Hi all,
I'm using freeradius 1.1.3 with PEAP and EAP-TTLS,the authentication
using MacOS works but the time spent from when the client insert
username and password until the moment when the user is authenticated
(and obtains the IP address) is very long, about 2 minutes. Is normal
that authentication using WPA takes all this time?
The access point is configured for using WPA-Auto-Enterprise, *Auto*
means that WPA1 and WPA2 are simultaneously supported.
What could be the problem?
I attach the log of the first 6 request reveiced by radius server:
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.181.1:1025, id=0, length=118
User-Name = "prof1"
EAP-Message = 0x0209000a0170726f6631
Message-Authenticator = 0x47215532a35576a17075df36ea3fc3ff
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 9 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/PASSWORD to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 0 to 192.168.181.1 port 1025
Filter-Id = "98"
EAP-Message = 0x010a00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf2ead6bbb34d175655fd95e278883608
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.181.1:1025, id=1, length=244
User-Name = "prof1"
State = 0xf2ead6bbb34d175655fd95e278883608
EAP-Message =
0x020a007619800000006c1603010067010000630301452f7605313cb910fc0c748bee9e7303122d4eefc3f3f3d066ffa7c86aad849400003c002f000500040035000aff830009ff82000300080006ff8000320033003400380039003a0016001500140013001200110018001b001a0017001900010100
Message-Authenticator = 0x89fa580ba955c11374b1a25b81e0cfc0
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 10 length 118
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0067], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06ae], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 1 to 192.168.181.1 port 1025
Filter-Id = "98"
EAP-Message =
0x010b040a19c00000070b160301004a020000460301452f73845ecfbd990214a4bc2aac91caf9f2d7d7f8afc67fb85ebf7d8b966cae203b42eff3d0b3427553ddeccc6c33559c5a4d85824ce584ea261d7d5b031fd772002f0016030106ae0b0006aa0006a70002d5308202d13082023aa003020102020900c15c0043e46eeae0300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b30190603550403131243
EAP-Message =
0x6c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3036313031323134323031375a170d3037313031323134323031375a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f3119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886
EAP-Message =
0xf70d010101050003818d0030818902818100c60af01facdb1bbf0dfcf9693f1db7b7abb6905261ddac50b3594df62ceabe39a5f931dd97f2521f754cd66c39f8f37b1149a26d74af49b4eeb7bc930839ab9dc93595f181170600c1aefc24e028b41431259e61e679ade357f82ae8e7f554ec5c572151fa0c4c583d794769cb98867bcde07335ac95c94be9561fb2de82563d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009d6536d8cb33f8365fd61bc062a6d6f706cddc11063d84ef4b6ae543dd18d15eef5c1c273403f4c466d890bb55e1bbbf29f38f511554831cb460
EAP-Message =
0xdb90ea3c4fa657556e3bf1bbb86b1f5bceadb472663b26dd17fd83ac2db439b0f185605d909a3fcd3d31f85096bd14e415dcce5fcc298776bbe82baa28b408abcbc5225f102e0003cc308203c830820331a003020102020900c15c0043e46eeade300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109
EAP-Message = 0x011612636c69656e74406578616d706c652e636f6d30
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe6b27ea77d5f7f7e2e7eed00e391d699
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.181.1:1025, id=2, length=132
User-Name = "prof1"
State = 0xe6b27ea77d5f7f7e2e7eed00e391d699
EAP-Message = 0x020b00061900
Message-Authenticator = 0xd4919c23bdfa2c0da7c7c5eae824fee3
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 11 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 2 to 192.168.181.1 port 1025
Filter-Id = "98"
EAP-Message =
0x010c031119001e170d3036313031323134323031335a170d3038313031313134323031335a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d1834676843139241f85b29b130df7eade2392a6f86ce3b912
EAP-Message =
0x0ca3a35399e73d2b3148b8decb8914a41ae016625a6d93b4266ad18023b924aa4b5ae13bd7d9cfff0fc885d7523163d3904e434c7fae94b82b1474cd318c0c88af5db0cab240c4c7be02f527bf766420266bff30a2a572de64507f01ee9e35283a7022370429a30203010001a382010830820104301d0603551d0e041604142f4a965f7d02a211a01c6062f921e94c7c3978e53081d40603551d230481cc3081c980142f4a965f7d02a211a01c6062f921e94c7c3978e5a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a
EAP-Message =
0x130c4f7267616e697a6174696f6e31123010060355040b1309626172626163756c6f311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820900c15c0043e46eeade300c0603551d13040530030101ff300d06092a864886f70d01010405000381810018230a55e71091a68331acbbdc7c440fedc00bdca273904f8abb0f89eece7b7788691cd225b6f79ed7938b9b6c3bc065a9673db78fad613669252f435b9d41b9003fb953d87d6152df09ce6fce19c7960d9e718c81455543cee043c5f00206f7afd633ad017ee4c5c7d6162f434476
EAP-Message = 0x5d21f4f6fd18a48d99efd1cb23d17c76ef16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf14b23ccd4c45124c6e5320c622235f2
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.181.1:1025, id=3, length=334
User-Name = "prof1"
State = 0xf14b23ccd4c45124c6e5320c622235f2
EAP-Message =
0x020c00d01980000000c61603010086100000820080437ee99641df7b85d38c6a95ba9e7d911c8dbfcc1b035620620a9481f82cb986ccd75d0452b63fd5905f0d49630b8bff4afb6b76e35daf8de34a070cda7213a134b4eca6757b317f8ebb0d7add5bb72a4901fecf7f88a891fe7b85d98b6ff328a47d331e286cafe41ae105b5aba85111fda0dce7a1b7feb502de87533331af1414030100010116030100306221375b87fb3d5948c3e166618d70c4f1821bcd863c47c881709d9176c62acc0c3fac42360e903720aa7c1669b32dd7
Message-Authenticator = 0xed94ea2addc0877663fde48fd5e56483
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 12 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 3 to 192.168.181.1 port 1025
Filter-Id = "98"
EAP-Message =
0x010d00411900140301000101160301003087c4ab9d0f24aad9488721859e6a1f607c46904434a9b621144ca3eb89abf849fa2d236b4ff61049cc2f1c8c6fd1cbd1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x98856ee470e0bab5d1015e5d60c960cb
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.181.1:1025, id=4, length=132
User-Name = "prof1"
State = 0x98856ee470e0bab5d1015e5d60c960cb
EAP-Message = 0x020d00061900
Message-Authenticator = 0xb08f4115756307c359bc2d3549e1f731
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 13 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 4 to 192.168.181.1 port 1025
Filter-Id = "98"
EAP-Message =
0x010e005019001703010020df6c57b1bcf1782bd9862d6a0507f81ef61382b636f7a6ddb2d0c28f59aea56f17030100208443325c28a58f1c78683974be9ccf95ae3c251f83325a13d7ddc462856533a1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x25e9776bc898a883cc3e2156d2e0ab81
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.181.1:1025, id=5, length=169
User-Name = "prof1"
State = 0x25e9776bc898a883cc3e2156d2e0ab81
EAP-Message =
0x020e002b190017030100200d0606914cf82fafdfcb8a2c3b5ab15e1d782e12a618c1ea941b7470e88e70d7
Message-Authenticator = 0xec6ee1738fa9e30a0e206c0b3fcfad5f
Calling-Station-Id = "00-17-F2-44-11-C2"
Called-Station-Id = "00-50-BF-E3-E8-2A"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 0.0.0.0
NAS-Identifier = "14"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 14 length 43
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - prof1
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of prof1
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to prof1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "prof1"
rlm_realm: Proxying request from user prof1 to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 14 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
radius_xlat: '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (&(cn=student)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dmydepartment\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=mydepartment,dc=mydomain,dc=it, with
filter (objectclass=*)
rlm_ldap::groupcmp: Group student not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat: '(uid=prof1)'
radius_xlat: 'ou=mydepartment,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=mydepartment,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-05-5D-25-12-5B & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-0B-6B-4A-22-E8 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-17-F2-44-11-C2 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value 98 & op=11
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-05-5D-25-12-5B
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-0B-6B-4A-22-E8
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-17-F2-44-11-C2
modcall[authorize]: module "checkval" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 5 to 192.168.181.1 port 1025
Filter-Id = "98"
EAP-Message =
0x010f006019001703010020abb5c2709adb9749c495c5e251cebc0cb4de8b227f0ee940a8e1981e2fc4c73d170301003011bec337b557e06ad6b2ce7e47c5917b4e3d9c3137dfc692e712617208c7010a0da488579d0235ce6d50519bf7393b7c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5612e1c4a3445c7c3e12f391f8345b6d
Finished request 6
Thanks in advance
Best Regards, Giusy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
