-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have freeradius configured to do PEAP and EAP-TTLS, searching the user data in LDAP. All is working well, except one device, a wireless network printer that refuses to authenticate. The freeradius debug output is attached. Does anyone have any idea? I'm stumped by the 'Got something weird' message... - -- Hugo Chasqueira Public Key: http://www.fcee.ucp.pt/docentes/url/hbc/pubkey.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBnO09jFeRi4vRS4IRAtaDAJ4kfGMZrCDOWNTXuHkGUpLnZQNBlACfbFB2 r+nciB8Am4fdzvfAtzZ9uIs= =ZRlH -----END PGP SIGNATURE-----
rad_recv: Access-Request packet from host 172.17.0.2:21656, id=202, length=131 User-Name = "impressoras" Framed-MTU = 1400 Called-Station-Id = "000e.83df.54e0" Calling-Station-Id = "000e.7f3a.bf7b" Message-Authenticator = 0x22593e6002c7c256b8041ed4ff07b523 EAP-Message = 0x0202001001696d70726573736f726173 NAS-Port-Type = Wireless-802.11 NAS-Port = 370 Service-Type = Framed-User NAS-IP-Address = 172.17.0.2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 150 modcall[authorize]: module "preprocess" returns ok for request 150 modcall[authorize]: module "chap" returns noop for request 150 modcall[authorize]: module "mschap" returns noop for request 150 rlm_realm: No '@' in User-Name = "impressoras", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "impressoras" rlm_realm: Proxying request from user impressoras to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 150 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "ntdomain" returns noop for request 150 rlm_eap: EAP packet type response id 2 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 150 rlm_ldap: - authorize rlm_ldap: performing user authorization for impressoras radius_xlat: '(uid=impressoras)' radius_xlat: 'dc=ucp,dc=pt' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=ucp,dc=pt, with filter (uid=impressoras) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21 rlm_ldap: Adding ntPassword as NT-Password, value BB4C23CC9852DA1DDF3A750EE4A1B2D6 & op=21 rlm_ldap: Adding lmPassword as LM-Password, value 210AB2216E60A5FC985E1393CED001C9 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user impressoras authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 150 modcall: group authorize returns updated for request 150 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 150 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 150 modcall: group authenticate returns handled for request 150 Sending Access-Challenge of id 202 to 172.17.0.2:21656 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd7f17d64474b7ef6783758e8fa710f28 Finished request 150 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.0.2:21656, id=203, length=199 User-Name = "impressoras" Framed-MTU = 1400 Called-Station-Id = "000e.83df.54e0" Calling-Station-Id = "000e.7f3a.bf7b" Message-Authenticator = 0x0b4dc6f72fc4fe910e1c8ce3323d7713 EAP-Message = 0x0203004219800000003816030100330100002f030100000567fbaa172dd22a046dd101f70daeefd92afcd35a35f58cbecc6cda8795000008000a0005000400090100 NAS-Port-Type = Wireless-802.11 NAS-Port = 370 State = 0xd7f17d64474b7ef6783758e8fa710f28 Service-Type = Framed-User NAS-IP-Address = 172.17.0.2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 151 modcall[authorize]: module "preprocess" returns ok for request 151 modcall[authorize]: module "chap" returns noop for request 151 modcall[authorize]: module "mschap" returns noop for request 151 rlm_realm: No '@' in User-Name = "impressoras", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "impressoras" rlm_realm: Proxying request from user impressoras to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 151 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "ntdomain" returns noop for request 151 rlm_eap: EAP packet type response id 3 length 66 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 151 rlm_ldap: - authorize rlm_ldap: performing user authorization for impressoras radius_xlat: '(uid=impressoras)' radius_xlat: 'dc=ucp,dc=pt' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=ucp,dc=pt, with filter (uid=impressoras) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21 rlm_ldap: Adding ntPassword as NT-Password, value BB4C23CC9852DA1DDF3A750EE4A1B2D6 & op=21 rlm_ldap: Adding lmPassword as LM-Password, value 210AB2216E60A5FC985E1393CED001C9 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user impressoras authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 151 modcall: group authorize returns updated for request 151 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 151 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0033], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0543], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 151 modcall: group authenticate returns handled for request 151 Sending Access-Challenge of id 203 to 172.17.0.2:21656 EAP-Message = 0x0104040a19c0000005a0160301004a020000460301419cd81ad57a41af38ebbfe121927969148a2d05fcc3abefa7029c6cad7e049d20b7cba67f422ea1b479e3024359c1ed056d0ea7d43a830f3e663fd87476912679000a0016030105430b00053f00053c0002ac308202a830820211a00302010202010f300d06092a864886f70d0101040500308188310b30090603550406130250543111300f06035504081308506f72747567616c310f300d060355040713064c6973626f613111300f060355040a1308464345452d554350310e300c060355040b13055349474d413110300e060355040313075369676d6143413120301e06092a864886f70d01 EAP-Message = 0x090116117369676d6140666365652e7563702e7074301e170d3034313032363137303433345a170d3035313032363137303433345a308191310b30090603550406130250543111300f06035504081308506f72747567616c310f300d060355040713064c6973626f613111300f060355040a1308464345452d554350310e300c060355040b13055349474d4131193017060355040313107261696f2e666365652e7563702e70743120301e06092a864886f70d01090116117369676d6140666365652e7563702e707430819f300d06092a864886f70d010101050003818d0030818902818100b403744b4e540cdfdcf221ba9ae361865feea6d58e2f12 EAP-Message = 0x485daed096d8e176e36bc2b74481c951560436994e9e92b3b73b50f37dfc39d3384bc9629cac5dd46070ee3772096f5c867dc1d77f39678bed550433b4ad8255f0a76344c5e41f37bb3c5618b0fc84bcf4cbd1ba40e1c6a1402efb9d627000ba13e031f47675a150bb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100908279972db5e1ce8858487918f2c037107c8ef99ae0a8c5c4be11f9118b3e9185f52170e9c3911f321e61ab8903d43c6d5446640a2cd3093a1b00656b879af0422be98c89daa87364f58e283e690b14f4ca8dabd3390642f40e3020609647462ce7f6 EAP-Message = 0x3f3bf7bdea5a050cf70aa0bc01664e93c45af20a8ed78da4eddbff092800028a30820286308201efa003020102020100300d06092a864886f70d0101040500308188310b30090603550406130250543111300f06035504081308506f72747567616c310f300d060355040713064c6973626f613111300f060355040a1308464345452d554350310e300c060355040b13055349474d413110300e060355040313075369676d6143413120301e06092a864886f70d01090116117369676d6140666365652e7563702e7074301e170d3034303530373131333834345a170d3035303530373131333834345a308188310b3009060355040613025054311130 EAP-Message = 0x0f06035504081308506f72747567616c310f300d0603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x00174d5fbb41c9689156012d98d46158 Finished request 151 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.0.2:21656, id=204, length=139 User-Name = "impressoras" Framed-MTU = 1400 Called-Station-Id = "000e.83df.54e0" Calling-Station-Id = "000e.7f3a.bf7b" Message-Authenticator = 0xb32ce391af67396e866da332f006b18d EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 370 State = 0x00174d5fbb41c9689156012d98d46158 Service-Type = Framed-User NAS-IP-Address = 172.17.0.2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 152 modcall[authorize]: module "preprocess" returns ok for request 152 modcall[authorize]: module "chap" returns noop for request 152 modcall[authorize]: module "mschap" returns noop for request 152 rlm_realm: No '@' in User-Name = "impressoras", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "impressoras" rlm_realm: Proxying request from user impressoras to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 152 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "ntdomain" returns noop for request 152 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 152 rlm_ldap: - authorize rlm_ldap: performing user authorization for impressoras radius_xlat: '(uid=impressoras)' radius_xlat: 'dc=ucp,dc=pt' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=ucp,dc=pt, with filter (uid=impressoras) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21 rlm_ldap: Adding ntPassword as NT-Password, value BB4C23CC9852DA1DDF3A750EE4A1B2D6 & op=21 rlm_ldap: Adding lmPassword as LM-Password, value 210AB2216E60A5FC985E1393CED001C9 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user impressoras authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 152 modcall: group authorize returns updated for request 152 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 152 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 152 modcall: group authenticate returns handled for request 152 Sending Access-Challenge of id 204 to 172.17.0.2:21656 EAP-Message = 0x010501a6190055040713064c6973626f613111300f060355040a1308464345452d554350310e300c060355040b13055349474d413110300e060355040313075369676d6143413120301e06092a864886f70d01090116117369676d6140666365652e7563702e707430819f300d06092a864886f70d010101050003818d0030818902818100d80cfdd41731065464c2af3e927819bfc8d449959b240e8ce4a730b579888660ca53ee727ac7d5f9ccedba4fe6595206b24a2e4bca9fcbe864cd5de9c82cd8c4c6be9ef9706eaee42fe9da663c77c794270553fe6d07b6eddbeeb6073eaf47ccfefe6cba4f97bb7f4576289dc6a10b592179a0f9bdcf7c0d EAP-Message = 0xe4415d9a65ac85cf0203010001300d06092a864886f70d0101040500038181002b04fa7f144a1318154b06707cc843359b62b40cd3c62f700f2b850d220cc39068eefe5844908099cca234aaeedaa766cb13c097889cbc5ea92b4b142f8b4ad4034f261fbdaa5b920368bd5fb4a8dde7736a96f4423643cef377de4ca380f1fa67b30e22c18c05efc4e0687b3190f6e3d32722e5fc91eabbb09316fb70a795da16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4bfde7f6a0e47de5ac2e6c5b24d715da Finished request 152 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.0.2:21656, id=205, length=333 User-Name = "impressoras" Framed-MTU = 1400 Called-Station-Id = "000e.83df.54e0" Calling-Station-Id = "000e.7f3a.bf7b" Message-Authenticator = 0x5f4432d4cd3bfac00f16f3293c3b7bf1 EAP-Message = 0x020500c81980000000be160301008610000082008036520106d177b3cfa7de43c0e1d199b07408a92f27c6a6e40f22efd16b0c11f6f1cbee1875965c89a513442720a931d93df8a2d0384ac0a20e8a2910e948ea5a2d369ea7828a737789f22bbd56c5b37f60935a8fc9584385c45e22fcb63807d9236da27a03f3f35ac1f2265168683360e409b9286bb66bf42e78827243f5ed2f14030100010116030100283a137d3995097fbf3dc98b84552ae942e2b78a2183cb0c6cbd7a9d05e32810bca48513e00271f593 NAS-Port-Type = Wireless-802.11 NAS-Port = 370 State = 0x4bfde7f6a0e47de5ac2e6c5b24d715da Service-Type = Framed-User NAS-IP-Address = 172.17.0.2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 153 modcall[authorize]: module "preprocess" returns ok for request 153 modcall[authorize]: module "chap" returns noop for request 153 modcall[authorize]: module "mschap" returns noop for request 153 rlm_realm: No '@' in User-Name = "impressoras", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "impressoras" rlm_realm: Proxying request from user impressoras to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 153 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "ntdomain" returns noop for request 153 rlm_eap: EAP packet type response id 5 length 200 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 153 rlm_ldap: - authorize rlm_ldap: performing user authorization for impressoras radius_xlat: '(uid=impressoras)' radius_xlat: 'dc=ucp,dc=pt' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=ucp,dc=pt, with filter (uid=impressoras) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21 rlm_ldap: Adding ntPassword as NT-Password, value BB4C23CC9852DA1DDF3A750EE4A1B2D6 & op=21 rlm_ldap: Adding lmPassword as LM-Password, value 210AB2216E60A5FC985E1393CED001C9 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user impressoras authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 153 modcall: group authorize returns updated for request 153 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 153 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 153 modcall: group authenticate returns handled for request 153 Sending Access-Challenge of id 205 to 172.17.0.2:21656 EAP-Message = 0x0106003919001403010001011603010028a4fffc3c16b6b49a235e834d2644ad20cad1675e31883e45820d2feeb814e6f64e6d81cc526f6e69 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x652958e7452a4aeda3122ca87785562d Finished request 153 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.0.2:21656, id=206, length=139 User-Name = "impressoras" Framed-MTU = 1400 Called-Station-Id = "000e.83df.54e0" Calling-Station-Id = "000e.7f3a.bf7b" Message-Authenticator = 0x6953bbcffa7874ef88f9b3fd362cc3e2 EAP-Message = 0x020600061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 370 State = 0x652958e7452a4aeda3122ca87785562d Service-Type = Framed-User NAS-IP-Address = 172.17.0.2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 154 modcall[authorize]: module "preprocess" returns ok for request 154 modcall[authorize]: module "chap" returns noop for request 154 modcall[authorize]: module "mschap" returns noop for request 154 rlm_realm: No '@' in User-Name = "impressoras", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "impressoras" rlm_realm: Proxying request from user impressoras to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 154 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "ntdomain" returns noop for request 154 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 154 rlm_ldap: - authorize rlm_ldap: performing user authorization for impressoras radius_xlat: '(uid=impressoras)' radius_xlat: 'dc=ucp,dc=pt' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=ucp,dc=pt, with filter (uid=impressoras) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21 rlm_ldap: Adding ntPassword as NT-Password, value BB4C23CC9852DA1DDF3A750EE4A1B2D6 & op=21 rlm_ldap: Adding lmPassword as LM-Password, value 210AB2216E60A5FC985E1393CED001C9 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user impressoras authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 154 modcall: group authorize returns updated for request 154 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 154 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 154 modcall: group authenticate returns handled for request 154 Sending Access-Challenge of id 206 to 172.17.0.2:21656 EAP-Message = 0x0107004819001703010018621122a686f0220a454e549665ca03094736549428491dfa1703010020f3509f590a2aee96c46bec625df53342708bd8a17e8fed837ea7ca6ce62e3a86 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x529a37918b1ca57a86398395c911c442 Finished request 154 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.0.2:21656, id=207, length=213 User-Name = "impressoras" Framed-MTU = 1400 Called-Station-Id = "000e.83df.54e0" Calling-Station-Id = "000e.7f3a.bf7b" Message-Authenticator = 0x3a0909ccd1c32b55c52b4337281bb89e EAP-Message = 0x020700501900170301001879506f1aaec49fb9e20a7bc6de988e202c90de0a94939480170301002853fd4483ec3aa7c64fa18e06dd259581c9e3a3a479d65a8a7c6000781f96a628d16700e421cc409f NAS-Port-Type = Wireless-802.11 NAS-Port = 370 State = 0x529a37918b1ca57a86398395c911c442 Service-Type = Framed-User NAS-IP-Address = 172.17.0.2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 155 modcall[authorize]: module "preprocess" returns ok for request 155 modcall[authorize]: module "chap" returns noop for request 155 modcall[authorize]: module "mschap" returns noop for request 155 rlm_realm: No '@' in User-Name = "impressoras", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "impressoras" rlm_realm: Proxying request from user impressoras to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 155 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "ntdomain" returns noop for request 155 rlm_eap: EAP packet type response id 7 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 155 rlm_ldap: - authorize rlm_ldap: performing user authorization for impressoras radius_xlat: '(uid=impressoras)' radius_xlat: 'dc=ucp,dc=pt' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=ucp,dc=pt, with filter (uid=impressoras) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT, value [UX & op=21 rlm_ldap: Adding ntPassword as NT-Password, value BB4C23CC9852DA1DDF3A750EE4A1B2D6 & op=21 rlm_ldap: Adding lmPassword as LM-Password, value 210AB2216E60A5FC985E1393CED001C9 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user impressoras authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 155 modcall: group authorize returns updated for request 155 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 155 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Got something weird. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 155 modcall: group authenticate returns invalid for request 155 auth: Failed to validate the user. Delaying request 155 for 1 seconds Finished request 155 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.17.0.2:21656, id=207, length=213 Sending Access-Reject of id 207 to 172.17.0.2:21656 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 150 ID 202 with timestamp 419cd81a Cleaning up request 151 ID 203 with timestamp 419cd81a Cleaning up request 152 ID 204 with timestamp 419cd81a Cleaning up request 153 ID 205 with timestamp 419cd81a Cleaning up request 154 ID 206 with timestamp 419cd81a Cleaning up request 155 ID 207 with timestamp 419cd81a Nothing to do. Sleeping until we see a request.