freeradius/modules/krb5
- including configuration file /etc/freeradius/modules/acct_unique
- including configuration file /etc/freeradius/modules/soh
- including configuration file /etc/freeradius/modules/redis
- including configuration file /etc/freeradius/modules/inner-eap
- including configuration file /etc/freeradius/modules/counter
- including configuration file /etc/freeradius/modules/dynamic_clients
- including configuration file /etc/freeradius/modules/logintime
- including configuration file /etc/freeradius/modules/mschap.bkp
- including configuration file /etc/freeradius/modules/smsotp
- including configuration file /etc/freeradius/modules/exec
- including configuration file /etc/freeradius/modules/mac2ip
- including configuration file /etc/freeradius/modules/realm
- including configuration file /etc/freeradius/modules/policy
- including configuration file /etc/freeradius/modules/echo
- including configuration file /etc/freeradius/modules/smbpasswd
- including configuration file /etc/freeradius/modules/attr_rewrite
- including configuration file /etc/freeradius/modules/unix
- including configuration file /etc/freeradius/modules/detail.log
- including configuration file /etc/freeradius/modules/ippool
- including configuration file /etc/freeradius/modules/expr
- including configuration file /etc/freeradius/modules/ntlm_auth
- including configuration file /etc/freeradius/modules/pap
- including configuration file /etc/freeradius/modules/ldap
- including configuration file /etc/freeradius/modules/digest
- including configuration file /etc/freeradius/modules/files
- including configuration file /etc/freeradius/modules/preprocess
- including configuration file /etc/freeradius/modules/perl
- including configuration file /etc/freeradius/modules/pam
- including configuration file /etc/freeradius/modules/detail
- including configuration file /etc/freeradius/modules/wimax
- including configuration file /etc/freeradius/modules/rediswho
- including configuration file /etc/freeradius/modules/etc_group
- including configuration file /etc/freeradius/modules/expiration
- including configuration file /etc/freeradius/modules/cui
- including configuration file /etc/freeradius/modules/chap
- including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
- including configuration file /etc/freeradius/modules/sradutmp
- including configuration file /etc/freeradius/modules/radutmp
- including configuration file /etc/freeradius/modules/passwd
- including configuration file /etc/freeradius/modules/linelog
- including configuration file /etc/freeradius/modules/attr_filter
- including configuration file /etc/freeradius/modules/mac2vlan
- including configuration file /etc/freeradius/modules/otp
- including configuration file /etc/freeradius/modules/sql_log
- including configuration file /etc/freeradius/modules/replicate
- including configuration file /etc/freeradius/eap.conf
- including configuration file /etc/freeradius/sql.conf
- including configuration file /etc/freeradius/sql/mysql/dialup.conf
- including configuration file /etc/freeradius/policy.conf
- including files in directory /etc/freeradius/sites-enabled/
- including configuration file /etc/freeradius/sites-enabled/inner-tunnel
- including configuration file /etc/freeradius/sites-enabled/default
- main {
- user = "freerad"
- group = "freerad"
- allow_core_dumps = no
- }
- including dictionary file /etc/freeradius/dictionary
- main {
- name = "freeradius"
- prefix = "/usr"
- localstatedir = "/var"
- sbindir = "/usr/sbin"
- logdir = "/var/log/freeradius"
- run_dir = "/var/run/freeradius"
- libdir = "/usr/lib/freeradius"
- radacctdir = "/var/log/freeradius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- pidfile = "/var/run/freeradius/freeradius.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- require_message_authenticator = yes
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- coa {
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "testing456"
- nastype = "other"
- }
- client 10.0.0/24 {
- require_message_authenticator = no
- secret = "testing456"
- shortname = "unifi-aps"
- nastype = "other"
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- }
- Module: Linked to module rlm_expr
- Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
- Module: Linked to module rlm_expiration
- Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server { # from file /etc/freeradius/radiusd.conf
- modules {
- Module: Creating Auth-Type = digest
- Module: Creating Post-Auth-Type = REJECT
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_pap
- Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
- Module: Linked to module rlm_mschap
- Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
- mschap {
- use_mppe = yes
- require_encryption = yes
- require_strong = yes
- with_ntdomain_hack = no
- allow_retry = yes
- }
- Module: Linked to module rlm_digest
- Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
- Module: Linked to module rlm_unix
- Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
- unix {
- radwtmp = "/var/log/freeradius/radwtmp"
- }
- Module: Linked to module rlm_eap
- Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
- eap {
- default_eap_type = "peap"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 4096
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- Module: Linked to sub-module rlm_eap_tls
- Module: Instantiating eap-tls
- tls {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- CA_path = "/etc/freeradius/certs"
- pem_file_type = yes
- private_key_file = "/etc/freeradius/certs/server.key"
- certificate_file = "/etc/freeradius/certs/server.pem"
- CA_file = "/etc/freeradius/certs/ca.pem"
- private_key_password = "whatever"
- dh_file = "/etc/freeradius/certs/dh"
- random_file = "/dev/urandom"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- cipher_list = "DEFAULT"
- make_cert_command = "/etc/freeradius/certs/bootstrap"
- ecdh_curve = "prime256v1"
- cache {
- enable = no
- lifetime = 24
- max_entries = 255
- }
- verify {
- }
- ocsp {
- enable = no
- override_cert_url = yes
- url = "http://127.0.0.1/ocsp/"
- }
- }
- Module: Linked to sub-module rlm_eap_ttls
- Module: Instantiating eap-ttls
- ttls {
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- }
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- soh = no
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- send_error = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
- preprocess {
- huntgroups = "/etc/freeradius/huntgroups"
- hints = "/etc/freeradius/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- Module: Linked to module rlm_realm
- Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_sql
- Module: Instantiating module "sql" from file /etc/freeradius/sql.conf
- sql {
- driver = "rlm_sql_mysql"
- server = "localhost"
- port = ""
- login = "raduser"
- password = "radpass"
- radius_db = "raddb"
- read_groups = yes
- sqltrace = no
- sqltracefile = "/var/log/freeradius/sqltrace.sql"
- readclients = no
- deletestalesessions = yes
- num_sql_socks = 5
- lifetime = 0
- max_queries = 0
- sql_user_name = "%{User-Name}"
- default_user_profile = ""
- nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
- authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
- authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
- authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
- authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
- accounting_onoff_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = unix_timestamp('%S') - unix_timestamp(acctstarttime), acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = %{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <= '%S'"
- accounting_update_query = " UPDATE radacct SET framedipaddress = '%{Framed-IP-Address}', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
- accounting_update_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctsessiontime, acctauthentic, connectinfo_start, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, servicetype, framedprotocol, framedipaddress, acctstartdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{X-Ascend-Session-Svr-Key}')"
- accounting_start_query = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
- accounting_start_query_alt = " UPDATE radacct SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
- accounting_stop_query = " UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
- accounting_stop_query_alt = " INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{%{Acct-Delay-Time}:-0}')"
- group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
- connect_failure_retry_delay = 60
- simul_count_query = ""
- simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
- postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
- safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
- }
- rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
- rlm_sql (sql): Attempting to connect to raduser@localhost:/raddb
- rlm_sql (sql): starting 0
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
- rlm_sql_mysql: Starting connect to MySQL server for #0
- rlm_sql (sql): Connected new DB handle, #0
- rlm_sql (sql): starting 1
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
- rlm_sql_mysql: Starting connect to MySQL server for #1
- rlm_sql (sql): Connected new DB handle, #1
- rlm_sql (sql): starting 2
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
- rlm_sql_mysql: Starting connect to MySQL server for #2
- rlm_sql (sql): Connected new DB handle, #2
- rlm_sql (sql): starting 3
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
- rlm_sql_mysql: Starting connect to MySQL server for #3
- rlm_sql (sql): Connected new DB handle, #3
- rlm_sql (sql): starting 4
- rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
- rlm_sql_mysql: Starting connect to MySQL server for #4
- rlm_sql (sql): Connected new DB handle, #4
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
- }
- Module: Linked to module rlm_files
- Module: Instantiating module "files" from file /etc/freeradius/modules/files
- files {
- usersfile = "/etc/freeradius/users"
- acctusersfile = "/etc/freeradius/acct_users"
- preproxy_usersfile = "/etc/freeradius/preproxy_users"
- compat = "no"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_detail
- Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
- detail {
- detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
- header = "%t"
- detailperm = 384
- dirperm = 493
- locking = no
- log_packet_header = no
- }
- Module: Linked to module rlm_radutmp
- Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
- radutmp {
- filename = "/var/log/freeradius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Linked to module rlm_attr_filter
- Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
- attr_filter attr_filter.accounting_response {
- attrsfile = "/etc/freeradius/attrs.accounting_response"
- key = "%{User-Name}"
- relaxed = no
- }
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/freeradius/attrs.access_reject"
- key = "%{User-Name}"
- relaxed = no
- }
- } # modules
- } # server
- server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- listen {
- type = "auth"
- ipaddr = 127.0.0.1
- port = 18120
- }
- ... adding new socket proxy address * port 50772
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=10, length=161
- User-Name = "mpulis"
- NAS-Identifier = "802aa849cdbe"
- NAS-Port = 0
- Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
- Calling-Station-Id = "FC-64-BA-6F-84-D3"
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- Connect-Info = "CONNECT 0Mbps 802.11b"
- EAP-Message = 0x02f2000b016d70756c6973
- Message-Authenticator = 0xdc575891aac357955d182c4af0158b57
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 242 length 11
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- [sql] expand: %{User-Name} -> mpulis
- [sql] sql_set_user escaped user --> 'mpulis'
- rlm_sql (sql): Reserving sql socket id: 4
- [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'mpulis' ORDER BY id
- [sql] User found in radcheck table
- [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'mpulis' ORDER BY id
- [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'mpulis' ORDER BY priority
- rlm_sql (sql): Released sql socket id: 4
- ++[sql] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] WARNING: Auth-Type already set. Not setting to PAP
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type tls
- [tls] Initiate
- [tls] Start returned 1
- ++[eap] returns handled
- Sending Access-Challenge of id 10 to 10.0.0.148 port 38010
- EAP-Message = 0x01f300061920
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x6ef164376e027dce7fc7e3211faadd83
- Finished request 0.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=11, length=376
- User-Name = "mpulis"
- NAS-Identifier = "802aa849cdbe"
- NAS-Port = 0
- Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
- Calling-Station-Id = "FC-64-BA-6F-84-D3"
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- Connect-Info = "CONNECT 0Mbps 802.11b"
- EAP-Message = 0x02f300d01980000000c616030100c1010000bd0301d7df24e1a0a56f9ad55169bd0f6e3b48c7a16738358c6e44e7164eda57c232ca000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011
- State = 0x6ef164376e027dce7fc7e3211faadd83
- Message-Authenticator = 0x974d4204707d4dd6fabef8fe5a3b0247
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 243 length 208
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 198
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] (other): before/accept initialization
- [peap] TLS_accept: before/accept initialization
- [peap] <<< TLS 1.0 Handshake [length 00c1], ClientHello
- [peap] TLS_accept: SSLv3 read client hello A
- [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
- [peap] TLS_accept: SSLv3 write server hello A
- [peap] >>> TLS 1.0 Handshake [length 02c8], Certificate
- [peap] TLS_accept: SSLv3 write certificate A
- [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
- [peap] TLS_accept: SSLv3 write key exchange A
- [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
- [peap] TLS_accept: SSLv3 write server done A
- [peap] TLS_accept: SSLv3 flush data
- [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
- In SSL Handshake Phase
- In SSL Accept mode
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 11 to 10.0.0.148 port 38010
- EAP-Message = 0x01f4040019c0000004641603010039020000350301159ede8de37a5b6d95c3d52c5242b1333b4a4865f7c1d85855ac514466a094a600c01400000dff01000100000b00040300010216030102c80b0002c40002c10002be308202ba308201a2a003020102020900c41781cb3c74a97b300d06092a864886f70d01010b05003015311330110603550403130a64616c6f726164697573301e170d3136303830383135323332385a170d3236303830363135323332385a3015311330110603550403130a64616c6f72616469757330820122300d06092a864886f70d01010105000382010f003082010a0282010100abecf3ef9a4b7ec5962f3bf36dd360f7
- EAP-Message = 0x007594393f1f8c2454461a6f3085de51a74849b137926fe0281e5055dc5aba47113bb4335ffe007d43c9f9c7fe9f893fea12389f28f7768051fa9e5eb1a9e231d71163ec9f1355d1ac37d33c36fcfb84c7b9140ffb330d81d9637f0c7846ef00a2f4aeaa1dbd8c862dc6844567d7eb9dba53fce67695fd79127d52f876ae10f8f2b7e6cb0d323cec2217d1e45f70f714752c6239eb7431604d7e7dcf70da464a47800b35c89e8c3dd864915ffe3e3ef594a503f135a25ca9398bc86c8bca909470cda763f691dfb98d3403fa0832a7eac918d17eee0f85fc3669bc796933433b64c30b59d7d1961fa8f7564b3e5a5ed30203010001a30d300b30090603
- EAP-Message = 0x551d1304023000300d06092a864886f70d01010b050003820101001ba13f1deabd7ed0c72c1b1d314a6661b311b98710a546f9f08db630ee807fcde79453916d8cf928417b951edf1539da33cc2f258f50289a60a0c1821599c95b0c58abc161132e2767ff6912a53676d0198861f54d6bd9e0702b2a1a3278a36759f64b5b4fead818fe38974fca70f899785e7022e2afb5fdca14eb5310ca139d38074c102c8e7a6d4695bcaa5ec9ea64d5380fa3cf954140e37dbe03a2c4d6923d0542737699869ac8b27476eb59683d31f6e80ffd9687902107c1634108d9986ebeef2e71a34e73eb0bda03f35c045ae4a12beddfd49c0ede30082c3588a12f06b9
- EAP-Message = 0x10fd9447f57657248dfb3d5719eb5829862dd3f2bf0dd5a127fd3e7f8ed4160301014b0c00014703001741046b95ecef2eaa15f6b6c48122902901cebd4c35c75e21486e67b1840efb9d4befaf1c2069821280d00dcecb21c51c1055cda5006ced5e91d8e0b629a4d743ba3e01009ad9f3e879f1efd0820f6501cec43aa9baac8bbfde80d9b2a58e05449da3005c6d76fe237d1460cd381f9269fba66a8592bdc24d6da8d17c56c0008e6aa660b9c7a442e5aab19f388297fc78483258395e383d64d53b938eb9494581d25e97b5af33b1e44414bf9a3da6f5d45d7d29d32e1915f3c7fa21894664a8eadf02e44f7107ade6e5d95314d1f0572a44376f
- EAP-Message = 0x6d46f42f0bcdf943a2950e44
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x6ef164376f057dce7fc7e3211faadd83
- Finished request 1.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=12, length=174
- User-Name = "mpulis"
- NAS-Identifier = "802aa849cdbe"
- NAS-Port = 0
- Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
- Calling-Station-Id = "FC-64-BA-6F-84-D3"
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- Connect-Info = "CONNECT 0Mbps 802.11b"
- EAP-Message = 0x02f400061900
- State = 0x6ef164376f057dce7fc7e3211faadd83
- Message-Authenticator = 0x62a3b4c5aede7bf003cccb1e0a8b07eb
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 244 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 12 to 10.0.0.148 port 38010
- EAP-Message = 0x01f500741900d5e48a1f7e66aac0c0fb398fcbde526abb102f5db68f848dca8abf84a59d820846ef52dd5d6a25d86e1a4bf31f89066fad754d8b753bbf029d2d94762be42c43d6be520568134f61e75a181dd2480acf7cde5d0b7c334b66e0a2f921121505e7a460940fda16030100040e000000
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x6ef164376c047dce7fc7e3211faadd83
- Finished request 2.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=13, length=312
- User-Name = "mpulis"
- NAS-Identifier = "802aa849cdbe"
- NAS-Port = 0
- Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
- Calling-Station-Id = "FC-64-BA-6F-84-D3"
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- Connect-Info = "CONNECT 0Mbps 802.11b"
- EAP-Message = 0x02f5009019800000008616030100461000004241047fc9e724d774e2ab7f1e39c17cbc5c25fddaa046075c1dcbdc35cf2902e460306bafdf870682372f011c1e11675bef0a5aeca534124fddff6bdcc37f2dd274e014030100010116030100302fe0e3005895a075ff1b6ef61289bd048e3726e3d571199511df7316f7c5ba96a13a30e065bc07936b3dfa66a06c3e57
- State = 0x6ef164376c047dce7fc7e3211faadd83
- Message-Authenticator = 0xbdc7c8775b819b8a259ea86852773ab9
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 245 length 144
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 134
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
- [peap] TLS_accept: SSLv3 read client key exchange A
- [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] <<< TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: SSLv3 read finished A
- [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] TLS_accept: SSLv3 write change cipher spec A
- [peap] >>> TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: SSLv3 write finished A
- [peap] TLS_accept: SSLv3 flush data
- [peap] (other): SSL negotiation finished successfully
- SSL Connection Established
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 13 to 10.0.0.148 port 38010
- EAP-Message = 0x01f6004119001403010001011603010030cedd8b4bba8064fb9d7c489a3ac1ad23120a3b00f412096dde890001cb1d0980106333b684c3dc903ee647f1fdb0e77c
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x6ef164376d077dce7fc7e3211faadd83
- Finished request 3.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=14, length=174
- User-Name = "mpulis"
- NAS-Identifier = "802aa849cdbe"
- NAS-Port = 0
- Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
- Calling-Station-Id = "FC-64-BA-6F-84-D3"
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- Connect-Info = "CONNECT 0Mbps 802.11b"
- EAP-Message = 0x02f600061900
- State = 0x6ef164376d077dce7fc7e3211faadd83
- Message-Authenticator = 0xcc747caaf686edc9e3749a401f6643f9
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 246 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake is finished
- [peap] eaptls_verify returned 3
- [peap] eaptls_process returned 3
- [peap] EAPTLS_SUCCESS
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state TUNNEL ESTABLISHED
- ++[eap] returns handled
- Sending Access-Challenge of id 14 to 10.0.0.148 port 38010
- EAP-Message = 0x01f7002b19001703010020980c7a62f9ec1a9c50a9c66f7bffbdac261cacf010ad31bd05ec24487712be9e
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x6ef164376a067dce7fc7e3211faadd83
- Finished request 4.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=15, length=211
- User-Name = "mpulis"
- NAS-Identifier = "802aa849cdbe"
- NAS-Port = 0
- Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
- Calling-Station-Id = "FC-64-BA-6F-84-D3"
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- Connect-Info = "CONNECT 0Mbps 802.11b"
- EAP-Message = 0x02f7002b190017030100202c4c5d188d076a67df3781394306983fc0726938b7ee6cd1aee3949849998819
- State = 0x6ef164376a067dce7fc7e3211faadd83
- Message-Authenticator = 0x94f68dc55421fc6ed5e78ad052ea5f3f
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 247 length 43
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state WAITING FOR INNER IDENTITY
- [peap] Identity - mpulis
- [peap] Got inner identity 'mpulis'
- [peap] Setting default EAP type for tunneled EAP session.
- [peap] Got tunneled request
- EAP-Message = 0x02f7000b016d70756c6973
- server {
- [peap] Setting User-Name to mpulis
- Sending tunneled request
- EAP-Message = 0x02f7000b016d70756c6973
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "mpulis"
- server inner-tunnel {
- # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 247 length 11
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type mschapv2
- rlm_eap_mschapv2: Issuing Challenge
- ++[eap] returns handled
- } # server inner-tunnel
- [peap] Got tunneled reply code 11
- EAP-Message = 0x01f800201a01f8001b10d6a21847760cc141a52a618be2566ad16d70756c6973
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x8061cab68099d075fa393c754cfb8c72
- [peap] Got tunneled reply RADIUS code 11
- EAP-Message = 0x01f800201a01f8001b10d6a21847760cc141a52a618be2566ad16d70756c6973
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x8061cab68099d075fa393c754cfb8c72
- [peap] Got tunneled Access-Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 15 to 10.0.0.148 port 38010
- EAP-Message = 0x01f8004b19001703010040d9f99058d8fac243a812fec1575a8d0916e77d7daf0de6c372ddc5954f65af760b52f04184de013ee59634a27f651f3bd328789303fa041dcb0a4fa7667c5c44
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x6ef164376b097dce7fc7e3211faadd83
- Finished request 5.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=16, length=275
- User-Name = "mpulis"
- NAS-Identifier = "802aa849cdbe"
- NAS-Port = 0
- Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
- Calling-Station-Id = "FC-64-BA-6F-84-D3"
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- Connect-Info = "CONNECT 0Mbps 802.11b"
- EAP-Message = 0x02f8006b190017030100605c829a6bc84a9da0845e64d3c887b7387dbbfd3abd6f41d828f89892921f3e963d66516ff725d243e46ff657515b071724bf292c684344b1780d7ae647dd9bfed7dbcc8b0e1877f52d5bc771c728debe1eca0e1e88737cd878487c512851e07a
- State = 0x6ef164376b097dce7fc7e3211faadd83
- Message-Authenticator = 0x513117f91e962d5985ff620c89c37955
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 248 length 107
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state phase2
- [peap] EAP type mschapv2
- [peap] Got tunneled request
- EAP-Message = 0x02f800411a02f8003c3188fbb21e55bc94a48b7f5e93b5724caf00000000000000007036de056d4798212ef17d1f05e36f361bc40dd2b7dc1f4c006d70756c6973
- server {
- [peap] Setting User-Name to mpulis
- Sending tunneled request
- EAP-Message = 0x02f800411a02f8003c3188fbb21e55bc94a48b7f5e93b5724caf00000000000000007036de056d4798212ef17d1f05e36f361bc40dd2b7dc1f4c006d70756c6973
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "mpulis"
- State = 0x8061cab68099d075fa393c754cfb8c72
- server inner-tunnel {
- # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 248 length 65
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- ++[expiration] returns noop
- ++[logintime] returns noop
- ++[pap] returns noop
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/mschapv2
- [eap] processing type mschapv2
- [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
- [mschapv2] +- entering group MS-CHAP {...}
- [mschap] No Cleartext-Password configured. Cannot create LM-Password.
- [mschap] No Cleartext-Password configured. Cannot create NT-Password.
- [mschap] Creating challenge hash with username: mpulis
- [mschap] Told to do MS-CHAPv2 for mpulis with NT-Password
- [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
- [mschap] FAILED: MS-CHAP2-Response is incorrect
- ++[mschap] returns reject
- [eap] Freeing handler
- ++[eap] returns reject
- Failed to authenticate the user.
- } # server inner-tunnel
- [peap] Got tunneled reply code 3
- MS-CHAP-Error = "\370E=691 R=1"
- EAP-Message = 0x04f80004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Got tunneled reply RADIUS code 3
- MS-CHAP-Error = "\370E=691 R=1"
- EAP-Message = 0x04f80004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Tunneled authentication was rejected.
- [peap] FAILURE
- ++[eap] returns handled
- Sending Access-Challenge of id 16 to 10.0.0.148 port 38010
- EAP-Message = 0x01f9002b190017030100200f52a08fd652c4a9fbebbb2cb905b70e2467986283ad506c0780cb9477662f84
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x6ef1643768087dce7fc7e3211faadd83
- Finished request 6.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 10.0.0.148 port 38010, id=17, length=211
- User-Name = "mpulis"
- NAS-Identifier = "802aa849cdbe"
- NAS-Port = 0
- Called-Station-Id = "80-2A-A8-4A-CD-BE:Seminary"
- Calling-Station-Id = "FC-64-BA-6F-84-D3"
- Framed-MTU = 1400
- NAS-Port-Type = Wireless-802.11
- Connect-Info = "CONNECT 0Mbps 802.11b"
- EAP-Message = 0x02f9002b19001703010020b8146776d898d2169bb58ff6b946023085539eddd7a38ec2dde989645cad8d41
- State = 0x6ef1643768087dce7fc7e3211faadd83
- Message-Authenticator = 0x28f89b3e98662dccbf5b3fe77e1e8f39
- # Executing section authorize from file /etc/freeradius/sites-enabled/default
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[digest] returns noop
- [suffix] No '@' in User-Name = "mpulis", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 249 length 43
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Peap state send tlv failure
- [peap] Received EAP-TLV response.
- [peap] The users session was previously rejected: returning reject (again.)
- [peap] *** This means you need to read the PREVIOUS messages in the debug output
- [peap] *** to find out the reason why the user was rejected.
- [peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
- [peap] *** what went wrong, and how to fix the problem.
- [eap] Handler failed in EAP/peap
- [eap] Failed in EAP select
- ++[eap] returns invalid
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- # Executing group from file /etc/freeradius/sites-enabled/default
- +- entering group REJECT {...}
- [sql] expand: %{User-Name} -> mpulis
- [sql] sql_set_user escaped user --> 'mpulis'
- [sql] expand: %{User-Password} ->
- [sql] ... expanding second conditional
- [sql] expand: %{Chap-Password} ->
- [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'mpulis', '', 'Access-Reject', '2016-08-09 13:32:03')
- rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'mpulis', '', 'Access-Reject', '2016-08-09 13:32:03')
- rlm_sql (sql): Reserving sql socket id: 3
- rlm_sql (sql): Released sql socket id: 3
- ++[sql] returns ok
- [attr_filter.access_reject] expand: %{User-Name} -> mpulis
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] returns updated
- Delaying reject of request 7 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 7
- Sending Access-Reject of id 17 to 10.0.0.148 port 38010
- EAP-Message = 0x04f90004
- Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 3.8 seconds.
- Cleaning up request 0 ID 10 with timestamp +28
- Cleaning up request 1 ID 11 with timestamp +28
- Cleaning up request 2 ID 12 with timestamp +28
- Cleaning up request 3 ID 13 with timestamp +28
- Cleaning up request 4 ID 14 with timestamp +28
- Cleaning up request 5 ID 15 with timestamp +28
- Cleaning up request 6 ID 16 with timestamp +28
- Waking up in 1.0 seconds.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement