In reading the archived files on the user that reported the problems with no User-Password and MD5 challenge problem I saw where Alan said (multiple times) do not specify an Auth-Type. I had originally read that to mean in the radiusd.conf. Then a light came on while driving home. He means anywhere, including the Users file. Duh! So I changed that. and lo and behold, it getts past that and does a lot of stuff. But still fails to authenticate.
I have attached is the output from the authentication process. I will send the configuration in a second message. It seems to start to go bad with rlm_mschap: We require a User-Name fo MS-CHAPv2 on line 488 of the output.txt file. Can anyone see what is the problem? freeRADIUS CVS 02022004, openSSL 0.9.7c, RedHat Enterprise Linux 3 AS running on a Gateway E-3200. Thanks, Bruce A. Friend Antioch University Network Manager 937.769.1354 [EMAIL PROTECTED]
[EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host 199.218.253.219:1024, id=39, length=176 Framed-MTU = 1466 NAS-IP-Address = 199.218.253.219 NAS-Identifier = "ITS" User-Name = "joeuser" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-ef-6f-c9" Calling-Station-Id = "00-0c-41-2e-c6-83" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" EAP-Message = 0x0202000c016a6f6575736572 Message-Authenticator = 0xf2baccaced7cc7ac0d49c97b9ec3b1e8 modcall: entering group authorize for request 16 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 16 radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 16 modcall[authorize]: module "chap" returns noop for request 16 modcall[authorize]: module "mschap" returns noop for request 16 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 16 rlm_eap: EAP packet type response id 2 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 16 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 16 modcall: group authorize returns updated for request 16 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 16 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 16 modcall: group authenticate returns handled for request 16 Sending Access-Challenge of id 39 to 199.218.253.219:1024 Reply-Message = "Hello, %u" EAP-Message = 0x0103001604108a62d0a5f4d77b3b961efc4d0caa4bd3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5c87a43e56cda5f9e069ad52dbd9529 Finished request 16 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=40, length=188 Framed-MTU = 1466 NAS-IP-Address = 199.218.253.219 NAS-Identifier = "ITS" User-Name = "joeuser" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-ef-6f-c9" Calling-Station-Id = "00-0c-41-2e-c6-83" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" State = 0xc5c87a43e56cda5f9e069ad52dbd9529 EAP-Message = 0x020300060319 Message-Authenticator = 0xcca7ccc60a492159fda652144d514d79 modcall: entering group authorize for request 17 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 17 radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 17 modcall[authorize]: module "chap" returns noop for request 17 modcall[authorize]: module "mschap" returns noop for request 17 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 17 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 17 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 17 modcall: group authorize returns updated for request 17 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 17 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 17 modcall: group authenticate returns handled for request 17 Sending Access-Challenge of id 40 to 199.218.253.219:1024 Reply-Message = "Hello, %u" EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7a2448522bc39c181b60bc5a376f42bd Finished request 17 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=41, length=262 Framed-MTU = 1466 NAS-IP-Address = 199.218.253.219 NAS-Identifier = "ITS" User-Name = "joeuser" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-ef-6f-c9" Calling-Station-Id = "00-0c-41-2e-c6-83" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" State = 0x7a2448522bc39c181b60bc5a376f42bd EAP-Message = 0x0204005019800000004616030100410100003d0301402110287c74b409f8db00039b8b620ac7c1b772563b92ef07f599e920cf176500001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xee50e8fd6cab0f5b0d5c09881e62747f modcall: entering group authorize for request 18 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 18 radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 18 modcall[authorize]: module "chap" returns noop for request 18 modcall[authorize]: module "mschap" returns noop for request 18 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 18 rlm_eap: EAP packet type response id 4 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 18 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 18 modcall: group authorize returns updated for request 18 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 18 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 02dd], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 18 modcall: group authenticate returns handled for request 18 Sending Access-Challenge of id 41 to 199.218.253.219:1024 Reply-Message = "Hello, %u" EAP-Message = 0x010503401900160301004a02000046030140211029cc327bd4d39bf62f75dec90c7c34db53682b16875a84c2c3a8894cc220ffb091970a1bee19e9ef7f3f5aef5f7731e3cbd8bc97360a831181166251408800040016030102dd0b0002d90002d60002d3308202cf30820238a003020102020101300d06092a864886f70d01010405003081a0310b3009060355040613025553310d300b060355040813044f68696f311730150603550407130e59656c6c6f7720537072696e6773311b3019060355040a1312416e74696f636820556e6976657273697479312830260603550403131f416e74696f63682059656c6c6f7720537072696e677320576972 EAP-Message = 0x656c6573733122302006092a864886f70d010901161362667269656e6440616e74696f63682e656475301e170d3034303230333030353233375a170d3035303230323030353233375a3081a0310b3009060355040613025553310d300b060355040813044f68696f311730150603550407130e59656c6c6f7720537072696e6773311b3019060355040a1312416e74696f636820556e6976657273697479312830260603550403131f416e74696f63682059656c6c6f7720537072696e677320576972656c6573733122302006092a864886f70d010901161362667269656e6440616e74696f63682e65647530819f300d06092a864886f70d01010105 EAP-Message = 0x0003818d0030818902818100cd489fd4c213bb2277bc4f6d2dfe84cf4f1194208ee862b2db18b0b583fb59cc760509b92c17253841e721c72d183546c04e2e236e9a3425a3a709d81af0699e189143e6f2e1e139eb6b3ef778132412823cbec7c0170fd11e97386506f2296318076bfaf2ea5289534b3b962dfdd217b0509e5e2f9a744e30fea715911ed4ed0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100987941b44965a62a2632bcf59d5686706f5e17a5e0c89c390ae415b1b5a04f0da22d10d55a7dbd7abb7326c2ed110f906763ae1950c169fe69b5ae606b5b8807 EAP-Message = 0x476b6faf0ba272544a3f38e6c6c1b3a4c4309f4c0768ff0f50e051c39bf89803e142fa553be03abfe4e786af3d48da80dc98c1c6649b5a3cd3dfb34eb839826916030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13b5d727eb15b0dc40cbcf9e06c33edc Finished request 18 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=42, length=374 Framed-MTU = 1466 NAS-IP-Address = 199.218.253.219 NAS-Identifier = "ITS" User-Name = "joeuser" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-ef-6f-c9" Calling-Station-Id = "00-0c-41-2e-c6-83" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" State = 0x13b5d727eb15b0dc40cbcf9e06c33edc EAP-Message = 0x020500c01980000000b6160301008610000082008056416292bbc6b585d1138cd8acd505dc9d9985cb3ba6c954029515ad91b38e8fd5e96e9f7dc4b3f4fce34c0869e286b93be8e1a760c4018cda602730a4c2f968b7ddb7b27305c9dabacf7685e73186096fa44b2faa26a7934bf7b1c585db2e0b45992cd6c2c56d6df5e1d9655e3fd41867cef59ce16a1975b233b32852d610151403010001011603010020b5de546827f47200f503906c5505f629c464e420e95fbb431d75255e1adf3845 Message-Authenticator = 0x6bf73e6047f54b752b6a8dd94259bd89 modcall: entering group authorize for request 19 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 19 radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 19 modcall[authorize]: module "chap" returns noop for request 19 modcall[authorize]: module "mschap" returns noop for request 19 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 19 rlm_eap: EAP packet type response id 5 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 19 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 19 modcall: group authorize returns updated for request 19 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 19 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 19 modcall: group authenticate returns handled for request 19 Sending Access-Challenge of id 42 to 199.218.253.219:1024 Reply-Message = "Hello, %u" EAP-Message = 0x0106003119001403010001011603010020efe9d0d98284ae8fe450e5e447bc836c4fea9b115859df1f5eac563bed05b943 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf129d49dc74a57eb6de0d206f7c5a7fe Finished request 19 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=43, length=188 Framed-MTU = 1466 NAS-IP-Address = 199.218.253.219 NAS-Identifier = "ITS" User-Name = "joeuser" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-ef-6f-c9" Calling-Station-Id = "00-0c-41-2e-c6-83" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" State = 0xf129d49dc74a57eb6de0d206f7c5a7fe EAP-Message = 0x020600061900 Message-Authenticator = 0x193839467889a6c3a240666a47ca4bc9 modcall: entering group authorize for request 20 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 20 radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 20 modcall: group authorize returns updated for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 20 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 20 modcall: group authenticate returns handled for request 20 Sending Access-Challenge of id 43 to 199.218.253.219:1024 Reply-Message = "Hello, %u" EAP-Message = 0x01070020190017030100156c0d4febeb22f9afeceb73ec46e6bd6394035c4ea8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x37c373fabc43c5bdcb5d52d6815aca57 Finished request 20 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=44, length=217 Framed-MTU = 1466 NAS-IP-Address = 199.218.253.219 NAS-Identifier = "ITS" User-Name = "joeuser" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-ef-6f-c9" Calling-Station-Id = "00-0c-41-2e-c6-83" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" State = 0x37c373fabc43c5bdcb5d52d6815aca57 EAP-Message = 0x0207002319001703010018941aafbba04d643ba491ad763c30212cdb8d31c344166028 Message-Authenticator = 0x85208823aeeddc63dd5685fd1f52b9c7 modcall: entering group authorize for request 21 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 21 radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 21 modcall[authorize]: module "chap" returns noop for request 21 modcall[authorize]: module "mschap" returns noop for request 21 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 21 rlm_eap: EAP packet type response id 7 length 35 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 21 modcall: group authorize returns updated for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Proceeding to decode tunneled attributes. rlm_eap_peap: Identity - joeuser rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0207000c016a6f6575736572 PEAP: Got tunneled identity of joeuser PEAP: Setting default EAP type for tunneled EAP session. PEAP: Sending tunneled request EAP-Message = 0x0207000c016a6f6575736572 Freeradius-Proxied-To = 127.0.0.1 User-Name = "joeuser" modcall: entering group authorize for request 21 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 21 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 21 modcall[authorize]: module "chap" returns noop for request 21 modcall[authorize]: module "mschap" returns noop for request 21 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 21 rlm_eap: EAP packet type response id 7 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 21 modcall: group authorize returns updated for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 21 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 21 modcall: group authenticate returns handled for request 21 PEAP: Got tunneled reply RADIUS code 11 Reply-Message = "Hello, %u" EAP-Message = 0x010800211a0108001c1010a47be51ae474db585e8563ee41f2676a6f6575736572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcb85694eec221392ac65ff64a301f112 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 21 modcall: group authenticate returns handled for request 21 Sending Access-Challenge of id 44 to 199.218.253.219:1024 Reply-Message = "Hello, %u" EAP-Message = 0x010800381900170301002d55ce7bbb3cef6940a9fcf5a528655f1bab0e9d3137006971cf6f7b867af7fc193a98f942906f114470c4e018a6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeafd9541c5cc4b99c5d1b173cd87135f Finished request 21 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=45, length=271 Framed-MTU = 1466 NAS-IP-Address = 199.218.253.219 NAS-Identifier = "ITS" User-Name = "joeuser" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-ef-6f-c9" Calling-Station-Id = "00-0c-41-2e-c6-83" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" State = 0xeafd9541c5cc4b99c5d1b173cd87135f EAP-Message = 0x020800591900170301004edba479a20a6fdd879e5b9703139f843fc3018095349fdbf86a5d127d0b55ccd7bee0f3ed56b43f49b3e0ff57dcecc7c53ac6db88b1e76c0c87c9e10deb30d0b57bad3accd69a405e2413a0afda32 Message-Authenticator = 0x11b80ba4a18b1bbb645a838f7d7d7c5b modcall: entering group authorize for request 22 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 22 radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 22 modcall[authorize]: module "chap" returns noop for request 22 modcall[authorize]: module "mschap" returns noop for request 22 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 22 rlm_eap: EAP packet type response id 8 length 89 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 22 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 22 modcall: group authorize returns updated for request 22 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 22 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Proceeding to decode tunneled attributes. rlm_eap_peap: EAP type 26 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020800421a0208003d31605001953af12b7a7b66ba0d9ecc050d0000000000000000f0a34f9a3797130acdb4152825f49bf62b1d9431949c43c8006a6f6575736572 PEAP: Adding old state with cb 85 PEAP: Sending tunneled request EAP-Message = 0x020800421a0208003d31605001953af12b7a7b66ba0d9ecc050d0000000000000000f0a34f9a3797130acdb4152825f49bf62b1d9431949c43c8006a6f6575736572 Freeradius-Proxied-To = 127.0.0.1 User-Name = "joeuser" State = 0xcb85694eec221392ac65ff64a301f112 modcall: entering group authorize for request 22 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 22 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 22 modcall[authorize]: module "chap" returns noop for request 22 modcall[authorize]: module "mschap" returns noop for request 22 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 22 rlm_eap: EAP packet type response id 8 length 66 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 22 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 22 modcall: group authorize returns updated for request 22 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 22 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 modcall: entering group Auth-Type for request 22 rlm_mschap: We require a User-Name for MS-CHAPv2 modcall[authenticate]: module "mschap" returns invalid for request 22 modcall: group Auth-Type returns invalid for request 22 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 22 modcall: group authenticate returns reject for request 22 auth: Failed to validate the user. Login incorrect: [joeuser/<no User-Password attribute>] (from client localhost port 0) PEAP: Got tunneled reply RADIUS code 3 Reply-Message = "Hello, %u" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 22 modcall: group authenticate returns handled for request 22 Sending Access-Challenge of id 45 to 199.218.253.219:1024 Reply-Message = "Hello, %u" EAP-Message = 0x010900261900170301001b86cbabc5dac0f2525bb5401bab4fd05e389011b100885ee85c1a4a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x66ab05333192eb18bbc801c4fa8f47d0 Finished request 22 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=45, length=271 Sending duplicate reply to client ITS:1024 - ID: 45 Re-sending Access-Challenge of id 45 to 199.218.253.219:1024 Waking up in 5 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=46, length=220 Framed-MTU = 1466 NAS-IP-Address = 199.218.253.219 NAS-Identifier = "ITS" User-Name = "joeuser" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-ef-6f-c9" Calling-Station-Id = "00-0c-41-2e-c6-83" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" State = 0x66ab05333192eb18bbc801c4fa8f47d0 EAP-Message = 0x020900261900170301001b3091664b60196264ed1b9bbed552f7f28391c5984e9d5f0c40b086 Message-Authenticator = 0xc5bd89d7f83d6b4c82c60dfda1f8c52d modcall: entering group authorize for request 23 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 23 radius_xlat: '/usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/199.218.253.219/auth-detail-20040204 modcall[authorize]: module "auth_log" returns ok for request 23 modcall[authorize]: module "chap" returns noop for request 23 modcall[authorize]: module "mschap" returns noop for request 23 rlm_realm: No '@' in User-Name = "joeuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 23 rlm_eap: EAP packet type response id 9 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 23 users: Matched joeuser at 106 modcall[authorize]: module "files" returns ok for request 23 modcall: group authorize returns updated for request 23 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 23 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Proceeding to decode tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 23 modcall: group authenticate returns invalid for request 23 auth: Failed to validate the user. Login incorrect: [joeuser/<no User-Password attribute>] (from client ITS port 256 cli 00-0c-41-2e-c6-83) Delaying request 23 for 1 seconds Finished request 23 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 199.218.253.219:1024, id=46, length=220 Sending Access-Reject of id 46 to 199.218.253.219:1024 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Reply-Message = "Hello, %u" Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 16 ID 39 with timestamp 40211028 Cleaning up request 17 ID 40 with timestamp 40211028 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 18 ID 41 with timestamp 40211029 Cleaning up request 19 ID 42 with timestamp 40211029 Cleaning up request 20 ID 43 with timestamp 40211029 Cleaning up request 21 ID 44 with timestamp 40211029 Cleaning up request 22 ID 45 with timestamp 40211029 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 23 ID 46 with timestamp 4021102a Nothing to do. Sleeping until we see a request.