Sunil Chitnis wrote: > > Could someone post the debug output of radiusd for a complete valid > authentication/authorization using EAP. Please erase any security related > information from the output before posting. I want to verify the types of > attributes being passed back and forth (including VSAs). >
For EAP-TLS debug o/p check http://www.missl.cs.umd.edu/~adam/802 Typical, EAP-MD5 debug o/p rad_recv: Access-Request packet from host 192.168.1.225:1034, id=0, length=119 User-Name = "raghu" NAS-IP-Address = 192.20.100.1 Called-Station-Id = "000XXXXXXXXX" Calling-Station-Id = "000XXXXXXXXX" NAS-Identifier = "ATMO02A1" NAS-Port = 29 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\203\000\n\001raghu" Message-Authenticator = 0x6dd277e211ebd26747aa2ba634b3a9d2 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated modcall[authorize]: module "suffix" returns ok users: Matched raghu at 13 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 1 to 192.168.1.225:1035 Class = 0x01 EAP-Message = "\001\001\000\026\004\020%\223\334\014\032\260\005.\\D\363\362'\336\034" Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0710f9a066479548ffd1961a1ff4faa9689bb33c63ded6080a3453955089c2 6ef09dea43 Finished request 95 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.225:1036, id=2, length=174 User-Name = "raghu" NAS-IP-Address = 172.20.100.1 Called-Station-Id = "000XXXXXXXXX" Calling-Station-Id = "000XXXXXXXXX" NAS-Identifier = "ATMO02A1" NAS-Port = 29 Framed-MTU = 1400 State = 0x0710f9a066479548ffd1961a1ff4faa9689bb33c63ded6080a3453955089c26ef09dea43 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\001\000\033\004\020\317\250<\305E\254~z\355y\235R\256\242\372$raghu" Message-Authenticator = 0x666676b74b0c038e07b29355eec4a834 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated modcall[authorize]: module "suffix" returns ok users: Matched raghu at 13 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Accept of id 2 to 192.168.1.225:1036 Class = 0x01 EAP-Message = "\003\002\000\004" Message-Authenticator = 0x00000000000000000000000000000000 Finished request 96 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 94 ID 0 with timestamp 3cb39b68 Cleaning up request 95 ID 1 with timestamp 3cb39b68 Cleaning up request 96 ID 2 with timestamp 3cb39b68 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html