Hi Chris, I've modified my users file like this : #========================================================= # Test's User for 802.1x EAP/PEAP or EAP/TTLS #========================================================= jpc User-Password == "jpc"
#========================================================= # Test's User for 802.1x EAP/PEAP or EAP/TTLS with Ldap # not listing the user in the users file #========================================================= DEFAULT
So, EAP/TTLS authentication is perform by server BUT how radiusd can decide to check user/password on ldap backend.
In output, i can see that password is correctly retreive by server.
Chris Parker wrote:
At 11:02 AM 2/5/2004, Jean-Paul Chapalain wrote:
Try not listing the user in the users file. Add LDAP to your authorize section, and don't set and Auth-Type in DEFAULT entries.
LDAP will pull the user-password attribute in during the 'authorize' run, and the EAP modules should set and detect the EAP message so that EAP Authentication is done.
By setting Auth-Type := LDAP in users, you are overriding what is called in Authenticate so that EAP Authentication is not performed.
Remember, if you use the := operator, it is absolute and overrides any currently set Auth-Types. If anything, you'll want to set it to EAP, not LDAP.
-Chris
Thanks, Jean-Paul,
See attached radiusd output (out.txt)
Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /opt/freeradius-Vsnapshot-20040112/etc/raddb/proxy.conf Config: including file: /opt/freeradius-Vsnapshot-20040112/etc/raddb/clients.conf Config: including file: /opt/freeradius-Vsnapshot-20040112/etc/raddb/snmp.conf Config: including file: /opt/freeradius-Vsnapshot-20040112/etc/raddb/sql.conf main: prefix = "/opt/freeradius-Vsnapshot-20040112" main: localstatedir = "/opt/freeradius-Vsnapshot-20040112/var" main: logdir = "/opt/freeradius-Vsnapshot-20040112/var/log/radius" main: libdir = "/opt/freeradius-Vsnapshot-20040112/lib" main: radacctdir = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/opt/freeradius-Vsnapshot-20040112/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/opt/freeradius-Vsnapshot-20040112/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /opt/freeradius-Vsnapshot-20040112/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded LDAP ldap: server = "10.154.32.1" ldap: port = 3268 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "" ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "" ldap: basedn = "dc=platine,dc=org" ldap: filter = "(cn=%u)" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "(null)" ldap: access_attr = "dialupAccess" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes conns: (nil) rlm_ldap: reading ldap<->radius mappings from file /opt/freeradius-Vsnapshot-20040112/etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port conns: 0x8178618 Module: Instantiated ldap (ldap) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/1x/certs/custren.gicm.net.pem" tls: certificate_file = "/etc/1x/certs/custren.gicm.net.pem" tls: CA_file = "/etc/1x/certs/root.pem" tls: private_key_password = "l0ngpassword" tls: dh_file = "/etc/1x/DH" tls: random_file = "/etc/1x/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no rlm_eap: Loaded and initialized type peap rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/huntgroups" preprocess: hints = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/users" files: acctusersfile = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/acct_users" files: preproxy_usersfile = "/opt/freeradius-Vsnapshot-20040112/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/opt/freeradius-Vsnapshot-20040112/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 10.154.253.18:1812, id=168, length=100 NAS-IP-Address = 10.154.253.18 NAS-Port-Type = Async User-Name = "a0153" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-0b-cd-ac-7a-fa" EAP-Message = 0x0200000a016130313533 Message-Authenticator = 0xc1fb943a894064aab5be78413054d2ad modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched DEFAULT at 10 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 168 to 10.154.253.18:1812 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcd20622f44bab2315d5329294b69ae40 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.154.253.18:1812, id=169, length=114 NAS-IP-Address = 10.154.253.18 NAS-Port-Type = Async User-Name = "a0153" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-0b-cd-ac-7a-fa" State = 0xcd20622f44bab2315d5329294b69ae40 EAP-Message = 0x020100060315 Message-Authenticator = 0xbfe2dec59adfe0e308ebb0a85e8a5ae3 modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched DEFAULT at 10 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/ttls rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 169 to 10.154.253.18:1812 EAP-Message = 0x010200061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0e8a3897d12bc87e8f810b910e5a4ab4 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.154.253.18:1812, id=170, length=168 NAS-IP-Address = 10.154.253.18 NAS-Port-Type = Async User-Name = "a0153" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-0b-cd-ac-7a-fa" State = 0x0e8a3897d12bc87e8f810b910e5a4ab4 EAP-Message = 0x0202003c158000000032160301002d01000029030106012b008190110e4839258592cdfdf33e618cb3d4cdb2a473b9afa37e5ee8fc000002000a0100 Message-Authenticator = 0x81e57bc83f86932f4f6ec65cf87922ec modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 60 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched DEFAULT at 10 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 undefined: before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cb], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 170 to 10.154.253.18:1812 EAP-Message = 0x0103040a15c000000728160301004a02000046030140234f270b68ea276c34f16295c447e64c3b05592ff38048d153a7840b0e78ac200c12963c61a274826f85eac13a4ba4fcef3d0b3114a5cebee75ba20750df4753000a0016030106cb0b0006c70006c40002ea308202e63082024fa003020102020101300d06092a864886f70d01010405003081a7310b3009060355040613024652310f300d060355040813064672616e6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b EAP-Message = 0x13044749434d3110300e0603550403130743412d4749434d311a301806092a864886f70d010901160b6e6f63406769636d2e6672301e170d3034303131323130313534315a170d3035303131313130313534315a3081b0310b3009060355040613024652310f300d060355040813064672616e6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b13044749434d31193017060355040313106375737472656e2e6769636d2e6e6574311a301806092a864886f70d010901160b6e EAP-Message = 0x6f63406769636d2e667230819f300d06092a864886f70d010101050003818d0030818902818100c62bee8bbbc24dd746a3b7476892e14cd3e2eb7df6c5b3173355b3d4a214d20319d95b4f66006e349be395e26ff95a14c54d0195ce78594771dedc711756990b1aecf60da943b9fb94f7b4e586a783814d812a420db85212ee596cd7d9a6a96683aae826b7f6d4e1746c6bf43b9420cb0cb54f9c2e0cd93f7f552ec8446f2a750203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009b25bb14f1b2ea5f0ce75c11ccc5a32a7e0ccaf15f44d13f8dbad61dcfb04e6b1f2aa23474 EAP-Message = 0x269babfd6748f48ed241a0e0fff8137220d2fece04201976343cc988766b361813e9e1f9352c26713b9eee1ee6f7b5ede41700f806066ce4ddef86359e25a9cae7c67c426746a56d80b09d1b3023e24d7551ebb11b33caad91470d0003d4308203d030820339a003020102020100300d06092a864886f70d01010405003081a7310b3009060355040613024652310f300d060355040813064672616e6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b13044749434d3110300e EAP-Message = 0x0603550403130743412d4749434d311a301806092a86 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9c5a0dca8a5d0512ea2e5f3c6aa806d0 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.154.253.18:1812, id=171, length=113 NAS-IP-Address = 10.154.253.18 NAS-Port-Type = Async User-Name = "a0153" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-0b-cd-ac-7a-fa" State = 0x9c5a0dca8a5d0512ea2e5f3c6aa806d0 EAP-Message = 0x0203000515 Message-Authenticator = 0x68bf3543c207b77a8f7d1011a9b53a43 modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 5 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched DEFAULT at 10 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 171 to 10.154.253.18:1812 EAP-Message = 0x010403321580000007284886f70d010901160b6e6f63406769636d2e6672301e170d3034303131323130313532335a170d3034303231313130313532335a3081a7310b3009060355040613024652310f300d060355040813064672616e6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b13044749434d3110300e0603550403130743412d4749434d311a301806092a864886f70d010901160b6e6f63406769636d2e667230819f300d06092a864886f70d010101050003818d EAP-Message = 0x0030818902818100a50926eabc4a8b7bff00f2d52f6d791855ae1b66e1d38bf6372d2434337fce7c71a2d5aef69998d02e1a33e59b0672393400eafa683ce8e8062b03195d0715b79112edfe324db8f673866bcaee18029d5bff5c8ba94ea73de69cb01cb244fe3dcc70b787da941e2b0f271fcf19fd61d752d6d00f9924029f0c04f0d66630e3d90203010001a382010830820104301d0603551d0e041604148af1a82b1e4ae7266cacdbf4c4187fd68edbf94e3081d40603551d230481cc3081c980148af1a82b1e4ae7266cacdbf4c4187fd68edbf94ea181ada481aa3081a7310b3009060355040613024652310f300d060355040813064672616e EAP-Message = 0x6365311a3018060355040713114c652052656c65636b204b657268756f6e312e302c060355040a132547726f7570656d656e7420496e666f726d61746971756520437265646974204d757475656c310d300b060355040b13044749434d3110300e0603550403130743412d4749434d311a301806092a864886f70d010901160b6e6f63406769636d2e6672820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038181007a0fe08ca7dffc5835331f72096395413a063f01d88e5cb2946a1366d57f40087001aad44e507ac800d05fad2d0ccf505b4cb9946c2c265fc5df37b1d7ad137e912e58e43bab9863b014d1c79a42 EAP-Message = 0xb48a112e2bb64b82902f383794c53302390b0171cecce66daef676a3e822aae0a5b7f9b2d20005f3aad41026af8bd7b6d11516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3012061db50d722dd66fa4afdd23e27c Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.154.253.18:1812, id=172, length=308 NAS-IP-Address = 10.154.253.18 NAS-Port-Type = Async User-Name = "a0153" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-0b-cd-ac-7a-fa" State = 0x3012061db50d722dd66fa4afdd23e27c EAP-Message = 0x020400c81580000000be1603010086100000820080656ba46869ccadd3bee01c513a2e977c8d3b58e8e605978fec2d88ee586e169ff59fee01f9a596a00a1f414758b05688089f90c4b242c883af1bdb697666353f6d765e89f4bf38a6f67e24099e416a1a690a7dd24ae804e7b725d7eba2ad25d08aac6e09ceb3a91795428a62e1c52071e49cba91f020a5f969cf1f5181cba45f14030100010116030100282d19b95d1786e1d4e8079c70b3c45ee5e9cd7e0eb8dfeeaa64eb826fbd2c952267a95147d50000b3 Message-Authenticator = 0x2f14c755bd65a1b0ad77f944c72f7693 modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 4 length 200 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched DEFAULT at 10 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data undefined: SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 172 to 10.154.253.18:1812 EAP-Message = 0x0105003d1580000000331403010001011603010028533ff521d5f7ecac371d1b5ac1b7fd6d83f2945e498d4c8387ddb4c8c807412ae1aa56447e61a362 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe872109d94c4a40b6f7eac06d8c726c8 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.154.253.18:1812, id=173, length=179 NAS-IP-Address = 10.154.253.18 NAS-Port-Type = Async User-Name = "a0153" Service-Type = Framed-User Framed-MTU = 1500 Calling-Station-Id = "00-0b-cd-ac-7a-fa" State = 0xe872109d94c4a40b6f7eac06d8c726c8 EAP-Message = 0x0205004715800000003d17030100386e800a3cc0bc7e795ba193320d63bccc7b9ccd0c76dd8394ca8387a37e167697b2c9ce7e16ce07c244682e20ef45e29ac11b1f3bd48f3846 Message-Authenticator = 0x40d63990138cd4de33ca8bfb3d18d780 modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched DEFAULT at 10 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = "a0153" User-Password = "<deleted>" Freeradius-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "a0153" User-Password = "<deleted>" Freeradius-Proxied-To = 127.0.0.1 modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 5 users: Matched DEFAULT at 10 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns ok for request 5 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [a0153/<deleted>] (from client loopback port 0) TTLS: Got tunneled reply RADIUS code 3 TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: group authenticate returns invalid for request 5 auth: Failed to validate the user. Login incorrect: [a0153/<no User-Password attribute>] (from client sw-info-ouest-test port 0 cli 00-0b-cd-ac-7a-fa) Delaying request 5 for 1 seconds Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.154.253.18:1812, id=173, length=179 Sending Access-Reject of id 173 to 10.154.253.18:1812 EAP-Message = 0x04050004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 168 with timestamp 40234f27 Cleaning up request 1 ID 169 with timestamp 40234f27 Cleaning up request 2 ID 170 with timestamp 40234f27 Cleaning up request 3 ID 171 with timestamp 40234f27 Cleaning up request 4 ID 172 with timestamp 40234f27 Cleaning up request 5 ID 173 with timestamp 40234f27 Nothing to do. Sleeping until we see a request.
smime.p7s
Description: S/MIME Cryptographic Signature