Now I have full captured logs (ethereal(0.9.3), freeradius(snapshot10282002) and
AP350(v.12T))regarding to the problem
of:
"rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: Invalid ACK received
modcall[authenticate]: module "eap" returns invalid"
Could you please take a look to see if there is any obvious blonder? Thanks.
/****************Ethereal (0.9.3) capture: *******************************/
Frame 14 (191 on wire, 191 captured)
Arrival Time: Nov 15, 2002 13:44:03.415674000
Time delta from previous packet: 1.267728000 seconds
Time relative to first packet: 19.405991000 seconds
Frame Number: 14
Packet Length: 191 bytes
Capture Length: 191 bytes
Ethernet II
Destination: 00:c0:9f:05:12:a6 (curve.esignx.com)
Source: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net)
Type: IP (0x0800)
Internet Protocol, Src Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204), Dst
Addr: curve.esignx.com
(66.135.138.207)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 177
Identification: 0x3981
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (0x11)
Header checksum: 0xa711 (correct)
Source: ip204.aec-1.sfo.interquest.net (66.135.138.204)
Destination: curve.esignx.com (66.135.138.207)
User Datagram Protocol, Src Port: 22563 (22563), Dst Port: radius (1812)
Source port: 22563 (22563)
Destination port: radius (1812)
Length: 157
Checksum: 0x50c2 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x4d (77)
Length: 149
Authenticator
Attribute value pairs
t:User Name(1) l:7, Value:"kevin"
t:Vendor Specific(26) l:20, Vendor:Cisco, Type:Cisco AV Pair, Len:12
Value:"ssid=tsunami"
t:NAS IP Address(4) l:6, Value:192.168.0.8
t:Called Station Id(30) l:14, Value:"004096495de0"
t:Calling Station Id(31) l:14, Value:"0006250baad2"
t:NAS identifier(32) l:14, Value:"AP350-495de0"
t:NAS Port(5) l:6, Value:37
t:Framed MTU(12) l:6, Value:1400
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11
t:Service Type(6) l:6, Value:Login
t:EAP-Message(79) l:12
Extensible Authentication Protocol
Code: Response (2)
Id: 2
Length: 10
Type: Identity [RFC2284] (1)
Identity (5 bytes): kevin
t:Message Authenticator(80) l:18, Value:"ÃN»k~\147¦íÂÁ,c\144Èí\025"
Frame 15 (126 on wire, 126 captured)
Arrival Time: Nov 15, 2002 13:44:03.417986000
Time delta from previous packet: 0.002312000 seconds
Time relative to first packet: 19.408303000 seconds
Frame Number: 15
Packet Length: 126 bytes
Capture Length: 126 bytes
Ethernet II
Destination: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net)
Source: 00:c0:9f:05:12:a6 (curve.esignx.com)
Type: IP (0x0800)
Internet Protocol, Src Addr: curve.esignx.com (66.135.138.207), Dst Addr:
ip204.aec-1.sfo.interquest.net
(66.135.138.204)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 112
Identification: 0x0000
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x9fd3 (correct)
Source: curve.esignx.com (66.135.138.207)
Destination: ip204.aec-1.sfo.interquest.net (66.135.138.204)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 22563 (22563)
Source port: radius (1812)
Destination port: 22563 (22563)
Length: 92
Checksum: 0x0f31 (correct)
Radius Protocol
Code: Access challenge (11)
Packet identifier: 0x4d (77)
Length: 84
Authenticator
Attribute value pairs
t:EAP-Message(79) l:8
Extensible Authentication Protocol
Code: Request (1)
Id: 3
Length: 6
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x20): Start
t:Message Authenticator(80) l:18, Value:"ÈÂt\001ç\143¡G¥¶\148\128âJ/?"
t:State(24) l:38,
Value:"\005\023\017b\019\013jy\145\153îx1P'£jÕ=ºZ^#\013´ýMõÚkFF\007Ró"
Frame 17 (299 on wire, 299 captured)
Arrival Time: Nov 15, 2002 13:44:03.789273000
Time delta from previous packet: 0.106425000 seconds
Time relative to first packet: 19.779590000 seconds
Frame Number: 17
Packet Length: 299 bytes
Capture Length: 299 bytes
Ethernet II
Destination: 00:c0:9f:05:12:a6 (curve.esignx.com)
Source: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net)
Type: IP (0x0800)
Internet Protocol, Src Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204), Dst
Addr: curve.esignx.com
(66.135.138.207)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 285
Identification: 0x3984
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (0x11)
Header checksum: 0xa6a2 (correct)
Source: ip204.aec-1.sfo.interquest.net (66.135.138.204)
Destination: curve.esignx.com (66.135.138.207)
User Datagram Protocol, Src Port: 22564 (22564), Dst Port: radius (1812)
Source port: 22564 (22564)
Destination port: radius (1812)
Length: 265
Checksum: 0xa839 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x4e (78)
Length: 257
Authenticator
Attribute value pairs
t:User Name(1) l:7, Value:"kevin"
t:Vendor Specific(26) l:20, Vendor:Cisco, Type:Cisco AV Pair, Len:12
Value:"ssid=tsunami"
t:NAS IP Address(4) l:6, Value:192.168.0.8
t:Called Station Id(30) l:14, Value:"004096495de0"
t:Calling Station Id(31) l:14, Value:"0006250baad2"
t:NAS identifier(32) l:14, Value:"AP350-495de0"
t:NAS Port(5) l:6, Value:37
t:Framed MTU(12) l:6, Value:1400
t:State(24) l:38,
Value:"\005\023\017b\019\013jy\145\153îx1P'£jÕ=ºZ^#\013´ýMõÚkFF\007Ró"
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11
t:Service Type(6) l:6, Value:Login
t:EAP-Message(79) l:82
Extensible Authentication Protocol
Code: Response (2)
Id: 3
Length: 80
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x80): Length
Length: 70
Secure Socket Layer
TLS Record Layer: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 65
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 61
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Nov 15, 2002 13:45:56.000000000
Random.bytes
Session ID Length: 0
Cipher Suites Length: 22
Cipher Suites (11 suites)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
(0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
(0x0062)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
(0x0006)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
(0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
(0x0063)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
t:Message Authenticator(80) l:18, Value:"Ý\131\021Ð|\030\144ïÌ·È\020LÀk\022"
Frame 18 (1145 on wire, 1145 captured)
Arrival Time: Nov 15, 2002 13:44:03.792712000
Time delta from previous packet: 0.003439000 seconds
Time relative to first packet: 19.783029000 seconds
Frame Number: 18
Packet Length: 1145 bytes
Capture Length: 1145 bytes
Ethernet II
Destination: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net)
Source: 00:c0:9f:05:12:a6 (curve.esignx.com)
Type: IP (0x0800)
Internet Protocol, Src Addr: curve.esignx.com (66.135.138.207), Dst Addr:
ip204.aec-1.sfo.interquest.net
(66.135.138.204)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1131
Identification: 0x0000
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x9bd8 (correct)
Source: curve.esignx.com (66.135.138.207)
Destination: ip204.aec-1.sfo.interquest.net (66.135.138.204)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 22564 (22564)
Source port: radius (1812)
Destination port: 22564 (22564)
Length: 1111
Checksum: 0xdec5 (correct)
Radius Protocol
Code: Access challenge (11)
Packet identifier: 0x4e (78)
Length: 1103
Authenticator
Attribute value pairs
t:EAP-Message(79) l:254
EAP fragment
t:EAP-Message(79) l:254
EAP fragment
t:EAP-Message(79) l:254
EAP fragment
t:EAP-Message(79) l:254
EAP fragment
t:EAP-Message(79) l:11
EAP fragment
Extensible Authentication Protocol
Code: Request (1)
Id: 4
Length: 1017
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x80): Length
Length: 1007
Secure Socket Layer
TLS Record Layer: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 74
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 70
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Nov 15, 2002 13:44:03.000000000
Random.bytes
Session ID Length: 32
Session ID (32 bytes)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Compression Method: null (0)
TLS Record Layer: Certificate
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 737
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 733
Certificates Length: 730
Certificates (730 bytes)
Certificate Length: 727
Certificate (727 bytes)
TLS Record Layer: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 181
Handshake Protocol: Certificate Request
Handshake Type: Certificate Request (13)
Length: 173
Certificate types count: 3
Certificate types (3 types)
Certificate type: RSA Sign (1)
Certificate type: DSS Sign (2)
Certificate type: Unknown (5)
Distinguished Names Length: 167
Distinguished Names (167 bytes)
Distinguished Name Length: 165
Distinguished Name (165 bytes)
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
t:Message Authenticator(80) l:18, Value:"$\155\004çï\013f\001Ê\025ÚP\136ÈÏ="
t:State(24) l:38,
Value:"õνÚð¢ÇyÇÄ\141Ê\148O2b£jÕ=S\127,\138Ì:û\026\026Ì\01253\136\017"
Frame 21 (225 on wire, 225 captured)
Arrival Time: Nov 15, 2002 13:44:05.004527000
Time delta from previous packet: 0.715416000 seconds
Time relative to first packet: 20.994844000 seconds
Frame Number: 21
Packet Length: 225 bytes
Capture Length: 225 bytes
Ethernet II
Destination: 00:c0:9f:05:12:a6 (curve.esignx.com)
Source: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net)
Type: IP (0x0800)
Internet Protocol, Src Addr: ip204.aec-1.sfo.interquest.net (66.135.138.204), Dst
Addr: curve.esignx.com
(66.135.138.207)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 211
Identification: 0x398d
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (0x11)
Header checksum: 0xa6e3 (correct)
Source: ip204.aec-1.sfo.interquest.net (66.135.138.204)
Destination: curve.esignx.com (66.135.138.207)
User Datagram Protocol, Src Port: 22565 (22565), Dst Port: radius (1812)
Source port: 22565 (22565)
Destination port: radius (1812)
Length: 191
Checksum: 0xa27e (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x4f (79)
Length: 183
Authenticator
Attribute value pairs
t:User Name(1) l:7, Value:"kevin"
t:Vendor Specific(26) l:20, Vendor:Cisco, Type:Cisco AV Pair, Len:12
Value:"ssid=tsunami"
t:NAS IP Address(4) l:6, Value:192.168.0.8
t:Called Station Id(30) l:14, Value:"004096495de0"
t:Calling Station Id(31) l:14, Value:"0006250baad2"
t:NAS identifier(32) l:14, Value:"AP350-495de0"
t:NAS Port(5) l:6, Value:37
t:Framed MTU(12) l:6, Value:1400
t:State(24) l:38,
Value:"õνÚð¢ÇyÇÄ\141Ê\148O2b£jÕ=S\127,\138Ì:û\026\026Ì\01253\136\017"
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11
t:Service Type(6) l:6, Value:Login
t:EAP-Message(79) l:8
Extensible Authentication Protocol
Code: Response (2)
Id: 4
Length: 6
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x0):
t:Message Authenticator(80) l:18, Value:"K\148öû³ñvÚ\134Ü\152\023'\006\154"
Frame 23 (86 on wire, 86 captured)
Arrival Time: Nov 15, 2002 13:44:07.003563000
Time delta from previous packet: 0.968648000 seconds
Time relative to first packet: 22.993880000 seconds
Frame Number: 23
Packet Length: 86 bytes
Capture Length: 86 bytes
Ethernet II
Destination: 00:08:a1:1d:e7:30 (ip204.aec-1.sfo.interquest.net)
Source: 00:c0:9f:05:12:a6 (curve.esignx.com)
Type: IP (0x0800)
Internet Protocol, Src Addr: curve.esignx.com (66.135.138.207), Dst Addr:
ip204.aec-1.sfo.interquest.net
(66.135.138.204)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0x0000
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x9ffb (correct)
Source: curve.esignx.com (66.135.138.207)
Destination: ip204.aec-1.sfo.interquest.net (66.135.138.204)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 22565 (22565)
Source port: radius (1812)
Destination port: 22565 (22565)
Length: 52
Checksum: 0x220e (correct)
Radius Protocol
Code: Access Reject (3)
Packet identifier: 0x4f (79)
Length: 44
Authenticator
Attribute value pairs
t:EAP-Message(79) l:6
Extensible Authentication Protocol
Code: Failure (4)
Id: 4
Length: 4
t:Message Authenticator(80) l:18, Value:"8\129ÃdãbÓÍÂÚÂ\138¥²\1495"
/************************************freeradius log******************************/
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: servers_per_realm = 15
security: max_attributes = 200
security: reject_delay = 1
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
unix: cache = yes
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
HASH: Reinitializing hash structures and lists for caching...
HASH: user root found in hashtable bucket 11726
HASH: user bin found in hashtable bucket 86651
HASH: user daemon found in hashtable bucket 11668
HASH: user adm found in hashtable bucket 26466
HASH: user lp found in hashtable bucket 54068
HASH: user sync found in hashtable bucket 42895
HASH: user shutdown found in hashtable bucket 71746
HASH: user halt found in hashtable bucket 7481
HASH: user mail found in hashtable bucket 79471
HASH: user news found in hashtable bucket 5375
HASH: user uucp found in hashtable bucket 38541
HASH: user operator found in hashtable bucket 21748
HASH: user games found in hashtable bucket 47657
HASH: user gopher found in hashtable bucket 47357
HASH: user ftp found in hashtable bucket 56226
HASH: user nobody found in hashtable bucket 99723
HASH: user vcsa found in hashtable bucket 25959
HASH: user mailnull found in hashtable bucket 78086
HASH: user rpm found in hashtable bucket 72383
HASH: user wnn found in hashtable bucket 59815
HASH: user ntp found in hashtable bucket 21418
HASH: user rpc found in hashtable bucket 72373
HASH: user xfs found in hashtable bucket 17213
HASH: user gdm found in hashtable bucket 50360
HASH: user rpcuser found in hashtable bucket 552
HASH: user nfsnobody found in hashtable bucket 51830
HASH: user nscd found in hashtable bucket 36306
HASH: user ident found in hashtable bucket 40304
HASH: user radvd found in hashtable bucket 66743
HASH: user postgres found in hashtable bucket 19301
HASH: user apache found in hashtable bucket 26582
HASH: user squid found in hashtable bucket 62826
HASH: user named found in hashtable bucket 7729
HASH: user pcap found in hashtable bucket 55326
HASH: user amanda found in hashtable bucket 72438
HASH: user junkbust found in hashtable bucket 14816
HASH: user mailman found in hashtable bucket 53563
HASH: user mysql found in hashtable bucket 46314
HASH: user netdump found in hashtable bucket 34321
HASH: user ldap found in hashtable bucket 45563
HASH: user postfix found in hashtable bucket 23093
HASH: user pvm found in hashtable bucket 78527
HASH: user ypw found in hashtable bucket 16936
HASH: user richard found in hashtable bucket 70235
HASH: user jzhu found in hashtable bucket 89989
HASH: user yfeng found in hashtable bucket 79945
HASH: user cms found in hashtable bucket 38933
HASH: user sandy found in hashtable bucket 91713
HASH: Stored 48 entries from /etc/passwd
HASH: Stored 58 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/eap/cert-srv.pem"
tls: certificate_file = "/etc/eap/cert-srv.pem"
tls: CA_file = "/etc/eap/root.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/eap/DH"
tls: random_file = "/etc/eap/random"
tls: fragment_size = 4048
tls: include_length = yes
rlm_eap_tls: conf N ctx stored
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
auth_type_fixup: Auth-Type [1000]
auth_type_fixup: User-Password [2]
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
main: smux_password = "i9s44A5bSNMP"
main: snmp_write_access = no
SMUX connect try 1
Can't connect to SNMP agent with SMUX: Connection refused
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 66.135.138.204:22563, id=77, length=149
User-Name = "kevin"
Cisco-AVPair = "ssid=tsunami"
NAS-IP-Address = 192.168.0.8
Called-Station-Id = "004096495de0"
Calling-Station-Id = "0006250baad2"
NAS-Identifier = "AP350-495de0"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\002\000\n\001kevin"
Message-Authenticator = 0xc34ebb6b7e93a6edc2c12c6390c8ed19
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched kevin at 95
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 77 to 66.135.138.204:22563
EAP-Message = "\001\003\000\006\r "
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x05171162130d6a799199ee78315027c2a36ad53dba5a5e230db4fd4df5da6b46460752f3
Finished request 0
Going to the next request
SMUX connect try 2
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 66.135.138.204:22564, id=78, length=257
User-Name = "kevin"
Cisco-AVPair = "ssid=tsunami"
NAS-IP-Address = 192.168.0.8
Called-Station-Id = "004096495de0"
Calling-Station-Id = "0006250baad2"
NAS-Identifier = "AP350-495de0"
NAS-Port = 37
Framed-MTU = 1400
State =
0x05171162130d6a799199ee78315027c2a36ad53dba5a5e230db4fd4df5da6b46460752f3
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message =
"\002\003\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001=\325k\024\367\0053d\210\223_\330(\206a\305\217\2
52g\030\375\252EL,\331Dzn\261n\361\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000
c\001"
Message-Authenticator = 0xdd8315d07c1e90efccb7c8144cc06b16
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched kevin at 95
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
<<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
>>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
>>> TLS 1.0 Handshake [length 02e1], Certificate
TLS_accept: SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 00b5], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 78 to 66.135.138.204:22564
EAP-Message =
"\001\004\003\371\r\200\000\000\003\357\026\003\001\000J\002\000\000F\003\001=\325j\243p\r\320z\377\006b\254\352\353\021
\262|\225K\023\212H\372\377\226\004\223/\2355\0034
"\023.Dr\001\314\232~<\350\020\013\306\n0L\203\366\304F\275\264J\320\323i\335\251\311\345\241\000\004\000\026\003\001\00
2\341\013\000\002\335\000\002\332\000\002\3270\202\002\3230\202\002<\240\003\002\001\002\002\001\0020\r\006\t*\206H\206\
367\r\001\001\004\005\0000\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023"
EAP-Message =
"urve.esignx.com1\0370\035\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r021113185626Z\027\r03111318
5626Z0\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0220\020\006\003U\004\007\
023\tCupertino1\0330\031\006\003U\004\n\023\022eSignX
Corporation1\0210\017\006\003U\004\013\023\010Wireless1\0310\027\006\003U\004\003\023\020curve.esignx.com1\0370\035\006\
t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201\2370\r\006\t"
EAP-Message =
"*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\307yX6\221#\003\322y\3762\313Z\212\rl\273
K\2026\355J\242\274\013m\370*\005Y\365\320\314C^\023\277\036\001\273+\244M1\022E\275bt\265j\331\032\311;\253\006%:\337/\
304F\374.\316\274\335\317\271\304\355\367\263\315\322#\035\277v\334]\005\317b\007\255\023(\034Z\256\022\333q\232_\021\3
34!m92<\260\022\010\023\377PT\205\027\003D\004Pg\214\310\246\033!$WqE\002\003\001\000\001\243\0270\0250\023\006\003U\035
%\004\0140\n\006\010+\006\001\005"
EAP-Message =
"Itp!\rF{\241\347\342+\351\017\217\215\225\377\336]E\036!!\334\\\250\230\2203h\010\266\350\022#\031\036\375l\366\244\271
\371\356\214)\033\347;\345\002\300\020D\271J\003\264K\254uL}tv\350!;\257\342\001\343\366d1\026\003\001\000\265\r\000\000
\255\003\001\002\005\000\247\000\2450\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifor
nia1\0220\020\006\003U\004\007\023\tCupertino1\0330\031\006\003U\004\n\023\022eSignX
Corporation1\0210\017\006\003U\004\013\023\010Wireless1\0310\027\006"
EAP-Message = "x.com\016\000\000"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xf5cebddaf0a2c779c7c48dca944f3262a36ad53d53ad7f2c8acc3afb1a1acc0c35338811
Finished request 1
Going to the next request
SMUX connect try 3
Can't connect to SNMP agent with SMUX: Connection refused
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 66.135.138.204:22565, id=79, length=183
User-Name = "kevin"
Cisco-AVPair = "ssid=tsunami"
NAS-IP-Address = 192.168.0.8
Called-Station-Id = "004096495de0"
Calling-Station-Id = "0006250baad2"
NAS-Identifier = "AP350-495de0"
NAS-Port = 37
Framed-MTU = 1400
State =
0xf5cebddaf0a2c779c7c48dca944f3262a36ad53d53ad7f2c8acc3afb1a1acc0c35338811
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\004\000\006\r"
Message-Authenticator = 0x4b94f6fbb3f176da86dc981727069aad
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched kevin at 95
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: Invalid ACK received
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 79 to 66.135.138.204:22565
EAP-Message = "\004\004\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 77 with timestamp 3dd56aa3
Cleaning up request 1 ID 78 with timestamp 3dd56aa3
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 66.135.138.204:22566, id=80, length=149
User-Name = "kevin"
Cisco-AVPair = "ssid=tsunami"
NAS-IP-Address = 192.168.0.8
Called-Station-Id = "004096495de0"
Calling-Station-Id = "0006250baad2"
NAS-Identifier = "AP350-495de0"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\005\000\n\001kevin"
Message-Authenticator = 0xe6652cc53692bf0e39991f47ed505fa9
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched kevin at 95
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 80 to 66.135.138.204:22566
EAP-Message = "\001\006\000\006\r "
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xe3e74b0ab3499a907dd5cf9b4236f60aa96ad53d8214b104a2059fbad1124d71eba325e1
Finished request 3
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 66.135.138.204:22567, id=81, length=257
User-Name = "kevin"
Cisco-AVPair = "ssid=tsunami"
NAS-IP-Address = 192.168.0.8
Called-Station-Id = "004096495de0"
Calling-Station-Id = "0006250baad2"
NAS-Identifier = "AP350-495de0"
NAS-Port = 37
Framed-MTU = 1400
State =
0xe3e74b0ab3499a907dd5cf9b4236f60aa96ad53d8214b104a2059fbad1124d71eba325e1
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message =
"\002\006\000P\r\200\000\000\000F\026\003\001\000A\001\000\000=\003\001=\325k\032\n(\334\303\372I}\025A\256\316\244\212\
n^dp\2573%\313\377TX\3049\203i\000\000\026\000\004\000\005\000\n\000\t\000d\000b\000\003\000\006\000\023\000\022\000c\00
1"
Message-Authenticator = 0x5a6ea97f88ebe9d13de815e2ff22c2b8
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched kevin at 95
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Length Included
undefined: before/accept initialization
TLS_accept: before/accept initialization
<<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
>>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
>>> TLS 1.0 Handshake [length 02e1], Certificate
TLS_accept: SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 00b5], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap_tls: SSL_read Error
Error code is ..... 2
SSL Error ..... 2
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 81 to 66.135.138.204:22567
EAP-Message =
"\001\007\003\371\r\200\000\000\003\357\026\003\001\000J\002\000\000F\003\001=\325j\251)\333[\251\222\303\231\230\0354O\
000\310>\022\340\273\267S\235\205K\315J\005\035q
\334+6Q^\203{\247R4\013\013\252\302\230\023'E\3613\313\005\244e\270\241\354\246Ss\353\277\000\004\000\026\003\001\002\34
1\013\000\002\335\000\002\332\000\002\3270\202\002\3230\202\002<\240\003\002\001\002\002\001\0020\r\006\t*\206H\206\367\
r\001\001\004\005\0000\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCal"
EAP-Message =
"urve.esignx.com1\0370\035\006\t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\036\027\r021113185626Z\027\r03111318
5626Z0\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifornia1\0220\020\006\003U\004\007\
023\tCupertino1\0330\031\006\003U\004\n\023\022eSignX
Corporation1\0210\017\006\003U\004\013\023\010Wireless1\0310\027\006\003U\004\003\023\020curve.esignx.com1\0370\035\006\
t*\206H\206\367\r\001\t\001\026\[EMAIL PROTECTED]\201\2370\r\006\t"
EAP-Message =
"*\206H\206\367\r\001\001\001\005\000\003\201\215\0000\201\211\002\201\201\000\307yX6\221#\003\322y\3762\313Z\212\rl\273
K\2026\355J\242\274\013m\370*\005Y\365\320\314C^\023\277\036\001\273+\244M1\022E\275bt\265j\331\032\311;\253\006%:\337/\
304F\374.\316\274\335\317\271\304\355\367\263\315\322#\035\277v\334]\005\317b\007\255\023(\034Z\256\022\333q\232_\021\3
34!m92<\260\022\010\023\377PT\205\027\003D\004Pg\214\310\246\033!$WqE\002\003\001\000\001\243\0270\0250\023\006\003U\035
%\004\0140\n\006\010+\006\001\005"
EAP-Message =
"Itp!\rF{\241\347\342+\351\017\217\215\225\377\336]E\036!!\334\\\250\230\2203h\010\266\350\022#\031\036\375l\366\244\271
\371\356\214)\033\347;\345\002\300\020D\271J\003\264K\254uL}tv\350!;\257\342\001\343\366d1\026\003\001\000\265\r\000\000
\255\003\001\002\005\000\247\000\2450\201\2421\0130\t\006\003U\004\006\023\002US1\0230\021\006\003U\004\010\023\nCalifor
nia1\0220\020\006\003U\004\007\023\tCupertino1\0330\031\006\003U\004\n\023\022eSignX
Corporation1\0210\017\006\003U\004\013\023\010Wireless1\0310\027\006"
EAP-Message = "x.com\016\000\000"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x6aa384f436dbdaad6138d980b507a71ba96ad53d0e982f9b594714a39dbf235aee306ed5
Finished request 4
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 66.135.138.204:22568, id=82, length=183
User-Name = "kevin"
Cisco-AVPair = "ssid=tsunami"
NAS-IP-Address = 192.168.0.8
Called-Station-Id = "004096495de0"
Calling-Station-Id = "0006250baad2"
NAS-Identifier = "AP350-495de0"
NAS-Port = 37
Framed-MTU = 1400
State =
0x6aa384f436dbdaad6138d980b507a71ba96ad53d0e982f9b594714a39dbf235aee306ed5
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = "\002\007\000\006\r"
Message-Authenticator = 0x828a7278b70043a2068044344ee907bf
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "kevin", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched kevin at 95
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: Invalid ACK received
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 79 with timestamp 3dd56aa5
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 82 to 66.135.138.204:22568
EAP-Message = "\004\007\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 80 with timestamp 3dd56aa9
Cleaning up request 4 ID 81 with timestamp 3dd56aa9
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 82 with timestamp 3dd56aaa
Nothing to do. Sleeping until we see a request.
/*********************************Cisco AP350 eap log********************************/
2002/11/15 13:45:30 (Info): Station 0006250baad2 Authenticated
Dot1x entry (kevin,0006250baad2) is being deleted(Current Count=3)
2002/11/15 13:45:30 (Info): Station 0006250baad2 Associated
Dot1X Authentication Entry (0006250baad2) is created (Current Count=4)
RADIUS: Sending EAP-Request/Identity(id=1) packet to client 0006250baad2
00baabd0: 01 00 * .*
00baabe0: 00 33 01 01 00 33 01 00 6e 65 74 77 6f 72 6b 69 *.3...3..networki*
00baabf0: 64 3d 74 73 75 6e 61 6d 69 2c 6e 61 73 69 64 3d *d=tsunami,nasid=*
00baac00: 41 50 33 35 30 2d 34 39 35 64 65 30 2c 70 6f 72 *AP350-495de0,por*
00baac10: 74 69 64 3d 30 *tid=0...........*
EAP: Received EAPOL-Start from client 0006250baad2
RADIUS: Sending EAP-Request/Identity(id=2) packet to client 0006250baad2
00ba7dd0: 01 00 00 33 01 02 * ..3..*
00ba7de0: 00 33 01 00 6e 65 74 77 6f 72 6b 69 64 3d 74 73 *.3..networkid=ts*
00ba7df0: 75 6e 61 6d 69 2c 6e 61 73 69 64 3d 41 50 33 35 *unami,nasid=AP35*
00ba7e00: 30 2d 34 39 35 64 65 30 2c 70 6f 72 74 69 64 3d *0-495de0,portid=*
00ba7e10: 30 *0...............*
EAP: Received EAP-Response/Identity(id=1) packet from client 0006250baad2
00bab4f0: 01 00 00 0a 02 01 00 0a * .......*
00bab500: 01 6b 65 76 69 6e *.kevin..........*
EAP: Response not from most recent request (ID: Expected=2, Actual=1)
EAP: Received EAP-Response/Identity(id=2) packet from client 0006250baad2
00ba7dc0: 01 00 00 0a 02 02 00 0a 01 6b 65 76 69 6e *.........kevin..*
EAP: Forwarding packet to RADIUS server
008a35e0: 01 4d 00 95 22 5f c1 ad 91 0c e2 d8 f2 50 fb c5 *.M.."_.......P..*
008a35f0: ab b5 d9 ad 01 07 6b 65 76 69 6e 1a 14 00 00 00 *......kevin.....*
008a3600: 09 01 0e 73 73 69 64 3d 74 73 75 6e 61 6d 69 04 *...ssid=tsunami.*
008a3610: 06 c0 a8 00 08 1e 0e 30 30 34 30 39 36 34 39 35 *.......004096495*
008a3620: 64 65 30 1f 0e 30 30 30 36 32 35 30 62 61 61 64 *de0..0006250baad*
008a3630: 32 20 0e 41 50 33 35 30 2d 34 39 35 64 65 30 05 *2 .AP350-495de0.*
008a3640: 06 00 00 00 25 0c 06 00 00 05 78 3d 06 00 00 00 *....%.....x=....*
008a3650: 13 06 06 00 00 00 01 4f 0c 02 02 00 0a 01 6b 65 *.......O......ke*
008a3660: 76 69 6e 50 12 c3 4e bb 6b 7e 93 a6 ed c2 c1 2c *vinP..N.k~.....,*
008a3670: 63 90 c8 ed 19 *c...............*
RADIUS: Received packet for client 0006250baad2
008a2dd0: 0b 4d 00 54 b4 f6 c5 a1 * M.T....*
008a2de0: 46 d2 f2 88 5c 69 ad 63 64 d0 ed c1 4f 08 01 03 *F...\i.cd...O...*
008a2df0: 00 06 0d 20 50 12 c8 c2 74 01 e7 8f a1 47 a5 b6 *... P...t....G..*
008a2e00: 94 80 e2 4a 2f 3f 18 26 05 17 11 62 13 0d 6a 79 *...J/?.&...b..jy*
008a2e10: 91 99 ee 78 31 50 27 c2 a3 6a d5 3d ba 5a 5e 23 *...x1P'..j.=.Z^#*
008a2e20: 0d b4 fd 4d f5 da 6b 46 46 07 52 f3 *...M..kFF.R.....*
RADIUS: Received Challenge Request
RADIUS: Server's state attribute was saved
RADIUS: Sending EAP-Request/EAP-TLS(id=3) packet to client 0006250baad2
00baabd0: 01 00 * .*
00baabe0: 00 06 01 03 00 06 0d 20 *....... ........*
EAP: Received EAP-Response/EAP-TLS(id=3) packet from client 0006250baad2
00bac760: 01 00 00 50 02 03 00 50 0d 80 00 00 00 46 16 03 *...P...P.....F..*
00bac770: 01 00 41 01 00 00 3d 03 01 3d d5 6b 14 f7 05 33 *..A...=..=.k...3*
00bac780: 64 88 93 5f d8 28 86 61 c5 8f aa 67 18 fd aa 45 *d.._.(.a...g...E*
00bac790: 4c 2c d9 44 7a 6e b1 6e f1 00 00 16 00 04 00 05 *L,.Dzn.n........*
00bac7a0: 00 0a 00 09 00 64 00 62 00 03 00 06 00 13 00 12 *.....d.b........*
00bac7b0: 00 63 01 00 *.c..............*
EAP: Forwarding packet to RADIUS server
008a35e0: 01 4e 01 01 87 89 9d 15 a5 d1 37 b6 93 16 7b f8 *.N........7...{.*
008a35f0: b2 99 fa f5 01 07 6b 65 76 69 6e 1a 14 00 00 00 *......kevin.....*
008a3600: 09 01 0e 73 73 69 64 3d 74 73 75 6e 61 6d 69 04 *...ssid=tsunami.*
008a3610: 06 c0 a8 00 08 1e 0e 30 30 34 30 39 36 34 39 35 *.......004096495*
008a3620: 64 65 30 1f 0e 30 30 30 36 32 35 30 62 61 61 64 *de0..0006250baad*
008a3630: 32 20 0e 41 50 33 35 30 2d 34 39 35 64 65 30 05 *2 .AP350-495de0.*
008a3640: 06 00 00 00 25 0c 06 00 00 05 78 18 26 05 17 11 *....%.....x.&...*
008a3650: 62 13 0d 6a 79 91 99 ee 78 31 50 27 c2 a3 6a d5 *b..jy...x1P'..j.*
008a3660: 3d ba 5a 5e 23 0d b4 fd 4d f5 da 6b 46 46 07 52 *=.Z^#...M..kFF.R*
008a3670: f3 3d 06 00 00 00 13 06 06 00 00 00 01 4f 52 02 *.=...........OR.*
008a3680: 03 00 50 0d 80 00 00 00 46 16 03 01 00 41 01 00 *..P.....F....A..*
008a3690: 00 3d 03 01 3d d5 6b 14 f7 05 33 64 88 93 5f d8 *.=..=.k...3d.._.*
008a36a0: 28 86 61 c5 8f aa 67 18 fd aa 45 4c 2c d9 44 7a *(.a...g...EL,.Dz*
008a36b0: 6e b1 6e f1 00 00 16 00 04 00 05 00 0a 00 09 00 *n.n.............*
008a36c0: 64 00 62 00 03 00 06 00 13 00 12 00 63 01 00 50 *d.b.........c..P*
008a36d0: 12 dd 83 15 d0 7c 1e 90 ef cc b7 c8 14 4c c0 6b *.....|.......L.k*
008a36e0: 16 *................*
RADIUS: Received packet for client 0006250baad2
008a2dd0: 0b 4e 04 4f a6 a0 55 68 * N.O..Uh*
008a2de0: 84 95 4f 9b f9 6e 7c 0e 44 0c 03 cc 4f fe 01 04 *..O..n|.D...O...*
008a2df0: 03 f9 0d 80 00 00 03 ef 16 03 01 00 4a 02 00 00 *............J...*
008a2e00: 46 03 01 3d d5 6a a3 70 0d d0 7a ff 06 62 ac ea *F..=.j.p..z..b..*
008a2e10: eb 11 b2 7c 95 4b 13 8a 48 fa ff 96 04 93 2f 9d *...|.K..H...../.*
008a2e20: 35 03 34 20 22 13 2e 44 72 01 cc 9a 7e 3c e8 10 *5.4 "..Dr...~<..*
008a2e30: 0b c6 0a 30 4c 83 f6 c4 46 bd b4 4a d0 d3 69 dd *...0L...F..J..i.*
008a2e40: a9 c9 e5 a1 00 04 00 16 03 01 02 e1 0b 00 02 dd *................*
008a2e50: 00 02 da 00 02 d7 30 82 02 d3 30 82 02 3c a0 03 *......0...0..<..*
008a2e60: 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d *......0...*.H...*
008a2e70: 01 01 04 05 00 30 81 a2 31 0b 30 09 06 03 55 04 *.....0..1.0...U.*
008a2e80: 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a *...US1.0...U....*
008a2e90: 43 61 6c 69 66 6f 72 6e 69 61 31 12 30 10 06 03 *California1.0...*
008a2ea0: 55 04 07 13 09 43 75 70 65 72 74 69 6e 6f 31 1b *U....Cupertino1.*
008a2eb0: 30 19 06 03 55 04 0a 13 12 65 53 69 67 6e 58 20 *0...U....eSignX *
008a2ec0: 43 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 *Corporation1.0..*
008a2ed0: 03 55 04 0b 13 08 57 69 72 65 6c 65 73 73 31 19 *.U....Wireless1.*
008a2ee0: 30 17 06 03 55 04 03 13 10 63 4f fe 75 72 76 65 *0...U....cO.urve*
008a2ef0: 2e 65 73 69 67 6e 78 2e 63 6f 6d 31 1f 30 1d 06 *.esignx.com1.0..*
008a2f00: 09 2a 86 48 86 f7 0d 01 09 01 16 10 63 75 72 76 *.*.H........curv*
008a2f10: 65 40 65 73 69 67 6e 78 2e 63 6f 6d 30 1e 17 0d *[EMAIL PROTECTED]*
008a2f20: 30 32 31 31 31 33 31 38 35 36 32 36 5a 17 0d 30 *021113185626Z..0*
008a2f30: 33 31 31 31 33 31 38 35 36 32 36 5a 30 81 a2 31 *31113185626Z0..1*
008a2f40: 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 *.0...U....US1.0.*
008a2f50: 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 *..U....Californi*
008a2f60: 61 31 12 30 10 06 03 55 04 07 13 09 43 75 70 65 *a1.0...U....Cupe*
008a2f70: 72 74 69 6e 6f 31 1b 30 19 06 03 55 04 0a 13 12 *rtino1.0...U....*
008a2f80: 65 53 69 67 6e 58 20 43 6f 72 70 6f 72 61 74 69 *eSignX Corporati*
008a2f90: 6f 6e 31 11 30 0f 06 03 55 04 0b 13 08 57 69 72 *on1.0...U....Wir*
008a2fa0: 65 6c 65 73 73 31 19 30 17 06 03 55 04 03 13 10 *eless1.0...U....*
008a2fb0: 63 75 72 76 65 2e 65 73 69 67 6e 78 2e 63 6f 6d *curve.esignx.com*
008a2fc0: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 *1.0...*.H.......*
008a2fd0: 10 63 75 72 76 65 40 65 73 69 67 6e 78 2e 63 6f *[EMAIL PROTECTED]*
008a2fe0: 6d 30 81 9f 30 0d 06 09 4f fe 2a 86 48 86 f7 0d *m0..0...O.*.H...*
008a2ff0: 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 *.........0......*
008a3000: c7 79 58 36 91 23 03 d2 79 fe 32 cb 5a 8a 0d 6c *.yX6.#..y.2.Z..l*
008a3010: bb 4b 82 36 ed 4a a2 bc 0b 6d f8 2a 05 59 f5 d0 *.K.6.J...m.*.Y..*
008a3020: cc 43 5e 13 bf 1e 01 bb 2b a4 4d 31 12 45 bd 62 *.C^.....+.M1.E.b*
008a3030: 74 b5 6a d9 1a c9 3b ab 06 25 3a df 2f c4 46 fc *t.j...;..%:./.F.*
008a3040: 2e ce bc dd cf b9 c4 ed f7 b3 cd d2 23 1d bf 76 *............#..v*
008a3050: dc 7f 5d 05 cf 62 07 ad 13 28 1c 5a ae 12 db 71 *..]..b...(.Z...q*
008a3060: 9a 5f 11 dc 21 6d 39 32 3c b0 12 08 13 ff 50 54 *._..!m92<.....PT*
008a3070: 85 17 03 44 04 50 67 8c c8 a6 1b 21 24 57 71 45 *...D.Pg....!$WqE*
008a3080: 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 *.......0.0...U.%*
008a3090: 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d *..0...+.......0.*
008a30a0: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 *..*.H...........*
008a30b0: 00 96 93 8b 16 a9 3f 96 a7 de 90 ed 76 09 89 87 *......?.....v...*
008a30c0: 11 58 de db 53 f2 da 7d f0 57 ff d1 39 8b 76 94 *.X..S..}.W..9.v.*
008a30d0: 66 ff ff cb ed e9 18 8c a9 67 87 c3 46 1d 48 5a *f........g..F.HZ*
008a30e0: 66 3b f0 75 6c 8d 4f fe 49 74 70 21 0d 46 7b a1 *f;.ul.O.Itp!.F{.*
008a30f0: e7 e2 2b e9 0f 8f 8d 95 ff de 5d 45 1e 21 21 dc *..+.......]E.!!.*
008a3100: 5c a8 98 90 33 68 08 b6 e8 12 23 19 1e fd 6c f6 *\...3h....#...l.*
008a3110: a4 b9 f9 ee 8c 29 1b e7 3b e5 02 c0 10 44 b9 4a *.....)..;....D.J*
008a3120: 03 b4 4b ac 75 4c 7d 74 76 e8 21 3b af e2 01 e3 *..K.uL}tv.!;....*
008a3130: f6 64 31 16 03 01 00 b5 0d 00 00 ad 03 01 02 05 *.d1.............*
008a3140: 00 a7 00 a5 30 81 a2 31 0b 30 09 06 03 55 04 06 *....0..1.0...U..*
008a3150: 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 43 *..US1.0...U....C*
008a3160: 61 6c 69 66 6f 72 6e 69 61 31 12 30 10 06 03 55 *alifornia1.0...U*
008a3170: 04 07 13 09 43 75 70 65 72 74 69 6e 6f 31 1b 30 *....Cupertino1.0*
008a3180: 19 06 03 55 04 0a 13 12 65 53 69 67 6e 58 20 43 *...U....eSignX C*
008a3190: 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 03 *orporation1.0...*
008a31a0: 55 04 0b 13 08 57 69 72 65 6c 65 73 73 31 19 30 *U....Wireless1.0*
008a31b0: 17 06 03 55 04 03 13 10 63 75 72 76 65 2e 65 73 *...U....curve.es*
008a31c0: 69 67 6e 78 2e 63 6f 6d 31 1f 30 1d 06 09 2a 86 *ignx.com1.0...*.*
008a31d0: 48 86 f7 0d 01 09 01 16 10 63 75 72 76 65 40 65 *H........curve@e*
008a31e0: 73 69 67 6e 4f 0b 78 2e 63 6f 6d 0e 00 00 00 50 *signO.x.com....P*
008a31f0: 12 24 9b 04 e7 ef 0d 66 01 ca 19 da 50 88 c8 cf *.$.....f....P...*
008a3200: 3d 18 26 f5 ce bd da f0 a2 c7 79 c7 c4 8d ca 94 *=.&.......y.....*
008a3210: 4f 32 62 a3 6a d5 3d 53 ad 7f 2c 8a cc 3a fb 1a *O2b.j.=S..,..:..*
008a3220: 1a cc 0c 35 33 88 11 *...53...........*
RADIUS: Received Challenge Request
RADIUS: Server's state attribute was saved
RADIUS: Appending EAP attribute value of length 254
RADIUS: Appending EAP attribute value of length 254
RADIUS: Appending EAP attribute value of length 254
RADIUS: Appending EAP attribute value of length 11
RADIUS: Sending EAP-code=120/type=109(id=46) packet to client 0006250baad2
00bac770: 01 00 03 f9 01 04 * .....*
00bac780: 03 f9 0d 80 00 00 03 ef 16 03 01 00 4a 02 00 00 *............J...*
00bac790: 46 03 01 3d d5 6a a3 70 0d d0 7a ff 06 62 ac ea *F..=.j.p..z..b..*
00bac7a0: eb 11 b2 7c 95 4b 13 8a 48 fa ff 96 04 93 2f 9d *...|.K..H...../.*
00bac7b0: 35 03 34 20 22 13 2e 44 72 01 cc 9a 7e 3c e8 10 *5.4 "..Dr...~<..*
00bac7c0: 0b c6 0a 30 4c 83 f6 c4 46 bd b4 4a d0 d3 69 dd *...0L...F..J..i.*
00bac7d0: a9 c9 e5 a1 00 04 00 16 03 01 02 e1 0b 00 02 dd *................*
00bac7e0: 00 02 da 00 02 d7 30 82 02 d3 30 82 02 3c a0 03 *......0...0..<..*
00bac7f0: 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d *......0...*.H...*
00bac800: 01 01 04 05 00 30 81 a2 31 0b 30 09 06 03 55 04 *.....0..1.0...U.*
00bac810: 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a *...US1.0...U....*
00bac820: 43 61 6c 69 66 6f 72 6e 69 61 31 12 30 10 06 03 *California1.0...*
00bac830: 55 04 07 13 09 43 75 70 65 72 74 69 6e 6f 31 1b *U....Cupertino1.*
00bac840: 30 19 06 03 55 04 0a 13 12 65 53 69 67 6e 58 20 *0...U....eSignX *
00bac850: 43 6f 72 70 6f 72 61 74 69 6f 6e 31 11 30 0f 06 *Corporation1.0..*
00bac860: 03 55 04 0b 13 08 57 69 72 65 6c 65 73 73 31 19 *.U....Wireless1.*
00bac870: 30 17 06 03 55 04 03 13 10 63 75 72 76 65 2e 65 *0...U....curve.e*
00bac880: 73 69 67 6e 78 2e 63 6f 6d 31 1f 30 1d 06 09 2a *signx.com1.0...**
00bac890: 86 48 86 f7 0d 01 09 01 16 10 63 75 72 76 65 40 *.H........curve@*
00bac8a0: 65 73 69 67 6e 78 2e 63 6f 6d 30 1e 17 0d 30 32 *esignx.com0...02*
00bac8b0: 31 31 31 33 31 38 35 36 32 36 5a 17 0d 30 33 31 *1113185626Z..031*
00bac8c0: 31 31 33 31 38 35 36 32 36 5a 30 81 a2 31 0b 30 *113185626Z0..1.0*
00bac8d0: 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 *...U....US1.0...*
00bac8e0: 55 04 08 13 0a 43 61 6c 69 66 6f 72 6e 69 61 31 *U....California1*
00bac8f0: 12 30 10 06 03 55 04 07 13 09 43 75 70 65 72 74 *.0...U....Cupert*
00bac900: 69 6e 6f 31 1b 30 19 06 03 55 04 0a 13 12 65 53 *ino1.0...U....eS*
00bac910: 69 67 6e 58 20 43 6f 72 70 6f 72 61 74 69 6f 6e *ignX Corporation*
00bac920: 31 11 30 0f 06 03 55 04 0b 13 08 57 69 72 65 6c *1.0...U....Wirel*
00bac930: 65 73 73 31 19 30 17 06 03 55 04 03 13 10 63 75 *ess1.0...U....cu*
00bac940: 72 76 65 2e 65 73 69 67 6e 78 2e 63 6f 6d 31 1f *rve.esignx.com1.*
00bac950: 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 63 *0...*.H........c*
00bac960: 75 72 76 65 40 65 73 69 67 6e 78 2e 63 6f 6d 30 *[EMAIL PROTECTED]*
00bac970: 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 *..0...*.H.......*
00bac980: 00 03 81 8d 00 30 81 89 02 81 81 00 c7 79 58 36 *.....0.......yX6*
00bac990: 91 23 03 d2 79 fe 32 cb 5a 8a 0d 6c bb 4b 82 36 *.#..y.2.Z..l.K.6*
00bac9a0: ed 4a a2 bc 0b 6d f8 2a 05 59 f5 d0 cc 43 5e 13 *.J...m.*.Y...C^.*
00bac9b0: bf 1e 01 bb 2b a4 4d 31 12 45 bd 62 74 b5 6a d9 *....+.M1.E.bt.j.*
00bac9c0: 1a c9 3b ab 06 25 3a df 2f c4 46 fc 2e ce bc dd *..;..%:./.F.....*
00bac9d0: cf b9 c4 ed f7 b3 cd d2 23 1d bf 76 dc 7f 5d 05 *........#..v..].*
00bac9e0: cf 62 07 ad 13 28 1c 5a ae 12 db 71 9a 5f 11 dc *.b...(.Z...q._..*
00bac9f0: 21 6d 39 32 3c b0 12 08 13 ff 50 54 85 17 03 44 *!m92<.....PT...D*
00baca00: 04 50 67 8c c8 a6 1b 21 24 57 71 45 02 03 01 00 *.Pg....!$WqE....*
00baca10: 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a *...0.0...U.%..0.*
00baca20: 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a 86 *..+.......0...*.*
00baca30: 48 86 f7 0d 01 01 04 05 00 03 81 81 00 96 93 8b *H...............*
00baca40: 16 a9 3f 96 a7 de 90 ed 76 09 89 87 11 58 de db *..?.....v....X..*
00baca50: 53 f2 da 7d f0 57 ff d1 39 8b 76 94 66 ff ff cb *S..}.W..9.v.f...*
00baca60: ed e9 18 8c a9 67 87 c3 46 1d 48 5a 66 3b f0 75 *.....g..F.HZf;.u*
00baca70: 6c 8d 49 74 70 21 0d 46 7b a1 e7 e2 2b e9 0f 8f *l.Itp!.F{...+...*
00baca80: 8d 95 ff de 5d 45 1e 21 21 dc 5c a8 98 90 33 68 *....]E.!!.\...3h*
00baca90: 08 b6 e8 12 23 19 1e fd 6c f6 a4 b9 f9 ee 8c 29 *....#...l......)*
00bacaa0: 1b e7 3b e5 02 c0 10 44 b9 4a 03 b4 4b ac 75 4c *..;....D.J..K.uL*
00bacab0: 7d 74 76 e8 21 3b af e2 01 e3 f6 64 31 16 03 01 *}tv.!;.....d1...*
00bacac0: 00 b5 0d 00 00 ad 03 01 02 05 00 a7 00 a5 30 81 *..............0.*
00bacad0: a2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 *.1.0...U....US1.*
00bacae0: 30 11 06 03 55 04 08 13 0a 43 61 6c 69 66 6f 72 *0...U....Califor*
00bacaf0: 6e 69 61 31 12 30 10 06 03 55 04 07 13 09 43 75 *nia1.0...U....Cu*
00bacb00: 70 65 72 74 69 6e 6f 31 1b 30 19 06 03 55 04 0a *pertino1.0...U..*
00bacb10: 13 12 65 53 69 67 6e 58 20 43 6f 72 70 6f 72 61 *..eSignX Corpora*
00bacb20: 74 69 6f 6e 31 11 30 0f 06 03 55 04 0b 13 08 57 *tion1.0...U....W*
00bacb30: 69 72 65 6c 65 73 73 31 19 30 17 06 03 55 04 03 *ireless1.0...U..*
00bacb40: 13 10 63 75 72 76 65 2e 65 73 69 67 6e 78 2e 63 *..curve.esignx.c*
00bacb50: 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 *om1.0...*.H.....*
00bacb60: 01 16 10 63 75 72 76 65 40 65 73 69 67 6e 78 2e *...curve@esignx.*
00bacb70: 63 6f 6d 0e 00 00 00 *com.............*
EAP: Received EAP-Response/EAP-TLS(id=4) packet from client 0006250baad2
00baabc0: 01 00 00 06 02 04 00 06 0d 00 * ...........*
EAP: Forwarding packet to RADIUS server
008a35e0: 01 4f 00 b7 a7 75 07 c2 3a a0 f7 ea 0b 66 2b 2a *.O...u..:....f+**
008a35f0: 90 25 81 ff 01 07 6b 65 76 69 6e 1a 14 00 00 00 *.%....kevin.....*
008a3600: 09 01 0e 73 73 69 64 3d 74 73 75 6e 61 6d 69 04 *...ssid=tsunami.*
008a3610: 06 c0 a8 00 08 1e 0e 30 30 34 30 39 36 34 39 35 *.......004096495*
008a3620: 64 65 30 1f 0e 30 30 30 36 32 35 30 62 61 61 64 *de0..0006250baad*
008a3630: 32 20 0e 41 50 33 35 30 2d 34 39 35 64 65 30 05 *2 .AP350-495de0.*
008a3640: 06 00 00 00 25 0c 06 00 00 05 78 18 26 f5 ce bd *....%.....x.&...*
008a3650: da f0 a2 c7 79 c7 c4 8d ca 94 4f 32 62 a3 6a d5 *....y.....O2b.j.*
008a3660: 3d 53 ad 7f 2c 8a cc 3a fb 1a 1a cc 0c 35 33 88 *=S..,..:.....53.*
008a3670: 11 3d 06 00 00 00 13 06 06 00 00 00 01 4f 08 02 *.=...........O..*
008a3680: 04 00 06 0d 00 50 12 4b 94 f6 fb b3 f1 76 da 86 *.....P.K.....v..*
008a3690: dc 98 17 27 06 9a ad *...'............*
RADIUS: Received packet for client 0006250baad2
008a2dd0: 03 4f 00 2c 2a a8 ad 47 * O.,*..G*
008a2de0: 92 ff a6 87 ce 56 24 84 df 9d e5 a4 4f 06 04 04 *.....V$.....O...*
008a2df0: 00 04 50 12 38 81 c3 64 e3 62 d3 cd c2 da c2 8a *..P.8..d.b......*
008a2e00: a5 b2 95 35 *...5............*
RADIUS: Access-Deny for 0006250baad2
RADIUS: Sending EAP-Failure/type=0(id=4) packet to client 0006250baad2
00bac770: 01 00 00 04 04 04 * .....*
00bac780: 00 04 *................*
2002/11/15 13:45:34 (Warning): Station=0006250baad2 user="kevin" Failed
EAP-Authentication
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
