Hi On 27 August 2010 23:06, Alan DeKok <al...@deployingradius.com> wrote: > Jean-Yves Avenard wrote: >> You seem to miss the point that the issue occurs *only* with Win 7 >> clients. All other clients are fine. > > I don't really care which client it is. All that matters is: > > a) what data is in the packet > > b) what you configure the server to do with that data > > > You have posted output from (a). That's nice. You *also* need (as I > said already) to configure the server for (b).
Okay.. As requested. Here is the log from the Win 7 client, when it is configured in Advanced Settings -> 802.11X Settings -> Specify authentication mode: user authentication I've preceded each line with > so if like me you are using gmail, it's easier to skip through > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=103, > length=177 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = 0x02d40016016a65616e2d797665732e6176656e617264 > Message-Authenticator = 0xd617293cc36f9d2934e4364c48696da2 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 212 length 22 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[unix] returns updated > ++[files] returns noop > rlm_opendirectory: The host 192.168.0.20 does not have an access group. > rlm_opendirectory: User <jean-yves.avenard> is authorized. > ++[opendirectory] returns ok > ++[expiration] returns noop > ++[logintime] returns noop > [pap] Found existing Auth-Type, not changing it. > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type tls > [tls] Initiate > [tls] Start returned 1 > ++[eap] returns handled > Sending Access-Challenge of id 103 to 192.168.0.20 port 65513 > EAP-Message = 0x01d500061920 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x56ebca49563ed3c34eaeaec5306add89 > Finished request 0. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=104, > length=304 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x02d5008319800000007916030100740100007003014c7bbc6f1988ef8942fd2a91e0d171c08e57e6f23dbce06bfb570dc2a39ee7b2000018002f00350005000ac013c014c009c00a00320038001300040100002fff010001000000001600140000116a65616e2d797665732e6176656e617264000a0006000400170018000b00020100 > State = 0x56ebca49563ed3c34eaeaec5306add89 > Message-Authenticator = 0xdc87572842154eda0af298bfad361a81 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 213 length 131 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > TLS Length 121 > [peap] Length Included > [peap] eaptls_verify returned 11 > [peap] (other): before/accept initialization > [peap] TLS_accept: before/accept initialization > [peap] <<< TLS 1.0 Handshake [length 0074], ClientHello > [peap] TLS_accept: SSLv3 read client hello A > [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello > [peap] TLS_accept: SSLv3 write server hello A > [peap] >>> TLS 1.0 Handshake [length 068a], Certificate > [peap] TLS_accept: SSLv3 write certificate A > [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone > [peap] TLS_accept: SSLv3 write server done A > [peap] TLS_accept: SSLv3 flush data > [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A > In SSL Handshake Phase > In SSL Accept mode > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 104 to 192.168.0.20 port 65513 > EAP-Message = > 0x01d6040019c0000006c7160301002a0200002603014c7bbc638660cb91c478e7233be221fa9048c65948c4c27d19bd88e7929394d500002f00160301068a0b00068600068300035930820355308202bea003020102020310adba300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3130303431333134353235365a170d3132303631333039353833315a3081df3129302706035504051320746c43354c615a425030302f657a714b566677455a63 > EAP-Message = > 0x63762d45315673313930310b300906035504061302415531153013060355040a140c2a2e6879647269782e636f6d31133011060355040b130a475438313233373633343131302f060355040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f637073202863293130312f302d060355040b1326446f6d61696e20436f6e74726f6c2056616c696461746564202d20526170696453534c285229311530130603550403140c2a2e6879647269782e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100dfe086b6803479d87cf9f96937d58d42cf97af5d9edeb9c490d0cabb200c6030fc1b > EAP-Message = > 0x0b0b158d736b5205d8d769004bf9afabe7ff51b3ce3b00be1584bfa56660d8082ad02b47d3c85f64920342d33833bf9258e6c28d35a4c2f8dbec5db493f05683e08e74daedcc64544f09619008df99cdc2324c6d5853f244feb3b0c3cca90203010001a381ae3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e041604147612da889e2204ca3467cd2b5ea70e1fc3f674f1303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d2504 > EAP-Message = > 0x16301406082b0601050507030106082b06010505070302300d06092a864886f70d0101050500038181006908f00a8df2c62e7579a020b6502c4c719ccc84ee9a7b0c9f291e3ee5af018f20427ea856275fea68d22077d6db2c921f2ec0be3777b0bb59e454ed4eb2c69fd197b9e539aea8472e6b3a5b4ef731ccbebf8a4549e005d1268e298b2a8d331170db1f99bfc7edba01cf733d902174d55480437e4d47580e6edafaee58ea72b20003243082032030820289a003020102020435def4cf300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b13244571 > EAP-Message = 0x756966617820536563757265 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x56ebca49573dd3c34eaeaec5306add89 > Finished request 1. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=105, > length=179 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = 0x02d600061900 > State = 0x56ebca49573dd3c34eaeaec5306add89 > Message-Authenticator = 0xba5d2001604fd40f63be2a0066f39618 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 214 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake fragment handler > [peap] eaptls_verify returned 1 > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 105 to 192.168.0.20 port 65513 > EAP-Message = > 0x01d702d7190020436572746966696361746520417574686f72697479301e170d3938303832323136343135315a170d3138303832323136343135315a304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c15db158670862eea09a2d1f086d911468980a1efeda046f13846221c3d17cce9f05e0b801f04e34ece28a950464acf16b535f05b3cb6780bf42028efedd0109ece100144ffcfbf00cdd43ba5b2be11f80709915 > EAP-Message = > 0x579316f10f976ab7c268231ccc4d5930ac511e3baf2bd6ee63457bc5d95f50d2e3500f3a88e7bf14fde0c7b90203010001a38201093082010530700603551d1f046930673065a063a061a45f305d310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479310d300b0603550403130443524c31301a0603551d1004133011810f32303138303832323136343135315a300b0603551d0f040403020106301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d0e04 > EAP-Message = > 0x16041448e668f92bd2b295d747d82320104f3398909fd4300c0603551d13040530030101ff301a06092a864886f67d074100040d300b1b0556332e3063030206c0300d06092a864886f70d01010505000381810058ce29eafcf7deb5ce02b917b585d1b9e3e095cc25310d00a6926e7fb692639e5095d19a6fe411de63856e98eea8ff5ac8d355b2667157dec021eb3d2aa72349010486427bfcee7fa21652b56767d340db3b2658b228773dae147761d6fa2a6627a00dfaa7735cea70f1942165445ffafcef2968a9a28779ef79ef4fac07773816030100040e000000 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x56ebca49543cd3c34eaeaec5306add89 > Finished request 2. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=106, > length=381 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x02d700d01980000000c61603010086100000820080c6238de17d3505d52f67e05190dda102bac42ce3dda3f1160dc48fdf0f030dc3bd75a41e8ba6fd4345b6d97d6213f2e8e6395d0e762ac64543d790409d7b050d898adbc615a1efd4a7a4280e782d9d1b63d4ba3c56ad0c6350564d937cfcbc2896901cf4908f615daff21b72cf0b6d15dc6076af070c1a42f4f9c060c279df24140301000101160301003008a5f1ed66228073f1e8d76de392579a7b1dd1743f79c127b429f1022eb9ed92d457ca0541ec88dd5443b24612555521 > State = 0x56ebca49543cd3c34eaeaec5306add89 > Message-Authenticator = 0xa844fe6f8705aa634490d82244ca6717 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 215 length 208 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > TLS Length 198 > [peap] Length Included > [peap] eaptls_verify returned 11 > [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange > [peap] TLS_accept: SSLv3 read client key exchange A > [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] > [peap] <<< TLS 1.0 Handshake [length 0010], Finished > [peap] TLS_accept: SSLv3 read finished A > [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] > [peap] TLS_accept: SSLv3 write change cipher spec A > [peap] >>> TLS 1.0 Handshake [length 0010], Finished > [peap] TLS_accept: SSLv3 write finished A > [peap] TLS_accept: SSLv3 flush data > [peap] (other): SSL negotiation finished successfully > SSL Connection Established > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 106 to 192.168.0.20 port 65513 > EAP-Message = > 0x01d8004119001403010001011603010030871e1d85c5e7a6f2dc2b24b6f380deb7162c192558a035576389cb6516c5c1b554cf47031c40173be061ca8c37a86476 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x56ebca495533d3c34eaeaec5306add89 > Finished request 3. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=107, > length=179 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = 0x02d800061900 > State = 0x56ebca495533d3c34eaeaec5306add89 > Message-Authenticator = 0x58d3f7836001e4de5c66b0f0690293fc > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 216 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake is finished > [peap] eaptls_verify returned 3 > [peap] eaptls_process returned 3 > [peap] EAPTLS_SUCCESS > ++[eap] returns handled > Sending Access-Challenge of id 107 to 192.168.0.20 port 65513 > EAP-Message = > 0x01d9002b190017030100201558a359dbf74ae6fc65f62583f774446eb7b95973a80ed47ccc32b5510dc40c > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x56ebca495232d3c34eaeaec5306add89 > Finished request 4. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=108, > length=232 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x02d9003b190017030100308c7db30e12a98adde5eea9d84f120dddd6423d6524e2292cc307630e7548484a7bf50c77624ed1615fb9d458a6b4b93e > State = 0x56ebca495232d3c34eaeaec5306add89 > Message-Authenticator = 0x43696038a9644d24ae76625f007a23d8 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 217 length 59 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] eaptls_verify returned 7 > [peap] Done initial handshake > [peap] eaptls_process returned 7 > [peap] EAPTLS_OK > [peap] Session established. Decoding tunneled attributes. > [peap] Identity - jean-yves.avenard > [peap] Got tunneled request > EAP-Message = 0x02d90016016a65616e2d797665732e6176656e617264 > server { > PEAP: Got tunneled identity of jean-yves.avenard > PEAP: Setting default EAP type for tunneled EAP session. > PEAP: Setting User-Name to jean-yves.avenard > Sending tunneled request > EAP-Message = 0x02d90016016a65616e2d797665732e6176656e617264 > FreeRADIUS-Proxied-To = 127.0.0.1 > User-Name = "jean-yves.avenard" > server inner-tunnel { > +- entering group authorize {...} > ++[chap] returns noop > ++[mschap] returns noop > ++[unix] returns updated > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > ++[control] returns noop > [eap] EAP packet type response id 217 length 22 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > [pap] Found existing Auth-Type, not changing it. > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type mschapv2 > rlm_eap_mschapv2: Issuing Challenge > ++[eap] returns handled > } # server inner-tunnel > [peap] Got tunneled reply code 11 > EAP-Message = > 0x01da002b1a01da00261043ab8b6696518e3d977d7e43cfbbe4556a65616e2d797665732e6176656e617264 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x4fa813f74f7209c552ff372f4aeadb16 > [peap] Got tunneled reply RADIUS code 11 > EAP-Message = > 0x01da002b1a01da00261043ab8b6696518e3d977d7e43cfbbe4556a65616e2d797665732e6176656e617264 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x4fa813f74f7209c552ff372f4aeadb16 > [peap] Got tunneled Access-Challenge > ++[eap] returns handled > Sending Access-Challenge of id 108 to 192.168.0.20 port 65513 > EAP-Message = > 0x01da004b19001703010040fe03996117bf5d58930069397a6f4274e1fe6de21db623b4da95c09b068614931d91f318dab53ffe9da4f6f7f2b51e946241a04ea19b98858ae5f8719ede8c41 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x56ebca495331d3c34eaeaec5306add89 > Finished request 5. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=109, > length=280 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x02da006b190017030100606a6800fadb31147345321c0441ded410513b8acbff36d2111ec021f0ce54e3ce36806865010d19b9b86a8309b0feccfa44db665feb586e4ca932fb0dd79cd61fc8600f6ac45ddd775ea4de0d3815f737d4469bfb1de8108d97db27c1609e1c30 > State = 0x56ebca495331d3c34eaeaec5306add89 > Message-Authenticator = 0xf90ce475234bb39e5904bf9f3fcbee00 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 218 length 107 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] eaptls_verify returned 7 > [peap] Done initial handshake > [peap] eaptls_process returned 7 > [peap] EAPTLS_OK > [peap] Session established. Decoding tunneled attributes. > [peap] EAP type mschapv2 > [peap] Got tunneled request > EAP-Message = > 0x02da004c1a02da004731371b44b1d34d564423fd33a0a766298f0000000000000000dc783dfb319f1434f2ef4ddb10101167ad0f145d457b9283006a65616e2d797665732e6176656e617264 > server { > PEAP: Setting User-Name to jean-yves.avenard > Sending tunneled request > EAP-Message = > 0x02da004c1a02da004731371b44b1d34d564423fd33a0a766298f0000000000000000dc783dfb319f1434f2ef4ddb10101167ad0f145d457b9283006a65616e2d797665732e6176656e617264 > FreeRADIUS-Proxied-To = 127.0.0.1 > User-Name = "jean-yves.avenard" > State = 0x4fa813f74f7209c552ff372f4aeadb16 > server inner-tunnel { > +- entering group authorize {...} > ++[chap] returns noop > ++[mschap] returns noop > ++[unix] returns updated > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > ++[control] returns noop > [eap] EAP packet type response id 218 length 76 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > [pap] Found existing Auth-Type, not changing it. > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/mschapv2 > [eap] processing type mschapv2 > [mschapv2] +- entering group MS-CHAP {...} > [mschap] No Cleartext-Password configured. Cannot create LM-Password. > [mschap] No Cleartext-Password configured. Cannot create NT-Password. > [mschap] No NT-Password configured. Trying OpenDirectory Authentication. > [mschap] OD username_string = jean-yves.avenard, OD > shortUserName=jean-yves.avenard (length = 17) > [mschap] dsDoDirNodeAuth returns stepbuff: > S=E8966B7B7AFD6594A863C42AA12032861CE2F8345616e2298f0000?I0??"????????? > (len=40) > ++[mschap] returns ok > MSCHAP Success > ++[eap] returns handled > } # server inner-tunnel > [peap] Got tunneled reply code 11 > EAP-Message = > 0x01db00331a03da002e533d45383936364237423741464436353934413836334334324141313230333238363143453246383334 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x4fa813f74e7309c552ff372f4aeadb16 > [peap] Got tunneled reply RADIUS code 11 > EAP-Message = > 0x01db00331a03da002e533d45383936364237423741464436353934413836334334324141313230333238363143453246383334 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x4fa813f74e7309c552ff372f4aeadb16 > [peap] Got tunneled Access-Challenge > ++[eap] returns handled > Sending Access-Challenge of id 109 to 192.168.0.20 port 65513 > EAP-Message = > 0x01db005b19001703010050af77e16588bd1a0669684b744b7386bbccdca1d8a0c554b94ce6fa65b3e404b652546af93c89b1779e6ed50ca043c0fc675638201f09f07336e1f5890ccc375ca6b0a82585461517f3efa7d0607be02c > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x56ebca495030d3c34eaeaec5306add89 > Finished request 6. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=110, > length=216 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x02db002b19001703010020a698915f58535a61ac9e89cd7d8b67c249930e37a6dc9f3ac6a24cc17a496c05 > State = 0x56ebca495030d3c34eaeaec5306add89 > Message-Authenticator = 0x1d75c784913c112a990a8338c6569695 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 219 length 43 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] eaptls_verify returned 7 > [peap] Done initial handshake > [peap] eaptls_process returned 7 > [peap] EAPTLS_OK > [peap] Session established. Decoding tunneled attributes. > [peap] EAP type mschapv2 > [peap] Got tunneled request > EAP-Message = 0x02db00061a03 > server { > PEAP: Setting User-Name to jean-yves.avenard > Sending tunneled request > EAP-Message = 0x02db00061a03 > FreeRADIUS-Proxied-To = 127.0.0.1 > User-Name = "jean-yves.avenard" > State = 0x4fa813f74e7309c552ff372f4aeadb16 > server inner-tunnel { > +- entering group authorize {...} > ++[chap] returns noop > ++[mschap] returns noop > ++[unix] returns updated > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > ++[control] returns noop > [eap] EAP packet type response id 219 length 6 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > [pap] Found existing Auth-Type, not changing it. > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/mschapv2 > [eap] processing type mschapv2 > [eap] Freeing handler > ++[eap] returns ok > } # server inner-tunnel > [peap] Got tunneled reply code 2 > EAP-Message = 0x03db0004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "jean-yves.avenard" > [peap] Got tunneled reply RADIUS code 2 > EAP-Message = 0x03db0004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "jean-yves.avenard" > [peap] Tunneled authentication was successful. > [peap] SUCCESS > ++[eap] returns handled > Sending Access-Challenge of id 110 to 192.168.0.20 port 65513 > EAP-Message = > 0x01dc002b190017030100203e47a88e8ae2f4b63f9dd0d78a10db0b899d41f2966124be7a8e31aca594282a > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x56ebca495137d3c34eaeaec5306add89 > Finished request 7. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=111, > length=216 > User-Name = "jean-yves.avenard" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x02dc002b19001703010020bbb1b1cb33d1827663c63b0f1e128d63d8b06d4658eb690c80d4916c8dc1646a > State = 0x56ebca495137d3c34eaeaec5306add89 > Message-Authenticator = 0x57111afa6e1374748e54800df1147e8a > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 220 length 43 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] eaptls_verify returned 7 > [peap] Done initial handshake > [peap] eaptls_process returned 7 > [peap] EAPTLS_OK > [peap] Session established. Decoding tunneled attributes. > [peap] Received EAP-TLV response. > [peap] Success > [eap] Freeing handler > ++[eap] returns ok > +- entering group post-auth {...} > ++[exec] returns noop > Sending Access-Accept of id 111 to 192.168.0.20 port 65513 > MS-MPPE-Recv-Key = > 0x6b7c57469ccfdccfa399fc3d20b47021bb81c6f71d05ed2d2f085306f06ce8a1 > MS-MPPE-Send-Key = > 0xe1d0265f9a991b9030206da68cf419b6fd84d3fb9e4e2d9345402fe9eba57440 > EAP-Message = 0x03dc0004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "jean-yves.avenard" > Finished request 8. > Going to the next request > Waking up in 4.9 seconds. > Cleaning up request 0 ID 103 with timestamp +28 > Cleaning up request 1 ID 104 with timestamp +28 > Cleaning up request 2 ID 105 with timestamp +28 > Cleaning up request 3 ID 106 with timestamp +28 > Cleaning up request 4 ID 107 with timestamp +28 > Cleaning up request 5 ID 108 with timestamp +28 > Cleaning up request 6 ID 109 with timestamp +28 > Cleaning up request 7 ID 110 with timestamp +28 > Cleaning up request 8 ID 111 with timestamp +28 > Ready to process requests. This is from a Win 7 client, using default configuration settings that is just username / password and that Authentication is PEAP:MSCHAPv2 > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=112, > length=163 > User-Name = "host/ramon" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = 0x0272000f01686f73742f72616d6f6e > Message-Authenticator = 0xafc736013ac7d55d3093782b7d03d604 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 114 length 15 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[unix] returns notfound > ++[files] returns noop > rlm_opendirectory: The host 192.168.0.20 does not have an access group. > rlm_opendirectory: Could not get the user's uuid. > ++[opendirectory] returns notfound > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. Authentication > may fail because of this. > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type tls > [tls] Initiate > [tls] Start returned 1 > ++[eap] returns handled > Sending Access-Challenge of id 112 to 192.168.0.20 port 65513 > EAP-Message = 0x017300061920 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x2901333729722a271ee22a85a9879908 > Finished request 9. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=113, > length=285 > User-Name = "host/ramon" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x0273007719800000006d16030100680100006403014c7bbde9787032bb1126f5fce5f22fd277f962afa64bce2d5bf8407c4319fc04000018002f00350005000ac013c014c009c00a003200380013000401000023ff010001000000000a000800000572616d6f6e000a0006000400170018000b00020100 > State = 0x2901333729722a271ee22a85a9879908 > Message-Authenticator = 0xd82e921b4c981a07c773647fc0786b91 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 115 length 119 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > TLS Length 109 > [peap] Length Included > [peap] eaptls_verify returned 11 > [peap] (other): before/accept initialization > [peap] TLS_accept: before/accept initialization > [peap] <<< TLS 1.0 Handshake [length 0068], ClientHello > [peap] TLS_accept: SSLv3 read client hello A > [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello > [peap] TLS_accept: SSLv3 write server hello A > [peap] >>> TLS 1.0 Handshake [length 068a], Certificate > [peap] TLS_accept: SSLv3 write certificate A > [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone > [peap] TLS_accept: SSLv3 write server done A > [peap] TLS_accept: SSLv3 flush data > [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A > In SSL Handshake Phase > In SSL Accept mode > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 113 to 192.168.0.20 port 65513 > EAP-Message = > 0x0174040019c0000006c7160301002a0200002603014c7bbde9f613a30decd1cdeac197e2ec339769a8d7bcb28291d2ac2e12e6971300002f00160301068a0b00068600068300035930820355308202bea003020102020310adba300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3130303431333134353235365a170d3132303631333039353833315a3081df3129302706035504051320746c43354c615a425030302f657a714b566677455a63 > EAP-Message = > 0x63762d45315673313930310b300906035504061302415531153013060355040a140c2a2e6879647269782e636f6d31133011060355040b130a475438313233373633343131302f060355040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f637073202863293130312f302d060355040b1326446f6d61696e20436f6e74726f6c2056616c696461746564202d20526170696453534c285229311530130603550403140c2a2e6879647269782e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100dfe086b6803479d87cf9f96937d58d42cf97af5d9edeb9c490d0cabb200c6030fc1b > EAP-Message = > 0x0b0b158d736b5205d8d769004bf9afabe7ff51b3ce3b00be1584bfa56660d8082ad02b47d3c85f64920342d33833bf9258e6c28d35a4c2f8dbec5db493f05683e08e74daedcc64544f09619008df99cdc2324c6d5853f244feb3b0c3cca90203010001a381ae3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e041604147612da889e2204ca3467cd2b5ea70e1fc3f674f1303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d2504 > EAP-Message = > 0x16301406082b0601050507030106082b06010505070302300d06092a864886f70d0101050500038181006908f00a8df2c62e7579a020b6502c4c719ccc84ee9a7b0c9f291e3ee5af018f20427ea856275fea68d22077d6db2c921f2ec0be3777b0bb59e454ed4eb2c69fd197b9e539aea8472e6b3a5b4ef731ccbebf8a4549e005d1268e298b2a8d331170db1f99bfc7edba01cf733d902174d55480437e4d47580e6edafaee58ea72b20003243082032030820289a003020102020435def4cf300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b13244571 > EAP-Message = 0x756966617820536563757265 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x2901333728752a271ee22a85a9879908 > Finished request 10. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=114, > length=172 > User-Name = "host/ramon" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = 0x027400061900 > State = 0x2901333728752a271ee22a85a9879908 > Message-Authenticator = 0x90c632ba5132116016e8d8feb31e52fe > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 116 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake fragment handler > [peap] eaptls_verify returned 1 > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 114 to 192.168.0.20 port 65513 > EAP-Message = > 0x017502d7190020436572746966696361746520417574686f72697479301e170d3938303832323136343135315a170d3138303832323136343135315a304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c15db158670862eea09a2d1f086d911468980a1efeda046f13846221c3d17cce9f05e0b801f04e34ece28a950464acf16b535f05b3cb6780bf42028efedd0109ece100144ffcfbf00cdd43ba5b2be11f80709915 > EAP-Message = > 0x579316f10f976ab7c268231ccc4d5930ac511e3baf2bd6ee63457bc5d95f50d2e3500f3a88e7bf14fde0c7b90203010001a38201093082010530700603551d1f046930673065a063a061a45f305d310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479310d300b0603550403130443524c31301a0603551d1004133011810f32303138303832323136343135315a300b0603551d0f040403020106301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d0e04 > EAP-Message = > 0x16041448e668f92bd2b295d747d82320104f3398909fd4300c0603551d13040530030101ff301a06092a864886f67d074100040d300b1b0556332e3063030206c0300d06092a864886f70d01010505000381810058ce29eafcf7deb5ce02b917b585d1b9e3e095cc25310d00a6926e7fb692639e5095d19a6fe411de63856e98eea8ff5ac8d355b2667157dec021eb3d2aa72349010486427bfcee7fa21652b56767d340db3b2658b228773dae147761d6fa2a6627a00dfaa7735cea70f1942165445ffafcef2968a9a28779ef79ef4fac07773816030100040e000000 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x290133372b742a271ee22a85a9879908 > Finished request 11. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=115, > length=374 > User-Name = "host/ramon" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x027500d01980000000c61603010086100000820080c92305f633ebb13d1146dac01d43c19047e5326b42434518e7daf6b6623a19eb1cd877ea3efc03f68c6e2614e424aa04bfc5f953155573bc9ce818f3d2c890a0986847a5ef8733880fb1451c8ba1b4b36120c346e9e9050d6eb253a78a737fd68aca89bf2f45fa6572741c52ff660419e9117178a9109ccf7bc8764a62b64277140301000101160301003073f845987a3f1b2b628142eed10e04383a69c24f9d047c9b032610d8757b0747ee669a44da75dee822ffd2a21e838ef2 > State = 0x290133372b742a271ee22a85a9879908 > Message-Authenticator = 0x9bb5cc74512ad0bdceaaaf921164c7a8 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 117 length 208 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > TLS Length 198 > [peap] Length Included > [peap] eaptls_verify returned 11 > [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange > [peap] TLS_accept: SSLv3 read client key exchange A > [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] > [peap] <<< TLS 1.0 Handshake [length 0010], Finished > [peap] TLS_accept: SSLv3 read finished A > [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] > [peap] TLS_accept: SSLv3 write change cipher spec A > [peap] >>> TLS 1.0 Handshake [length 0010], Finished > [peap] TLS_accept: SSLv3 write finished A > [peap] TLS_accept: SSLv3 flush data > [peap] (other): SSL negotiation finished successfully > SSL Connection Established > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 115 to 192.168.0.20 port 65513 > EAP-Message = > 0x0176004119001403010001011603010030614cc88b6f7fd4b02100d31466fed38c2cfe56fa4efb2ce43875c82841816c33f1e706863ce88f5c5af738f47c5e1fa0 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x290133372a772a271ee22a85a9879908 > Finished request 12. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=116, > length=172 > User-Name = "host/ramon" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = 0x027600061900 > State = 0x290133372a772a271ee22a85a9879908 > Message-Authenticator = 0xca39a76697f59adcaa15916a78e16ed2 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 118 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake is finished > [peap] eaptls_verify returned 3 > [peap] eaptls_process returned 3 > [peap] EAPTLS_SUCCESS > ++[eap] returns handled > Sending Access-Challenge of id 116 to 192.168.0.20 port 65513 > EAP-Message = > 0x0177002b19001703010020c3009d54f21929eb7ee0043e7771df5f0a7cbf6ebd66def03565bb4aaa4cb41b > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x290133372d762a271ee22a85a9879908 > Finished request 13. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=117, > length=209 > User-Name = "host/ramon" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x0277002b190017030100201dd6103b6d0f86c6ac33fe86888f5a13b10970a1ef222f1e83ce55a94db4d942 > State = 0x290133372d762a271ee22a85a9879908 > Message-Authenticator = 0xf6428db91fea81a03c903f8278eff0d5 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 119 length 43 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] eaptls_verify returned 7 > [peap] Done initial handshake > [peap] eaptls_process returned 7 > [peap] EAPTLS_OK > [peap] Session established. Decoding tunneled attributes. > [peap] Identity - host/ramon > [peap] Got tunneled request > EAP-Message = 0x0277000f01686f73742f72616d6f6e > server { > PEAP: Got tunneled identity of host/ramon > PEAP: Setting default EAP type for tunneled EAP session. > PEAP: Setting User-Name to host/ramon > Sending tunneled request > EAP-Message = 0x0277000f01686f73742f72616d6f6e > FreeRADIUS-Proxied-To = 127.0.0.1 > User-Name = "host/ramon" > server inner-tunnel { > +- entering group authorize {...} > ++[chap] returns noop > ++[mschap] returns noop > ++[unix] returns notfound > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > ++[control] returns noop > [eap] EAP packet type response id 119 length 15 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type mschapv2 > rlm_eap_mschapv2: Issuing Challenge > ++[eap] returns handled > } # server inner-tunnel > [peap] Got tunneled reply code 11 > EAP-Message = > 0x017800241a0178001f107ea40ec7760d14474dee0b4e6b9d640c686f73742f72616d6f6e > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xfbc0fc99fbb8e6c1acf79e9f2cef3e77 > [peap] Got tunneled reply RADIUS code 11 > EAP-Message = > 0x017800241a0178001f107ea40ec7760d14474dee0b4e6b9d640c686f73742f72616d6f6e > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xfbc0fc99fbb8e6c1acf79e9f2cef3e77 > [peap] Got tunneled Access-Challenge > ++[eap] returns handled > Sending Access-Challenge of id 117 to 192.168.0.20 port 65513 > EAP-Message = > 0x0178004b190017030100403251f76d20afd9bd1be50ca770e4ef315fcdfa3f286f641d8b2749d8d76da28e8e70a4806aa2896c655c5546437e2c2060ac44ca854f654f8f54c2d99e35fbbf > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x290133372c792a271ee22a85a9879908 > Finished request 14. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=118, > length=273 > User-Name = "host/ramon" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x0278006b190017030100608c8234cfe2ebd7ca29c77661768564cafeaff5313f126a180cf96473c6f51f73ab881585286f454f4f1ed6a8600f1b593ca21d6a787532921d6579661db9d2387e25bf325b263313892981bfb3128d7b30389ebd7ecd5abf3c6051142047e407 > State = 0x290133372c792a271ee22a85a9879908 > Message-Authenticator = 0x6f9193d476c9b00a3e44db300044fe8d > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 120 length 107 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] eaptls_verify returned 7 > [peap] Done initial handshake > [peap] eaptls_process returned 7 > [peap] EAPTLS_OK > [peap] Session established. Decoding tunneled attributes. > [peap] EAP type mschapv2 > [peap] Got tunneled request > EAP-Message = > 0x027800451a0278004031d1cf5a51ae82bba33c59afaccdbe4563000000000000000000000000000000000000000000000000000000000000000000686f73742f72616d6f6e > server { > PEAP: Setting User-Name to host/ramon > Sending tunneled request > EAP-Message = > 0x027800451a0278004031d1cf5a51ae82bba33c59afaccdbe4563000000000000000000000000000000000000000000000000000000000000000000686f73742f72616d6f6e > FreeRADIUS-Proxied-To = 127.0.0.1 > User-Name = "host/ramon" > State = 0xfbc0fc99fbb8e6c1acf79e9f2cef3e77 > server inner-tunnel { > +- entering group authorize {...} > ++[chap] returns noop > ++[mschap] returns noop > ++[unix] returns notfound > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > ++[control] returns noop > [eap] EAP packet type response id 120 length 69 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/mschapv2 > [eap] processing type mschapv2 > [mschapv2] +- entering group MS-CHAP {...} > [mschap] No Cleartext-Password configured. Cannot create LM-Password. > [mschap] No Cleartext-Password configured. Cannot create NT-Password. > [mschap] No NT-Password configured. Trying OpenDirectory Authentication. > rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0 > [mschap] od_mschap_auth: getUserNodeRef() failed > ++[mschap] returns fail > [eap] Freeing handler > ++[eap] returns reject > Failed to authenticate the user. > } # server inner-tunnel > [peap] Got tunneled reply code 3 > EAP-Message = 0x04780004 > Message-Authenticator = 0x00000000000000000000000000000000 > [peap] Got tunneled reply RADIUS code 3 > EAP-Message = 0x04780004 > Message-Authenticator = 0x00000000000000000000000000000000 > [peap] Tunneled authentication was rejected. > [peap] FAILURE > ++[eap] returns handled > Sending Access-Challenge of id 118 to 192.168.0.20 port 65513 > EAP-Message = > 0x0179002b190017030100201d0da92cec780afeb07d044ae3bec2d0bbae6f756cb641bf7afb941c603d3bfb > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x290133372f782a271ee22a85a9879908 > Finished request 15. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=119, > length=209 > User-Name = "host/ramon" > NAS-IP-Address = 192.168.0.20 > NAS-Port = 0 > Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" > Calling-Station-Id = "C4-46-19-25-31-52" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11" > EAP-Message = > 0x0279002b19001703010020c105223815949c87f20ddf78237c265be8030e828d278b2f87db880eadcd2bf8 > State = 0x290133372f782a271ee22a85a9879908 > Message-Authenticator = 0xe5350e69dd68ba1c0ab8e39eaed51b5e > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 121 length 43 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] eaptls_verify returned 7 > [peap] Done initial handshake > [peap] eaptls_process returned 7 > [peap] EAPTLS_OK > [peap] Session established. Decoding tunneled attributes. > [peap] Received EAP-TLV response. > [peap] Had sent TLV failure. User was rejected earlier in this session. > [eap] Handler failed in EAP/peap > [eap] Failed in EAP select > ++[eap] returns invalid > Failed to authenticate the user. > Using Post-Auth-Type Reject > +- entering group REJECT {...} > [attr_filter.access_reject] expand: %{User-Name} -> host/ramon > attr_filter: Matched entry DEFAULT at line 11 > ++[attr_filter.access_reject] returns updated > Delaying reject of request 16 for 1 seconds > Going to the next request > Waking up in 0.9 seconds. > Sending delayed reject for request 16 > Sending Access-Reject of id 119 to 192.168.0.20 port 65513 > EAP-Message = 0x04790004 > Message-Authenticator = 0x00000000000000000000000000000000 > Waking up in 3.9 seconds. > Cleaning up request 9 ID 112 with timestamp +418 > Cleaning up request 10 ID 113 with timestamp +418 > Cleaning up request 11 ID 114 with timestamp +418 > Cleaning up request 12 ID 115 with timestamp +418 > Cleaning up request 13 ID 116 with timestamp +418 > Cleaning up request 14 ID 117 with timestamp +418 > Cleaning up request 15 ID 118 with timestamp +418 > Waking up in 1.0 seconds. > Cleaning up request 16 ID 119 with timestamp +418 > Ready to process requests. > > Unfortunately, the OpenDirectory module does not take any > configuration. This means that you will need to edit the "User-Name" > attribute *before* it is used by the opendirectory module. > > So... what *should* the User-Name look like? This is for you to decide. I'm not sure I follow what you re saying here... I am only interested at this stage by the user name, not the computer name as part of the "User-Name" If you could point me to directions on how to configure the server for (b), it would be greatly appreciated. Kind regards Jean-Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html