not answering all your questions, but some: peap, mschapv2 and Cisco aironet works all fine with each other. we used linux and solaris LDAP with this setup and (except for a 64-bit bug for Solaris, according to Paul Hampson) the rest works, build straight from scratch.
Windows XP should be SP2, though. OR SP1 and the PEAP patch from MS. Win2003 works only with commercial WLAN drivers, though. About AD: it is LDAP, so only the password could cause you problems, the LDAP part will just work. Mit freundlichen Gruessen Matthias Rumitz TC Unix / Netzwerke ADIVA Computertechnologie GmbH Norsk-Data-Str. 1 D-61352 Bad Homburg v.d.H. Fon: +49(0) 61 72 / 48 61 - 0 Fax: +49(0) 61 72 / 48 61 - 700 Web: http://www.adiva.de eMail: [EMAIL PROTECTED] Diese E-Mail Nachricht enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. This e-mail message may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. ----- Originalnachricht ----- Von: "DeYoung, Brandon" <[EMAIL PROTECTED]> Datum: Montag, Januar 31, 2005 7:03 am Betreff: RE: LDAP AD 802.1x eap peap mschap v2=help > Update: > I just downloaded Alfa & Ariss. I successfully logged into the > wirelessnetwork using PAP. I could not get any type of EAP to work > and have need of > better security than that provided by PAP. > > Any help is GREATLY appreciated. > > ~Brandon > > > -----Original Message----- > From: DeYoung, Brandon > Sent: Sunday, January 30, 2005 8:32 PM > To: freeradius-users@lists.freeradius.org > Subject: LDAP AD 802.1x eap peap mschap v2=help > > Hello all, > I am attempting to use FreeRadius to authenticate wireless Windows > XP users, utilizing Active Directory username/passwords via LDAP > connectionto AD. I am using a Cisco Aironet 1200 Access point. > > Is this setup even possible? > Should I be going a different route? > > I have the LDAP portion of the setup working (verified with > NTRadPing). However, I am getting "Windows was unable to log you > to on to > the network" messages on the client end. > > On the client I have only two options for "Authentication Method", > they are: "Smart card or other certificate" and "Secured password > (EAP-MSCHAP v2). Since the first doesn't allow for a password I > went with > MSCHAP v2. Will this ever work with LDAP? If not, is there another > clientout there that will? Should I be using some type of NT auth > instead of LDAP? > > > On the off chance that this setup could actually work here is some > relevantstuff from my configs: > > Thanks in advance, > ~Brandon > > Here is the "authenticate" section from my radiusd.conf > > authenticate { > Auth-Type PAP { > pap > } > > Auth-Type MS-CHAP { > mschap > } > > Auth-Type LDAP { > ldap > } > > # Allow EAP authentication. > eap > } > > > And the "authorize" section: > > authorize { > preprocess > > mschap > > eap > > files > > ldap > } > > The "eap" section: > > eap { > default_eap_type = peap > # md5 { > # } > > > tls { > private_key_password = "my pass phrase" > private_key_file = /etc/1x/r/cert-srv.pem > certificate_file = /etc/1x/r/cert-srv.pem > CA_file = /etc/1x/r/demoCA/cacert.pem > dh_file = /etc/1x/r/dh > random_file = /dev/urandom > fragment_size = 1750 > > } > > ttls { > # default_eap_type = md5 > } > > peap { > # default_eap_type = mschapv2 > } > mschapv2 { > } > } > > And Finally, the debug output when I make an auth attempt: > > austin:/etc/raddb # radiusd -sfxxyz > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /etc/raddb/proxy.conf > Config: including file: /etc/raddb/clients.conf > Config: including file: /etc/raddb/snmp.conf > Config: including file: /etc/raddb/eap.conf > Config: including file: /etc/raddb/sql.conf > main: prefix = "/usr" > main: localstatedir = "/var" > main: logdir = "/var/log/radius" > main: libdir = "/usr/lib/freeradius" > main: radacctdir = "/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/var/log/radius/radius.log" > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/var/run/radiusd/radiusd.pid" > main: user = "radiusd" > main: group = "radiusd" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > read_config_files: reading realms > radiusd: entering modules setup > Module: Library search path is /usr/lib/freeradius > Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" > rlm_exec: Wait=yes but no output defined. Did you mean output=none? > Module: Instantiated exec (exec) > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded PAP > pap: encryption_scheme = "crypt" > Module: Instantiated pap (pap) > Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: with_ntdomain_hack = no > mschap: passwd = "(null)" > mschap: authtype = "MS-CHAP" > mschap: ntlm_auth = "(null)" > Module: Instantiated mschap (mschap) > Module: Loaded LDAP > ldap: server = "43.143.144.20" > ldap: port = 389 > ldap: net_timeout = 1 > ldap: timeout = 4 > ldap: timelimit = 5 > ldap: identity = "CN=~SVCACCT-LDAPQuery,OU=Service > Accounts,DC=am,DC=sony,DC=com" > ldap: tls_mode = no > ldap: start_tls = yes > ldap: tls_cacertfile = "/etc/1x/r/demoCA/cacert.pem" > ldap: tls_cacertdir = "/etc/1x/r" > ldap: tls_certfile = "/etc/1x/r/cert-srv.pem" > ldap: tls_keyfile = "/etc/1x/r/cert-srv.pem" > ldap: tls_randfile = "/etc/1x/r/random" > ldap: tls_require_cert = "demand" > ldap: password = "b0oEWiu3" > ldap: basedn = "DC=am,DC=sony,DC=com" > ldap: filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" > ldap: base_filter = "(objectclass=radiusprofile)" > ldap: default_profile = "(null)" > ldap: profile_attribute = "(null)" > ldap: password_header = "{clear}" > ldap: password_attribute = "(null)" > ldap: access_attr = "(null)" > ldap: groupname_attribute = "cn" > ldap: groupmembership_filter = > "(|(&(objectClass=GroupOfNames)(member=%{Ldap- > UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=% {Ldap- > UserDn})))" ldap: groupmembership_attribute = "(null)" > ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" > ldap: ldap_debug = 0 > ldap: ldap_connections_number = 10 > ldap: compare_check_items = no > ldap: access_attr_used_for_allow = yes > ldap: do_xlat = yes > rlm_ldap: Registering ldap_groupcmp for Ldap-Group > rlm_ldap: Registering ldap_xlat with xlat_name ldap > rlm_ldap: reading ldap<->radius mappings from file > /etc/raddb/ldap.attrmaprlm_ldap: LDAP radiusCheckItem mapped to > RADIUS $GENERIC$ > rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ > rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type > rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use > rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called- > Station-Id > rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling- > Station-Id > rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password > rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password > rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL- TEXT > rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration > rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type > rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed- Protocol > rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP- > Addressrlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS > Framed-IP-Netmask > rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route > rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed- Routing > rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id > rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU > rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed- > Compressionrlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login- > IP-Host > rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service > rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port > rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback- Number > rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id > rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed- IPX- > Networkrlm_ldap: LDAP radiusClass mapped to RADIUS Class > rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session- Timeout > rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout > rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS > Termination-Action > rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT- > Servicerlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login- > LAT-Node > rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT- Group > rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS > Framed-AppleTalk-Link > rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS > Framed-AppleTalk-Network > rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS > Framed-AppleTalk-Zone > rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit > rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port > conns: 0x81748c0 > Module: Instantiated ldap (ldap) > Module: Loaded eap > eap: default_eap_type = "peap" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no > rlm_eap: Loaded and initialized type md5 > tls: rsa_key_exchange = no > tls: dh_key_exchange = yes > tls: rsa_key_length = 512 > tls: dh_key_length = 512 > tls: verify_depth = 0 > tls: CA_path = "(null)" > tls: pem_file_type = yes > tls: private_key_file = "/etc/1x/r/cert-srv.pem" > tls: certificate_file = "/etc/1x/r/cert-srv.pem" > tls: CA_file = "/etc/1x/r/demoCA/cacert.pem" > tls: private_key_password = "einstein was an id10t" > tls: dh_file = "/etc/1x/r/dh" > tls: random_file = "/dev/urandom" > tls: fragment_size = 1750 > tls: include_length = yes > tls: check_crl = no > tls: check_cert_cn = "(null)" > rlm_eap: Loaded and initialized type tls > ttls: default_eap_type = "md5" > ttls: copy_request_to_tunnel = no > ttls: use_tunneled_reply = no > rlm_eap: Loaded and initialized type ttls > peap: default_eap_type = "mschapv2" > peap: copy_request_to_tunnel = no > peap: use_tunneled_reply = no > peap: proxy_tunneled_request_as_eap = yes > rlm_eap: Loaded and initialized type peap > mschapv2: with_ntdomain_hack = no > rlm_eap: Loaded and initialized type mschapv2 > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = "/etc/raddb/huntgroups" > preprocess: hints = "/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > realm: ignore_default = no > realm: ignore_null = no > Module: Instantiated realm (suffix) > Module: Loaded files > files: usersfile = "/etc/raddb/users" > files: acctusersfile = "/etc/raddb/acct_users" > files: preproxy_usersfile = "/etc/raddb/preproxy_users" > files: compat = "no" > Module: Instantiated files (files) > realm: format = "prefix" > realm: delimiter = "\" > realm: ignore_default = no > realm: ignore_null = no > Module: Instantiated realm (ntdomain) > Module: Loaded detail > detail: detailfile = > "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no > Module: Instantiated detail (detail) > Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "(null)" > unix: group = "(null)" > unix: radwtmp = "/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > Module: Instantiated unix (unix) > Module: Loaded radutmp > radutmp: filename = "/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: case_sensitive = yes > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on authentication *:1812 > Listening on accounting *:1813 > Listening on proxy *:1814 > Ready to process requests. > rad_recv: Access-Request packet from host 43.191.112.164:21752, id=15, > length=135 > User-Name = "deyoungb" > Framed-MTU = 1400 > Called-Station-Id = "000f.8fda.481c" > Calling-Station-Id = "000d.28d0.0217" > Message-Authenticator = 0xf18aabca0ae4889cda534bc9b56daca9 > EAP-Message = 0x0201000d016465796f756e6762 > NAS-Port-Type = Wireless-802.11 > NAS-Port = 264 > Service-Type = Framed-User > NAS-IP-Address = 43.191.112.164 > NAS-Identifier = "SDB5Test" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_eap: EAP packet type response id 1 length 13 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 0 > rlm_realm: No '@' in User-Name = "deyoungb", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > users: Matched DEFAULT at 178 > modcall[authorize]: module "files" returns ok for request 0 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for deyoungb > radius_xlat: '(cn=deyoungb)' > radius_xlat: 'DC=am,DC=sony,DC=com' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to 43.143.144.20:389, authentication 0 > rlm_ldap: setting TLS CACert File to /etc/1x/r/demoCA/cacert.pem > rlm_ldap: setting TLS CACert File to /etc/1x/r > rlm_ldap: setting TLS Require Cert to demand > rlm_ldap: setting TLS Cert File to /etc/1x/r/cert-srv.pem > rlm_ldap: setting TLS Key File to /etc/1x/r/cert-srv.pem > rlm_ldap: setting TLS Key File to /etc/1x/r/random > rlm_ldap: starting TLS > Enter PEM pass phrase: > rlm_ldap: bind as CN=~SVCACCT-LDAPQuery,OU=Service > Accounts,DC=am,DC=sony,DC=com/b0oEWiu3 to 43.143.144.20:389 > rlm_ldap: waiting for bind result ... > rlm_ldap: Bind was successful > rlm_ldap: performing search in DC=am,DC=sony,DC=com, with filter > (cn=deyoungb) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user deyoungb authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > modcall: group authorize returns updated for request 0 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 0 > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns handled for request 0 > modcall: group authenticate returns handled for request 0 > Sending Access-Challenge of id 15 to 43.191.112.164:21752 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = 0x010200061920 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xf98939445acc2b39cb9fd21b9f662dae > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 43.191.112.164:21752, id=15, > length=135 > Sending duplicate reply to client 112:21752 - ID: 15 > Re-sending Access-Challenge of id 15 to 43.191.112.164:21752 > --- Walking the entire request list --- > Cleaning up request 0 ID 15 with timestamp 41fdb1ab > Nothing to do. Sleeping until we see a request. > rad_recv: Access-Request packet from host 43.191.112.164:21752, id=16, > length=220 > User-Name = "deyoungb" > Framed-MTU = 1400 > Called-Station-Id = "000f.8fda.481c" > Calling-Station-Id = "000d.28d0.0217" > Message-Authenticator = 0x71f53657731a58b9377ca9777b780eb4 > EAP-Message = > 0x0202005019800000004616030100410100003d030141fdb372176f229dd2 027daf7700a012 > b374b26140a22334e899d59134a1c41900001600040005000a00090064006 200030006001300 > 1200630100 > NAS-Port-Type = Wireless-802.11 > NAS-Port = 264 > State = 0xf98939445acc2b39cb9fd21b9f662dae > Service-Type = Framed-User > NAS-IP-Address = 43.191.112.164 > NAS-Identifier = "SDB5Test" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 1 > modcall[authorize]: module "preprocess" returns ok for request 1 > modcall[authorize]: module "mschap" returns noop for request 1 > rlm_eap: EAP packet type response id 2 length 80 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 1 > rlm_realm: No '@' in User-Name = "deyoungb", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 1 > users: Matched DEFAULT at 178 > modcall[authorize]: module "files" returns ok for request 1 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for deyoungb > radius_xlat: '(cn=deyoungb)' > radius_xlat: 'DC=am,DC=sony,DC=com' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in DC=am,DC=sony,DC=com, with filter > (cn=deyoungb) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user deyoungb authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 1 > modcall: group authorize returns updated for request 1 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 1 > rlm_eap: Request found, released from the list > rlm_eap: EAP/peap > rlm_eap: processing type peap > rlm_eap_peap: Authenticate > rlm_eap_tls: processing TLS > rlm_eap_tls: Length Included > eaptls_verify returned 11 > (other): before/accept initialization > TLS_accept: before/accept initialization > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello > TLS_accept: SSLv3 read client hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello > TLS_accept: SSLv3 write server hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 02bf], Certificate > TLS_accept: SSLv3 write certificate A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], > ServerHelloDone > TLS_accept: SSLv3 write server done A > TLS_accept: SSLv3 flush data > TLS_accept:error in SSLv3 read client certificate A > In SSL Handshake Phase > In SSL Accept mode > eaptls_process returned 13 > rlm_eap_peap: EAPTLS_HANDLED > modcall[authenticate]: module "eap" returns handled for request 1 > modcall: group authenticate returns handled for request 1 > Sending Access-Challenge of id 16 to 43.191.112.164:21752 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = > 0x010303221900160301004a02000046030141fdb1b39e7f67aa396c094254 5a63e55ecb202c > 23c7e67ebf14b3de25999db420732a590fd4413af814592dc9b0e31c6d53db7f b43ba540e156 > 17d01e36cdea3a00040016030102bf0b0002bb0002b80002b5308202b13082 021aa003020102 > 020101300d06092a864886f70d0101040500308191310b3009060355040613 02555331133011 > 0603550408130a43616c69666f726e6961311230100603550407130953616e 20446965676f31 > 0d300b060355040a1304536f6e79310c300a060355040b1303495444311030 0e060355040313 > 076272616e646f6e312a302806092a864886f70d010901161b62 > EAP-Message = > 0x72616e646f6e2e6465796f756e6740616d2e736f6e792e636f6d301e170d30 353031323831 > 38303230355a170d3036303132383138303230355a308191310b300906035 504061302555331 > 1330110603550408130a43616c69666f726e69613112301006035504071309 53616e20446965 > 676f310d300b060355040a1304536f6e79310c300a060355040b1303495444 3110300e060355 > 040313076272616e646f6e312a302806092a864886f70d010901161b627261 6e646f6e2e6465 > 796f756e6740616d2e736f6e792e636f6d30819f300d06092a864886f70d0101 01050003818d > 0030818902818100bea7377cc973d34fed2b48da3ac81197de7b > EAP-Message = > 0xb7a37c319d450090ed0dcb79b7a56cb05473f6c0b9ecf7a89c80ac6588ab 3b481a860ceb09 > 6358cb148c8a4c9a4f4f99010f8fcdd56de5f514e2aef4a9e5ff270958fee6a4e2 8c02a7e544 > 90a83761d1bf6fa066664494784fa458d0de4dd5028d9136c2c6df2d74f2ff6b8 4a513020301 > 0001a317301530130603551d25040c300a06082b06010505070301300d060 92a864886f70d01 > 01040500038181002165c148630da0d6aba3de4f9f052d0ed2b06895f949ab0 b88e9253ab960 > 4d2e4b63471f6f9e39fd7fecb38e1c6fb73fefe3904fa1e26e499034843d9c6307 1852952350 > 17fdcb67fae9f84f9a7e8333f796344ffc9486a19f1f2968fdac > EAP-Message = > 0xfbad758b41d14157449a4d2b596db1dbabe4c467cdbe0549455483570880 5866a4fb160301 > 00040e000000 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x06c584c36e502feb79854fd6db5050ac > Finished request 1 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 43.191.112.164:21752, id=17, > length=146 > User-Name = "deyoungb" > Framed-MTU = 1400 > Called-Station-Id = "000f.8fda.481c" > Calling-Station-Id = "000d.28d0.0217" > Message-Authenticator = 0x6de64f1df9fb8d952b0a65b6d467a82f > EAP-Message = 0x020300061900 > NAS-Port-Type = Wireless-802.11 > NAS-Port = 264 > State = 0x06c584c36e502feb79854fd6db5050ac > Service-Type = Framed-User > NAS-IP-Address = 43.191.112.164 > NAS-Identifier = "SDB5Test" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 2 > modcall[authorize]: module "preprocess" returns ok for request 2 > modcall[authorize]: module "mschap" returns noop for request 2 > rlm_eap: EAP packet type response id 3 length 6 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 2 > rlm_realm: No '@' in User-Name = "deyoungb", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 2 > users: Matched DEFAULT at 178 > modcall[authorize]: module "files" returns ok for request 2 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for deyoungb > radius_xlat: '(cn=deyoungb)' > radius_xlat: 'DC=am,DC=sony,DC=com' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in DC=am,DC=sony,DC=com, with filter > (cn=deyoungb) > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user deyoungb authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 2 > modcall: group authorize returns updated for request 2 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 2 > rlm_eap: Request found, released from the list > rlm_eap: EAP/peap > rlm_eap: processing type peap > rlm_eap_peap: Authenticate > rlm_eap_tls: processing TLS > rlm_eap_tls: Received EAP-TLS ACK message > eaptls_verify returned 3 > eaptls_process returned 3 > TLS_accept:error in SSLv3 read client certificate A > rlm_eap_peap: EAPTLS_SUCCESS > modcall[authenticate]: module "eap" returns handled for request 2 > modcall: group authenticate returns handled for request 2 > Sending Access-Challenge of id 17 to 43.191.112.164:21752 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = 0x010400061900 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xc04dc30ca96e3f0423fc9cfe13170971 > Finished request 2 > Going to the next request > --- Walking the entire request list --- > Waking up in 5 seconds... > --- Walking the entire request list --- > Cleaning up request 1 ID 16 with timestamp 41fdb1b2 > Waking up in 1 seconds... > --- Walking the entire request list --- > Cleaning up request 2 ID 17 with timestamp 41fdb1b3 > Nothing to do. Sleeping until we see a request. > > > If you made it this far, thak you again! > ~Brandon > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
