Hi guys,
Could you please check my radiusd -X -A below?
I'm trying to authenticate a Windows XP supplicant (PEAP) through an
802.1X SMC AP (10.1.0.180) and freeradius from the latest nightly build
! The LDAP server is an Active Directory Server (Windows 2003 Server).
Please keep in mind that local users from users file are well
authenticated through PEAP.
I don't understand at all what's going on. I would appreciate it If you
could give me a tip.
Thanks
Marios
rad_recv: Access-Request packet from host 10.1.0.180:33736, id=2,
length=144 User-Name = "marios" NAS-IP-Address = 62.103.237.224
Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id =
"00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type
= Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202000b016d6172696f73 Message-Authenticator =
0xb9fe2476075d0dbdc6ab3c9698063a4c
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:
'/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "attr_filter" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to kronos:389, authentication 0
rlm_ldap: bind as
cn=Administrator,cn=Users,dc=daedalusnetworks,dc=priv/para$dipla to
kronos:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0 Sending
Access-Challenge of id 2 to 10.1.0.180:33736 Service-Type = Framed-User
Framed-IP-Address = 10.1.0.180 EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf9c4b0ad2c091312990cf42e4545a071
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
----rad_recv: Access-Request packet from host 10.1.0.180:33737, id=3,
length=231 User-Name = "marios" NAS-IP-Address = 62.103.237.224
Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id =
"00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type
= Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State =
0xf9c4b0ad2c091312990cf42e4545a071
EAP-Message =
0x0203005019800000004616030100410100003d03013f9d5d8ac976b2444d97c64e4dc4
8e5a19883200b21ae56ab40ff838f21fc5db00001600040005000a000900640062000300
060013001200630100
Message-Authenticator = 0x58d9c6f6706e1e00b559fb8aa4af03c0
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:
'/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "attr_filter" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
undefined: before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 024f], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1 Sending
Access-Challenge of id 3 to 10.1.0.180:33737 Service-Type = Framed-User
Framed-IP-Address = 10.1.0.180 EAP-Message =
0x010402b21900160301004a0200004603013f9da54d58f8ed892a5b70b1faa27acacef5
29e877187ab6c4a466d81ecea1e72082a6db3ea93b1a7294c86eac4165306b3db7d76c5e
768ed46d730649083a81c6000400160301024f0b00024b00024800024530820241308201
aaa003020102020102300d06092a864886f70d0101040500305a310b3009060355040613
024155311330110603550408130a536f6d652d53746174653121301f060355040a131849
6e7465726e6574205769646769747320507479204c7464311330110603550403130a7065
72736570686f6e65301e170d3033313032343232323135325a170d303431303233323232
3135
EAP-Message =
0x325a305a310b3009060355040613024155311330110603550408130a536f6d652d5374
6174653121301f060355040a1318496e7465726e6574205769646769747320507479204c
7464311330110603550403130a706572736570686f6e6530819f300d06092a864886f70d
010101050003818d0030818902818100f136f34b8ddbe03cd1df0854b2376bcd9e3dbd5f
1460d62f17ef2a0cda62591a85eec5d1e7e475af6d7cee6aa94f47de1a670738d747b57c
077c200f3db2a9692c8a2f1eda422cdbb763ba11af3dc1b3add9b3aa775456d34efa049e
8b5b12f54ff199679a4adcd718d183642e7261af419ed0924204ad59d995b47c95aa1873
0203
EAP-Message =
0x010001a317301530130603551d25040c300a06082b06010505070301300d06092a8648
86f70d0101040500038181001e323808126b0192c59dfbe22a360e28d3ff2a02362ba9f1
61deda63dd47ad2d05937c7b229c425b78f65da989f7f99abe0703aef6de8ff6e4fa8610
2cfe1c11bd226a97879e755d06228d4bea0e4a20b6237ebc06962f294b873b47457fc82b
9d6f0482104eafe0ee8c27e43ff5db4f1321a5504ecbe2383961e01851d5c02516030100
040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3e3743753bd51d0d95d8e7b146fa99f5
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.1.0.180:33738, id=4,
length=343 User-Name = "marios" NAS-IP-Address = 62.103.237.224
Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id =
"00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type
= Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State =
0x3e3743753bd51d0d95d8e7b146fa99f5
EAP-Message =
0x020400c01980000000b61603010086100000820080679ec4be0b04c7354861115cd232
fe735893c0af833b3d8e9162681525fdec270c69127946c7a8538e5fa68897c954b39fca
873464ef804f51195142ecffcbe0e00e6cc1ecad6e43560bce2076d4b2b74405f5af1a8b
a608a3d5046cc9be8361a25f9dc015e662d1c7622f5eda59f541a28fe2172c357d46dcd7
18a68c0c4df91403010001011603010020a19ef30ed0814a30315d28c82cb76cbeadf716
ef0320b69271661823ab61fb03
Message-Authenticator = 0x879df9a34de3df18c9d15d5d4233daa9
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat:
'/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "attr_filter" returns noop for request 2
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
undefined: SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2 Sending
Access-Challenge of id 4 to 10.1.0.180:33738 Service-Type = Framed-User
Framed-IP-Address = 10.1.0.180 EAP-Message =
0x0105003119001403010001011603010020cb3b8c7dbba0fc01a5535d3092f62bfa3eb1
78336e39af653bce02686ec74442
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd6214fc29f1671d2f8b824eaeb362342
Finished request 2
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.1.0.180:33739, id=5,
length=157 User-Name = "marios" NAS-IP-Address = 62.103.237.224
Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id =
"00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type
= Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State =
0xd6214fc29f1671d2f8b824eaeb362342
EAP-Message = 0x020500061900
Message-Authenticator = 0xede0c0549048fa3c40961833a9862be3
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat:
'/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "attr_filter" returns noop for request 3
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3 Sending
Access-Challenge of id 5 to 10.1.0.180:33739 Service-Type = Framed-User
Framed-IP-Address = 10.1.0.180 EAP-Message =
0x01060020190017030100153d2ae17cc2a680402953be563912bc0421d683c8ac
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa1fffbd4adf120b7c1f47431539a6d63
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.1.0.180:33740, id=6,
length=185 User-Name = "marios" NAS-IP-Address = 62.103.237.224
Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id =
"00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type
= Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State =
0xa1fffbd4adf120b7c1f47431539a6d63
EAP-Message =
0x0206002219001703010017933b1f87c285c686ce4f135986fadb8fb0e2338f7bc32f
Message-Authenticator = 0xa0d134c5bf3db2002546151ecb7b0fa1
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat:
'/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 4
modcall[authorize]: module "attr_filter" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 34
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Proceeding to decode tunneled
attributes.
rlm_eap_peap: Identity - marios
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0206000b016d6172696f73
PEAP: Got tunneled identity of marios
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Sending tunneled request
EAP-Message = 0x0206000b016d6172696f73
Freeradius-Proxied-To = 127.0.0.1
User-Name = "marios"
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat:
'/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 4
modcall[authorize]: module "attr_filter" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 4
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
PEAP: Got tunneled reply RADIUS code 11
Service-Type = Framed-User
Framed-IP-Address = 10.1.0.180
EAP-Message =
0x010700201a0107001b10c773f863fe2022b99efd55670e9f1a666d6172696f73
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x11bf13eff90134a15dead1e37ab5655d
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4 Sending
Access-Challenge of id 6 to 10.1.0.180:33740 Service-Type = Framed-User
Framed-IP-Address = 10.1.0.180 EAP-Message =
0x010700371900170301002c6667aeb363d708e390e85a083ac14f09769bd39bde2b31a8
b095a27e7b43a83a8cc8e9b54907f8c97d5b6da5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab6be4f8d2867603a23a594143f520ec
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.1.0.180:33741, id=7,
length=239 User-Name = "marios" NAS-IP-Address = 62.103.237.224
Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id =
"00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type
= Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State =
0xab6be4f8d2867603a23a594143f520ec
EAP-Message =
0x020700581900170301004d44edbc759f293a4b3a1f3073ef2f38d71e80b0a6e50255c6
cfad493db1ae920255a02bbc959a58e0c14cc76e85a99e8fee997acc749f5e5b3351bea1
2ec1278bbae47f0878ac9cc248be37ac36
Message-Authenticator = 0x7772cc529efca5a750b8443d2f354fcd
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat:
'/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "attr_filter" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 88
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Proceeding to decode tunneled
attributes.
rlm_eap_peap: EAP type 26
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020700411a0207003c31906112ee45c0dacb98c587addde5557a000000000000000046
c36084bf4c2a2667e23b2d621376055b2fd2d724ed841d006d6172696f73
PEAP: Adding old state with 11 bf
PEAP: Sending tunneled request
EAP-Message =
0x020700411a0207003c31906112ee45c0dacb98c587addde5557a000000000000000046
c36084bf4c2a2667e23b2d621376055b2fd2d724ed841d006d6172696f73
Freeradius-Proxied-To = 127.0.0.1
User-Name = "marios"
State = 0x11bf13eff90134a15dead1e37ab5655d
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat:
'/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "attr_filter" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 65
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 5
modcall: group authenticate returns reject for request 5
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
Service-Type = Framed-User
Framed-IP-Address = 10.1.0.180
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5 Sending
Access-Challenge of id 7 to 10.1.0.180:33741 Service-Type = Framed-User
Framed-IP-Address = 10.1.0.180 EAP-Message =
0x010800261900170301001b1f5674bc1a8f9cadd49d3896e6fda5c08beaba43ee64725a
6bc1b2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x45eb6a01b7ff9cd65188964d41f20bcb
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 10.1.0.180:33742, id=8,
length=189 User-Name = "marios" NAS-IP-Address = 62.103.237.224
Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id =
"00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type
= Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State =
0x45eb6a01b7ff9cd65188964d41f20bcb
EAP-Message =
0x020800261900170301001bb1a45587e747dbbcd1f057fb06251a588fcf1aa7bab145bb
1d3306
Message-Authenticator = 0x1cf49417e63bf23d9a074abf42f6fe24
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat:
'/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%
d expands to
/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "attr_filter" returns noop for request 6
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
rlm_realm: No '@' in User-Name = "marios", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched DEFAULT at 152
users: Matched DEFAULT at 155
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for marios
radius_xlat: '(SamAccountName=marios)'
radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv,
with filter (SamAccountName=marios)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user marios authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Proceeding to decode tunneled
attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap: Handler failed in EAP type 25
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 6
modcall: group authenticate returns invalid for request 6
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 8 to 10.1.0.180:33742
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 2 with timestamp 3f9da54c
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 3 with timestamp 3f9da54d
Cleaning up request 2 ID 4 with timestamp 3f9da54d
Cleaning up request 3 ID 5 with timestamp 3f9da54d
Cleaning up request 4 ID 6 with timestamp 3f9da54d
Cleaning up request 5 ID 7 with timestamp 3f9da54d
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 8 with timestamp 3f9da54e
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
