In reading the archived files on the user that reported the problems with
no User-Password and MD5 challenge problem I saw where Alan said (multiple
times) do not specify an Auth-Type. I had originally read that to mean in
the radiusd.conf. Then a light came on while driving home. He means
anywhere, including the Users file. Duh! So I changed that. and lo and
behold, it getts past that and does a lot of stuff. But still fails to
authenticate.
I have attached is the output from the authentication process. I will
send the configuration in a second message.
It seems to start to go bad with rlm_mschap: We require a User-Name fo
MS-CHAPv2 on line 488 of the output.txt file.
Can anyone see what is the problem?
freeRADIUS CVS 02022004, openSSL 0.9.7c, RedHat Enterprise Linux 3 AS
running on a Gateway E-3200.
Thanks,
Bruce A. Friend
Antioch University Network Manager
937.769.1354
[EMAIL PROTECTED]
[EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host
199.218.253.219:1024, id=39, length=176
Framed-MTU = 1466
NAS-IP-Address = 199.218.253.219
NAS-Identifier = "ITS"
User-Name = "joeuser"
Service-Type = Framed-User
NAS-Port = 256
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-03-93-ef-6f-c9"
Calling-Station-Id = "00-0c-41-2e-c6-83"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
EAP-Message = 0x0202000c016a6f6575736572
Message-Authenticator = 0xf2baccaced7cc7ac0d49c97b9ec3b1e8
modcall: entering group authorize for request 16
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 16
radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 16
modcall[authorize]: module "chap" returns noop for request 16
modcall[authorize]: module "mschap" returns noop for request 16
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 16
rlm_eap: EAP packet type response id 2 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 16
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 16
modcall: group authorize returns updated for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 16
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 16
modcall: group authenticate returns handled for request 16
Sending Access-Challenge of id 39 to 199.218.253.219:1024
Reply-Message = "Hello, %u"
EAP-Message = 0x0103001604108a62d0a5f4d77b3b961efc4d0caa4bd3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5c87a43e56cda5f9e069ad52dbd9529
Finished request 16
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=40, length=188
Framed-MTU = 1466
NAS-IP-Address = 199.218.253.219
NAS-Identifier = "ITS"
User-Name = "joeuser"
Service-Type = Framed-User
NAS-Port = 256
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-03-93-ef-6f-c9"
Calling-Station-Id = "00-0c-41-2e-c6-83"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
State = 0xc5c87a43e56cda5f9e069ad52dbd9529
EAP-Message = 0x020300060319
Message-Authenticator = 0xcca7ccc60a492159fda652144d514d79
modcall: entering group authorize for request 17
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 17
radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 17
modcall[authorize]: module "chap" returns noop for request 17
modcall[authorize]: module "mschap" returns noop for request 17
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 17
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 17
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 17
modcall: group authorize returns updated for request 17
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 17
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 17
modcall: group authenticate returns handled for request 17
Sending Access-Challenge of id 40 to 199.218.253.219:1024
Reply-Message = "Hello, %u"
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7a2448522bc39c181b60bc5a376f42bd
Finished request 17
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=41, length=262
Framed-MTU = 1466
NAS-IP-Address = 199.218.253.219
NAS-Identifier = "ITS"
User-Name = "joeuser"
Service-Type = Framed-User
NAS-Port = 256
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-03-93-ef-6f-c9"
Calling-Station-Id = "00-0c-41-2e-c6-83"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
State = 0x7a2448522bc39c181b60bc5a376f42bd
EAP-Message =
0x0204005019800000004616030100410100003d0301402110287c74b409f8db00039b8b620ac7c1b772563b92ef07f599e920cf176500001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xee50e8fd6cab0f5b0d5c09881e62747f
modcall: entering group authorize for request 18
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 18
radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 18
modcall[authorize]: module "chap" returns noop for request 18
modcall[authorize]: module "mschap" returns noop for request 18
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 18
rlm_eap: EAP packet type response id 4 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 18
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 18
modcall: group authorize returns updated for request 18
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 18
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 02dd], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 18
modcall: group authenticate returns handled for request 18
Sending Access-Challenge of id 41 to 199.218.253.219:1024
Reply-Message = "Hello, %u"
EAP-Message =
0x010503401900160301004a02000046030140211029cc327bd4d39bf62f75dec90c7c34db53682b16875a84c2c3a8894cc220ffb091970a1bee19e9ef7f3f5aef5f7731e3cbd8bc97360a831181166251408800040016030102dd0b0002d90002d60002d3308202cf30820238a003020102020101300d06092a864886f70d01010405003081a0310b3009060355040613025553310d300b060355040813044f68696f311730150603550407130e59656c6c6f7720537072696e6773311b3019060355040a1312416e74696f636820556e6976657273697479312830260603550403131f416e74696f63682059656c6c6f7720537072696e677320576972
EAP-Message =
0x656c6573733122302006092a864886f70d010901161362667269656e6440616e74696f63682e656475301e170d3034303230333030353233375a170d3035303230323030353233375a3081a0310b3009060355040613025553310d300b060355040813044f68696f311730150603550407130e59656c6c6f7720537072696e6773311b3019060355040a1312416e74696f636820556e6976657273697479312830260603550403131f416e74696f63682059656c6c6f7720537072696e677320576972656c6573733122302006092a864886f70d010901161362667269656e6440616e74696f63682e65647530819f300d06092a864886f70d01010105
EAP-Message =
0x0003818d0030818902818100cd489fd4c213bb2277bc4f6d2dfe84cf4f1194208ee862b2db18b0b583fb59cc760509b92c17253841e721c72d183546c04e2e236e9a3425a3a709d81af0699e189143e6f2e1e139eb6b3ef778132412823cbec7c0170fd11e97386506f2296318076bfaf2ea5289534b3b962dfdd217b0509e5e2f9a744e30fea715911ed4ed0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100987941b44965a62a2632bcf59d5686706f5e17a5e0c89c390ae415b1b5a04f0da22d10d55a7dbd7abb7326c2ed110f906763ae1950c169fe69b5ae606b5b8807
EAP-Message =
0x476b6faf0ba272544a3f38e6c6c1b3a4c4309f4c0768ff0f50e051c39bf89803e142fa553be03abfe4e786af3d48da80dc98c1c6649b5a3cd3dfb34eb839826916030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x13b5d727eb15b0dc40cbcf9e06c33edc
Finished request 18
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=42, length=374
Framed-MTU = 1466
NAS-IP-Address = 199.218.253.219
NAS-Identifier = "ITS"
User-Name = "joeuser"
Service-Type = Framed-User
NAS-Port = 256
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-03-93-ef-6f-c9"
Calling-Station-Id = "00-0c-41-2e-c6-83"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
State = 0x13b5d727eb15b0dc40cbcf9e06c33edc
EAP-Message =
0x020500c01980000000b6160301008610000082008056416292bbc6b585d1138cd8acd505dc9d9985cb3ba6c954029515ad91b38e8fd5e96e9f7dc4b3f4fce34c0869e286b93be8e1a760c4018cda602730a4c2f968b7ddb7b27305c9dabacf7685e73186096fa44b2faa26a7934bf7b1c585db2e0b45992cd6c2c56d6df5e1d9655e3fd41867cef59ce16a1975b233b32852d610151403010001011603010020b5de546827f47200f503906c5505f629c464e420e95fbb431d75255e1adf3845
Message-Authenticator = 0x6bf73e6047f54b752b6a8dd94259bd89
modcall: entering group authorize for request 19
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 19
radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 19
modcall[authorize]: module "chap" returns noop for request 19
modcall[authorize]: module "mschap" returns noop for request 19
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 19
rlm_eap: EAP packet type response id 5 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 19
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 19
modcall: group authorize returns updated for request 19
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 19
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 19
modcall: group authenticate returns handled for request 19
Sending Access-Challenge of id 42 to 199.218.253.219:1024
Reply-Message = "Hello, %u"
EAP-Message =
0x0106003119001403010001011603010020efe9d0d98284ae8fe450e5e447bc836c4fea9b115859df1f5eac563bed05b943
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf129d49dc74a57eb6de0d206f7c5a7fe
Finished request 19
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=43, length=188
Framed-MTU = 1466
NAS-IP-Address = 199.218.253.219
NAS-Identifier = "ITS"
User-Name = "joeuser"
Service-Type = Framed-User
NAS-Port = 256
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-03-93-ef-6f-c9"
Calling-Station-Id = "00-0c-41-2e-c6-83"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
State = 0xf129d49dc74a57eb6de0d206f7c5a7fe
EAP-Message = 0x020600061900
Message-Authenticator = 0x193839467889a6c3a240666a47ca4bc9
modcall: entering group authorize for request 20
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 20
radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 20
modcall[authorize]: module "chap" returns noop for request 20
modcall[authorize]: module "mschap" returns noop for request 20
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 20
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 20
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 20
modcall: group authorize returns updated for request 20
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 20
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 20
modcall: group authenticate returns handled for request 20
Sending Access-Challenge of id 43 to 199.218.253.219:1024
Reply-Message = "Hello, %u"
EAP-Message =
0x01070020190017030100156c0d4febeb22f9afeceb73ec46e6bd6394035c4ea8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x37c373fabc43c5bdcb5d52d6815aca57
Finished request 20
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=44, length=217
Framed-MTU = 1466
NAS-IP-Address = 199.218.253.219
NAS-Identifier = "ITS"
User-Name = "joeuser"
Service-Type = Framed-User
NAS-Port = 256
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-03-93-ef-6f-c9"
Calling-Station-Id = "00-0c-41-2e-c6-83"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
State = 0x37c373fabc43c5bdcb5d52d6815aca57
EAP-Message =
0x0207002319001703010018941aafbba04d643ba491ad763c30212cdb8d31c344166028
Message-Authenticator = 0x85208823aeeddc63dd5685fd1f52b9c7
modcall: entering group authorize for request 21
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 21
radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 21
modcall[authorize]: module "chap" returns noop for request 21
modcall[authorize]: module "mschap" returns noop for request 21
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 21
rlm_eap: EAP packet type response id 7 length 35
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 21
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 21
modcall: group authorize returns updated for request 21
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 21
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Proceeding to decode tunneled attributes.
rlm_eap_peap: Identity - joeuser
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0207000c016a6f6575736572
PEAP: Got tunneled identity of joeuser
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Sending tunneled request
EAP-Message = 0x0207000c016a6f6575736572
Freeradius-Proxied-To = 127.0.0.1
User-Name = "joeuser"
modcall: entering group authorize for request 21
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 21
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 21
modcall[authorize]: module "chap" returns noop for request 21
modcall[authorize]: module "mschap" returns noop for request 21
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 21
rlm_eap: EAP packet type response id 7 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 21
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 21
modcall: group authorize returns updated for request 21
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 21
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 21
modcall: group authenticate returns handled for request 21
PEAP: Got tunneled reply RADIUS code 11
Reply-Message = "Hello, %u"
EAP-Message =
0x010800211a0108001c1010a47be51ae474db585e8563ee41f2676a6f6575736572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcb85694eec221392ac65ff64a301f112
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 21
modcall: group authenticate returns handled for request 21
Sending Access-Challenge of id 44 to 199.218.253.219:1024
Reply-Message = "Hello, %u"
EAP-Message =
0x010800381900170301002d55ce7bbb3cef6940a9fcf5a528655f1bab0e9d3137006971cf6f7b867af7fc193a98f942906f114470c4e018a6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xeafd9541c5cc4b99c5d1b173cd87135f
Finished request 21
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=45, length=271
Framed-MTU = 1466
NAS-IP-Address = 199.218.253.219
NAS-Identifier = "ITS"
User-Name = "joeuser"
Service-Type = Framed-User
NAS-Port = 256
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-03-93-ef-6f-c9"
Calling-Station-Id = "00-0c-41-2e-c6-83"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
State = 0xeafd9541c5cc4b99c5d1b173cd87135f
EAP-Message =
0x020800591900170301004edba479a20a6fdd879e5b9703139f843fc3018095349fdbf86a5d127d0b55ccd7bee0f3ed56b43f49b3e0ff57dcecc7c53ac6db88b1e76c0c87c9e10deb30d0b57bad3accd69a405e2413a0afda32
Message-Authenticator = 0x11b80ba4a18b1bbb645a838f7d7d7c5b
modcall: entering group authorize for request 22
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 22
radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 22
modcall[authorize]: module "chap" returns noop for request 22
modcall[authorize]: module "mschap" returns noop for request 22
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 22
rlm_eap: EAP packet type response id 8 length 89
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 22
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 22
modcall: group authorize returns updated for request 22
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 22
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Proceeding to decode tunneled attributes.
rlm_eap_peap: EAP type 26
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020800421a0208003d31605001953af12b7a7b66ba0d9ecc050d0000000000000000f0a34f9a3797130acdb4152825f49bf62b1d9431949c43c8006a6f6575736572
PEAP: Adding old state with cb 85
PEAP: Sending tunneled request
EAP-Message =
0x020800421a0208003d31605001953af12b7a7b66ba0d9ecc050d0000000000000000f0a34f9a3797130acdb4152825f49bf62b1d9431949c43c8006a6f6575736572
Freeradius-Proxied-To = 127.0.0.1
User-Name = "joeuser"
State = 0xcb85694eec221392ac65ff64a301f112
modcall: entering group authorize for request 22
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 22
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 22
modcall[authorize]: module "chap" returns noop for request 22
modcall[authorize]: module "mschap" returns noop for request 22
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 22
rlm_eap: EAP packet type response id 8 length 66
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 22
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 22
modcall: group authorize returns updated for request 22
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 22
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
modcall: entering group Auth-Type for request 22
rlm_mschap: We require a User-Name for MS-CHAPv2
modcall[authenticate]: module "mschap" returns invalid for request 22
modcall: group Auth-Type returns invalid for request 22
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 22
modcall: group authenticate returns reject for request 22
auth: Failed to validate the user.
Login incorrect: [joeuser/<no User-Password attribute>] (from client localhost port 0)
PEAP: Got tunneled reply RADIUS code 3
Reply-Message = "Hello, %u"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 22
modcall: group authenticate returns handled for request 22
Sending Access-Challenge of id 45 to 199.218.253.219:1024
Reply-Message = "Hello, %u"
EAP-Message =
0x010900261900170301001b86cbabc5dac0f2525bb5401bab4fd05e389011b100885ee85c1a4a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x66ab05333192eb18bbc801c4fa8f47d0
Finished request 22
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=45, length=271
Sending duplicate reply to client ITS:1024 - ID: 45
Re-sending Access-Challenge of id 45 to 199.218.253.219:1024
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=46, length=220
Framed-MTU = 1466
NAS-IP-Address = 199.218.253.219
NAS-Identifier = "ITS"
User-Name = "joeuser"
Service-Type = Framed-User
NAS-Port = 256
NAS-Port-Type = Ethernet
NAS-Port-Id = "wl0"
Called-Station-Id = "00-03-93-ef-6f-c9"
Calling-Station-Id = "00-0c-41-2e-c6-83"
Connect-Info = "CONNECT Ethernet 54Mbps Half duplex"
State = 0x66ab05333192eb18bbc801c4fa8f47d0
EAP-Message =
0x020900261900170301001b3091664b60196264ed1b9bbed552f7f28391c5984e9d5f0c40b086
Message-Authenticator = 0xc5bd89d7f83d6b4c82c60dfda1f8c52d
modcall: entering group authorize for request 23
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 23
radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204
modcall[authorize]: module "auth_log" returns ok for request 23
modcall[authorize]: module "chap" returns noop for request 23
modcall[authorize]: module "mschap" returns noop for request 23
rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 23
rlm_eap: EAP packet type response id 9 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 23
users: Matched joeuser at 106
modcall[authorize]: module "files" returns ok for request 23
modcall: group authorize returns updated for request 23
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 23
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Proceeding to decode tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 23
modcall: group authenticate returns invalid for request 23
auth: Failed to validate the user.
Login incorrect: [joeuser/<no User-Password attribute>] (from client ITS port 256 cli
00-0c-41-2e-c6-83)
Delaying request 23 for 1 seconds
Finished request 23
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 199.218.253.219:1024, id=46, length=220
Sending Access-Reject of id 46 to 199.218.253.219:1024
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Reply-Message = "Hello, %u"
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 16 ID 39 with timestamp 40211028
Cleaning up request 17 ID 40 with timestamp 40211028
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 18 ID 41 with timestamp 40211029
Cleaning up request 19 ID 42 with timestamp 40211029
Cleaning up request 20 ID 43 with timestamp 40211029
Cleaning up request 21 ID 44 with timestamp 40211029
Cleaning up request 22 ID 45 with timestamp 40211029
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 23 ID 46 with timestamp 4021102a
Nothing to do. Sleeping until we see a request.
