798:[ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
799-[eap] Freeing handler
800-++[eap] returns reject
801-Failed to authenticate the user.
802-Using Post-Auth-Type Reject
803-+- entering group REJECT {...}But I really don't know what it means.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=125
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000b0168657275616e
Message-Authenticator = 0x4bd473610ad7dcfdcb6b1016a23acb10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for heruan
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] expand:
(|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}}))
-> (|(uid=heruan)(cn=heruan))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.laurelin.aldu.net:389, authentication 0
rlm_ldap: bind as cn=radius,dc=aldu,dc=net/RaD-802.1X to
ldap.laurelin.aldu.net:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=aldu,dc=net, with filter
(|(uid=heruan)(cn=heruan))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x30...
rlm_ldap: sambaLmPassword -> LM-Password == 0x35...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user heruan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x010100160410faf366dabc0e2d2eada92aed8a1beef5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f46e07fbc157e3e44121daf3
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=138
Cleaning up request 0 ID 1 with timestamp +11
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f46e07fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060315
Message-Authenticator = 0x24f629997ec0167cb1d9418bb69bf17a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for heruan
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] expand:
(|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}}))
-> (|(uid=heruan)(cn=heruan))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter
(|(uid=heruan)(cn=heruan))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x30...
rlm_ldap: sambaLmPassword -> LM-Password == 0x35...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user heruan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f56d16fbc157e3e44121daf3
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=393
Cleaning up request 1 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f56d16fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02020103150016030100f8010000f4030148e4e7f928c698fc14284694b68c2ce5e5ad5c04a1d79037c24cd9813e14d02400002600390038003500160013000a00330032002f000500040015001200090014001100080006000302010000a4002300a0f3f755f03310a19873fb5975ca54ee2c19ae8be02615dec2639ee3cc859117d420ddfa88ee933ba72797d57219d2866acb542fa1265c6b02b394ac5cc64d3966bf0734b6513619c825c30980461030e1061454aa062afeb5eeebf04c88d7e5aa76a89c98782c6555301c0f8ade20b29e4e83f7c9e005e07cd2c05173f63f944d065e5000f82e19c313290db58e8cb15f75639d97d17ad3a2da20
EAP-Message = 0x1884e21d7209
Message-Authenticator = 0x5ef1bef4e588c171b000e3c9c399544b
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 00f8], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 0030], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 0d44], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 030d], ServerKeyExchange
[ttls] TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message =
0x0103040015c00000109916030100300200002c030148e4e7f9c882e287b5388f22b083365b35904cc0abea3dea125ea2354b8f4df4000039010004002300001603010d440b000d40000d3d0006d2308206ce308204b6a003020102020114300d06092a864886f70d0101050500308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574301e170d3038303532353137
EAP-Message =
0x343933375a170d3131303532353137343933375a30818a310b3009060355040613024954310f300d060355040813065665726f6e6131153013060355040a130c416c6475204e6574776f726b3111300f060355040b13084c617572656c696e3121301f060355040313187261646975732e6c617572656c696e2e616c64752e6e6574311d301b06092a864886f70d010901160e61646d696e40616c64752e6e657430820222300d06092a864886f70d01010105000382020f003082020a0282020100e1506dc7d5db924cd5f782f63b4a6e95fbe1fbab0a411397f249f7447e65d266d5fcc166684fd5409a0d2ff5b034972c8b69a7e4fd286b102c7d9a
EAP-Message =
0x9a0bd886919dfd9788b679df6ad937124cde203e89c863f10fe1155e09449ef630bb489fe2ec1aac506107ec5f9ce1bd73100992ff5b7863452a6b73e8274e8d4d8ffe8250ed90f83b0739f66bf47fa8d2c6a23f7fd3413b9bb090762d951e4b873ca983e3aaf2690e92b1b2031765f177eecf6046105b6eea4ea422b130eb338aed9be7126ddff6fca11b398463a3e787c33b33851e231721e312da0b979ee794c48b01dc4f59a5cf79cb294c4dc4102abc8e0c93cdcff7ad4228ee4fe5c7ab2a8f4ba2373d0c86d159a2b43e314281120642a1dbe53c7fc5e77c0c32dc5ab8e8cce23e002480f23c31ee7371b2674205b9e48d62f2153082ae67d061
EAP-Message =
0xc368d86793cf6bf20a5721425d2af0e7ffc1a16ebc5d961a44a8d3e11239282767cf346e4c6205d86fc37be511f70dcb5f5f1cb03c971fd8ab68162146ed68476b2c019d1517397bfb956dead83ba2bc3a04a32c071b8654c6bd5b4f0be5e0a144a79bcbc01c259913808239e5ab6c1af15ae2ae5cb21191432312835ead8a68f7e5cb47c5e9ee5fff4d199d8619ad6ad297003fe2b8df4029872064b60c958bb66e41f45da69d5e80f7bceff2817e562fb3e047952f4f821341d039aee30fe5f5b65989bc14826f0203010001a38201443082014030090603551d1304023000301106096086480186f8420101040403020640302e06096086480186f8
EAP-Message = 0x42010d0421161f416c647520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f66c16fbc157e3e44121daf3
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=138
Cleaning up request 2 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f66c16fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061500
Message-Authenticator = 0x0014a82ba883ba4ae3b8e24f61745d69
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message =
0x0104040015c0000010994e6574776f726b20736572766572206365727469666963617465301d0603551d0e0416041486c2b9b3402bae0cb4ed277cd43364ab5d483ceb3081ae0603551d230481a63081a38014fe54771221d91a1005efa50f6f8f886af9cf6447a18187a48184308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574820100300b0603551d0f0404
EAP-Message =
0x030205a030130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038202010081e6d66dea240cd1b99aa67bf1fc1c33f59c3e28412ca6694b1be9bfe8b475c0954b7bee98ed5779654f98edd32d070761641d0b0977704bf918dc81002f6ac48ba27db0b71bfeed4bc8199af442038c9f4bc15e025fe4f86fb5c1b84663d5f3061bff74fe017f3a2e4706b70a6a809c0178b20d98a8af55a3c2cedeba3842d3d120fbc08727984435fac4d4c0dc56ec5ae8b75412935f70242c3c5ff047f8508104b912a2a36ff6cd8860ce938fbcaee40e0b5efb95875b430479d6d3953258a1b824b294be10bae0cf10f2f2983875
EAP-Message =
0x43cdee650acf20db20609ec9df5ee0c144897eb32fe03e5224fb54478169203af95f81345a1f65f589f8115e24fb3e4a9a51b0504751a85dcc79fed0a515c42f1d0e98d55a69f40f3485b3691d2c8fc2ac458c024f911fecf9f87f1319039e129a8da222a245a7822db409b17bc2feca66ecbcd34ff4ffb7f7fb48f472de6bec8227bc2a8b8626b297c4afc54a7165000fe6d34bc56a5119f4b399fd46b5cd77f36f7cc15b884c54348cfc388d2c510a7ff279bf003760f06eee2be7d14e8aef714a65834748992443d7912e7555ba6c842d47eb34cf2a6d8267c4888eb6920b33e23cf1fe1281da00dfacdad69f88fabbbc1fbd034e17a685f07d02fc
EAP-Message =
0xb3b3164bf7c1c959a72bcf820a3f8cd4d9fd1c72bdbfcc9031a62642dcc2fe447440eb99a571b10c936c35036d46e0ba5cb9b70006653082066130820449a003020102020100300d06092a864886f70d0101050500308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574301e170d3038303532353137313532335a170d3133303532343137313532335a30818131
EAP-Message = 0x0b3009060355040613024954
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f76b16fbc157e3e44121daf3
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=138
Cleaning up request 3 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f76b16fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061500
Message-Authenticator = 0x7d696164144cc750f1bdd7cca30cc641
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message =
0x0105040015c0000010993110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e657430820222300d06092a864886f70d01010105000382020f003082020a0282020100e352d800a194047d72504330b65278cf22b0a7211472a77939e369cd5121e27e119f05cb3c660aefda12d90bad75dda2b965f831d5a2e1038bbe7c9f8addb1c5ab1efe5be47d2eac1b3972b68bba4c406916c302c35dfd5ef11d36f1a563
EAP-Message =
0x7ae33661b27f2e9bb8843a5319061eb7167d274bb6942dfc1878b7f638ed9b9ff4ac4b9b5bdf094e275ff5b53a0551f24d1e63f35d7cfa96c2e00a5ca504b62f5f32cfc3d8aa6f589de482bedeb65224d6e425144be81e36eab9844dbb0fc5388a29b55a23f34798a90f534e626e102a0f0df13ae0f72fe99fe9dcf3575bd85a628c06fe8f6cc51f69271b4203ebebfa52b49df5fd0171c36f204bd64c8989d1fa45628140ffa19d8285702462b34ae01721197aefcd87fb79d2417705f8ef205f2b59bafe222a077c91c22e2481dfcc02eb6a0be6fc6317bd52289ef787f1bd9fe34b5b92b7485408ef15ebe685d408d77dcbd9ba07755e4ecf657479
EAP-Message =
0x3855e64291199a5a77440faa0101f2b4c85a3a92c62aa075cd4f535b0b0321d7839c7b59c02d61cc77cbf1ec4425b8726d315a3228fba109abe1ede78e13f5cf82fa216cf0193fcc641cf3a4e97b43dd425b7e95cfd5d3c692332ced3bb96d9b6d5a2fbb3777a951e0cbeee0e23cb7b911c728db165f153c1e4e1c68ba690d7fbcb04fb05e78b0363308ca5a67f4a3ba844407f51d3a4796dbdf3bb01739e33a60720418dd0203010001a381e13081de301d0603551d0e04160414fe54771221d91a1005efa50f6f8f886af9cf64473081ae0603551d230481a63081a38014fe54771221d91a1005efa50f6f8f886af9cf6447a18187a4818430818131
EAP-Message =
0x0b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382020100a53bd0a1d836628f9e26a6c7267136549f18ca3cb6d234a5d055d43abdbcbe0e825def229bdc0cbf3c9f38997a15da051b0ce615e8941940dccd43fb24dbea1ee66af0942af577240d47b79a20ecf28741253f7caef99281
EAP-Message = 0x6fb6b25244e2b2eac310fef7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f06a16fbc157e3e44121daf3
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=138
Cleaning up request 4 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f06a16fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500061500
Message-Authenticator = 0x11fda5dbe435a0608c3a63c5155aa8b1
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message =
0x0106040015c000001099d7a86f60a2b967aa0d28ae7fe86fbf4a029e4a6e8ebedbef1eb7c7a344d87591be5b8bb28140d1faec4c4753fac13fb77dab34db643e84a0cb961f8947fc1fc6b0861993319ac5b28086aa3f5b0847b15bb97d24cf1690a3aab0ccff85403dd201abcb1b8b279b4b9ecb641d70269ebc603614afd6c56cbc44c8e0e9ba67661e63c195e60738ae589ce857a6a9e7a38ff15cc4c17f5872efdd743641ce8bf543883c98c8d468635d8c8801b6c8825cd26537ca4f7e1789d4c3bde7c9d1314a1ac5bb5d1eeb2e12ef7a5bb1c3ddef303a68284cd5a53d58aa612852d92b81911302468572546831641111a81733a42bbe129cf9
EAP-Message =
0x85b42790a5eb675e742364bc2cb449da2955062efeaa1f1a661933e9ef6a2d4a85c2611e6cf3b5c42511555c4fcab1e5ea237f8017f3f38d5f84e9adae7549f05128f89779b28586d38257a9883f71939263b4dce4945c13b3048e5f8d6ac94e8eab4c2742671ae683451cfff0bf5aa169f15edf30a7cad9f02ef7d004df5db2d4a8001e10730cdf3b140bc1251ea71d8332b2ddebf0117d6f52cefdde1ba9b055795c10c57b3e53c2160301030d0c000309008080ce0d83f98bb5b938122f41183619678af4e0164cd24f47cb6c69ecf7313e7ac43d06f6fb34b5325985920c43936299b311d655257ed4cb8d3607967a75527d17da7e84e8390ff18b
EAP-Message =
0xc461727d7da6f39a11b49f86374fec2f331e878965be0d120ad32452a0d9b351b542cde08bc415b8cd80d966ff4ca1371789b1853940e300010200807cc6f6044995fd93a17e053ddf0bbe507d882e3d8f3b27b0603f2353af138687dcfe87cb5cb7501fdcea18cc6cf67355c9896c4b0818a0163b9f3679059dc182902310021277c8ffe55414a8e99619a2a24a5e2cb5662ab30c75ec82133715ad9e06688b2bc6963521c823eefb086bd740e00951447f4e4fefd88e19c3e14aaf0200016f9884de001868763f3384f0a37c2d5e5f2c546e5651124ff7d87876d0c6106454b23e7727ce9dad73013ebfd31fea3c127dec695615e88bae6c78975129
EAP-Message =
0xcc255fec0bd31afdd66675c29fb77401b7ec5937c8fa709aeea8a776c95a0cf89bd71b3bbb464ef8e36a22c544f16ae465f82d56b96bd677ef57a679da1d55ac3854111535781c9d7b9669d1981a2dfabe289903cc5b85385e7b30b66d1f6c5aadb55a62dcda6d73fc9eea9a2018376dc0cfeac620c890a0488e14fe3803b4aea478d8c56f1b7e54fbc4871b3a5ead95dae254ac8928fadd6a8051ec5c930834f2b1b18a4de92835fe8e048d8f2bc33fc3a1873813afef40a8c657847def19ac8d8741ec4e812d2cc704dfce92977bcbe1555bbdedf75e569423eb02001d5771060506e05ea83daccecdc39c81c53c66f2970e018b5ae548b7a49d8c1c
EAP-Message = 0xa6fca7afb134ff1b5e08890f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f16916fbc157e3e44121daf3
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=138
Cleaning up request 5 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f16916fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020600061500
Message-Authenticator = 0xff6b6c02b603f2c9cc862800ffbc096c
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message =
0x010700cb158000001099c703820dae9f500e0be2f038c86fd40cf924c4f49781eaca0617a4348a94f66f6013842f7a5c4c6734194d13e75aad29a67799ad0847d46ebfa076adf64fbb05b63f74cf48162ca2a4f1f6a693fae9a8306134d36da2bd8acfca12e55cfa1b900130559d56e6d67806ed885cc680d7d1615f75fdbbfcedbfff275d973b76e16a92a6306c6ba48597d24e322daa794d8b5b08232c204de060884e7d87b351ab3b707c586b1f30ac8d1fe689217a0fef590288d2e43eed6d3616030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f26816fbc157e3e44121daf3
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=336
Cleaning up request 6 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f26816fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020700cc15001603010086100000820080673f637cef57b74512a57a131307458ae072e52dfbe740e3cbdec7fea4eb4fd68ad80762590666712aadd701da61f1f89e590be9e4f15d0dfcc7b70736b35ae1467b545d59317ef639995905c98045969583090d2f0f92152b475fcdcaafa228da295afc34ee4d671f41c9b737810956da9ece2877c4bec44d24db7f4c53f354140301000101160301003038789a08b245fc126bbe3a24a5624b34f496185bbefc58f52ba017868c9bcc17a8e50158c370342e857fe3e77b61549f
Message-Authenticator = 0xb9d62831c9c7caefdf69c3b99c4d8957
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 204
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 Handshake [length 00aa]???
[ttls] TLS_accept: unknown state
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message =
0x010800f41580000000ea16030100aa040000a60000000000a060ca7c093b0c08609eda8927d1b01099807479bd89282e811614e29108fea13762dd72c299cdd17f1562f34bf674fc2f08625e4fb6c5538c8505002a70f6343a67f117db650d06a50bcab321e759fcb25d0d64732dada6031d6b5597734f447a9ae20c2f490b02262094c018490ec5489cb437f4c93c328c096a73640dbd921b0930f0f3d7f1885822184235fcd23f2cf7bf739a496de5b4dc6a6480b89d4c5a1403010001011603010030e721d41d48f9ebbf90b0d949e20669215f2fa79c9f55b2a6178276e03b4e1fea4d694027607ef7622edb42291c72ee4a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2f36716fbc157e3e44121daf3
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=308
Cleaning up request 7 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2f36716fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020800b015001703010020dcff405e309bcc0a01d21f9df29f7399f13a55b30378b767595bc3b11024b5a91703010080aee67219dc7dcd15dfe508647563e4f24f003113bae2c10d9d6fb8dd023da2d3c81bcff3a18c4a2d07c6e27d1e0e2385e3fd86058abe23a074078053446409d45e7ef65e5a6977899a95604f943fa43fdd9d2b70186f66644a916f0cc7673748bf09837d8cc0c3926cc6920a681fd549bd8061977cdc0e7e6c5ff21c849fb5a3
Message-Authenticator = 0x8486851c6545cab5b42fd05d3a183a04
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 176
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "heruan"
MS-CHAP-Challenge = 0x21baa0943340f88f07f8802a8ac6690f
MS-CHAP2-Response =
0x7e0000000019000000c84e1909b04e190903000000000000000085749071e94c2f3f736d3aba3d7874e3961c739ea28340db
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "heruan"
MS-CHAP-Challenge = 0x21baa0943340f88f07f8802a8ac6690f
MS-CHAP2-Response =
0x7e0000000019000000c84e1909b04e190903000000000000000085749071e94c2f3f736d3aba3d7874e3961c739ea28340db
FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
++[unix] returns notfound
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[ldap] performing user authorization for heruan
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] expand:
(|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}}))
-> (|(uid=heruan)(cn=heruan))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter
(|(uid=heruan)(cn=heruan))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x30...
rlm_ldap: sambaLmPassword -> LM-Password == 0x35...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user heruan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap] Told to do MS-CHAPv2 for heruan with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
} # server inner-tunnel
[ttls] Got tunneled reply code 2
MS-CHAP2-Success =
0x7e533d31324145363332353036363734304334343836353236363239423738453843303538363539334346
MS-MPPE-Recv-Key = 0x90e46fe588c50f30b1fabcf942019be5
MS-MPPE-Send-Key = 0xea3ea373e2e1e279c847a7beb2c5f588
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
[ttls] Got tunneled Access-Accept
[ttls] Got MS-CHAP2-Success, tunneling it to the client in a challenge.
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message =
0x0109006f1580000000651703010060616bdc70b991cb3ccc5449f13e93a374a0be21787fc7a91d0195a68017ddc3e1c4bcbbcee2e5aaf6bcae29b09aefd237f693eebc4b3ebcba8068dbe3b71e9d6af3236bee9a2efa8358d594a74f65490319ed9e64ef06f10fe8212068c05844a9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf46f03b2fc6616fbc157e3e44121daf3
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=138
Cleaning up request 8 ID 1 with timestamp +12
User-Name = "heruan"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0xf46f03b2fc6616fbc157e3e44121daf3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020900061500
Message-Authenticator = 0xa01f486fa472b238ae70656c633e9340
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "heruan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake is finished
[ttls] eaptls_verify returned 3
[ttls] eaptls_process returned 3
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 1 to 192.168.22.1 port 3073
MS-MPPE-Recv-Key =
0xa7d9381f75ce74495aa1f0e6aa017f40e573239eb999d715d95e9ff50ae10569
MS-MPPE-Send-Key =
0xbcc49edaa0afd7e62cbe97392c3c01dd52267bd6454a24b4b1f335618528ec18
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "heruan"
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 9 ID 1 with timestamp +12
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=125
User-Name = "jamila"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000b016a616d696c61
Message-Authenticator = 0xcdae13a716b61cabbcb70e726276d665
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jamila", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for jamila
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] expand:
(|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}}))
-> (|(uid=jamila)(cn=jamila))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter
(|(uid=jamila)(cn=jamila))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x44...
rlm_ldap: sambaLmPassword -> LM-Password == 0x42...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user jamila authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x01010016041067c2d2ac231b541d1ebb9d5e9aef272e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7d75f9417d74fd26c22394ad8dcd0b12
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=138
Cleaning up request 10 ID 1 with timestamp +25
User-Name = "jamila"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0x7d75f9417d74fd26c22394ad8dcd0b12
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060315
Message-Authenticator = 0xa8d0e7d17c0e5240d1bb804c2703807d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jamila", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[ldap] performing user authorization for jamila
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] expand:
(|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name}}))
-> (|(uid=jamila)(cn=jamila))
[ldap] expand: dc=aldu,dc=net -> dc=aldu,dc=net
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter
(|(uid=jamila)(cn=jamila))
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x44...
rlm_ldap: sambaLmPassword -> LM-Password == 0x42...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user jamila authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7d75f9417c77ec26c22394ad8dcd0b12
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=393
Cleaning up request 11 ID 1 with timestamp +25
User-Name = "jamila"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0x7d75f9417c77ec26c22394ad8dcd0b12
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02020103150016030100f8010000f4030148e4e806522dfb2b7aec334d620648c3c4485a1e0b6d2b0dc25fdd747efeee4600002600390038003500160013000a00330032002f000500040015001200090014001100080006000302010000a4002300a060ca7c093b0c08609eda8927d1b01099807479bd89282e811614e29108fea13762dd72c299cdd17f1562f34bf674fc2f08625e4fb6c5538c8505002a70f6343a67f117db650d06a50bcab321e759fcb25d0d64732dada6031d6b5597734f447a9ae20c2f490b02262094c018490ec5489cb437f4c93c328c096a73640dbd921b0930f0f3d7f1885822184235fcd23f2cf7bf739a496de5b4dc6a
EAP-Message = 0x6480b89d4c5a
Message-Authenticator = 0x89044f83ea2af62d3bcf0b6260d427df
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jamila", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 00f8], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read finished A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.22.1 port 3073
EAP-Message =
0x0103007415800000006a160301002a02000026030148e4e8063dbbed9ca6725e2645bd72a6173fb03e4cb690ea59de42089734b392000039011403010001011603010030d93ac0e280be40fbe5c37337e666f049168441db2ab2559b2c80603a9f691dfa54793f42b378988c90a4dde60351e7b7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7d75f9417f76ec26c22394ad8dcd0b12
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.22.1 port 3073, id=1,
length=197
Cleaning up request 12 ID 1 with timestamp +25
User-Name = "jamila"
NAS-IP-Address = 192.168.22.1
Called-Station-Id = "00c049d3f40e"
Calling-Station-Id = "002268c0eb93"
NAS-Identifier = "00c049d3f40e"
NAS-Port = 184
Framed-MTU = 1400
State = 0x7d75f9417f76ec26c22394ad8dcd0b12
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020300411500140301000101160301003013ca1053acec332d812ff938d32329665b95b49a397a3b018a5ada0c8f43cac051573f2c7f0e18b21941acd317161ed3
Message-Authenticator = 0x600117a5ce085e9040580d94a1a0becf
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "jamila", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 65
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
SSL Application Data
[ttls] eaptls_process returned 3
[ttls] Skipping Phase2 due to session resumption
[ttls] FAIL: Forcibly stopping session resumption as it is not allowed.
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> jamila
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 13 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 13
Sending Access-Reject of id 1 to 192.168.22.1 port 3073
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 13 ID 1 with timestamp +25
Ready to process requests.
[EMAIL PROTECTED]:~$ xit
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
