Hi Chris, I've modified my users file like this : #========================================================= # Test's User for 802.1x EAP/PEAP or EAP/TTLS #========================================================= jpc User-Password == "jpc"
#========================================================= # Test's User for 802.1x EAP/PEAP or EAP/TTLS with Ldap # not listing the user in the users file #========================================================= DEFAULT
So, EAP/TTLS authentication is perform by server BUT how radiusd can decide to check user/password on ldap backend.
In output, i can see that password is correctly retreive by server.
Chris Parker wrote:
At 11:02 AM 2/5/2004, Jean-Paul Chapalain wrote:
Try not listing the user in the users file. Add LDAP to your authorize section, and don't set and Auth-Type in DEFAULT entries.
LDAP will pull the user-password attribute in during the 'authorize' run, and the EAP modules should set and detect the EAP message so that EAP Authentication is done.
By setting Auth-Type := LDAP in users, you are overriding what is called in Authenticate so that EAP Authentication is not performed.
Remember, if you use the := operator, it is absolute and overrides any currently set Auth-Types. If anything, you'll want to set it to EAP, not LDAP.
-Chris
Thanks, Jean-Paul,
See attached radiusd output (out.txt)
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /opt/freeradius-Vsnapshot-20040112/etc/raddb/proxy.conf
Config: including file: /opt/freeradius-Vsnapshot-20040112/etc/raddb/clients.conf
Config: including file: /opt/freeradius-Vsnapshot-20040112/etc/raddb/snmp.conf
Config: including file: /opt/freeradius-Vsnapshot-20040112/etc/raddb/sql.conf
main: prefix = "/opt/freeradius-Vsnapshot-20040112"
main: localstatedir = "/opt/freeradius-Vsnapshot-20040112/var"
main: logdir = "/opt/freeradius-Vsnapshot-20040112/var/log/radius"
main: libdir = "/opt/freeradius-Vsnapshot-20040112/lib"
main: radacctdir = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/opt/freeradius-Vsnapshot-20040112/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/opt/freeradius-Vsnapshot-20040112/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /opt/freeradius-Vsnapshot-20040112/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded LDAP
ldap: server = "10.154.32.1"
ldap: port = 3268
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = ""
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = ""
ldap: basedn = "dc=platine,dc=org"
ldap: filter = "(cn=%u)"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "(null)"
ldap: access_attr = "dialupAccess"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
conns: (nil)
rlm_ldap: reading ldap<->radius mappings from file
/opt/freeradius-Vsnapshot-20040112/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8178618
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/1x/certs/custren.gicm.net.pem"
tls: certificate_file = "/etc/1x/certs/custren.gicm.net.pem"
tls: CA_file = "/etc/1x/certs/root.pem"
tls: private_key_password = "l0ngpassword"
tls: dh_file = "/etc/1x/DH"
tls: random_file = "/etc/1x/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = no
ttls: use_tunneled_reply = no
rlm_eap: Loaded and initialized type ttls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
rlm_eap: Loaded and initialized type peap
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/huntgroups"
preprocess: hints = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/users"
files: acctusersfile = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/acct_users"
files: preproxy_usersfile =
"/opt/freeradius-Vsnapshot-20040112/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/opt/freeradius-Vsnapshot-20040112/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 10.154.253.18:1812, id=168, length=100
NAS-IP-Address = 10.154.253.18
NAS-Port-Type = Async
User-Name = "a0153"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-0b-cd-ac-7a-fa"
EAP-Message = 0x0200000a016130313533
Message-Authenticator = 0xc1fb943a894064aab5be78413054d2ad
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched DEFAULT at 10
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 168 to 10.154.253.18:1812
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcd20622f44bab2315d5329294b69ae40
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.154.253.18:1812, id=169, length=114
NAS-IP-Address = 10.154.253.18
NAS-Port-Type = Async
User-Name = "a0153"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-0b-cd-ac-7a-fa"
State = 0xcd20622f44bab2315d5329294b69ae40
EAP-Message = 0x020100060315
Message-Authenticator = 0xbfe2dec59adfe0e308ebb0a85e8a5ae3
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 10
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 169 to 10.154.253.18:1812
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0e8a3897d12bc87e8f810b910e5a4ab4
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.154.253.18:1812, id=170, length=168
NAS-IP-Address = 10.154.253.18
NAS-Port-Type = Async
User-Name = "a0153"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-0b-cd-ac-7a-fa"
State = 0x0e8a3897d12bc87e8f810b910e5a4ab4
EAP-Message =
0x0202003c158000000032160301002d01000029030106012b008190110e4839258592cdfdf33e618cb3d4cdb2a473b9afa37e5ee8fc000002000a0100
Message-Authenticator = 0x81e57bc83f86932f4f6ec65cf87922ec
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 60
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched DEFAULT at 10
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
undefined: before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cb], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 170 to 10.154.253.18:1812
EAP-Message =
0x0103040a15c000000728160301004a02000046030140234f270b68ea276c34f16295c447e64c3b05592ff38048d153a7840b0e78ac200c12963c61a274826f85eac13a4ba4fcef3d0b3114a5cebee75ba20750df4753000a0016030106cb0b0006c70006c40002ea308202e63082024fa003020102020101300d06092a864886f70d01010405003081a7310b3009060355040613024652310f300d060355040813064672616e6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b
EAP-Message =
0x13044749434d3110300e0603550403130743412d4749434d311a301806092a864886f70d010901160b6e6f63406769636d2e6672301e170d3034303131323130313534315a170d3035303131313130313534315a3081b0310b3009060355040613024652310f300d060355040813064672616e6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b13044749434d31193017060355040313106375737472656e2e6769636d2e6e6574311a301806092a864886f70d010901160b6e
EAP-Message =
0x6f63406769636d2e667230819f300d06092a864886f70d010101050003818d0030818902818100c62bee8bbbc24dd746a3b7476892e14cd3e2eb7df6c5b3173355b3d4a214d20319d95b4f66006e349be395e26ff95a14c54d0195ce78594771dedc711756990b1aecf60da943b9fb94f7b4e586a783814d812a420db85212ee596cd7d9a6a96683aae826b7f6d4e1746c6bf43b9420cb0cb54f9c2e0cd93f7f552ec8446f2a750203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009b25bb14f1b2ea5f0ce75c11ccc5a32a7e0ccaf15f44d13f8dbad61dcfb04e6b1f2aa23474
EAP-Message =
0x269babfd6748f48ed241a0e0fff8137220d2fece04201976343cc988766b361813e9e1f9352c26713b9eee1ee6f7b5ede41700f806066ce4ddef86359e25a9cae7c67c426746a56d80b09d1b3023e24d7551ebb11b33caad91470d0003d4308203d030820339a003020102020100300d06092a864886f70d01010405003081a7310b3009060355040613024652310f300d060355040813064672616e6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b13044749434d3110300e
EAP-Message = 0x0603550403130743412d4749434d311a301806092a86
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9c5a0dca8a5d0512ea2e5f3c6aa806d0
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.154.253.18:1812, id=171, length=113
NAS-IP-Address = 10.154.253.18
NAS-Port-Type = Async
User-Name = "a0153"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-0b-cd-ac-7a-fa"
State = 0x9c5a0dca8a5d0512ea2e5f3c6aa806d0
EAP-Message = 0x0203000515
Message-Authenticator = 0x68bf3543c207b77a8f7d1011a9b53a43
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 5
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched DEFAULT at 10
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 171 to 10.154.253.18:1812
EAP-Message =
0x010403321580000007284886f70d010901160b6e6f63406769636d2e6672301e170d3034303131323130313532335a170d3034303231313130313532335a3081a7310b3009060355040613024652310f300d060355040813064672616e6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b13044749434d3110300e0603550403130743412d4749434d311a301806092a864886f70d010901160b6e6f63406769636d2e667230819f300d06092a864886f70d010101050003818d
EAP-Message =
0x0030818902818100a50926eabc4a8b7bff00f2d52f6d791855ae1b66e1d38bf6372d2434337fce7c71a2d5aef69998d02e1a33e59b0672393400eafa683ce8e8062b03195d0715b79112edfe324db8f673866bcaee18029d5bff5c8ba94ea73de69cb01cb244fe3dcc70b787da941e2b0f271fcf19fd61d752d6d00f9924029f0c04f0d66630e3d90203010001a382010830820104301d0603551d0e041604148af1a82b1e4ae7266cacdbf4c4187fd68edbf94e3081d40603551d230481cc3081c980148af1a82b1e4ae7266cacdbf4c4187fd68edbf94ea181ada481aa3081a7310b3009060355040613024652310f300d060355040813064672616e
EAP-Message =
0x6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b13044749434d3110300e0603550403130743412d4749434d311a301806092a864886f70d010901160b6e6f63406769636d2e6672820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038181007a0fe08ca7dffc5835331f72096395413a063f01d88e5cb2946a1366d57f40087001aad44e507ac800d05fad2d0ccf505b4cb9946c2c265fc5df37b1d7ad137e912e58e43bab9863b014d1c79a42
EAP-Message =
0xb48a112e2bb64b82902f383794c53302390b0171cecce66daef676a3e822aae0a5b7f9b2d20005f3aad41026af8bd7b6d11516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3012061db50d722dd66fa4afdd23e27c
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.154.253.18:1812, id=172, length=308
NAS-IP-Address = 10.154.253.18
NAS-Port-Type = Async
User-Name = "a0153"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-0b-cd-ac-7a-fa"
State = 0x3012061db50d722dd66fa4afdd23e27c
EAP-Message =
0x020400c81580000000be1603010086100000820080656ba46869ccadd3bee01c513a2e977c8d3b58e8e605978fec2d88ee586e169ff59fee01f9a596a00a1f414758b05688089f90c4b242c883af1bdb697666353f6d765e89f4bf38a6f67e24099e416a1a690a7dd24ae804e7b725d7eba2ad25d08aac6e09ceb3a91795428a62e1c52071e49cba91f020a5f969cf1f5181cba45f14030100010116030100282d19b95d1786e1d4e8079c70b3c45ee5e9cd7e0eb8dfeeaa64eb826fbd2c952267a95147d50000b3
Message-Authenticator = 0x2f14c755bd65a1b0ad77f944c72f7693
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 200
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched DEFAULT at 10
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
undefined: SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 172 to 10.154.253.18:1812
EAP-Message =
0x0105003d1580000000331403010001011603010028533ff521d5f7ecac371d1b5ac1b7fd6d83f2945e498d4c8387ddb4c8c807412ae1aa56447e61a362
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe872109d94c4a40b6f7eac06d8c726c8
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.154.253.18:1812, id=173, length=179
NAS-IP-Address = 10.154.253.18
NAS-Port-Type = Async
User-Name = "a0153"
Service-Type = Framed-User
Framed-MTU = 1500
Calling-Station-Id = "00-0b-cd-ac-7a-fa"
State = 0xe872109d94c4a40b6f7eac06d8c726c8
EAP-Message =
0x0205004715800000003d17030100386e800a3cc0bc7e795ba193320d63bccc7b9ccd0c76dd8394ca8387a37e167697b2c9ce7e16ce07c244682e20ef45e29ac11b1f3bd48f3846
Message-Authenticator = 0x40d63990138cd4de33ca8bfb3d18d780
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 71
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched DEFAULT at 10
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
TTLS: Got tunneled request
User-Name = "a0153"
User-Password = "<deleted>"
Freeradius-Proxied-To = 127.0.0.1
TTLS: Sending tunneled request
User-Name = "a0153"
User-Password = "<deleted>"
Freeradius-Proxied-To = 127.0.0.1
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 5
users: Matched DEFAULT at 10
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns ok for request 5
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [a0153/<deleted>] (from client loopback port 0)
TTLS: Got tunneled reply RADIUS code 3
TTLS: Got tunneled Access-Reject
rlm_eap: Handler failed in EAP/ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: group authenticate returns invalid for request 5
auth: Failed to validate the user.
Login incorrect: [a0153/<no User-Password attribute>] (from client sw-info-ouest-test
port 0 cli 00-0b-cd-ac-7a-fa)
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.154.253.18:1812, id=173, length=179
Sending Access-Reject of id 173 to 10.154.253.18:1812
EAP-Message = 0x04050004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 168 with timestamp 40234f27
Cleaning up request 1 ID 169 with timestamp 40234f27
Cleaning up request 2 ID 170 with timestamp 40234f27
Cleaning up request 3 ID 171 with timestamp 40234f27
Cleaning up request 4 ID 172 with timestamp 40234f27
Cleaning up request 5 ID 173 with timestamp 40234f27
Nothing to do. Sleeping until we see a request.
smime.p7s
Description: S/MIME Cryptographic Signature
