API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 31st, 2017
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.67 KB | None | 0 0
raw download clone embed print report
  1. FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu, built on Mar 31 2010 at 00:14:28
  2. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
  3. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  4. PARTICULAR PURPOSE.
  5. You may redistribute copies of FreeRADIUS under the terms of the
  6. GNU General Public License v2.
  7. Starting - reading configuration files ...
  8. including configuration file /etc/raddb/radiusd.conf
  9. including configuration file /etc/raddb/proxy.conf
  10. including configuration file /etc/raddb/clients.conf
  11. including files in directory /etc/raddb/modules/
  12. including configuration file /etc/raddb/modules/expiration
  13. including configuration file /etc/raddb/modules/files
  14. including configuration file /etc/raddb/modules/mac2vlan
  15. including configuration file /etc/raddb/modules/pap
  16. including configuration file /etc/raddb/modules/expr
  17. including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
  18. including configuration file /etc/raddb/modules/always
  19. including configuration file /etc/raddb/modules/policy
  20. including configuration file /etc/raddb/modules/perl
  21. including configuration file /etc/raddb/modules/sradutmp
  22. including configuration file /etc/raddb/modules/digest
  23. including configuration file /etc/raddb/modules/realm
  24. including configuration file /etc/raddb/modules/otp
  25. including configuration file /etc/raddb/modules/linelog
  26. including configuration file /etc/raddb/modules/chap
  27. including configuration file /etc/raddb/modules/attr_filter
  28. including configuration file /etc/raddb/modules/checkval
  29. including configuration file /etc/raddb/modules/echo
  30. including configuration file /etc/raddb/modules/mac2ip
  31. including configuration file /etc/raddb/modules/acct_unique
  32. including configuration file /etc/raddb/modules/unix
  33. including configuration file /etc/raddb/modules/ippool
  34. including configuration file /etc/raddb/modules/detail.log
  35. including configuration file /etc/raddb/modules/radutmp
  36. including configuration file /etc/raddb/modules/detail.example.com
  37. including configuration file /etc/raddb/modules/logintime
  38. including configuration file /etc/raddb/modules/preprocess
  39. including configuration file /etc/raddb/modules/ldap
  40. including configuration file /etc/raddb/modules/mschap
  41. including configuration file /etc/raddb/modules/passwd
  42. including configuration file /etc/raddb/modules/counter
  43. including configuration file /etc/raddb/modules/detail
  44. including configuration file /etc/raddb/modules/pam
  45. including configuration file /etc/raddb/modules/exec
  46. including configuration file /etc/raddb/modules/inner-eap
  47. including configuration file /etc/raddb/modules/smbpasswd
  48. including configuration file /etc/raddb/modules/attr_rewrite
  49. including configuration file /etc/raddb/modules/sql_log
  50. including configuration file /etc/raddb/modules/etc_group
  51. including configuration file /etc/raddb/modules/wimax
  52. including configuration file /etc/raddb/modules/smsotp
  53. including configuration file /etc/raddb/modules/cui
  54. including configuration file /etc/raddb/eap.conf
  55. including configuration file /etc/raddb/policy.conf
  56. including files in directory /etc/raddb/sites-enabled/
  57. including configuration file /etc/raddb/sites-enabled/inner-tunnel
  58. including configuration file /etc/raddb/sites-enabled/default
  59. including configuration file /etc/raddb/sites-enabled/control-socket
  60. group = radiusd
  61. user = radiusd
  62. including dictionary file /etc/raddb/dictionary
  63. main {
  64. prefix = "/usr"
  65. localstatedir = "/var"
  66. logdir = "/var/log/radius"
  67. libdir = "/usr/lib64/freeradius"
  68. radacctdir = "/var/log/radius/radacct"
  69. hostname_lookups = no
  70. max_request_time = 30
  71. cleanup_delay = 5
  72. max_requests = 1024
  73. allow_core_dumps = no
  74. pidfile = "/var/run/radiusd/radiusd.pid"
  75. checkrad = "/usr/sbin/checkrad"
  76. debug_level = 0
  77. proxy_requests = yes
  78. log {
  79. stripped_names = no
  80. auth = no
  81. auth_badpass = no
  82. auth_goodpass = no
  83. }
  84. security {
  85. max_attributes = 200
  86. reject_delay = 1
  87. status_server = yes
  88. }
  89. }
  90. radiusd: #### Loading Realms and Home Servers ####
  91. proxy server {
  92. retry_delay = 5
  93. retry_count = 3
  94. default_fallback = no
  95. dead_time = 120
  96. wake_all_if_all_dead = no
  97. }
  98. home_server localhost {
  99. ipaddr = 127.0.0.1
  100. port = 1812
  101. type = "auth"
  102. secret = "testing123"
  103. response_window = 20
  104. max_outstanding = 65536
  105. require_message_authenticator = no
  106. zombie_period = 40
  107. status_check = "status-server"
  108. ping_interval = 30
  109. check_interval = 30
  110. num_answers_to_alive = 3
  111. num_pings_to_alive = 3
  112. revive_interval = 120
  113. status_check_timeout = 4
  114. irt = 2
  115. mrt = 16
  116. mrc = 5
  117. mrd = 30
  118. }
  119. home_server_pool my_auth_failover {
  120. type = fail-over
  121. home_server = localhost
  122. }
  123. realm example.com {
  124. auth_pool = my_auth_failover
  125. }
  126. realm LOCAL {
  127. }
  128. radiusd: #### Loading Clients ####
  129. client localhost {
  130. ipaddr = 127.0.0.1
  131. require_message_authenticator = no
  132. secret = "testing123"
  133. nastype = "other"
  134. }
  135. client 192.168.0.0/16 {
  136. require_message_authenticator = no
  137. shortname = "wirelessNetwork_802_1x"
  138. }
  139. client 192.168.47.18 {
  140. require_message_authenticator = no
  141. shortname = "VE_WIRELESS__3F_OPS"
  142. }
  143. client 192.168.47.19 {
  144. require_message_authenticator = no
  145. shortname = "VE_WIRELESS_ROOT"
  146. }
  147. client 192.168.49.224 {
  148. require_message_authenticator = no
  149. shortname = "VE_WIRELESS_ROOT"
  150. }
  151. radiusd: #### Instantiating modules ####
  152. instantiate {
  153. Module: Linked to module rlm_exec
  154. Module: Instantiating exec
  155. exec {
  156. wait = no
  157. input_pairs = "request"
  158. shell_escape = yes
  159. }
  160. Module: Linked to module rlm_expr
  161. Module: Instantiating expr
  162. Module: Linked to module rlm_expiration
  163. Module: Instantiating expiration
  164. expiration {
  165. reply-message = "Password Has Expired "
  166. }
  167. Module: Linked to module rlm_logintime
  168. Module: Instantiating logintime
  169. logintime {
  170. reply-message = "You are calling outside your allowed timespan "
  171. minimum-timeout = 60
  172. }
  173. }
  174. radiusd: #### Loading Virtual Servers ####
  175. server inner-tunnel {
  176. modules {
  177. Module: Checking authenticate {...} for more modules to load
  178. Module: Linked to module rlm_pap
  179. Module: Instantiating pap
  180. pap {
  181. encryption_scheme = "auto"
  182. auto_header = no
  183. }
  184. Module: Linked to module rlm_chap
  185. Module: Instantiating chap
  186. Module: Linked to module rlm_mschap
  187. Module: Instantiating mschap
  188. mschap {
  189. use_mppe = yes
  190. require_encryption = no
  191. require_strong = no
  192. with_ntdomain_hack = no
  193. }
  194. Module: Linked to module rlm_unix
  195. Module: Instantiating unix
  196. unix {
  197. radwtmp = "/var/log/radius/radwtmp"
  198. }
  199. Module: Linked to module rlm_ldap
  200. Module: Instantiating ldap
  201. ldap {
  202. server = "ldap.sacta.videoegg.com"
  203. port = 389
  204. password = "*******"
  205. identity = "cn=directory manager"
  206. net_timeout = 1
  207. timeout = 4
  208. timelimit = 3
  209. tls_mode = no
  210. start_tls = no
  211. tls_require_cert = "allow"
  212. tls {
  213. start_tls = no
  214. require_cert = "allow"
  215. }
  216. basedn = "ou=People,dc=videoegg,dc=com"
  217. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  218. base_filter = "(objectclass=radiusprofile)"
  219. auto_header = no
  220. access_attr_used_for_allow = yes
  221. groupname_attribute = "cn"
  222. groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
  223. dictionary_mapping = "/etc/raddb/ldap.attrmap"
  224. ldap_debug = 0
  225. ldap_connections_number = 5
  226. compare_check_items = no
  227. do_xlat = yes
  228. set_auth_type = yes
  229. }
  230. rlm_ldap: Registering ldap_groupcmp for Ldap-Group
  231. rlm_ldap: Registering ldap_xlat with xlat_name ldap
  232. rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap
  233. rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
  234. rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
  235. rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
  236. rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
  237. rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
  238. rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
  239. rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
  240. rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
  241. rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
  242. rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
  243. rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
  244. rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
  245. rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
  246. rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
  247. rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
  248. rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
  249. rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
  250. rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
  251. rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
  252. rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
  253. rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
  254. rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
  255. rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
  256. rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
  257. rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
  258. rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
  259. rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
  260. rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
  261. rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
  262. rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
  263. rlm_ldap: LDAP radiusClass mapped to RADIUS Class
  264. rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
  265. rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
  266. rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
  267. rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
  268. rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
  269. rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
  270. rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
  271. rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
  272. rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
  273. rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
  274. rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
  275. rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
  276. rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
  277. rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
  278. rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
  279. conns: 0x1e661f0
  280. Module: Linked to module rlm_eap
  281. Module: Instantiating eap
  282. eap {
  283. default_eap_type = "md5"
  284. timer_expire = 60
  285. ignore_unknown_eap_types = no
  286. cisco_accounting_username_bug = no
  287. max_sessions = 2048
  288. }
  289. Module: Linked to sub-module rlm_eap_md5
  290. Module: Instantiating eap-md5
  291. Module: Linked to sub-module rlm_eap_leap
  292. Module: Instantiating eap-leap
  293. Module: Linked to sub-module rlm_eap_gtc
  294. Module: Instantiating eap-gtc
  295. gtc {
  296. challenge = "Password: "
  297. auth_type = "PAP"
  298. }
  299. Module: Linked to sub-module rlm_eap_tls
  300. Module: Instantiating eap-tls
  301. tls {
  302. rsa_key_exchange = no
  303. dh_key_exchange = yes
  304. rsa_key_length = 512
  305. dh_key_length = 512
  306. verify_depth = 0
  307. pem_file_type = yes
  308. private_key_file = "/etc/raddb/certs/server.pem"
  309. certificate_file = "/etc/raddb/certs/server.pem"
  310. CA_file = "/etc/raddb/certs/ca.pem"
  311. private_key_password = "********"
  312. dh_file = "/etc/raddb/certs/dh"
  313. random_file = "/etc/raddb/certs/random"
  314. fragment_size = 1024
  315. include_length = yes
  316. check_crl = no
  317. cipher_list = "DEFAULT"
  318. make_cert_command = "/etc/raddb/certs/bootstrap"
  319. cache {
  320. enable = no
  321. lifetime = 24
  322. max_entries = 255
  323. }
  324. }
  325. Module: Linked to sub-module rlm_eap_ttls
  326. Module: Instantiating eap-ttls
  327. ttls {
  328. default_eap_type = "md5"
  329. copy_request_to_tunnel = no
  330. use_tunneled_reply = no
  331. virtual_server = "inner-tunnel"
  332. include_length = yes
  333. }
  334. Module: Linked to sub-module rlm_eap_peap
  335. Module: Instantiating eap-peap
  336. peap {
  337. default_eap_type = "mschapv2"
  338. copy_request_to_tunnel = no
  339. use_tunneled_reply = no
  340. proxy_tunneled_request_as_eap = yes
  341. virtual_server = "inner-tunnel"
  342. }
  343. Module: Linked to sub-module rlm_eap_mschapv2
  344. Module: Instantiating eap-mschapv2
  345. mschapv2 {
  346. with_ntdomain_hack = no
  347. }
  348. Module: Checking authorize {...} for more modules to load
  349. Module: Linked to module rlm_realm
  350. Module: Instantiating suffix
  351. realm suffix {
  352. format = "suffix"
  353. delimiter = "@"
  354. ignore_default = no
  355. ignore_null = no
  356. }
  357. Module: Linked to module rlm_files
  358. Module: Instantiating files
  359. files {
  360. usersfile = "/etc/raddb/users"
  361. acctusersfile = "/etc/raddb/acct_users"
  362. preproxy_usersfile = "/etc/raddb/preproxy_users"
  363. compat = "no"
  364. }
  365. Module: Checking session {...} for more modules to load
  366. Module: Linked to module rlm_radutmp
  367. Module: Instantiating radutmp
  368. radutmp {
  369. filename = "/var/log/radius/radutmp"
  370. username = "%{User-Name}"
  371. case_sensitive = yes
  372. check_with_nas = yes
  373. perm = 384
  374. callerid = yes
  375. }
  376. Module: Checking post-proxy {...} for more modules to load
  377. Module: Checking post-auth {...} for more modules to load
  378. Module: Linked to module rlm_attr_filter
  379. Module: Instantiating attr_filter.access_reject
  380. attr_filter attr_filter.access_reject {
  381. attrsfile = "/etc/raddb/attrs.access_reject"
  382. key = "%{User-Name}"
  383. }
  384. } # modules
  385. } # server
  386. server {
  387. modules {
  388. Module: Checking authenticate {...} for more modules to load
  389. Module: Checking authorize {...} for more modules to load
  390. Module: Linked to module rlm_preprocess
  391. Module: Instantiating preprocess
  392. preprocess {
  393. huntgroups = "/etc/raddb/huntgroups"
  394. hints = "/etc/raddb/hints"
  395. with_ascend_hack = no
  396. ascend_channels_per_line = 23
  397. with_ntdomain_hack = no
  398. with_specialix_jetstream_hack = no
  399. with_cisco_vsa_hack = no
  400. with_alvarion_vsa_hack = no
  401. }
  402. Module: Checking preacct {...} for more modules to load
  403. Module: Linked to module rlm_acct_unique
  404. Module: Instantiating acct_unique
  405. acct_unique {
  406. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  407. }
  408. Module: Checking accounting {...} for more modules to load
  409. Module: Linked to module rlm_detail
  410. Module: Instantiating detail
  411. detail {
  412. detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
  413. header = "%t"
  414. detailperm = 384
  415. dirperm = 493
  416. locking = no
  417. log_packet_header = no
  418. }
  419. Module: Instantiating attr_filter.accounting_response
  420. attr_filter attr_filter.accounting_response {
  421. attrsfile = "/etc/raddb/attrs.accounting_response"
  422. key = "%{User-Name}"
  423. }
  424. Module: Checking session {...} for more modules to load
  425. Module: Checking post-proxy {...} for more modules to load
  426. Module: Checking post-auth {...} for more modules to load
  427. } # modules
  428. } # server
  429. radiusd: #### Opening IP addresses and Ports ####
  430. listen {
  431. type = "auth"
  432. ipaddr = *
  433. port = 0
  434. }
  435. listen {
  436. type = "acct"
  437. ipaddr = *
  438. port = 0
  439. }
  440. listen {
  441. type = "control"
  442. listen {
  443. socket = "/var/run/radiusd/radiusd.sock"
  444. }
  445. }
  446. Listening on authentication address * port 1812
  447. Listening on accounting address * port 1813
  448. Listening on command file /var/run/radiusd/radiusd.sock
  449. Listening on proxy address * port 1814
  450. Ready to process requests.
  451. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=243, length=134
  452. User-Name = "kplimack"
  453. Framed-MTU = 1400
  454. Called-Station-Id = "0027.0ded.dbe0"
  455. Calling-Station-Id = "001b.775d.c7cd"
  456. Service-Type = Login-User
  457. Message-Authenticator = 0x3c12df75de804d9540d100dca6cfc4be
  458. EAP-Message = 0x0202000d016b706c696d61636b
  459. NAS-Port-Type = Wireless-802.11
  460. NAS-Port = 528
  461. NAS-Port-Id = "528"
  462. NAS-IP-Address = 192.168.49.195
  463. NAS-Identifier = "ap"
  464. +- entering group authorize {...}
  465. ++[preprocess] returns ok
  466. ++[chap] returns noop
  467. ++[mschap] returns noop
  468. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  469. [suffix] No such realm "NULL"
  470. ++[suffix] returns noop
  471. [eap] EAP packet type response id 2 length 13
  472. [eap] No EAP Start, assuming it's an on-going EAP conversation
  473. ++[eap] returns updated
  474. ++[unix] returns notfound
  475. ++[files] returns noop
  476. [ldap] performing user authorization for kplimack
  477. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  478. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
  479. [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
  480. rlm_ldap: ldap_get_conn: Checking Id: 0
  481. rlm_ldap: ldap_get_conn: Got Id: 0
  482. rlm_ldap: attempting LDAP reconnection
  483. rlm_ldap: (re)connect to ldap.sacta.videoegg.com:389, authentication 0
  484. rlm_ldap: bind as cn=directory manager/7fjdkslL to ldap.sacta.videoegg.com:389
  485. rlm_ldap: waiting for bind result ...
  486. rlm_ldap: Bind was successful
  487. rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
  488. [ldap] looking for check items in directory...
  489. rlm_ldap: userPassword -> Cleartext-Password == "{SSHA}xQjX16XbCUSXpiR2yu*******************"
  490. [ldap] looking for reply items in directory...
  491. [ldap] user kplimack authorized to use remote access
  492. rlm_ldap: ldap_release_conn: Release Id: 0
  493. ++[ldap] returns ok
  494. ++[expiration] returns noop
  495. ++[logintime] returns noop
  496. [pap] Found existing Auth-Type, not changing it.
  497. ++[pap] returns noop
  498. Found Auth-Type = EAP
  499. +- entering group authenticate {...}
  500. [eap] EAP Identity
  501. [eap] processing type md5
  502. rlm_eap_md5: Issuing Challenge
  503. ++[eap] returns handled
  504. Sending Access-Challenge of id 243 to 192.168.49.195 port 1645
  505. EAP-Message = 0x010300160410fce761a1f17bcaeddfb628f869c35826
  506. Message-Authenticator = 0x00000000000000000000000000000000
  507. State = 0x505a0a7f50590ef8ee35deec2d0b0064
  508. Finished request 0.
  509. Going to the next request
  510. Waking up in 4.9 seconds.
  511. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=244, length=145
  512. User-Name = "kplimack"
  513. Framed-MTU = 1400
  514. Called-Station-Id = "0027.0ded.dbe0"
  515. Calling-Station-Id = "001b.775d.c7cd"
  516. Service-Type = Login-User
  517. Message-Authenticator = 0xa00fb1de35224855b28cd7578c2c4c41
  518. EAP-Message = 0x020300060319
  519. NAS-Port-Type = Wireless-802.11
  520. NAS-Port = 528
  521. NAS-Port-Id = "528"
  522. State = 0x505a0a7f50590ef8ee35deec2d0b0064
  523. NAS-IP-Address = 192.168.49.195
  524. NAS-Identifier = "ap"
  525. +- entering group authorize {...}
  526. ++[preprocess] returns ok
  527. ++[chap] returns noop
  528. ++[mschap] returns noop
  529. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  530. [suffix] No such realm "NULL"
  531. ++[suffix] returns noop
  532. [eap] EAP packet type response id 3 length 6
  533. [eap] No EAP Start, assuming it's an on-going EAP conversation
  534. ++[eap] returns updated
  535. ++[unix] returns notfound
  536. ++[files] returns noop
  537. [ldap] performing user authorization for kplimack
  538. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  539. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
  540. [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
  541. rlm_ldap: ldap_get_conn: Checking Id: 0
  542. rlm_ldap: ldap_get_conn: Got Id: 0
  543. rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
  544. [ldap] looking for check items in directory...
  545. rlm_ldap: userPassword -> Cleartext-Password == "{SSHA}xQjX16XbCUSXpiR2yuzULtQbFbHG410Iy2yyKQ=="
  546. [ldap] looking for reply items in directory...
  547. [ldap] user kplimack authorized to use remote access
  548. rlm_ldap: ldap_release_conn: Release Id: 0
  549. ++[ldap] returns ok
  550. ++[expiration] returns noop
  551. ++[logintime] returns noop
  552. [pap] Found existing Auth-Type, not changing it.
  553. ++[pap] returns noop
  554. Found Auth-Type = EAP
  555. +- entering group authenticate {...}
  556. [eap] Request found, released from the list
  557. [eap] EAP NAK
  558. [eap] EAP-NAK asked for EAP-Type/peap
  559. [eap] processing type tls
  560. [tls] Initiate
  561. [tls] Start returned 1
  562. ++[eap] returns handled
  563. Sending Access-Challenge of id 244 to 192.168.49.195 port 1645
  564. EAP-Message = 0x010400061920
  565. Message-Authenticator = 0x00000000000000000000000000000000
  566. State = 0x505a0a7f515e13f8ee35deec2d0b0064
  567. Finished request 1.
  568. Going to the next request
  569. Waking up in 4.9 seconds.
  570. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=245, length=219
  571. User-Name = "kplimack"
  572. Framed-MTU = 1400
  573. Called-Station-Id = "0027.0ded.dbe0"
  574. Calling-Station-Id = "001b.775d.c7cd"
  575. Service-Type = Login-User
  576. Message-Authenticator = 0x049c5c77538ce275b5cf89f9ed01a352
  577. EAP-Message = 0x0204005019800000004616030100410100003d03014c1bb364300eb1ea0fa4f21ed78e171697cdd64c2648fdfbd02a169e704c487b00001600040005000a000900640062000300060013001200630100
  578. NAS-Port-Type = Wireless-802.11
  579. NAS-Port = 528
  580. NAS-Port-Id = "528"
  581. State = 0x505a0a7f515e13f8ee35deec2d0b0064
  582. NAS-IP-Address = 192.168.49.195
  583. NAS-Identifier = "ap"
  584. +- entering group authorize {...}
  585. ++[preprocess] returns ok
  586. ++[chap] returns noop
  587. ++[mschap] returns noop
  588. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  589. [suffix] No such realm "NULL"
  590. ++[suffix] returns noop
  591. [eap] EAP packet type response id 4 length 80
  592. [eap] Continuing tunnel setup.
  593. ++[eap] returns ok
  594. Found Auth-Type = EAP
  595. +- entering group authenticate {...}
  596. [eap] Request found, released from the list
  597. [eap] EAP/peap
  598. [eap] processing type peap
  599. [peap] processing EAP-TLS
  600. TLS Length 70
  601. [peap] Length Included
  602. [peap] eaptls_verify returned 11
  603. [peap] (other): before/accept initialization
  604. [peap] TLS_accept: before/accept initialization
  605. [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
  606. [peap] TLS_accept: SSLv3 read client hello A
  607. [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
  608. [peap] TLS_accept: SSLv3 write server hello A
  609. [peap] >>> TLS 1.0 Handshake [length 0845], Certificate
  610. [peap] TLS_accept: SSLv3 write certificate A
  611. [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
  612. [peap] TLS_accept: SSLv3 write server done A
  613. [peap] TLS_accept: SSLv3 flush data
  614. [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
  615. In SSL Handshake Phase
  616. In SSL Accept mode
  617. [peap] eaptls_process returned 13
  618. [peap] EAPTLS_HANDLED
  619. ++[eap] returns handled
  620. Sending Access-Challenge of id 245 to 192.168.49.195 port 1645
  621. EAP-Message = 0x0105040019c000000882160301002a0200002603014c1b51d39d4cfafdd172abdf5c6b5d12a41084c157cc58c78d82564dc5ae1c4b0000040016030108450b00084100083e00039f3082039b30820283a003020102020101300d06092a864886f70d010104050030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d301e170d3130
  622. EAP-Message = 0x303631373135343033355a170d3131303631373135343033355a307b310b3009060355040613025553310b300906035504081302434131193017060355040a1310566964656f4567672e636f6d20496e633121301f060355040313186c696c61632e73616364612e766964656f6567672e636f6d3121301f06092a864886f70d0109011612383032317840766964656f6567672e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c232436dc6f7dc02c892246377f74c34b452c7a8dc62b5310183ae22af0168344b8dd30c1067ef515d89c4355325f272ef0782540530408c5489e66d1f81e4504a40e5fb4a
  623. EAP-Message = 0x475816ccc2eca5ced34156a92c5031bba69f3031dddf3eae0b031e7004bf5498025fccdbf70e30bf255d2f18749f1e4c90d41e1d5758f6609ae8d4e4273cf78f16d10c68d0550db80a7afbc5cdd3316bc9fa28265611e83be4a0dd0510b075e5b53e5e829c9c0dc708ef8d713ddaca8540c71096d5633c7538791cfeed091b0ac620f5f3139dc2a725a90a26416bd32cf0c82d4878fd18b017f622ec767a36de300ddb6a02cbcd82aba4ff7a9c96c7e5d5744598e49c58d64d0c1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100ce7df71fd00adb62db22b78c67b76704
  624. EAP-Message = 0xfa067243083fa312bd0e3c1304ffe48ffdefec43b3bac93d4bd31a8cc8e7e96e496a1e1ba0806a70b9a9b06175e787a781e3023adfaa28635c3e16cd22bfd4cb07e02a3a82ee7d405f20d89d7af820ae998cd0d1c1ed090b8974315f65a032d132d1a1a4645851b1de1eca693540ac143285d25549c951ef3e2f2801a54825eb771f4cef3051468c057311ba307b53d1ee41fbc5e043ead40189463866db5d8c21c75f1f1b3320c928146a3a5c207f6de9d539202d6b434cb8a07930c5d4fbe7d2d7291fedb02b7b8417f57477c90871ee3e08a22b3d687c8facf8a333016e4280b327dfbd521da52e421a507134bc3d000499308204953082037da003
  625. EAP-Message = 0x020102020900e566a8866b4d
  626. Message-Authenticator = 0x00000000000000000000000000000000
  627. State = 0x505a0a7f525f13f8ee35deec2d0b0064
  628. Finished request 2.
  629. Going to the next request
  630. Waking up in 4.4 seconds.
  631. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=246, length=145
  632. User-Name = "kplimack"
  633. Framed-MTU = 1400
  634. Called-Station-Id = "0027.0ded.dbe0"
  635. Calling-Station-Id = "001b.775d.c7cd"
  636. Service-Type = Login-User
  637. Message-Authenticator = 0x827075c42448fd036310ed5765c83848
  638. EAP-Message = 0x020500061900
  639. NAS-Port-Type = Wireless-802.11
  640. NAS-Port = 528
  641. NAS-Port-Id = "528"
  642. State = 0x505a0a7f525f13f8ee35deec2d0b0064
  643. NAS-IP-Address = 192.168.49.195
  644. NAS-Identifier = "ap"
  645. +- entering group authorize {...}
  646. ++[preprocess] returns ok
  647. ++[chap] returns noop
  648. ++[mschap] returns noop
  649. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  650. [suffix] No such realm "NULL"
  651. ++[suffix] returns noop
  652. [eap] EAP packet type response id 5 length 6
  653. [eap] Continuing tunnel setup.
  654. ++[eap] returns ok
  655. Found Auth-Type = EAP
  656. +- entering group authenticate {...}
  657. [eap] Request found, released from the list
  658. [eap] EAP/peap
  659. [eap] processing type peap
  660. [peap] processing EAP-TLS
  661. [peap] Received TLS ACK
  662. [peap] ACK handshake fragment handler
  663. [peap] eaptls_verify returned 1
  664. [peap] eaptls_process returned 13
  665. [peap] EAPTLS_HANDLED
  666. ++[eap] returns handled
  667. Sending Access-Challenge of id 246 to 192.168.49.195 port 1645
  668. EAP-Message = 0x010603fc19405ed6300d06092a864886f70d010105050030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d301e170d3130303631373135343033345a170d3131303631373135343033345a30818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e204672616e636973636f31
  669. EAP-Message = 0x193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cee1e5ece7dca84af20dfb7c886241cbc28c63ac5f54ff0710f5e0089c6dd87e186f91a5a4a4e0f199503e4f7055026171eeed0452aa84c75f173883be976ead7bbdf419826e2cb28e8b10a481aea6397fd2931e5d1e607a384bb6c1461f9b31e8245385d37f1377766d07907e22c6118698993f3b946ae71f8c499b4160bdad3b65
  670. EAP-Message = 0xd12d889e22cdd5f0bdbdbd62b921730f517bba1a56effc0097cc22bebcc71da8f32967cbd90b1bc8d613e7ad34679d7861850932121091dea807ea039714f072135819a98811c4cc5ef4d6b3d8b8f6ab7e5ecd5255e8de4ce460e03dbc14d7c3a1e480fb1d5923b651300eaa492b57589a6ad25cb31cf968c8fd9aacd9e70203010001a381f53081f2301d0603551d0e0416041450e8cbfd41e27a4bd3bfb7be8f5a4b8e7e3a362f3081c20603551d230481ba3081b7801450e8cbfd41e27a4bd3bfb7be8f5a4b8e7e3a362fa18193a4819030818d310b3009060355040613025553310b3009060355040813024341311630140603550407130d53616e
  671. EAP-Message = 0x204672616e636973636f31193017060355040a1310566964656f4567672e636f6d20496e63311e301c06092a864886f70d010901160f636140766964656f6567672e636f6d311e301c0603550403131563612e73616364612e766964656f6567672e636f6d820900e566a8866b4d5ed6300c0603551d13040530030101ff300d06092a864886f70d010105050003820101002d61dac5153dbaa337dc137574aadd1414c8c378865491c1ace025a68b35f7e62d555abcdfd22e69de7551837b5fdff619a472ebd5ab95e0e9233aa8bd33aad1e65b385aa54689a62e3d2fc456cd5b8e62a584abce232204951d2acac2d8c3b0a2e778cd539a509605fac4
  672. EAP-Message = 0x7b14e228db99bfa6
  673. Message-Authenticator = 0x00000000000000000000000000000000
  674. State = 0x505a0a7f535c13f8ee35deec2d0b0064
  675. Finished request 3.
  676. Going to the next request
  677. Waking up in 4.3 seconds.
  678. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=247, length=145
  679. User-Name = "kplimack"
  680. Framed-MTU = 1400
  681. Called-Station-Id = "0027.0ded.dbe0"
  682. Calling-Station-Id = "001b.775d.c7cd"
  683. Service-Type = Login-User
  684. Message-Authenticator = 0x393d1ce3702d6934dd5ec7ceeab8907a
  685. EAP-Message = 0x020600061900
  686. NAS-Port-Type = Wireless-802.11
  687. NAS-Port = 528
  688. NAS-Port-Id = "528"
  689. State = 0x505a0a7f535c13f8ee35deec2d0b0064
  690. NAS-IP-Address = 192.168.49.195
  691. NAS-Identifier = "ap"
  692. +- entering group authorize {...}
  693. ++[preprocess] returns ok
  694. ++[chap] returns noop
  695. ++[mschap] returns noop
  696. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  697. [suffix] No such realm "NULL"
  698. ++[suffix] returns noop
  699. [eap] EAP packet type response id 6 length 6
  700. [eap] Continuing tunnel setup.
  701. ++[eap] returns ok
  702. Found Auth-Type = EAP
  703. +- entering group authenticate {...}
  704. [eap] Request found, released from the list
  705. [eap] EAP/peap
  706. [eap] processing type peap
  707. [peap] processing EAP-TLS
  708. [peap] Received TLS ACK
  709. [peap] ACK handshake fragment handler
  710. [peap] eaptls_verify returned 1
  711. [peap] eaptls_process returned 13
  712. [peap] EAPTLS_HANDLED
  713. ++[eap] returns handled
  714. Sending Access-Challenge of id 247 to 192.168.49.195 port 1645
  715. EAP-Message = 0x0107009c1900884d62b6e26d0a6e79ddce5d95759e27022a8fb590858e5cde413ced7a79e777e7cb5f2fea42f1f32d5500a4f69d1ae5797cb4e57efc5c83ba25fb2c0b96e7737dab3a4fa58bea8bdeb813d26db1d03133b23545bb2dd821ba922a4e653c18520512eec23237f0eac704afc9b04385d44b3ff2bf69c0583714cfa5fbcacdbbff1d3911f8011a3a1cc3fb2a56e416030100040e000000
  716. Message-Authenticator = 0x00000000000000000000000000000000
  717. State = 0x505a0a7f545d13f8ee35deec2d0b0064
  718. Finished request 4.
  719. Going to the next request
  720. Waking up in 4.3 seconds.
  721. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=248, length=461
  722. User-Name = "kplimack"
  723. Framed-MTU = 1400
  724. Called-Station-Id = "0027.0ded.dbe0"
  725. Calling-Station-Id = "001b.775d.c7cd"
  726. Service-Type = Login-User
  727. Message-Authenticator = 0xa486c62b9444509b8c77f95cfcd82d09
  728. EAP-Message = 0x0207014019800000013616030101061000010201003fd5af9a356a0d03133feb1d98f01c67e3cab908104aa6ab0f517cd161e0fdd6304321cefef441e35c6c6660e5d92b6a12ca537a5a5bd318b99a31430f9810421b2268d465a968ba42d97a72ee740c8ebb437275342eef5cf429ffc4169704a4d2d8556a62e0c85f7a946f1dd5c28fdab4c06ffd590ea91f24de52839d332b04f2fbd54a7c1d002a91da822c51b08757fd13e7b50712f6bea649d4faa4597cfaccacff2f91f56e64158d2f066bf6755767f45c05c8730fb1c0b39b652c7a9502adf48d305c62d4edbc06cd2c2fd5d197072556eecf80a361f0b351e330b23d68c1e47a3e137b2322
  729. EAP-Message = 0x8f9c0c67331e89c36e98742faf55c4a21afe9e827dd67aca1403010001011603010020e4f8bb2d78a2943d2625c95aea3a8d9ffddeab24c0164473450328621bdf5773
  730. NAS-Port-Type = Wireless-802.11
  731. NAS-Port = 528
  732. NAS-Port-Id = "528"
  733. State = 0x505a0a7f545d13f8ee35deec2d0b0064
  734. NAS-IP-Address = 192.168.49.195
  735. NAS-Identifier = "ap"
  736. +- entering group authorize {...}
  737. ++[preprocess] returns ok
  738. ++[chap] returns noop
  739. ++[mschap] returns noop
  740. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  741. [suffix] No such realm "NULL"
  742. ++[suffix] returns noop
  743. [eap] EAP packet type response id 7 length 253
  744. [eap] Continuing tunnel setup.
  745. ++[eap] returns ok
  746. Found Auth-Type = EAP
  747. +- entering group authenticate {...}
  748. [eap] Request found, released from the list
  749. [eap] EAP/peap
  750. [eap] processing type peap
  751. [peap] processing EAP-TLS
  752. TLS Length 310
  753. [peap] Length Included
  754. [peap] eaptls_verify returned 11
  755. [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
  756. [peap] TLS_accept: SSLv3 read client key exchange A
  757. [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
  758. [peap] <<< TLS 1.0 Handshake [length 0010], Finished
  759. [peap] TLS_accept: SSLv3 read finished A
  760. [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
  761. [peap] TLS_accept: SSLv3 write change cipher spec A
  762. [peap] >>> TLS 1.0 Handshake [length 0010], Finished
  763. [peap] TLS_accept: SSLv3 write finished A
  764. [peap] TLS_accept: SSLv3 flush data
  765. [peap] (other): SSL negotiation finished successfully
  766. SSL Connection Established
  767. [peap] eaptls_process returned 13
  768. [peap] EAPTLS_HANDLED
  769. ++[eap] returns handled
  770. Sending Access-Challenge of id 248 to 192.168.49.195 port 1645
  771. EAP-Message = 0x0108003119001403010001011603010020cde8957f577ce252cfa8daec7eb92a8ebb94d8264c3225ea2e0a40cd24fbe059
  772. Message-Authenticator = 0x00000000000000000000000000000000
  773. State = 0x505a0a7f555213f8ee35deec2d0b0064
  774. Finished request 5.
  775. Going to the next request
  776. Waking up in 4.2 seconds.
  777. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=249, length=145
  778. User-Name = "kplimack"
  779. Framed-MTU = 1400
  780. Called-Station-Id = "0027.0ded.dbe0"
  781. Calling-Station-Id = "001b.775d.c7cd"
  782. Service-Type = Login-User
  783. Message-Authenticator = 0xb4838ac20ba1259abad43a006a15c75f
  784. EAP-Message = 0x020800061900
  785. NAS-Port-Type = Wireless-802.11
  786. NAS-Port = 528
  787. NAS-Port-Id = "528"
  788. State = 0x505a0a7f555213f8ee35deec2d0b0064
  789. NAS-IP-Address = 192.168.49.195
  790. NAS-Identifier = "ap"
  791. +- entering group authorize {...}
  792. ++[preprocess] returns ok
  793. ++[chap] returns noop
  794. ++[mschap] returns noop
  795. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  796. [suffix] No such realm "NULL"
  797. ++[suffix] returns noop
  798. [eap] EAP packet type response id 8 length 6
  799. [eap] Continuing tunnel setup.
  800. ++[eap] returns ok
  801. Found Auth-Type = EAP
  802. +- entering group authenticate {...}
  803. [eap] Request found, released from the list
  804. [eap] EAP/peap
  805. [eap] processing type peap
  806. [peap] processing EAP-TLS
  807. [peap] Received TLS ACK
  808. [peap] ACK handshake is finished
  809. [peap] eaptls_verify returned 3
  810. [peap] eaptls_process returned 3
  811. [peap] EAPTLS_SUCCESS
  812. ++[eap] returns handled
  813. Sending Access-Challenge of id 249 to 192.168.49.195 port 1645
  814. EAP-Message = 0x010900201900170301001569d2f263411405049be04c38d14628d0cfa0ee9471
  815. Message-Authenticator = 0x00000000000000000000000000000000
  816. State = 0x505a0a7f565313f8ee35deec2d0b0064
  817. Finished request 6.
  818. Going to the next request
  819. Waking up in 4.2 seconds.
  820. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=250, length=175
  821. User-Name = "kplimack"
  822. Framed-MTU = 1400
  823. Called-Station-Id = "0027.0ded.dbe0"
  824. Calling-Station-Id = "001b.775d.c7cd"
  825. Service-Type = Login-User
  826. Message-Authenticator = 0x97b1d671d71b8d227b195046daf0ac48
  827. EAP-Message = 0x0209002419001703010019a1a98c55e1ded49be206901ca163d174d2955fb747d7b7b96b
  828. NAS-Port-Type = Wireless-802.11
  829. NAS-Port = 528
  830. NAS-Port-Id = "528"
  831. State = 0x505a0a7f565313f8ee35deec2d0b0064
  832. NAS-IP-Address = 192.168.49.195
  833. NAS-Identifier = "ap"
  834. +- entering group authorize {...}
  835. ++[preprocess] returns ok
  836. ++[chap] returns noop
  837. ++[mschap] returns noop
  838. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  839. [suffix] No such realm "NULL"
  840. ++[suffix] returns noop
  841. [eap] EAP packet type response id 9 length 36
  842. [eap] Continuing tunnel setup.
  843. ++[eap] returns ok
  844. Found Auth-Type = EAP
  845. +- entering group authenticate {...}
  846. [eap] Request found, released from the list
  847. [eap] EAP/peap
  848. [eap] processing type peap
  849. [peap] processing EAP-TLS
  850. [peap] eaptls_verify returned 7
  851. [peap] Done initial handshake
  852. [peap] eaptls_process returned 7
  853. [peap] EAPTLS_OK
  854. [peap] Session established. Decoding tunneled attributes.
  855. [peap] Identity - kplimack
  856. [peap] Got tunneled request
  857. EAP-Message = 0x0209000d016b706c696d61636b
  858. server {
  859. PEAP: Got tunneled identity of kplimack
  860. PEAP: Setting default EAP type for tunneled EAP session.
  861. PEAP: Setting User-Name to kplimack
  862. Sending tunneled request
  863. EAP-Message = 0x0209000d016b706c696d61636b
  864. FreeRADIUS-Proxied-To = 127.0.0.1
  865. User-Name = "kplimack"
  866. server inner-tunnel {
  867. +- entering group authorize {...}
  868. ++[chap] returns noop
  869. ++[mschap] returns noop
  870. ++[unix] returns notfound
  871. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  872. [suffix] No such realm "NULL"
  873. ++[suffix] returns noop
  874. ++[control] returns noop
  875. [eap] EAP packet type response id 9 length 13
  876. [eap] No EAP Start, assuming it's an on-going EAP conversation
  877. ++[eap] returns updated
  878. ++[files] returns noop
  879. [ldap] performing user authorization for kplimack
  880. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  881. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
  882. [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
  883. rlm_ldap: ldap_get_conn: Checking Id: 0
  884. rlm_ldap: ldap_get_conn: Got Id: 0
  885. rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
  886. [ldap] looking for check items in directory...
  887. rlm_ldap: userPassword -> Cleartext-Password == "{SSHA}xQjX16XbCUSXpiR2yuzULtQbFbHG410Iy2yyKQ=="
  888. [ldap] looking for reply items in directory...
  889. [ldap] user kplimack authorized to use remote access
  890. rlm_ldap: ldap_release_conn: Release Id: 0
  891. ++[ldap] returns ok
  892. ++[expiration] returns noop
  893. ++[logintime] returns noop
  894. [pap] Found existing Auth-Type, not changing it.
  895. ++[pap] returns noop
  896. Found Auth-Type = EAP
  897. +- entering group authenticate {...}
  898. [eap] EAP Identity
  899. [eap] processing type mschapv2
  900. rlm_eap_mschapv2: Issuing Challenge
  901. ++[eap] returns handled
  902. } # server inner-tunnel
  903. [peap] Got tunneled reply code 11
  904. EAP-Message = 0x010a00221a010a001d1019b0d37f67359b607cdc262e3d2f82e36b706c696d61636b
  905. Message-Authenticator = 0x00000000000000000000000000000000
  906. State = 0xb3e10847b3eb1217ad835c77cfbf5d1b
  907. [peap] Got tunneled reply RADIUS code 11
  908. EAP-Message = 0x010a00221a010a001d1019b0d37f67359b607cdc262e3d2f82e36b706c696d61636b
  909. Message-Authenticator = 0x00000000000000000000000000000000
  910. State = 0xb3e10847b3eb1217ad835c77cfbf5d1b
  911. [peap] Got tunneled Access-Challenge
  912. ++[eap] returns handled
  913. Sending Access-Challenge of id 250 to 192.168.49.195 port 1645
  914. EAP-Message = 0x010a00391900170301002e2fab5e277ae1dd572fb2072d2154dbb6a7c2a541f6188ddde2b4ed0e1819dfc00cf9782a3bfae2b0c55669bf0f46
  915. Message-Authenticator = 0x00000000000000000000000000000000
  916. State = 0x505a0a7f575013f8ee35deec2d0b0064
  917. Finished request 7.
  918. Going to the next request
  919. Waking up in 4.0 seconds.
  920. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=251, length=229
  921. User-Name = "kplimack"
  922. Framed-MTU = 1400
  923. Called-Station-Id = "0027.0ded.dbe0"
  924. Calling-Station-Id = "001b.775d.c7cd"
  925. Service-Type = Login-User
  926. Message-Authenticator = 0x351e32a034d78941983ddb991090dcd5
  927. EAP-Message = 0x020a005a1900170301004f500e902b47d7c5fe43f7961c800504a7921af706e95ad8c440e26dce8b27ae95e1d82352dfeeafd41b8ee1797755bad6e7afcd4818cf835dd08002867fc3b1b59b04f3416137f74c4b7857a51e1962
  928. NAS-Port-Type = Wireless-802.11
  929. NAS-Port = 528
  930. NAS-Port-Id = "528"
  931. State = 0x505a0a7f575013f8ee35deec2d0b0064
  932. NAS-IP-Address = 192.168.49.195
  933. NAS-Identifier = "ap"
  934. +- entering group authorize {...}
  935. ++[preprocess] returns ok
  936. ++[chap] returns noop
  937. ++[mschap] returns noop
  938. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  939. [suffix] No such realm "NULL"
  940. ++[suffix] returns noop
  941. [eap] EAP packet type response id 10 length 90
  942. [eap] Continuing tunnel setup.
  943. ++[eap] returns ok
  944. Found Auth-Type = EAP
  945. +- entering group authenticate {...}
  946. [eap] Request found, released from the list
  947. [eap] EAP/peap
  948. [eap] processing type peap
  949. [peap] processing EAP-TLS
  950. [peap] eaptls_verify returned 7
  951. [peap] Done initial handshake
  952. [peap] eaptls_process returned 7
  953. [peap] EAPTLS_OK
  954. [peap] Session established. Decoding tunneled attributes.
  955. [peap] EAP type mschapv2
  956. [peap] Got tunneled request
  957. EAP-Message = 0x020a00431a020a003e31b3dd1d6031e4b0acfa4a775a0b6470a90000000000000000fd86baa47dd0b25673da61fdf8f2d02c433080680828f21d006b706c696d61636b
  958. server {
  959. PEAP: Setting User-Name to kplimack
  960. Sending tunneled request
  961. EAP-Message = 0x020a00431a020a003e31b3dd1d6031e4b0acfa4a775a0b6470a90000000000000000fd86baa47dd0b25673da61fdf8f2d02c433080680828f21d006b706c696d61636b
  962. FreeRADIUS-Proxied-To = 127.0.0.1
  963. User-Name = "kplimack"
  964. State = 0xb3e10847b3eb1217ad835c77cfbf5d1b
  965. server inner-tunnel {
  966. +- entering group authorize {...}
  967. ++[chap] returns noop
  968. ++[mschap] returns noop
  969. ++[unix] returns notfound
  970. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  971. [suffix] No such realm "NULL"
  972. ++[suffix] returns noop
  973. ++[control] returns noop
  974. [eap] EAP packet type response id 10 length 67
  975. [eap] No EAP Start, assuming it's an on-going EAP conversation
  976. ++[eap] returns updated
  977. ++[files] returns noop
  978. [ldap] performing user authorization for kplimack
  979. [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
  980. [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=kplimack)
  981. [ldap] expand: ou=People,dc=videoegg,dc=com -> ou=People,dc=videoegg,dc=com
  982. rlm_ldap: ldap_get_conn: Checking Id: 0
  983. rlm_ldap: ldap_get_conn: Got Id: 0
  984. rlm_ldap: performing search in ou=People,dc=videoegg,dc=com, with filter (uid=kplimack)
  985. [ldap] looking for check items in directory...
  986. rlm_ldap: userPassword -> Cleartext-Password == "{SSHA}xQjX16XbCUSXpiR2yuzULtQbFbHG410Iy2yyKQ=="
  987. [ldap] looking for reply items in directory...
  988. [ldap] user kplimack authorized to use remote access
  989. rlm_ldap: ldap_release_conn: Release Id: 0
  990. ++[ldap] returns ok
  991. ++[expiration] returns noop
  992. ++[logintime] returns noop
  993. [pap] Found existing Auth-Type, not changing it.
  994. ++[pap] returns noop
  995. Found Auth-Type = EAP
  996. +- entering group authenticate {...}
  997. [eap] Request found, released from the list
  998. [eap] EAP/mschapv2
  999. [eap] processing type mschapv2
  1000. [mschapv2] +- entering group MS-CHAP {...}
  1001. [mschap] Told to do MS-CHAPv2 for kplimack with NT-Password
  1002. [mschap] FAILED: MS-CHAP2-Response is incorrect
  1003. ++[mschap] returns reject
  1004. [eap] Freeing handler
  1005. ++[eap] returns reject
  1006. Failed to authenticate the user.
  1007. } # server inner-tunnel
  1008. [peap] Got tunneled reply code 3
  1009. MS-CHAP-Error = "\nE=691 R=1"
  1010. EAP-Message = 0x040a0004
  1011. Message-Authenticator = 0x00000000000000000000000000000000
  1012. [peap] Got tunneled reply RADIUS code 3
  1013. MS-CHAP-Error = "\nE=691 R=1"
  1014. EAP-Message = 0x040a0004
  1015. Message-Authenticator = 0x00000000000000000000000000000000
  1016. [peap] Tunneled authentication was rejected.
  1017. [peap] FAILURE
  1018. ++[eap] returns handled
  1019. Sending Access-Challenge of id 251 to 192.168.49.195 port 1645
  1020. EAP-Message = 0x010b00261900170301001b5b98d2fe31f3672f08250036a5b47e5f16778baefa7b600e93c7d1
  1021. Message-Authenticator = 0x00000000000000000000000000000000
  1022. State = 0x505a0a7f585113f8ee35deec2d0b0064
  1023. Finished request 8.
  1024. Going to the next request
  1025. Waking up in 3.9 seconds.
  1026. rad_recv: Access-Request packet from host 192.168.49.195 port 1645, id=252, length=177
  1027. User-Name = "kplimack"
  1028. Framed-MTU = 1400
  1029. Called-Station-Id = "0027.0ded.dbe0"
  1030. Calling-Station-Id = "001b.775d.c7cd"
  1031. Service-Type = Login-User
  1032. Message-Authenticator = 0xe8e71837a6298e56df174bf58986641b
  1033. EAP-Message = 0x020b00261900170301001b0edb0091a830bcdcb28b39b2d2e164ae408fb813bf155f1c6b5e97
  1034. NAS-Port-Type = Wireless-802.11
  1035. NAS-Port = 528
  1036. NAS-Port-Id = "528"
  1037. State = 0x505a0a7f585113f8ee35deec2d0b0064
  1038. NAS-IP-Address = 192.168.49.195
  1039. NAS-Identifier = "ap"
  1040. +- entering group authorize {...}
  1041. ++[preprocess] returns ok
  1042. ++[chap] returns noop
  1043. ++[mschap] returns noop
  1044. [suffix] No '@' in User-Name = "kplimack", looking up realm NULL
  1045. [suffix] No such realm "NULL"
  1046. ++[suffix] returns noop
  1047. [eap] EAP packet type response id 11 length 38
  1048. [eap] Continuing tunnel setup.
  1049. ++[eap] returns ok
  1050. Found Auth-Type = EAP
  1051. +- entering group authenticate {...}
  1052. [eap] Request found, released from the list
  1053. [eap] EAP/peap
  1054. [eap] processing type peap
  1055. [peap] processing EAP-TLS
  1056. [peap] eaptls_verify returned 7
  1057. [peap] Done initial handshake
  1058. [peap] eaptls_process returned 7
  1059. [peap] EAPTLS_OK
  1060. [peap] Session established. Decoding tunneled attributes.
  1061. [peap] Received EAP-TLV response.
  1062. [peap] Had sent TLV failure. User was rejected earlier in this session.
  1063. [eap] Handler failed in EAP/peap
  1064. [eap] Failed in EAP select
  1065. ++[eap] returns invalid
  1066. Failed to authenticate the user.
  1067. Using Post-Auth-Type Reject
  1068. +- entering group REJECT {...}
  1069. [attr_filter.access_reject] expand: %{User-Name} -> kplimack
  1070. attr_filter: Matched entry DEFAULT at line 11
  1071. ++[attr_filter.access_reject] returns updated
  1072. Delaying reject of request 9 for 1 seconds
  1073. Going to the next request
  1074. Waking up in 0.9 seconds.
  1075. Sending delayed reject for request 9
  1076. Sending Access-Reject of id 252 to 192.168.49.195 port 1645
  1077. EAP-Message = 0x040b0004
  1078. Message-Authenticator = 0x00000000000000000000000000000000
  1079. Waking up in 2.9 seconds.
  1080. Cleaning up request 0 ID 243 with timestamp +17
  1081. Cleaning up request 1 ID 244 with timestamp +18
  1082. Waking up in 0.4 seconds.
  1083. Cleaning up request 2 ID 245 with timestamp +18
  1084. Cleaning up request 3 ID 246 with timestamp +18
  1085. Cleaning up request 4 ID 247 with timestamp +19
  1086. Cleaning up request 5 ID 248 with timestamp +19
  1087. Cleaning up request 6 ID 249 with timestamp +19
  1088. Waking up in 0.1 seconds.
  1089. Cleaning up request 7 ID 250 with timestamp +19
  1090. Waking up in 0.1 seconds.
  1091. Cleaning up request 8 ID 251 with timestamp +19
  1092. Waking up in 1.0 seconds.
  1093. Cleaning up request 9 ID 252 with timestamp +19
  1094. Ready to process requests.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!