Alan DeKok wrote:
Gary Algier <[EMAIL PROTECTED]> wrote:
I am trying to use the WinXP supplied supplicant and I am getting:
modcall: group authenticate returns invalid for request 41
Can someone give me a hint as to what this means?
Read the *rest* of the debug log above that to see what's going on.
I did and it I did not understand it (see below for the log). I thought
that perhaps there was some sort of groups I needed to setup.
When I use the WinXP bulitin supplicant in "Automatically use my
Windows login..." mode, Freeradius fails with the group
authentication message.
It's not "group authentication", it's the "authentication" section
of "radiusd.conf".
If I uncheck that and type a login
and password (but not a domain), it works fine. It never does
any sort of group check. If I supply a domain, it does the group
check (and fails). When does it check groups? What is it
checking?
Read the *rest* of the debug log.
Here's the logs (when is fails with a domain supplied):
-------------------------------------------------------------------
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/ulcmit/raddb/clients.conf
Config: including file: /etc/ulcmit/raddb/snmp.conf
Config: including file: /etc/ulcmit/raddb/eap.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "clear"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded Pam
pam: pam_auth = "radiusd"
Module: Instantiated pam (pam)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "mschapv2"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/ulcmit/raddb/certs/pyrope.ulticom.com.key"
tls: certificate_file = "/etc/ulcmit/raddb/certs/pyrope.ulticom.com.crt"
tls: CA_file = "/etc/ulcmit/raddb/certs/ca.pem"
tls: private_key_password = "(null)"
tls: dh_file = "/etc/ulcmit/raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "md5"
ttls: copy_request_to_tunnel = no
ttls: use_tunneled_reply = no
rlm_eap: Loaded and initialized type ttls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/ulcmit/raddb/huntgroups"
preprocess: hints = "/etc/ulcmit/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded LDAP
ldap: server = "ldap.ulticom.com"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = ""
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = ""
ldap: basedn = "dc=ulticom,dc=com"
ldap: filter = "(&(objectclass=person)(uid=%{exec:/etc/ulcmit/raddb/nodomain
%{User-Name}}))"
ldap: base_filter = "(objectclass=*)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "(null)"
ldap: access_attr = "uid"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniq
ueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/etc/ulcmit/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
lm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/etc/ulcmit/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 126510
Module: Instantiated ldap (ldap)
Module: Loaded files
files: usersfile = "/etc/ulcmit/raddb/users"
files: acctusersfile = "/etc/ulcmit/raddb/acct_users"
files: preproxy_usersfile = "/etc/ulcmit/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=85, length=213
Framed-MTU = 1480
NAS-IP-Address = 172.25.16.9
NAS-Identifier = "hp-50-9"
User-Name = "MALACHITE\\gaa"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-11-85-40-71-ff"
Calling-Station-Id = "00-14-22-dc-9b-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x02010012014d414c4143484954455c676161
Message-Authenticator = 0x9fe6191e75699a28156146fa98342f4d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.ulticom.com:389, authentication 0
rlm_ldap: bind as / to ldap.ulticom.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
rlm_eap: EAP packet type response id 1 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 176
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 85 to 172.25.16.9:1230
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message =
0x010200271a010200221010130293c1f011fcd0e66b5d6118d2344d414c4143484954455c676161
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd78143c9277890d881701cfb419ad903
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=86, length=219
Framed-MTU = 1480
NAS-IP-Address = 172.25.16.9
NAS-Identifier = "hp-50-9"
User-Name = "MALACHITE\\gaa"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-11-85-40-71-ff"
Calling-Station-Id = "00-14-22-dc-9b-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
State = 0xd78143c9277890d881701cfb419ad903
EAP-Message = 0x020200060319
Message-Authenticator = 0xd461ecf0394aed21f586e3620dd34b0a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 176
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 86 to 172.25.16.9:1230
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd5b41d44d5a957756e939fddd080ca71
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=87, length=293
Framed-MTU = 1480
NAS-IP-Address = 172.25.16.9
NAS-Identifier = "hp-50-9"
User-Name = "MALACHITE\\gaa"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-11-85-40-71-ff"
Calling-Station-Id = "00-14-22-dc-9b-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
State = 0xd5b41d44d5a957756e939fddd080ca71
EAP-Message =
0x0203005019800000004616030100410100003d030143c2a6d3a3ef3f81f7b63ab1c666ff6a16bd9a8cf8dcb4c
2f89bc1ebe8949b5e00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x2f00f7f94a7e8773822061af30b65184
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 176
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 02b0], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 87 to 172.25.16.9:1230
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message =
0x010403131900160301004a02000046030143c2a6d9dde76b5c1689d53cd6a956ed1e0867963fba2ef75e39da4
21beaf4352054ca69f97e0231c3c45b9e911063b13aef76e71ebbb3bee335c185ba5419474f00040016030102b00b0002ac0002a90002a630
8202a23082020b020104300d06092a864886f70d01010405003081a6310b3009060355040613025553311330110603550408130a4e6577204
a6572736579311330110603550407130a4d742e204c617572656c31143012060355040a130b556c7469636f6d20496e633121301f06035504
0b1318496e666f726d6174696f6e20546563686e6f6c6f67696573311330110603550403130a55
EAP-Message =
0x6c7469636f6d204954311f301d06092a864886f70d0109011610726f6f7440756c7469636f6d2e636f6d301e1
70d3035313231353138353031365a170d3039313231353138353031365a30818b310b3009060355040613025553311330110603550408130a
4e6577204a6572736579311330110603550407130a4d742e204c617572656c31143012060355040a130b556c7469636f6d20496e63311b301
9060355040313127079726f70652e756c7469636f6d2e636f6d311f301d06092a864886f70d01090116106365727440756c7469636f6d2e63
6f6d30819f300d06092a864886f70d010101050003818d0030818902818100bcef4f9735a4fe70
EAP-Message =
0xc7b49e61554ceca88f896391f54840e9b045c7bc1d2d8172729a93ea6a3caf74689b1d5a94502bfd80fb536a4
3ee57c997e498b7068b18517d6a7aa3b7c69e7a8716317b0658697e218d78a36048a0222cc82e0085d058c49a137b476ef1365a0b02482baf
be65244841d9468d8ac0d82e07b35d99b379e90203010001300d06092a864886f70d010104050003818100be1b22a1d77b5eee2cd1f7d6966
034b778a81596cc6e7e40963d67df46951b36f435103da62babcbba99f22ecc5f13e1097e6f843f587ed9f539ca0c2a7a5bed4e86b1c8d669
927373d3553717a312a35df8f562841ebd1dffcf66e51e8682b7eb47851a2737bf327bc2b1a8e0
EAP-Message = 0x3ac5b28fb2e6fd549c30cb4c1e7e0a37a7208a16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x28abe2f9101132c971a07e16302eaca7
Finished request 2
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=88, length=405
Framed-MTU = 1480
NAS-IP-Address = 172.25.16.9
NAS-Identifier = "hp-50-9"
User-Name = "MALACHITE\\gaa"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-11-85-40-71-ff"
Calling-Station-Id = "00-14-22-dc-9b-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
State = 0x28abe2f9101132c971a07e16302eaca7
EAP-Message =
0x020400c01980000000b616030100861000008200803af0872cb540732a24029c8e11a6bd34fac1a865f5394d0
b135090e3852e522c2bade22fa4a6e57b25c84ee69236b5b9d38d068f0a198c5c8c69e17d8e27a52ab1763c047ab8f9c7300b1456735a7c92
b666a56341317ea5cd903d6aa3cf162d64c2d7e9c880721fcbe264fac1ac82beb50ac5de3269dc5bd9a6c0092b46c95314030100010116030
10020b343d463f4df0f2defd061db0cab5226e4c130fd52f1960dc217ede867b1defb
Message-Authenticator = 0x389c6d2df6ebcbc16c53d91c4ae3b280
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 176
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 88 to 172.25.16.9:1230
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message =
0x0105003119001403010001011603010020450d43f8fe77d406da967e25cb20130b9138134590d30600839dbca
a90009313
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x41ecdb8ff87e2ebb8bd9d9ab845414ad
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=89, length=219
Framed-MTU = 1480
NAS-IP-Address = 172.25.16.9
NAS-Identifier = "hp-50-9"
User-Name = "MALACHITE\\gaa"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-11-85-40-71-ff"
Calling-Station-Id = "00-14-22-dc-9b-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
State = 0x41ecdb8ff87e2ebb8bd9d9ab845414ad
EAP-Message = 0x020500061900
Message-Authenticator = 0x82d48fdee79673d1b2d6e19af9262a62
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 176
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 89 to 172.25.16.9:1230
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message =
0x01060020190017030100153b60c494388f8168550229442e6f575b8efa2eee31
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5aab6b483e096944c4c374392e35c98
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=90, length=254
Framed-MTU = 1480
NAS-IP-Address = 172.25.16.9
NAS-Identifier = "hp-50-9"
User-Name = "MALACHITE\\gaa"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-11-85-40-71-ff"
Calling-Station-Id = "00-14-22-dc-9b-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
State = 0xe5aab6b483e096944c4c374392e35c98
EAP-Message =
0x020600291900170301001eab64380cecc1f7985fde402c803b5802088d260b7fb1fe361005032f4c0d
Message-Authenticator = 0xe357fd824a4477214b07ff0fcad1828f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
rlm_eap: EAP packet type response id 6 length 41
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 176
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - MALACHITE\gaa
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x02060012014d414c4143484954455c676161
PEAP: Got tunneled identity of MALACHITE\gaa
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to MALACHITE\gaa
PEAP: Sending tunneled request
EAP-Message = 0x02060012014d414c4143484954455c676161
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "MALACHITE\\gaa"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
rlm_eap: EAP packet type response id 6 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x010700271a010700221038ab51172b080f7780d8377e3294d6904d414c4143484954455c676161
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x44291341705504e0490ffb683cbdcc1d
PEAP: Processing from tunneled session code 14ff38 11
EAP-Message =
0x010700271a010700221038ab51172b080f7780d8377e3294d6904d414c4143484954455c676161
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x44291341705504e0490ffb683cbdcc1d
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 90 to 172.25.16.9:1230
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message =
0x0107003e1900170301003385e6247dbf02066d6ab45d4545985a79f7c28211fabcccb73f103eecfc028e95c15
cabfd387fc1b9bb1559c9c52c251e4eabc2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x46cf8fa85528152e10d8974266365efd
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=91, length=308
Framed-MTU = 1480
NAS-IP-Address = 172.25.16.9
NAS-Identifier = "hp-50-9"
User-Name = "MALACHITE\\gaa"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-11-85-40-71-ff"
Calling-Station-Id = "00-14-22-dc-9b-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
State = 0x46cf8fa85528152e10d8974266365efd
EAP-Message =
0x0207005f19001703010054b53b33a93bff2ba1d6471508b12db69f2e1a45317218bc2c1077ed89ddd0f950bf8
74424af9c20676b66bbf453479c7460ea52ba0c2d4aad001b99663187561a812eafe2266556d6f76e93ccad61748a509c24d5
Message-Authenticator = 0xee7a225857e3d13f27a7e7580b60f627
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
rlm_eap: EAP packet type response id 7 length 95
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 176
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020700481a02070043313e60a45540ab5f7c421378d3c273a6bf00000000000000006b001b6efee1b5e7988dc
e396f73e31d055c512861885cfa004d414c4143484954455c676161
PEAP: Setting User-Name to MALACHITE\gaa
PEAP: Adding old state with 44 29
PEAP: Sending tunneled request
EAP-Message =
0x020700481a02070043313e60a45540ab5f7c421378d3c273a6bf00000000000000006b001b6efee1b5e7988dc
e396f73e31d055c512861885cfa004d414c4143484954455c676161
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "MALACHITE\\gaa"
State = 0x44291341705504e0490ffb683cbdcc1d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
rlm_eap: EAP packet type response id 7 length 72
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 153
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: Found LM-Password
rlm_mschap: Found NT-Password
rlm_mschap: NT Domain delimeter found, should we have enabled
with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for MALACHITE\gaa with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 150d40 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 91 to 172.25.16.9:1230
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message =
0x010800261900170301001b80744293aa74be02bac75f0751b543b5c4a3da2b05405537e1d50b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5c53e02f3defbe5281c56129dbab5ac0
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=92, length=251
Framed-MTU = 1480
NAS-IP-Address = 172.25.16.9
NAS-Identifier = "hp-50-9"
User-Name = "MALACHITE\\gaa"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-11-85-40-71-ff"
Calling-Station-Id = "00-14-22-dc-9b-16"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
State = 0x5c53e02f3defbe5281c56129dbab5ac0
EAP-Message =
0x020800261900170301001bb607670cf9aa0e0f599f7dc939230f500eae9fca26c1ebd07f758e
Message-Authenticator = 0xd6b2998526c8831e8d7e1df1ce0fb09d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for MALACHITE\gaa
radius_xlat: Running registered xlat function of module exec for string
'/etc/ulcmit/raddb/nodomain %{User-Name}'
rlm_exec (exec): Executing /etc/ulcmit/raddb/nodomain %{User-Name}
radius_xlat: '/etc/ulcmit/raddb/nodomain MALACHITE\\gaa'
Exec-Program: /etc/ulcmit/raddb/nodomain MALACHITE\\gaa
Exec-Program output: gaa
Exec-Program-Wait: plaintext: gaa
Exec-Program: returned: 0
rlm_exec (exec): result 0
radius_xlat: '(&(objectclass=person)(uid=gaa))'
radius_xlat: 'dc=ulticom,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=ulticom,dc=com, with filter
(&(objectclass=person)(uid=gaa))
rlm_ldap: checking if remote access for MALACHITE\gaa is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [U & op=21
rlm_ldap: Adding sambaNTPassword as NT-Password, value
E6DEABE732705BC462E2195793EDAF37 & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value
D388721E3CDDC12DAAD3B435B51404EE & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user MALACHITE\gaa authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 7
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 176
users: Matched entry DEFAULT at line 188
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.25.16.9:1230, id=92, length=251
Sending Access-Reject of id 92 to 172.25.16.9:1230
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 85 with timestamp 43c2a6d8
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 86 with timestamp 43c2a6d9
Cleaning up request 2 ID 87 with timestamp 43c2a6d9
Cleaning up request 3 ID 88 with timestamp 43c2a6d9
Cleaning up request 4 ID 89 with timestamp 43c2a6d9
Cleaning up request 5 ID 90 with timestamp 43c2a6d9
Cleaning up request 6 ID 91 with timestamp 43c2a6d9
Cleaning up request 7 ID 92 with timestamp 43c2a6d9
Nothing to do. Sleeping until we see a request.
-------------------------------------------------------------------
If all you do is look at the last line or two, you're guaranteed to
not see what's going on.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
Nielsen's First Law of Computer Manuals:
People don't read documentation voluntarily.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
