Hi guys, Could you please check my radiusd -X -A below?
I'm trying to authenticate a Windows XP supplicant (PEAP) through an 802.1X SMC AP (10.1.0.180) and freeradius from the latest nightly build ! The LDAP server is an Active Directory Server (Windows 2003 Server). Please keep in mind that local users from users file are well authenticated through PEAP. I don't understand at all what's going on. I would appreciate it If you could give me a tip. Thanks Marios rad_recv: Access-Request packet from host 10.1.0.180:33736, id=2, length=144 User-Name = "marios" NAS-IP-Address = 62.103.237.224 Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id = "00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202000b016d6172696f73 Message-Authenticator = 0xb9fe2476075d0dbdc6ab3c9698063a4c modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "attr_filter" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to kronos:389, authentication 0 rlm_ldap: bind as cn=Administrator,cn=Users,dc=daedalusnetworks,dc=priv/para$dipla to kronos:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 2 to 10.1.0.180:33736 Service-Type = Framed-User Framed-IP-Address = 10.1.0.180 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf9c4b0ad2c091312990cf42e4545a071 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... ----rad_recv: Access-Request packet from host 10.1.0.180:33737, id=3, length=231 User-Name = "marios" NAS-IP-Address = 62.103.237.224 Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id = "00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xf9c4b0ad2c091312990cf42e4545a071 EAP-Message = 0x0203005019800000004616030100410100003d03013f9d5d8ac976b2444d97c64e4dc4 8e5a19883200b21ae56ab40ff838f21fc5db00001600040005000a000900640062000300 060013001200630100 Message-Authenticator = 0x58d9c6f6706e1e00b559fb8aa4af03c0 modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 1 modcall[authorize]: module "attr_filter" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 undefined: before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 024f], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 3 to 10.1.0.180:33737 Service-Type = Framed-User Framed-IP-Address = 10.1.0.180 EAP-Message = 0x010402b21900160301004a0200004603013f9da54d58f8ed892a5b70b1faa27acacef5 29e877187ab6c4a466d81ecea1e72082a6db3ea93b1a7294c86eac4165306b3db7d76c5e 768ed46d730649083a81c6000400160301024f0b00024b00024800024530820241308201 aaa003020102020102300d06092a864886f70d0101040500305a310b3009060355040613 024155311330110603550408130a536f6d652d53746174653121301f060355040a131849 6e7465726e6574205769646769747320507479204c7464311330110603550403130a7065 72736570686f6e65301e170d3033313032343232323135325a170d303431303233323232 3135 EAP-Message = 0x325a305a310b3009060355040613024155311330110603550408130a536f6d652d5374 6174653121301f060355040a1318496e7465726e6574205769646769747320507479204c 7464311330110603550403130a706572736570686f6e6530819f300d06092a864886f70d 010101050003818d0030818902818100f136f34b8ddbe03cd1df0854b2376bcd9e3dbd5f 1460d62f17ef2a0cda62591a85eec5d1e7e475af6d7cee6aa94f47de1a670738d747b57c 077c200f3db2a9692c8a2f1eda422cdbb763ba11af3dc1b3add9b3aa775456d34efa049e 8b5b12f54ff199679a4adcd718d183642e7261af419ed0924204ad59d995b47c95aa1873 0203 EAP-Message = 0x010001a317301530130603551d25040c300a06082b06010505070301300d06092a8648 86f70d0101040500038181001e323808126b0192c59dfbe22a360e28d3ff2a02362ba9f1 61deda63dd47ad2d05937c7b229c425b78f65da989f7f99abe0703aef6de8ff6e4fa8610 2cfe1c11bd226a97879e755d06228d4bea0e4a20b6237ebc06962f294b873b47457fc82b 9d6f0482104eafe0ee8c27e43ff5db4f1321a5504ecbe2383961e01851d5c02516030100 040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3e3743753bd51d0d95d8e7b146fa99f5 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.1.0.180:33738, id=4, length=343 User-Name = "marios" NAS-IP-Address = 62.103.237.224 Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id = "00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x3e3743753bd51d0d95d8e7b146fa99f5 EAP-Message = 0x020400c01980000000b61603010086100000820080679ec4be0b04c7354861115cd232 fe735893c0af833b3d8e9162681525fdec270c69127946c7a8538e5fa68897c954b39fca 873464ef804f51195142ecffcbe0e00e6cc1ecad6e43560bce2076d4b2b74405f5af1a8b a608a3d5046cc9be8361a25f9dc015e662d1c7622f5eda59f541a28fe2172c357d46dcd7 18a68c0c4df91403010001011603010020a19ef30ed0814a30315d28c82cb76cbeadf716 ef0320b69271661823ab61fb03 Message-Authenticator = 0x879df9a34de3df18c9d15d5d4233daa9 modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 2 modcall[authorize]: module "attr_filter" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data undefined: SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 4 to 10.1.0.180:33738 Service-Type = Framed-User Framed-IP-Address = 10.1.0.180 EAP-Message = 0x0105003119001403010001011603010020cb3b8c7dbba0fc01a5535d3092f62bfa3eb1 78336e39af653bce02686ec74442 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd6214fc29f1671d2f8b824eaeb362342 Finished request 2 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.1.0.180:33739, id=5, length=157 User-Name = "marios" NAS-IP-Address = 62.103.237.224 Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id = "00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xd6214fc29f1671d2f8b824eaeb362342 EAP-Message = 0x020500061900 Message-Authenticator = 0xede0c0549048fa3c40961833a9862be3 modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 radius_xlat: '/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 3 modcall[authorize]: module "attr_filter" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 5 to 10.1.0.180:33739 Service-Type = Framed-User Framed-IP-Address = 10.1.0.180 EAP-Message = 0x01060020190017030100153d2ae17cc2a680402953be563912bc0421d683c8ac Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa1fffbd4adf120b7c1f47431539a6d63 Finished request 3 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.1.0.180:33740, id=6, length=185 User-Name = "marios" NAS-IP-Address = 62.103.237.224 Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id = "00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xa1fffbd4adf120b7c1f47431539a6d63 EAP-Message = 0x0206002219001703010017933b1f87c285c686ce4f135986fadb8fb0e2338f7bc32f Message-Authenticator = 0xa0d134c5bf3db2002546151ecb7b0fa1 modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 radius_xlat: '/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 4 modcall[authorize]: module "attr_filter" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 34 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Proceeding to decode tunneled attributes. rlm_eap_peap: Identity - marios rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0206000b016d6172696f73 PEAP: Got tunneled identity of marios PEAP: Setting default EAP type for tunneled EAP session. PEAP: Sending tunneled request EAP-Message = 0x0206000b016d6172696f73 Freeradius-Proxied-To = 127.0.0.1 User-Name = "marios" modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 4 modcall[authorize]: module "attr_filter" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 4 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 PEAP: Got tunneled reply RADIUS code 11 Service-Type = Framed-User Framed-IP-Address = 10.1.0.180 EAP-Message = 0x010700201a0107001b10c773f863fe2022b99efd55670e9f1a666d6172696f73 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x11bf13eff90134a15dead1e37ab5655d PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 6 to 10.1.0.180:33740 Service-Type = Framed-User Framed-IP-Address = 10.1.0.180 EAP-Message = 0x010700371900170301002c6667aeb363d708e390e85a083ac14f09769bd39bde2b31a8 b095a27e7b43a83a8cc8e9b54907f8c97d5b6da5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xab6be4f8d2867603a23a594143f520ec Finished request 4 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.1.0.180:33741, id=7, length=239 User-Name = "marios" NAS-IP-Address = 62.103.237.224 Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id = "00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xab6be4f8d2867603a23a594143f520ec EAP-Message = 0x020700581900170301004d44edbc759f293a4b3a1f3073ef2f38d71e80b0a6e50255c6 cfad493db1ae920255a02bbc959a58e0c14cc76e85a99e8fee997acc749f5e5b3351bea1 2ec1278bbae47f0878ac9cc248be37ac36 Message-Authenticator = 0x7772cc529efca5a750b8443d2f354fcd modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 5 modcall[authorize]: module "attr_filter" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 88 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Proceeding to decode tunneled attributes. rlm_eap_peap: EAP type 26 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020700411a0207003c31906112ee45c0dacb98c587addde5557a000000000000000046 c36084bf4c2a2667e23b2d621376055b2fd2d724ed841d006d6172696f73 PEAP: Adding old state with 11 bf PEAP: Sending tunneled request EAP-Message = 0x020700411a0207003c31906112ee45c0dacb98c587addde5557a000000000000000046 c36084bf4c2a2667e23b2d621376055b2fd2d724ed841d006d6172696f73 Freeradius-Proxied-To = 127.0.0.1 User-Name = "marios" State = 0x11bf13eff90134a15dead1e37ab5655d modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 5 modcall[authorize]: module "attr_filter" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 5 modcall: group authenticate returns reject for request 5 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 Service-Type = Framed-User Framed-IP-Address = 10.1.0.180 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 7 to 10.1.0.180:33741 Service-Type = Framed-User Framed-IP-Address = 10.1.0.180 EAP-Message = 0x010800261900170301001b1f5674bc1a8f9cadd49d3896e6fda5c08beaba43ee64725a 6bc1b2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x45eb6a01b7ff9cd65188964d41f20bcb Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 4 seconds... rad_recv: Access-Request packet from host 10.1.0.180:33742, id=8, length=189 User-Name = "marios" NAS-IP-Address = 62.103.237.224 Called-Station-Id = "00-04-E2-7D-26-F9:DAEDALUS" Calling-Station-Id = "00-04-E2-63-42-E3" NAS-Identifier = "SMC-AP" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0x45eb6a01b7ff9cd65188964d41f20bcb EAP-Message = 0x020800261900170301001bb1a45587e747dbbcd1f057fb06251a588fcf1aa7bab145bb 1d3306 Message-Authenticator = 0x1cf49417e63bf23d9a074abf42f6fe24 modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 radius_xlat: '/usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m% d expands to /usr/local/var/log/radius/radacct/10.1.0.180/auth-detail-20031027 modcall[authorize]: module "auth_log" returns ok for request 6 modcall[authorize]: module "attr_filter" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 rlm_realm: No '@' in User-Name = "marios", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 users: Matched DEFAULT at 152 users: Matched DEFAULT at 155 modcall[authorize]: module "files" returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for marios radius_xlat: '(SamAccountName=marios)' radius_xlat: 'cn=Users,dc=daedalusnetworks,dc=priv' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users,dc=daedalusnetworks,dc=priv, with filter (SamAccountName=marios) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user marios authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Proceeding to decode tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap: Handler failed in EAP type 25 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 6 modcall: group authenticate returns invalid for request 6 auth: Failed to validate the user. Delaying request 6 for 1 seconds Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 8 to 10.1.0.180:33742 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 2 with timestamp 3f9da54c Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 3 with timestamp 3f9da54d Cleaning up request 2 ID 4 with timestamp 3f9da54d Cleaning up request 3 ID 5 with timestamp 3f9da54d Cleaning up request 4 ID 6 with timestamp 3f9da54d Cleaning up request 5 ID 7 with timestamp 3f9da54d Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 6 ID 8 with timestamp 3f9da54e Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html