Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu, built on Mar 31 2010 at 00:14:28
- Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
- There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
- PARTICULAR PURPOSE.
- You may redistribute copies of FreeRADIUS under the terms of the
- GNU General Public License v2.
- Starting - reading configuration files ...
- including configuration file /etc/raddb/radiusd.conf
- including configuration file /etc/raddb/proxy.conf
- including configuration file /etc/raddb/clients.conf
- including files in directory /etc/raddb/modules/
- including configuration file /etc/raddb/modules/expiration
- including configuration file /etc/raddb/modules/files
- including configuration file /etc/raddb/modules/mac2vlan
- including configuration file /etc/raddb/modules/pap
- including configuration file /etc/raddb/modules/expr
- including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
- including configuration file /etc/raddb/modules/always
- including configuration file /etc/raddb/modules/policy
- including configuration file /etc/raddb/modules/perl
- including configuration file /etc/raddb/modules/sradutmp
- including configuration file /etc/raddb/modules/digest
- including configuration file /etc/raddb/modules/realm
- including configuration file /etc/raddb/modules/otp
- including configuration file /etc/raddb/modules/linelog
- including configuration file /etc/raddb/modules/chap
- including configuration file /etc/raddb/modules/attr_filter
- including configuration file /etc/raddb/modules/checkval
- including configuration file /etc/raddb/modules/echo
- including configuration file /etc/raddb/modules/mac2ip
- including configuration file /etc/raddb/modules/acct_unique
- including configuration file /etc/raddb/modules/unix
- including configuration file /etc/raddb/modules/ippool
- including configuration file /etc/raddb/modules/detail.log
- including configuration file /etc/raddb/modules/radutmp
- including configuration file /etc/raddb/modules/detail.example.com
- including configuration file /etc/raddb/modules/logintime
- including configuration file /etc/raddb/modules/preprocess
- including configuration file /etc/raddb/modules/ldap
- including configuration file /etc/raddb/modules/mschap
- including configuration file /etc/raddb/modules/passwd
- including configuration file /etc/raddb/modules/counter
- including configuration file /etc/raddb/modules/detail
- including configuration file /etc/raddb/modules/pam
- including configuration file /etc/raddb/modules/exec
- including configuration file /etc/raddb/modules/inner-eap
- including configuration file /etc/raddb/modules/smbpasswd
- including configuration file /etc/raddb/modules/attr_rewrite
- including configuration file /etc/raddb/modules/sql_log
- including configuration file /etc/raddb/modules/etc_group
- including configuration file /etc/raddb/modules/wimax
- including configuration file /etc/raddb/modules/smsotp
- including configuration file /etc/raddb/modules/cui
- including configuration file /etc/raddb/eap.conf
- including configuration file /etc/raddb/policy.conf
- including files in directory /etc/raddb/sites-enabled/
- including configuration file /etc/raddb/sites-enabled/inner-tunnel
- including configuration file /etc/raddb/sites-enabled/default
- including configuration file /etc/raddb/sites-enabled/control-socket
- group = radiusd
- user = radiusd
- including dictionary file /etc/raddb/dictionary
- main {
- prefix = "/usr"
- localstatedir = "/var"
- logdir = "/var/log/radius"
- libdir = "/usr/lib64/freeradius"
- radacctdir = "/var/log/radius/radacct"
- hostname_lookups = no
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- allow_core_dumps = no
- pidfile = "/var/run/radiusd/radiusd.pid"
- checkrad = "/usr/sbin/checkrad"
- debug_level = 0
- proxy_requests = yes
- log {
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- }
- radiusd: #### Loading Realms and Home Servers ####
- proxy server {
- retry_delay = 5
- retry_count = 3
- default_fallback = no
- dead_time = 120
- wake_all_if_all_dead = no
- }
- home_server localhost {
- ipaddr = 127.0.0.1
- port = 1812
- type = "auth"
- secret = "testing123"
- response_window = 20
- max_outstanding = 65536
- require_message_authenticator = no
- zombie_period = 40
- status_check = "status-server"
- ping_interval = 30
- check_interval = 30
- num_answers_to_alive = 3
- num_pings_to_alive = 3
- revive_interval = 120
- status_check_timeout = 4
- irt = 2
- mrt = 16
- mrc = 5
- mrd = 30
- }
- home_server_pool my_auth_failover {
- type = fail-over
- home_server = localhost
- }
- realm example.com {
- auth_pool = my_auth_failover
- }
- realm LOCAL {
- }
- radiusd: #### Loading Clients ####
- client localhost {
- ipaddr = 127.0.0.1
- require_message_authenticator = no
- secret = "testing123"
- nastype = "other"
- }
- client 192.168.0.0/16 {
- require_message_authenticator = no
- shortname = "wirelessNetwork_802_1x"
- }
- client 192.168.47.18 {
- require_message_authenticator = no
- shortname = "VE_WIRELESS__3F_OPS"
- }
- client 192.168.47.19 {
- require_message_authenticator = no
- shortname = "VE_WIRELESS_ROOT"
- }
- client 192.168.49.224 {
- require_message_authenticator = no
- shortname = "VE_WIRELESS_ROOT"
- }
- radiusd: #### Instantiating modules ####
- instantiate {
- Module: Linked to module rlm_exec
- Module: Instantiating exec
- exec {
- wait = no
- input_pairs = "request"
- shell_escape = yes
- }
- Module: Linked to module rlm_expr
- Module: Instantiating expr
- Module: Linked to module rlm_expiration
- Module: Instantiating expiration
- expiration {
- reply-message = "Password Has Expired "
- }
- Module: Linked to module rlm_logintime
- Module: Instantiating logintime
- logintime {
- reply-message = "You are calling outside your allowed timespan "
- minimum-timeout = 60
- }
- }
- radiusd: #### Loading Virtual Servers ####
- server inner-tunnel {
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Linked to module rlm_pap
- Module: Instantiating pap
- pap {
- encryption_scheme = "auto"
- auto_header = no
- }
- Module: Linked to module rlm_chap
- Module: Instantiating chap
- Module: Linked to module rlm_mschap
- Module: Instantiating mschap
- mschap {
- use_mppe = yes
- require_encryption = no
- require_strong = no
- with_ntdomain_hack = no
- }
- Module: Linked to module rlm_unix
- Module: Instantiating unix
- unix {
- radwtmp = "/var/log/radius/radwtmp"
- }
- Module: Linked to module rlm_ldap
- Module: Instantiating ldap
- ldap {
- server = "ldap.sacta.videoegg.com"
- port = 389
- password = "*******"
- identity = "cn=directory manager"
- net_timeout = 1
- timeout = 4
- timelimit = 3
- tls_mode = no
- start_tls = no
- tls_require_cert = "allow"
- tls {
- start_tls = no
- require_cert = "allow"
- }
- basedn = "ou=People,dc=videoegg,dc=com"
- filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
- base_filter = "(objectclass=radiusprofile)"
- auto_header = no
- access_attr_used_for_allow = yes
- groupname_attribute = "cn"
- groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
- dictionary_mapping = "/etc/raddb/ldap.attrmap"
- ldap_debug = 0
- ldap_connections_number = 5
- compare_check_items = no
- do_xlat = yes
- set_auth_type = yes
- }
- rlm_ldap: Registering ldap_groupcmp for Ldap-Group
- rlm_ldap: Registering ldap_xlat with xlat_name ldap
- rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
- rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
- rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
- rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
- rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
- rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
- rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
- rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
- rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
- rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
- rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
- rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
- rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
- rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
- rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
- rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
- rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
- rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
- rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
- rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
- rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
- rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
- rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
- rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
- rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
- rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
- rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
- rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
- rlm_ldap: LDAP radiusClass mapped to RADIUS Class
- rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
- rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
- rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
- rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
- rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
- rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
- rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
- rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
- rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
- rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
- rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
- rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
- rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
- rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
- rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
- conns: 0x1e661f0
- Module: Linked to module rlm_eap
- Module: Instantiating eap
- eap {
- default_eap_type = "md5"
- timer_expire = 60
- ignore_unknown_eap_types = no
- cisco_accounting_username_bug = no
- max_sessions = 2048
- }
- Module: Linked to sub-module rlm_eap_md5
- Module: Instantiating eap-md5
- Module: Linked to sub-module rlm_eap_leap
- Module: Instantiating eap-leap
- Module: Linked to sub-module rlm_eap_gtc
- Module: Instantiating eap-gtc
- gtc {
- challenge = "Password: "
- auth_type = "PAP"
- }
- Module: Linked to sub-module rlm_eap_tls
- Module: Instantiating eap-tls
- tls {
- rsa_key_exchange = no
- dh_key_exchange = yes
- rsa_key_length = 512
- dh_key_length = 512
- verify_depth = 0
- pem_file_type = yes
- private_key_file = "/etc/raddb/certs/server.pem"
- certificate_file = "/etc/raddb/certs/server.pem"
- CA_file = "/etc/raddb/certs/ca.pem"
- private_key_password = "********"
- dh_file = "/etc/raddb/certs/dh"
- random_file = "/etc/raddb/certs/random"
- fragment_size = 1024
- include_length = yes
- check_crl = no
- cipher_list = "DEFAULT"
- make_cert_command = "/etc/raddb/certs/bootstrap"
- cache {
- enable = no
- lifetime = 24
- max_entries = 255
- }
- }
- Module: Linked to sub-module rlm_eap_ttls
- Module: Instantiating eap-ttls
- ttls {
- default_eap_type = "md5"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- virtual_server = "inner-tunnel"
- include_length = yes
- }
- Module: Linked to sub-module rlm_eap_peap
- Module: Instantiating eap-peap
- peap {
- default_eap_type = "mschapv2"
- copy_request_to_tunnel = no
- use_tunneled_reply = no
- proxy_tunneled_request_as_eap = yes
- virtual_server = "inner-tunnel"
- }
- Module: Linked to sub-module rlm_eap_mschapv2
- Module: Instantiating eap-mschapv2
- mschapv2 {
- with_ntdomain_hack = no
- }
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_realm
- Module: Instantiating suffix
- realm suffix {
- format = "suffix"
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- Module: Linked to module rlm_files
- Module: Instantiating files
- files {
- usersfile = "/etc/raddb/users"
- acctusersfile = "/etc/raddb/acct_users"
- preproxy_usersfile = "/etc/raddb/preproxy_users"
- compat = "no"
- }
- Module: Checking session {...} for more modules to load
- Module: Linked to module rlm_radutmp
- Module: Instantiating radutmp
- radutmp {
- filename = "/var/log/radius/radutmp"
- username = "%{User-Name}"
- case_sensitive = yes
- check_with_nas = yes
- perm = 384
- callerid = yes
- }
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- Module: Linked to module rlm_attr_filter
- Module: Instantiating attr_filter.access_reject
- attr_filter attr_filter.access_reject {
- attrsfile = "/etc/raddb/attrs.access_reject"
- key = "%{User-Name}"
- }
- } # modules
- } # server
- server {
- modules {
- Module: Checking authenticate {...} for more modules to load
- Module: Checking authorize {...} for more modules to load
- Module: Linked to module rlm_preprocess
- Module: Instantiating preprocess
- preprocess {
- huntgroups = "/etc/raddb/huntgroups"
- hints = "/etc/raddb/hints"
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- with_alvarion_vsa_hack = no
- }
- Module: Checking preacct {...} for more modules to load
- Module: Linked to module rlm_acct_unique
- Module: Instantiating acct_unique
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
- }
- Module: Checking accounting {...} for more modules to load
- Module: Linked to module rlm_detail
- Module: Instantiating detail
- detail {
- detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
- header = "%t"
- detailperm = 384
- dirperm = 493
- locking = no
- log_packet_header = no
- }
- Module: Instantiating attr_filter.accounting_response
- attr_filter attr_filter.accounting_response {
- attrsfile = "/etc/raddb/attrs.accounting_response"
- key = "%{User-Name}"
- }
- Module: Checking session {...} for more modules to load
- Module: Checking post-proxy {...} for more modules to load
- Module: Checking post-auth {...} for more modules to load
- } # modules
- } # server
- radiusd: #### Opening IP addresses and Ports ####
- listen {
- type = "auth"
- ipaddr = *
- port = 0
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- listen {
- type = "control"
- listen {
- socket = "/var/run/radiusd/radiusd.sock"
- }
- }
- Listening on authentication address * port 1812
- Listening on accounting address * port 1813
- Listening on command file /var/run/radiusd/radiusd.sock
- Listening on proxy address * port 1814
- Ready to process requests.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=243, length=134
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0x3c12df75de804d9540d100dca6cfc4be
- EAP-Message = 0x0202000d016b706c696d61636b
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 2 length 13
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[unix] returns notfound
- ++[files] returns noop
- [ldap] performing user authorization for kplimack
- [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
- [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
- rlm_ldap: ldap_get_conn: Checking Id: 0
- rlm_ldap: ldap_get_conn: Got Id: 0
- rlm_ldap: attempting LDAP reconnection
- rlm_ldap: (re)connect to ldap.sacta.videoegg.com:389, authentication 0
- rlm_ldap: bind as cn=directory manager/7fjdkslL to ldap.sacta.videoegg.com:389
- rlm_ldap: waiting for bind result ...
- rlm_ldap: Bind was successful
- rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
- [ldap] looking for check items in directory...
- rlm_ldap: userPassword -> Cleartext-Password == "{SSHA}xQjX16XbCUSXpiR2yu*******************"
- [ldap] looking for reply items in directory...
- [ldap] user kplimack authorized to use remote access
- rlm_ldap: ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] Found existing Auth-Type, not changing it.
- ++[pap] returns noop
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type md5
- rlm_eap_md5: Issuing Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 243 to 192.168.49.195 port 1645
- EAP-Message = 0x010300160410fce761a1f17bcaeddfb628f869c35826
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f50590ef8ee35deec2d0b0064
- Finished request 0.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=244, length=145
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0xa00fb1de35224855b28cd7578c2c4c41
- EAP-Message = 0x020300060319
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f50590ef8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 3 length 6
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[unix] returns notfound
- ++[files] returns noop
- [ldap] performing user authorization for kplimack
- [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
- [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
- rlm_ldap: ldap_get_conn: Checking Id: 0
- rlm_ldap: ldap_get_conn: Got Id: 0
- rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
- [ldap] looking for check items in directory...
- rlm_ldap: userPassword -> Cleartext-Password == "{SSHA}xQjX16XbCUSXpiR2yuzULtQbFbHG410Iy2yyKQ=="
- [ldap] looking for reply items in directory...
- [ldap] user kplimack authorized to use remote access
- rlm_ldap: ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] Found existing Auth-Type, not changing it.
- ++[pap] returns noop
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP NAK
- [eap] EAP-NAK asked for EAP-Type/peap
- [eap] processing type tls
- [tls] Initiate
- [tls] Start returned 1
- ++[eap] returns handled
- Sending Access-Challenge of id 244 to 192.168.49.195 port 1645
- EAP-Message = 0x010400061920
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f515e13f8ee35deec2d0b0064
- Finished request 1.
- Going to the next request
- Waking up in 4.9 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=245, length=219
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0x049c5c77538ce275b5cf89f9ed01a352
- EAP-Message = 0x0204005019800000004616030100410100003d03014c1bb364300eb1ea0fa4f21ed78e171697cdd64c2648fdfbd02a169e704c487b00001600040005000a000900640062000300060013001200630100
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f515e13f8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 4 length 80
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 70
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] (other): before/accept initialization
- [peap] TLS_accept: before/accept initialization
- [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
- [peap] TLS_accept: SSLv3 read client hello A
- [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
- [peap] TLS_accept: SSLv3 write server hello A
- [peap] >>> TLS 1.0 Handshake [length 0845], Certificate
- [peap] TLS_accept: SSLv3 write certificate A
- [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
- [peap] TLS_accept: SSLv3 write server done A
- [peap] TLS_accept: SSLv3 flush data
- [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
- In SSL Handshake Phase
- In SSL Accept mode
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 245 to 192.168.49.195 port 1645
- EAP-Message = 0x0105040019c000000882160301002a0200002603014c1b51d39d4cfafdd172abdf5c6b5d12a41084c157cc58c78d82564dc5ae1c4b0000040016030108450b00084100083e00039f3082039b30820283a003020102020101300d06092a864886f70d010104050030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d301e170d3130
- EAP-Message = 0x303631373135343033355a170d3131303631373135343033355a307b310b3009060355040613025553310b300906035504081302434131193017060355040a1310566964656f4567672e636f6d20496e633121301f060355040313186c696c61632e73616364612e766964656f6567672e636f6d3121301f06092a864886f70d0109011612383032317840766964656f6567672e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c232436dc6f7dc02c892246377f74c34b452c7a8dc62b5310183ae22af0168344b8dd30c1067ef515d89c4355325f272ef0782540530408c5489e66d1f81e4504a40e5fb4a
- EAP-Message = 0x475816ccc2eca5ced34156a92c5031bba69f3031dddf3eae0b031e7004bf5498025fccdbf70e30bf255d2f18749f1e4c90d41e1d5758f6609ae8d4e4273cf78f16d10c68d0550db80a7afbc5cdd3316bc9fa28265611e83be4a0dd0510b075e5b53e5e829c9c0dc708ef8d713ddaca8540c71096d5633c7538791cfeed091b0ac620f5f3139dc2a725a90a26416bd32cf0c82d4878fd18b017f622ec767a36de300ddb6a02cbcd82aba4ff7a9c96c7e5d5744598e49c58d64d0c1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100ce7df71fd00adb62db22b78c67b76704
- EAP-Message = 0xfa067243083fa312bd0e3c1304ffe48ffdefec43b3bac93d4bd31a8cc8e7e96e496a1e1ba0806a70b9a9b06175e787a781e3023adfaa28635c3e16cd22bfd4cb07e02a3a82ee7d405f20d89d7af820ae998cd0d1c1ed090b8974315f65a032d132d1a1a4645851b1de1eca693540ac143285d25549c951ef3e2f2801a54825eb771f4cef3051468c057311ba307b53d1ee41fbc5e043ead40189463866db5d8c21c75f1f1b3320c928146a3a5c207f6de9d539202d6b434cb8a07930c5d4fbe7d2d7291fedb02b7b8417f57477c90871ee3e08a22b3d687c8facf8a333016e4280b327dfbd521da52e421a507134bc3d000499308204953082037da003
- EAP-Message = 0x020102020900e566a8866b4d
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f525f13f8ee35deec2d0b0064
- Finished request 2.
- Going to the next request
- Waking up in 4.4 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=246, length=145
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0x827075c42448fd036310ed5765c83848
- EAP-Message = 0x020500061900
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f525f13f8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 5 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 246 to 192.168.49.195 port 1645
- EAP-Message = 0x010603fc19405ed6300d06092a864886f70d010105050030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d301e170d3130303631373135343033345a170d3131303631373135343033345a30818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31
- EAP-Message = 0x193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cee1e5ece7dca84af20dfb7c886241cbc28c63ac5f54ff0710f5e0089c6dd87e186f91a5a4a4e0f199503e4f7055026171eeed0452aa84c75f173883be976ead7bbdf419826e2cb28e8b10a481aea6397fd2931e5d1e607a384bb6c1461f9b31e8245385d37f1377766d07907e22c6118698993f3b946ae71f8c499b4160bdad3b65
- EAP-Message = 0xd12d889e22cdd5f0bdbdbd62b921730f517bba1a56effc0097cc22bebcc71da8f32967cbd90b1bc8d613e7ad34679d7861850932121091dea807ea039714f072135819a98811c4cc5ef4d6b3d8b8f6ab7e5ecd5255e8de4ce460e03dbc14d7c3a1e480fb1d5923b651300eaa492b57589a6ad25cb31cf968c8fd9aacd9e70203010001a381f53081f2301d0603551d0e0416041450e8cbfd41e27a4bd3bfb7be8f5a4b8e7e3a362f3081c20603551d230481ba3081b7801450e8cbfd41e27a4bd3bfb7be8f5a4b8e7e3a362fa18193a4819030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e
- EAP-Message = 0x204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d820900e566a8866b4d5ed6300c0603551d13040530030101ff300d06092a864886f70d010105050003820101002d61dac5153dbaa337dc137574aadd1414c8c378865491c1ace025a68b35f7e62d555abcdfd22e69de7551837b5fdff619a472ebd5ab95e0e9233aa8bd33aad1e65b385aa54689a62e3d2fc456cd5b8e62a584abce232204951d2acac2d8c3b0a2e778cd539a509605fac4
- EAP-Message = 0x7b14e228db99bfa6
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f535c13f8ee35deec2d0b0064
- Finished request 3.
- Going to the next request
- Waking up in 4.3 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=247, length=145
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0x393d1ce3702d6934dd5ec7ceeab8907a
- EAP-Message = 0x020600061900
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f535c13f8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 6 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake fragment handler
- [peap] eaptls_verify returned 1
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 247 to 192.168.49.195 port 1645
- EAP-Message = 0x0107009c1900884d62b6e26d0a6e79ddce5d95759e27022a8fb590858e5cde413ced7a79e777e7cb5f2fea42f1f32d5500a4f69d1ae5797cb4e57efc5c83ba25fb2c0b96e7737dab3a4fa58bea8bdeb813d26db1d03133b23545bb2dd821ba922a4e653c18520512eec23237f0eac704afc9b04385d44b3ff2bf69c0583714cfa5fbcacdbbff1d3911f8011a3a1cc3fb2a56e416030100040e000000
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f545d13f8ee35deec2d0b0064
- Finished request 4.
- Going to the next request
- Waking up in 4.3 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=248, length=461
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0xa486c62b9444509b8c77f95cfcd82d09
- EAP-Message = 0x0207014019800000013616030101061000010201003fd5af9a356a0d03133feb1d98f01c67e3cab908104aa6ab0f517cd161e0fdd6304321cefef441e35c6c6660e5d92b6a12ca537a5a5bd318b99a31430f9810421b2268d465a968ba42d97a72ee740c8ebb437275342eef5cf429ffc4169704a4d2d8556a62e0c85f7a946f1dd5c28fdab4c06ffd590ea91f24de52839d332b04f2fbd54a7c1d002a91da822c51b08757fd13e7b50712f6bea649d4faa4597cfaccacff2f91f56e64158d2f066bf6755767f45c05c8730fb1c0b39b652c7a9502adf48d305c62d4edbc06cd2c2fd5d197072556eecf80a361f0b351e330b23d68c1e47a3e137b2322
- EAP-Message = 0x8f9c0c67331e89c36e98742faf55c4a21afe9e827dd67aca1403010001011603010020e4f8bb2d78a2943d2625c95aea3a8d9ffddeab24c0164473450328621bdf5773
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f545d13f8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 7 length 253
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- TLS Length 310
- [peap] Length Included
- [peap] eaptls_verify returned 11
- [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
- [peap] TLS_accept: SSLv3 read client key exchange A
- [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] <<< TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: SSLv3 read finished A
- [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
- [peap] TLS_accept: SSLv3 write change cipher spec A
- [peap] >>> TLS 1.0 Handshake [length 0010], Finished
- [peap] TLS_accept: SSLv3 write finished A
- [peap] TLS_accept: SSLv3 flush data
- [peap] (other): SSL negotiation finished successfully
- SSL Connection Established
- [peap] eaptls_process returned 13
- [peap] EAPTLS_HANDLED
- ++[eap] returns handled
- Sending Access-Challenge of id 248 to 192.168.49.195 port 1645
- EAP-Message = 0x0108003119001403010001011603010020cde8957f577ce252cfa8daec7eb92a8ebb94d8264c3225ea2e0a40cd24fbe059
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f555213f8ee35deec2d0b0064
- Finished request 5.
- Going to the next request
- Waking up in 4.2 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=249, length=145
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0xb4838ac20ba1259abad43a006a15c75f
- EAP-Message = 0x020800061900
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f555213f8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 8 length 6
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] Received TLS ACK
- [peap] ACK handshake is finished
- [peap] eaptls_verify returned 3
- [peap] eaptls_process returned 3
- [peap] EAPTLS_SUCCESS
- ++[eap] returns handled
- Sending Access-Challenge of id 249 to 192.168.49.195 port 1645
- EAP-Message = 0x010900201900170301001569d2f263411405049be04c38d14628d0cfa0ee9471
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f565313f8ee35deec2d0b0064
- Finished request 6.
- Going to the next request
- Waking up in 4.2 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=250, length=175
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0x97b1d671d71b8d227b195046daf0ac48
- EAP-Message = 0x0209002419001703010019a1a98c55e1ded49be206901ca163d174d2955fb747d7b7b96b
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f565313f8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 9 length 36
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Identity - kplimack
- [peap] Got tunneled request
- EAP-Message = 0x0209000d016b706c696d61636b
- server {
- PEAP: Got tunneled identity of kplimack
- PEAP: Setting default EAP type for tunneled EAP session.
- PEAP: Setting User-Name to kplimack
- Sending tunneled request
- EAP-Message = 0x0209000d016b706c696d61636b
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "kplimack"
- server inner-tunnel {
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[unix] returns notfound
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 9 length 13
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- [ldap] performing user authorization for kplimack
- [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
- [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
- rlm_ldap: ldap_get_conn: Checking Id: 0
- rlm_ldap: ldap_get_conn: Got Id: 0
- rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
- [ldap] looking for check items in directory...
- rlm_ldap: userPassword -> Cleartext-Password == "{SSHA}xQjX16XbCUSXpiR2yuzULtQbFbHG410Iy2yyKQ=="
- [ldap] looking for reply items in directory...
- [ldap] user kplimack authorized to use remote access
- rlm_ldap: ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] Found existing Auth-Type, not changing it.
- ++[pap] returns noop
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] EAP Identity
- [eap] processing type mschapv2
- rlm_eap_mschapv2: Issuing Challenge
- ++[eap] returns handled
- } # server inner-tunnel
- [peap] Got tunneled reply code 11
- EAP-Message = 0x010a00221a010a001d1019b0d37f67359b607cdc262e3d2f82e36b706c696d61636b
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb3e10847b3eb1217ad835c77cfbf5d1b
- [peap] Got tunneled reply RADIUS code 11
- EAP-Message = 0x010a00221a010a001d1019b0d37f67359b607cdc262e3d2f82e36b706c696d61636b
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0xb3e10847b3eb1217ad835c77cfbf5d1b
- [peap] Got tunneled Access-Challenge
- ++[eap] returns handled
- Sending Access-Challenge of id 250 to 192.168.49.195 port 1645
- EAP-Message = 0x010a00391900170301002e2fab5e277ae1dd572fb2072d2154dbb6a7c2a541f6188ddde2b4ed0e1819dfc00cf9782a3bfae2b0c55669bf0f46
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f575013f8ee35deec2d0b0064
- Finished request 7.
- Going to the next request
- Waking up in 4.0 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=251, length=229
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0x351e32a034d78941983ddb991090dcd5
- EAP-Message = 0x020a005a1900170301004f500e902b47d7c5fe43f7961c800504a7921af706e95ad8c440e26dce8b27ae95e1d82352dfeeafd41b8ee1797755bad6e7afcd4818cf835dd08002867fc3b1b59b04f3416137f74c4b7857a51e1962
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f575013f8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 10 length 90
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] EAP type mschapv2
- [peap] Got tunneled request
- EAP-Message = 0x020a00431a020a003e31b3dd1d6031e4b0acfa4a775a0b6470a90000000000000000fd86baa47dd0b25673da61fdf8f2d02c433080680828f21d006b706c696d61636b
- server {
- PEAP: Setting User-Name to kplimack
- Sending tunneled request
- EAP-Message = 0x020a00431a020a003e31b3dd1d6031e4b0acfa4a775a0b6470a90000000000000000fd86baa47dd0b25673da61fdf8f2d02c433080680828f21d006b706c696d61636b
- FreeRADIUS-Proxied-To = 127.0.0.1
- User-Name = "kplimack"
- State = 0xb3e10847b3eb1217ad835c77cfbf5d1b
- server inner-tunnel {
- +- entering group authorize {...}
- ++[chap] returns noop
- ++[mschap] returns noop
- ++[unix] returns notfound
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- ++[control] returns noop
- [eap] EAP packet type response id 10 length 67
- [eap] No EAP Start, assuming it's an on-going EAP conversation
- ++[eap] returns updated
- ++[files] returns noop
- [ldap] performing user authorization for kplimack
- [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
- [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
- [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
- rlm_ldap: ldap_get_conn: Checking Id: 0
- rlm_ldap: ldap_get_conn: Got Id: 0
- rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
- [ldap] looking for check items in directory...
- rlm_ldap: userPassword -> Cleartext-Password == "{SSHA}xQjX16XbCUSXpiR2yuzULtQbFbHG410Iy2yyKQ=="
- [ldap] looking for reply items in directory...
- [ldap] user kplimack authorized to use remote access
- rlm_ldap: ldap_release_conn: Release Id: 0
- ++[ldap] returns ok
- ++[expiration] returns noop
- ++[logintime] returns noop
- [pap] Found existing Auth-Type, not changing it.
- ++[pap] returns noop
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/mschapv2
- [eap] processing type mschapv2
- [mschapv2] +- entering group MS-CHAP {...}
- [mschap] Told to do MS-CHAPv2 for kplimack with NT-Password
- [mschap] FAILED: MS-CHAP2-Response is incorrect
- ++[mschap] returns reject
- [eap] Freeing handler
- ++[eap] returns reject
- Failed to authenticate the user.
- } # server inner-tunnel
- [peap] Got tunneled reply code 3
- MS-CHAP-Error = "\nE=691 R=1"
- EAP-Message = 0x040a0004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Got tunneled reply RADIUS code 3
- MS-CHAP-Error = "\nE=691 R=1"
- EAP-Message = 0x040a0004
- Message-Authenticator = 0x00000000000000000000000000000000
- [peap] Tunneled authentication was rejected.
- [peap] FAILURE
- ++[eap] returns handled
- Sending Access-Challenge of id 251 to 192.168.49.195 port 1645
- EAP-Message = 0x010b00261900170301001b5b98d2fe31f3672f08250036a5b47e5f16778baefa7b600e93c7d1
- Message-Authenticator = 0x00000000000000000000000000000000
- State = 0x505a0a7f585113f8ee35deec2d0b0064
- Finished request 8.
- Going to the next request
- Waking up in 3.9 seconds.
- rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=252, length=177
- User-Name = "kplimack"
- Framed-MTU = 1400
- Called-Station-Id = "0027.0ded.dbe0"
- Calling-Station-Id = "001b.775d.c7cd"
- Service-Type = Login-User
- Message-Authenticator = 0xe8e71837a6298e56df174bf58986641b
- EAP-Message = 0x020b00261900170301001b0edb0091a830bcdcb28b39b2d2e164ae408fb813bf155f1c6b5e97
- NAS-Port-Type = Wireless-802.11
- NAS-Port = 528
- NAS-Port-Id = "528"
- State = 0x505a0a7f585113f8ee35deec2d0b0064
- NAS-IP-Address = 192.168.49.195
- NAS-Identifier = "ap"
- +- entering group authorize {...}
- ++[preprocess] returns ok
- ++[chap] returns noop
- ++[mschap] returns noop
- [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
- [suffix] No such realm "NULL"
- ++[suffix] returns noop
- [eap] EAP packet type response id 11 length 38
- [eap] Continuing tunnel setup.
- ++[eap] returns ok
- Found Auth-Type = EAP
- +- entering group authenticate {...}
- [eap] Request found, released from the list
- [eap] EAP/peap
- [eap] processing type peap
- [peap] processing EAP-TLS
- [peap] eaptls_verify returned 7
- [peap] Done initial handshake
- [peap] eaptls_process returned 7
- [peap] EAPTLS_OK
- [peap] Session established. Decoding tunneled attributes.
- [peap] Received EAP-TLV response.
- [peap] Had sent TLV failure. User was rejected earlier in this session.
- [eap] Handler failed in EAP/peap
- [eap] Failed in EAP select
- ++[eap] returns invalid
- Failed to authenticate the user.
- Using Post-Auth-Type Reject
- +- entering group REJECT {...}
- [attr_filter.access_reject] expand: %{User-Name} -> kplimack
- attr_filter: Matched entry DEFAULT at line 11
- ++[attr_filter.access_reject] returns updated
- Delaying reject of request 9 for 1 seconds
- Going to the next request
- Waking up in 0.9 seconds.
- Sending delayed reject for request 9
- Sending Access-Reject of id 252 to 192.168.49.195 port 1645
- EAP-Message = 0x040b0004
- Message-Authenticator = 0x00000000000000000000000000000000
- Waking up in 2.9 seconds.
- Cleaning up request 0 ID 243 with timestamp +17
- Cleaning up request 1 ID 244 with timestamp +18
- Waking up in 0.4 seconds.
- Cleaning up request 2 ID 245 with timestamp +18
- Cleaning up request 3 ID 246 with timestamp +18
- Cleaning up request 4 ID 247 with timestamp +19
- Cleaning up request 5 ID 248 with timestamp +19
- Cleaning up request 6 ID 249 with timestamp +19
- Waking up in 0.1 seconds.
- Cleaning up request 7 ID 250 with timestamp +19
- Waking up in 0.1 seconds.
- Cleaning up request 8 ID 251 with timestamp +19
- Waking up in 1.0 seconds.
- Cleaning up request 9 ID 252 with timestamp +19
- Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement