Remove that Autz-Type := Ldap > Done. preprocess Autz-Type LDAP { ldap } > Removed too.
And the debug (a little bit long...) : Wed Feb 18 16:19:31 2009 : Debug: Listening on authentication address * port 1812 Wed Feb 18 16:19:31 2009 : Debug: Listening on accounting address * port 1813 Wed Feb 18 16:19:31 2009 : Debug: Listening on proxy address * port 1814 Wed Feb 18 16:19:31 2009 : Debug: Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=199, length=204 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" EAP-Message = 0x0201000e0175736572766c616e31 Message-Authenticator = 0xef16e42d1166597b57ffbf6e49dba74b Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 1 length 14 Wed Feb 18 16:19:43 2009 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns updated Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Entering ldap_groupcmp() Wed Feb 18 16:19:43 2009 : Info: [files] expand: cn=vlan1,dc=test,dc=fr -> cn=vlan1,dc=test,dc=fr Wed Feb 18 16:19:43 2009 : Info: [files] expand: (samaccountname=%{User-Name}) -> (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: attempting LDAP reconnection Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: (re)connect to test.fr:389, authentication 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: bind as cn=bindradius,cn=Users,dc=test,dc=fr/bindradius to test.fr:389 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: waiting for bind result ... Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Bind was successful Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Feb 18 16:19:43 2009 : Info: ++[files] returns noop Wed Feb 18 16:19:43 2009 : Info: [ldap] performing user authorization for uservlan1 Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: (samaccountname=%{User-Name}) -> (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: cn=vlan1,dc=test,dc=fr -> cn=vlan1,dc=test,dc=fr Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Wed Feb 18 16:19:43 2009 : Info: [ldap] search failed Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Feb 18 16:19:43 2009 : Info: ++[ldap] returns notfound Wed Feb 18 16:19:43 2009 : Info: ++[expiration] returns noop Wed Feb 18 16:19:43 2009 : Info: ++[logintime] returns noop Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP Identity Wed Feb 18 16:19:43 2009 : Info: [eap] processing type tls Wed Feb 18 16:19:43 2009 : Info: [tls] Initiate Wed Feb 18 16:19:43 2009 : Info: [tls] Start returned 1 Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 199 to 192.168.1.1 port 1024 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7a38d5c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 0. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=200, length=288 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7a38d5c9dc391a3e151ac2bef EAP-Message = 0x0202005019800000004616030100410100003d0301499c274083cf1683279acd57f63bebce33cba9b063135b2b3ae374d7132bfee400001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x8257675be6f80dde0fe81eb7fb712afd Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 2 length 80 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Debug: TLS Length 70 Wed Feb 18 16:19:43 2009 : Info: [peap] Length Included Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 11 Wed Feb 18 16:19:43 2009 : Info: [peap] (other): before/accept initialization Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: before/accept initialization Wed Feb 18 16:19:43 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 read client hello A Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write server hello A Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 085e], Certificate Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write certificate A Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write server done A Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 flush data Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A Wed Feb 18 16:19:43 2009 : Debug: In SSL Handshake Phase Wed Feb 18 16:19:43 2009 : Debug: In SSL Accept mode Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 13 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_HANDLED Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 200 to 192.168.1.1 port 1024 EAP-Message = 0x0103040019c00000089b160301002a020000260301499c270fad1673a41a01708536fdae67a8aff4f1c422aa06a8bc60a7e27e81eb00000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039303231373130353330395a170d3130303231373130353330395a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009680cb81a09c5c552336f4df5885de12bd2987b434e65b615af302fbfa6d742fe641a113db5d71aaa094c79e0bcf5642e0eb42a847f4cbb30cc9f8e18fe2 EAP-Message = 0xf84213607bf5b318120faeea122e84582ae10435590ccdea588e510feb290030fad45af119c03f39bbc4d268f144996bc8714c74725ff081c11b76130cbc79a50e6c92311274493ef5bbd583c5005e898d644b772320d15fa2a48906a08d6b65a5a90359d4cefda9ae05a2b67b2d136df1403f99fec9e855d2afcb22545e10719210700d7f77cb90b688f4035797e0bf53ba74ee10276049edf0e46dec501cc0ef50b0c578d9269fbd02e23e03106ddbd2ad7fe3008ab9ce24b9dc443f36aa8f0a1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101001124395bad18c9bfa0 EAP-Message = 0x1cdb4a454cde4769686ffd2631e4cd40e2302e007b77f9e7c89ca62ee013aceaf40ca79f9450b5561012f365d449833211ef34c85bbdd3ce3359ac722477f5bf959d6b34a08ce56c10a3433b7132d3ade98c4ef3a591c8c53d6772d2c53438c32dd162703a41bf4829275ace3a017ff356ca455761091c2f7e5af85c1c185d2b5e590b05c98bbcf50716aa195f68831dadfe1f2976273def1d547949785616a40dad4ec42b8d784d1a896e4cda4d4825755a432340d4de450a6b7bad7de5b07320b93c3447f7872c8453fa57ebeaa60c76ed88fccf58f0da0556f81e2c05b43c5fce647cdae74a835a9d0b226c3876eed35523e0f1714a0004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7a28c5c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 1. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=201, length=214 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7a28c5c9dc391a3e151ac2bef EAP-Message = 0x020300061900 Message-Authenticator = 0x4625cc197322be2f7f9a1de33a2ed834 Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 3 length 6 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Info: [peap] Received TLS ACK Wed Feb 18 16:19:43 2009 : Info: [peap] ACK handshake fragment handler Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 1 Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 13 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_HANDLED Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 201 to 192.168.1.1 port 1024 EAP-Message = 0x010403fc194000d1d0c0e69475b495300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303231373130353330395a170d3130303231373130353330395a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b6317f685a743685eeef06f9f0173739e645ba97ffd6066394868db0f1cdc9beee8a708cebca964a18ae2f4408322d819253731ab6c3ead89ddf5d4d8e9bbdd7f0a4ee25b323b981567323202650572eab7bab83846231bdf9e0ef2f4983356c7d227ae9ed50cbec7a74a7c630f0de EAP-Message = 0xafca733d969b3e920e2b7b16794748694ff85737531057b4bf00ed1c633c97c1983643413c9abd4ec8fc48ca30020d7caa2a55dac410e5f7784181e42856422e6b857f7f9fed08dae344d1308abae719274c9a19b0b57fca8377e7544588ead6c334b7c6ca18a4f46d8aabcb03af95a47004a876e41cd07d1d98528d9c523b1b49a9cef9ea50b5ac303db537d3a5a935a70203010001a381fb3081f8301d0603551d0e041604148f0f7be8c4a3d1c006fd2abfdfe9eb27952f0a293081c80603551d230481c03081bd80148f0f7be8c4a3d1c006fd2abfdfe9eb27952f0a29a18199a48196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d1d0c0e69475b495300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100919a1970050171452336b8b75de726a75ce5bf054acc92d74f5665f94eb09087e61ef5065adf13661fb11c608732057684d5b0d15490dd720bc240b8451fdf5b6d29719fa239115436527871b049daf829f9 EAP-Message = 0x77cc6c09edad3f38 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7a18b5c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 2. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=202, length=214 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7a18b5c9dc391a3e151ac2bef EAP-Message = 0x020400061900 Message-Authenticator = 0x7466c45cc1d04e38e135346a965be0cd Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 4 length 6 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Info: [peap] Received TLS ACK Wed Feb 18 16:19:43 2009 : Info: [peap] ACK handshake fragment handler Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 1 Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 13 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_HANDLED Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 202 to 192.168.1.1 port 1024 EAP-Message = 0x010500b5190008a7f853ef5f52f1929d1279e979b9d7659c7a2ca990ddb7206039a444525afdbc26e668dcfd38eb66a759784d8347d2d6c94497fb49be8e963ab05e8f7cd0d906c8b3bad021e205664a1bedf7d0ac94eb633081fa68ab07427972557901e47806ed4548b7059d6993db248f8a2aade34579d9f68ee25703a81d692a77ac3437886a895ccbcc1be5c15d43810386fcfa48e50ce3ae55dd9031f70d3f6f5a0ebd83275a2cf7f116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7a08a5c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 3. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=203, length=530 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7a08a5c9dc391a3e151ac2bef EAP-Message = 0x02050140198000000136160301010610000102010095b0d9e25d47bb6e17253370563de4a52634dd741cd9155c64ab24b07f41f24b6d5715d6462bf0cf77bc8bce837a1691f5604bc19390f0495cd363348d8ebe1b1e6fc0cfd77d581109b69b33692f29a2db5bf60c72eeb9566bc8c3d22b019919cdc78695c80977b38ee6c556564326b5b05b65be22ba536304438f5ca6e84f3cc980263c47b94d891e0e7c0ac5161342030860e6446a379c5adf3e88d67b91b6544fdaba626861ca98cbf4de6c7fe9760d0557f875851d8908f637eeeeecc1af9709acd3aac9771cd15a2554fd40f92ca2a55bde45e3b6c4c2dc38acebc06a7f4cdeaf5f14817390 EAP-Message = 0xde555eca6f76f3dbd000bb19fb05b10f15d45ad95bfa79bb140301000101160301002045a2d52d3c33390c5e43d08b2bbf4169f8f351f6f4ba28b783d1e3ff964d1b05 Message-Authenticator = 0xf294591e2fb17221e60051f0fa035d35 Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 5 length 253 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Debug: TLS Length 310 Wed Feb 18 16:19:43 2009 : Info: [peap] Length Included Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 11 Wed Feb 18 16:19:43 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 read client key exchange A Wed Feb 18 16:19:43 2009 : Info: [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] Wed Feb 18 16:19:43 2009 : Info: [peap] <<< TLS 1.0 Handshake [length 0010], Finished Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 read finished A Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write change cipher spec A Wed Feb 18 16:19:43 2009 : Info: [peap] >>> TLS 1.0 Handshake [length 0010], Finished Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 write finished A Wed Feb 18 16:19:43 2009 : Info: [peap] TLS_accept: SSLv3 flush data Wed Feb 18 16:19:43 2009 : Info: [peap] (other): SSL negotiation finished successfully Wed Feb 18 16:19:43 2009 : Debug: SSL Connection Established Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 13 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_HANDLED Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 203 to 192.168.1.1 port 1024 EAP-Message = 0x0106003119001403010001011603010020d5b843971b6f0c8cd695bf77908a1b0bb4ed477884831e9bda66d428ce463fe2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7a7895c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 4. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=204, length=214 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7a7895c9dc391a3e151ac2bef EAP-Message = 0x020600061900 Message-Authenticator = 0xcfe5f30b147257bfaa8a9ba54522c380 Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 6 length 6 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Info: [peap] Received TLS ACK Wed Feb 18 16:19:43 2009 : Info: [peap] ACK handshake is finished Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 3 Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 3 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_SUCCESS Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 204 to 192.168.1.1 port 1024 EAP-Message = 0x0107002019001703010015f729f10822c74bd30aaf113975132008e81a896084 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7a6885c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 5. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=205, length=245 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7a6885c9dc391a3e151ac2bef EAP-Message = 0x020700251900170301001aee9b6cee76ffdda7d6b82c1f0f8d4715dcd462f9c61c937f0c69 Message-Authenticator = 0x9d4ea225d8a59c28e9785df917a5fd4d Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 7 length 37 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 7 Wed Feb 18 16:19:43 2009 : Info: [peap] Done initial handshake Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 7 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_OK Wed Feb 18 16:19:43 2009 : Info: [peap] Session established. Decoding tunneled attributes. Wed Feb 18 16:19:43 2009 : Info: [peap] Identity - uservlan1 Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled request EAP-Message = 0x0207000e0175736572766c616e31 server { Wed Feb 18 16:19:43 2009 : Debug: PEAP: Got tunneled identity of uservlan1 Wed Feb 18 16:19:43 2009 : Debug: PEAP: Setting default EAP type for tunneled EAP session. Wed Feb 18 16:19:43 2009 : Debug: PEAP: Setting User-Name to uservlan1 Sending tunneled request EAP-Message = 0x0207000e0175736572766c616e31 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "uservlan1" server inner-tunnel { Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 7 length 14 Wed Feb 18 16:19:43 2009 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns updated Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Entering ldap_groupcmp() Wed Feb 18 16:19:43 2009 : Info: [files] expand: cn=vlan1,dc=test,dc=fr -> cn=vlan1,dc=test,dc=fr Wed Feb 18 16:19:43 2009 : Info: [files] expand: (samaccountname=%{User-Name}) -> (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Feb 18 16:19:43 2009 : Info: ++[files] returns noop Wed Feb 18 16:19:43 2009 : Info: [ldap] performing user authorization for uservlan1 Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: (samaccountname=%{User-Name}) -> (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: cn=vlan1,dc=test,dc=fr -> cn=vlan1,dc=test,dc=fr Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Wed Feb 18 16:19:43 2009 : Info: [ldap] search failed Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Feb 18 16:19:43 2009 : Info: ++[ldap] returns notfound Wed Feb 18 16:19:43 2009 : Info: ++[expiration] returns noop Wed Feb 18 16:19:43 2009 : Info: ++[logintime] returns noop Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP Identity Wed Feb 18 16:19:43 2009 : Info: [eap] processing type mschapv2 Wed Feb 18 16:19:43 2009 : Debug: rlm_eap_mschapv2: Issuing Challenge Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled } # server inner-tunnel Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply code 11 EAP-Message = 0x010800231a0108001e102171c036e762cf4365cf1cf921e398e675736572766c616e31 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc658eb46c650f13d7cba690c18bc218e Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800231a0108001e102171c036e762cf4365cf1cf921e398e675736572766c616e31 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc658eb46c650f13d7cba690c18bc218e Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled Access-Challenge Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 205 to 192.168.1.1 port 1024 EAP-Message = 0x0108003a1900170301002fbc1f584cf2690f38683acf5aee7b304bab443f69a137f9fb694a3a8bb91c5075275e8c6bdb7f45e7241a12a6d10595 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7a5875c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 6. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=206, length=299 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7a5875c9dc391a3e151ac2bef EAP-Message = 0x0208005b1900170301005065a84b4f81afaa9aeb2c5bd3cd57b929e77f8c347e0a16782df441a0368bc0b526cb3c1c1847af34f0c75a0d09672f4c6f77d1690b0e8df753ccbe88fa987534e5633e67d6eafd9f92d8f6f6a6f8a5a5 Message-Authenticator = 0xe73ae52a6990c5b814d0254587db95c9 Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 8 length 91 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 7 Wed Feb 18 16:19:43 2009 : Info: [peap] Done initial handshake Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 7 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_OK Wed Feb 18 16:19:43 2009 : Info: [peap] Session established. Decoding tunneled attributes. Wed Feb 18 16:19:43 2009 : Info: [peap] EAP type mschapv2 Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled request EAP-Message = 0x020800441a0208003f3110adba86965ca02f4231afba3a37de2c0000000000000000be8ca46582f827e5087d9646e1e0dcc9f361b9d100001cbf0075736572766c616e31 server { Wed Feb 18 16:19:43 2009 : Debug: PEAP: Setting User-Name to uservlan1 Sending tunneled request EAP-Message = 0x020800441a0208003f3110adba86965ca02f4231afba3a37de2c0000000000000000be8ca46582f827e5087d9646e1e0dcc9f361b9d100001cbf0075736572766c616e31 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "uservlan1" State = 0xc658eb46c650f13d7cba690c18bc218e server inner-tunnel { Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 8 length 68 Wed Feb 18 16:19:43 2009 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns updated Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Entering ldap_groupcmp() Wed Feb 18 16:19:43 2009 : Info: [files] expand: cn=vlan1,dc=test,dc=fr -> cn=vlan1,dc=test,dc=fr Wed Feb 18 16:19:43 2009 : Info: [files] expand: (samaccountname=%{User-Name}) -> (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Feb 18 16:19:43 2009 : Info: ++[files] returns noop Wed Feb 18 16:19:43 2009 : Info: [ldap] performing user authorization for uservlan1 Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: (samaccountname=%{User-Name}) -> (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: cn=vlan1,dc=test,dc=fr -> cn=vlan1,dc=test,dc=fr Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Wed Feb 18 16:19:43 2009 : Info: [ldap] search failed Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Feb 18 16:19:43 2009 : Info: ++[ldap] returns notfound Wed Feb 18 16:19:43 2009 : Info: ++[expiration] returns noop Wed Feb 18 16:19:43 2009 : Info: ++[logintime] returns noop Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/mschapv2 Wed Feb 18 16:19:43 2009 : Info: [eap] processing type mschapv2 Wed Feb 18 16:19:43 2009 : Info: [mschapv2] +- entering group MS-CHAP {...} Wed Feb 18 16:19:43 2009 : Info: [mschap] No Cleartext-Password configured. Cannot create LM-Password. Wed Feb 18 16:19:43 2009 : Info: [mschap] No Cleartext-Password configured. Cannot create NT-Password. Wed Feb 18 16:19:43 2009 : Info: [mschap] Told to do MS-CHAPv2 for uservlan1 with NT-Password Wed Feb 18 16:19:43 2009 : Info: [mschap] expand: --username=%{mschap:User-Name:-None} -> --username=uservlan1 Wed Feb 18 16:19:43 2009 : Info: [mschap] No NT-Domain was found in the User-Name. Wed Feb 18 16:19:43 2009 : Info: [mschap] expand: --domain=%{mschap:NT-Domain:-TEST} -> --domain=TEST Wed Feb 18 16:19:43 2009 : Info: [mschap] mschap2: 21 Wed Feb 18 16:19:43 2009 : Info: [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=2e64abb777d66ca5 Wed Feb 18 16:19:43 2009 : Info: [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=be8ca46582f827e5087d9646e1e0dcc9f361b9d100001cbf Wed Feb 18 16:19:43 2009 : Debug: Exec-Program output: NT_KEY: D521CC14F4615B7C8346E1E22F5D4741 Wed Feb 18 16:19:43 2009 : Debug: Exec-Program-Wait: plaintext: NT_KEY: D521CC14F4615B7C8346E1E22F5D4741 Wed Feb 18 16:19:43 2009 : Debug: Exec-Program: returned: 0 Wed Feb 18 16:19:43 2009 : Info: [mschap] adding MS-CHAPv2 MPPE keys Wed Feb 18 16:19:43 2009 : Info: ++[mschap] returns ok Wed Feb 18 16:19:43 2009 : Debug: MSCHAP Success Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled } # server inner-tunnel Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply code 11 EAP-Message = 0x010900331a0308002e533d38453634313639313438344532323436453444303043394432353631413536324646324636463837 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc658eb46c751f13d7cba690c18bc218e Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010900331a0308002e533d38453634313639313438344532323436453444303043394432353631413536324646324636463837 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc658eb46c751f13d7cba690c18bc218e Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled Access-Challenge Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 206 to 192.168.1.1 port 1024 EAP-Message = 0x0109004a1900170301003fbceaf369bb49f5c39efb50fbffc1ce2afc2a8e3832a97e9609b2eda98e57b82e2a5826a854b250c8b86fb397aa690ce64668343fa202aa544b96397ae5a5da Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7a4865c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 7. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=207, length=237 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7a4865c9dc391a3e151ac2bef EAP-Message = 0x0209001d1900170301001202000acfa50129244ab599c1e6bc6276bbd4 Message-Authenticator = 0xbb95163fd7b7d4283108252c338271ce Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 9 length 29 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 7 Wed Feb 18 16:19:43 2009 : Info: [peap] Done initial handshake Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 7 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_OK Wed Feb 18 16:19:43 2009 : Info: [peap] Session established. Decoding tunneled attributes. Wed Feb 18 16:19:43 2009 : Info: [peap] EAP type mschapv2 Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled request EAP-Message = 0x020900061a03 server { Wed Feb 18 16:19:43 2009 : Debug: PEAP: Setting User-Name to uservlan1 Sending tunneled request EAP-Message = 0x020900061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "uservlan1" State = 0xc658eb46c751f13d7cba690c18bc218e server inner-tunnel { Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 9 length 6 Wed Feb 18 16:19:43 2009 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns updated Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: Entering ldap_groupcmp() Wed Feb 18 16:19:43 2009 : Info: [files] expand: cn=vlan1,dc=test,dc=fr -> cn=vlan1,dc=test,dc=fr Wed Feb 18 16:19:43 2009 : Info: [files] expand: (samaccountname=%{User-Name}) -> (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Feb 18 16:19:43 2009 : Info: ++[files] returns noop Wed Feb 18 16:19:43 2009 : Info: [ldap] performing user authorization for uservlan1 Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: (samaccountname=%{User-Name}) -> (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Info: [ldap] expand: cn=vlan1,dc=test,dc=fr -> cn=vlan1,dc=test,dc=fr Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1) Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got ambiguous search result Wed Feb 18 16:19:43 2009 : Info: [ldap] search failed Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Feb 18 16:19:43 2009 : Info: ++[ldap] returns notfound Wed Feb 18 16:19:43 2009 : Info: ++[expiration] returns noop Wed Feb 18 16:19:43 2009 : Info: ++[logintime] returns noop Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/mschapv2 Wed Feb 18 16:19:43 2009 : Info: [eap] processing type mschapv2 Wed Feb 18 16:19:43 2009 : Info: [eap] Freeing handler Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok } # server inner-tunnel Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply code 2 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "uservlan1" Wed Feb 18 16:19:43 2009 : Info: [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "uservlan1" Wed Feb 18 16:19:43 2009 : Info: [peap] Tunneled authentication was successful. Wed Feb 18 16:19:43 2009 : Info: [peap] SUCCESS Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns handled Sending Access-Challenge of id 207 to 192.168.1.1 port 1024 EAP-Message = 0x010a00261900170301001b505392e77d7cd9892b292fefb960dca3641275e476910dc51b9a28 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa38f45a7ab855c9dc391a3e151ac2bef Wed Feb 18 16:19:43 2009 : Info: Finished request 8. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1024, id=208, length=246 Framed-MTU = 1480 NAS-IP-Address = 192.168.1.1 NAS-Identifier = "SWiTCH" User-Name = "uservlan1" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 17 NAS-Port-Type = Ethernet NAS-Port-Id = "17" Called-Station-Id = "00-13-21-a8-24-40" Calling-Station-Id = "00-15-c5-06-84-d8" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4" State = 0xa38f45a7ab855c9dc391a3e151ac2bef EAP-Message = 0x020a00261900170301001bd23d3370fb242bc3d50bba95804df93e0f54276a55b2709b53a2ee Message-Authenticator = 0x1fd2ae2da8674b69c17a770a1ad92c10 Wed Feb 18 16:19:43 2009 : Info: +- entering group authorize {...} Wed Feb 18 16:19:43 2009 : Info: [eap] EAP packet type response id 10 length 38 Wed Feb 18 16:19:43 2009 : Info: [eap] Continuing tunnel setup. Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: Found Auth-Type = EAP Wed Feb 18 16:19:43 2009 : Info: +- entering group authenticate {...} Wed Feb 18 16:19:43 2009 : Info: [eap] Request found, released from the list Wed Feb 18 16:19:43 2009 : Info: [eap] EAP/peap Wed Feb 18 16:19:43 2009 : Info: [eap] processing type peap Wed Feb 18 16:19:43 2009 : Info: [peap] processing EAP-TLS Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_verify returned 7 Wed Feb 18 16:19:43 2009 : Info: [peap] Done initial handshake Wed Feb 18 16:19:43 2009 : Info: [peap] eaptls_process returned 7 Wed Feb 18 16:19:43 2009 : Info: [peap] EAPTLS_OK Wed Feb 18 16:19:43 2009 : Info: [peap] Session established. Decoding tunneled attributes. Wed Feb 18 16:19:43 2009 : Info: [peap] Received EAP-TLV response. Wed Feb 18 16:19:43 2009 : Info: [peap] Success Wed Feb 18 16:19:43 2009 : Info: [eap] Freeing handler Wed Feb 18 16:19:43 2009 : Info: ++[eap] returns ok Wed Feb 18 16:19:43 2009 : Info: +- entering group post-auth {...} Wed Feb 18 16:19:43 2009 : Info: ++[exec] returns noop Sending Access-Accept of id 208 to 192.168.1.1 port 1024 MS-MPPE-Recv-Key = 0xbecd3757b9655fbcd7b1e88118a13049acb65959fdb551e568fa471c83b88167 MS-MPPE-Send-Key = 0xce92c37585cd98e72fc690552e0980df64b1134b38ca2f213e3c4b95bfa98162 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "uservlan1" Wed Feb 18 16:19:43 2009 : Info: Finished request 9. Wed Feb 18 16:19:43 2009 : Debug: Going to the next request Wed Feb 18 16:19:43 2009 : Debug: Waking up in 4.9 seconds. Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 0 ID 199 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 1 ID 200 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 2 ID 201 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 3 ID 202 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 4 ID 203 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 5 ID 204 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 6 ID 205 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 7 ID 206 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 8 ID 207 with timestamp +12 Wed Feb 18 16:19:48 2009 : Info: Cleaning up request 9 ID 208 with timestamp +12 Wed Feb 18 16:19:48 2009 : Debug: Ready to process requests. -- View this message in context: http://www.nabble.com/Autz-type-LDAP%2C-Auth-Type-MSCHAP-possible---%28for-vlan-assignment%29-tp22076072p22081058.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html