We're experiencing a similar issue. We upgraded to 2.1.9.3 and everything worked fine for server 1 with no complaints.
But for server 2 we set it up with the same Freeradius version, but we configured it with a Verisign certificate. The servers are configured the exact same way for each except for the type of certificate. So does this somehow add a delay to the auth or change the process? We tested it with maybe 6 Apple iDevices and the issue varied. Nathan Van Fleet > -----Original Message----- > From: freeradius-users- > bounces+nmcdavit=alcor.concordia...@lists.freeradius.org > [mailto:freeradius-users- > bounces+nmcdavit=alcor.concordia...@lists.freeradius.org] On Behalf Of > amin ahoora > Sent: Wednesday, March 23, 2011 3:59 PM > To: FreeRadius users mailing list > Subject: Re: Problem with iPods/iTouches > > Hi can you send your configuration file that i can debug it > > > > > > THANK YOU WITH BEST REGARDS > AMIN AHOORA > > > > On Wed, Mar 23, 2011 at 11:58 PM, Jonathan Paul <jp...@stfrancis.edu> > wrote: > > > Hi, > Just wondering if you were able to find a solution to this problem ? I > was reading through the archives and we have the same Enterasys > equipment and are experiencing the same problem. As you noted, other > devices work ok with the default installation. > > > Thanks > Jonathan Paul > Network Support Services > University of St.Francis > > >>>1/12/2011 2:10 PM >>> > We have a stangle problem going on with the Apple iTouches in the > district here. This started since they were upgraded to iOS v.4.x....so it > seems. What is happening is that the user will put in their credentials and get > prompted to accept the certificate as it says its untrusted. The user clicks > accept, all looks good and then it says it failed to connected. So they hit > dismiss on that message, click join again, accept the certificate again and then > they are accepted onto the network. But, sometimes they have to hit > Dismiss/Join up to 15-20 times until it will accept it. > > Right now I am working with a default install FreeRadius v2.1.8 for > testing this, including default certificates. I was planning on slowly adding in > my config to narrow it down, but the problem appears to be happening by > default. I *thought* that setting the default_eap_type to peap was causing > it, but I had it happen when it was set to md5 as well. Im working on a iPod > Touch with iOS v4.2. Below is the debug output of a failed attempt, and the > follow up attempt that put the user through. > > *********************** FAILED ATTEMPT > *************************** > > Ready to process requests. > rad_recv: Access-Request packet from host 10.1.1.1 port 38428, > id=66, length=277 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = 0x3035303030313031343330353233 > > 3035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = 0x0200000b016b7465737435 > Message-Authenticator = > 0x32cf9f891633152f0f139a53cb61f9ee > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 0 length 11 > [eap] No EAP Start, assuming it's an on-going EAP > conversation > ++[eap] returns updated > ++[unix] returns notfound > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the > user. Authentication may fail because of this. > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type tls > [tls] Initiate > [tls] Start returned 1 > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = 0x010100061920 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0xc4b1fdf8c4b0e4f9163ffe27c4915746 > Finished request 0. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=420 > Cleaning up request 0 ID 66 with timestamp +30 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = > 0x0201008819800000007e16030100790100007503014d2e0343e5f920d1f519dbf > eac002febc3736014d9bee7e0c55fd8085b99b7af00003ac00ac009c007c008c013 > c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a00090 > 00300080033003900160015001401000012000a00080006001700180019000b0002 > 0100 > State = 0xc4b1fdf8c4b0e4f9163ffe27c4915746 > Message-Authenticator = > 0xf4e7c59223ecd3e5741cc6cc48762e1f > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 1 length 136 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > TLS Length 126 > [peap] Length Included > [peap] eaptls_verify returned 11 > [peap] (other): before/accept initialization > [peap] TLS_accept: before/accept initialization > [peap] <<< TLS 1.0 Handshake [length 0079], ClientHello > [peap] TLS_accept: SSLv3 read client hello A > [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello > [peap] TLS_accept: SSLv3 write server hello A > [peap] >>> TLS 1.0 Handshake [length 085e], Certificate > [peap] TLS_accept: SSLv3 write certificate A > [peap] >>> TLS 1.0 Handshake [length 0004], > ServerHelloDone > [peap] TLS_accept: SSLv3 write server done A > [peap] TLS_accept: SSLv3 flush data > [peap] TLS_accept: Need to read more data: SSLv3 read > client certificate A > In SSL Handshake Phase > In SSL Accept mode > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = > 0x0102040019c00000089b160301002a0200002603014d2e0330bf07fe39f7236a6 > 19358e64fa3db011bcbda7c9b9584846f6e32102000002f00160301085e0b00085 > a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d01 > 01040500308193310b3009060355040613024652310f300d0603550408130652616 > 46975733112301006035504071309536f6d65776865726531153013060355040a13 > 0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d > 696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520 > 436572746966696361746520417574686f72697479 > EAP-Message = > 0x301e170d3131303131323138353335325a170d3132303131323138353335325a > 307c310b3009060355040613024652310f300d06035504081306526164697573311 > 53013060355040a130c4578616d706c6520496e632e312330210603550403131a45 > 78616d706c65205365727665722043657274696669636174653120301e06092a864 > 886f70d010901161161646d696e406578616d706c652e636f6d30820122300d060 > 92a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451 > d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8 > b1f81044272b76dbaa079cbd3dd727461dfd7a5 > EAP-Message = > 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c > 8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c8 > 1c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee4 > 67f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e3 > 3fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c > 354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001 > a317301530130603551d25040c300a06082b06010505070301300d06092a864886f > 70d01010405000382010100904c9828165a2de337 > EAP-Message = > 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8b > cb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9 > cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b742 > 5818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd2 > 24c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45 > c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71eb > bd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bf > d34797fbefa47a4eed95cca895860004ab308204 > EAP-Message = 0xa73082038fa0030201020209 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0xc4b1fdf8c5b3e4f9163ffe27c4915746 > Finished request 1. > Going to the next request > Waking up in 4.9 seconds. > Cleaning up request 1 ID 66 with timestamp +30 > Ready to process requests. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=290 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = 0x020200061900 > State = 0xc4b1fdf8c5b3e4f9163ffe27c4915746 > Message-Authenticator = > 0xa5c69d05dee0560c68b7d67d25b2e0b1 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 2 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake fragment handler > [peap] eaptls_verify returned 1 > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = > 0x010303fc194000ae0fc87b0b841be2300d06092a864886f70d010105050030819 > 3310b3009060355040613024652310f300d06035504081306526164697573311230 > 1006035504071309536f6d65776865726531153013060355040a130c4578616d706 > c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616 > d706c652e636f6d312630240603550403131d4578616d706c652043657274696669 > 6361746520417574686f72697479301e170d3131303131323138353335315a170d3 > 132303131323138353335315a308193310b3009060355040613024652310f300d06 > 0355040813065261646975733112301006035504 > EAP-Message = > 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496 > e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652 > e636f6d312630240603550403131d4578616d706c65204365727469666963617465 > 20417574686f7269747930820122300d06092a864886f70d01010105000382010f0 > 03082010a0282010100d73060bc3e4f3bacd8c526ff5efa081cbfd333963c0a90272 > e83d654b8d1a16a25c9e1358b347d3f91d49ed29d387fd6de5ba5fe18c43b4806 > 5e8f1bb9dcb22d1a8679925af0bdc049d32199ba543f1d40a7c6b3578892efcaea > 646bdde6442593b17cb4713fb4d6f0616a5db38d9b > EAP-Message = > 0xfd1d6e9dd30b6e536ba717a75adaa7c87fd019e83bea06f5eacb6a09fa9954b6 > 0ccc92116455610a2674a03a4ecacee05ce914a72a27965d55471df19c8751fdb69 > fe66426bb236f7d57cfffe41822e7d8ddfc6c1c8f5b45e6010c896918c4f11162697 > 9b280ddf2219099024cb0efb17c9660df9fc642edc9874074cb83e93349b19a2c16 > 409b7444545ee27b2a52bb9d0203010001a381fb3081f8301d0603551d0e041604 > 14872c00a6ed850850f4e202b4d86a1d663b35fd8e3081c80603551d230481c030 > 81bd8014872c00a6ed850850f4e202b4d86a1d663b35fd8ea18199a48196308193 > 310b3009060355040613024652310f300d06035504 > EAP-Message = > 0x0813065261646975733112301006035504071309536f6d6577686572653115301 > 3060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d0109 > 01161161646d696e406578616d706c652e636f6d312630240603550403131d4578 > 616d706c6520436572746966696361746520417574686f72697479820900ae0fc87 > b0b841be2300c0603551d13040530030101ff300d06092a864886f70d0101050500 > 0382010100a5c0c601e1cb4606aa986dc240b7488bb4afd8c0e81ba0361530d556 > ad117222cdcc5a57a13fe3eb073ca72dff40db0a58c8d835ec110485bd158ab6cd1 > d8583cd575710b49070b3794384d2cff45f22b81e > EAP-Message = 0x2dc327be959645c8 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0xc4b1fdf8c6b2e4f9163ffe27c4915746 > Finished request 2. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=290 > Cleaning up request 2 ID 66 with timestamp +39 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = 0x020300061900 > State = 0xc4b1fdf8c6b2e4f9163ffe27c4915746 > Message-Authenticator = > 0x834956d460493056f00e0117298d68d7 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 3 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake fragment handler > [peap] eaptls_verify returned 1 > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = > 0x010400b51900387bb57f237040a0b009495fcb1c4460694c6214f871d93a5afdd > fcc7aa7727e9ce657d22551e936e9415eea3a0ce78a7ea4b121f711fc19e2b505b > 4fa004bcc2952effdc18d0cd1ec6fe10bf431e8a189a5cbefcaebd9beab4e75c230 > 9b55de25a9e392112915ad1c7b866a902f091b366eb96e7aa6ab544889069e70fd > a7ad8a9ec9eb729a6db3aeeb3ca9965daf0d515783a89a0947b6004eaad452777 > ae3413772aa2f5f16030100040e000000 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0xc4b1fdf8c7b5e4f9163ffe27c4915746 > Finished request 3. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=622 > Cleaning up request 3 ID 66 with timestamp +39 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = > 0x020401501980000001461603010106100001020100373aae08036c5c081766d84 > efb8b257d7a9840bd2d91f9fbb1bad0c23993b1becc777b0890f6c8eb6b9ad515a > 2a5436dd50ea6feaeb8d0e9d3b7142af44ef0a0d52004a50e4b3022e3c2752cbc9 > caff85cbbd8281543a4a2c1b8a9a9141dd4430cafb7375f8d1a299c321a10edf205 > 010f828f80cb188855d7888ef33d2c14d9bbc52bb23e99e2570ec2be2e6896f918 > c61926fbfc21009af339abbf671c483c897e7f5a9614f7ffd003d126edeebb752e3a > f6f8dc63a10a314fb5d105124ce25332a68c7b6aee6bebcf5eb9aa3a3853cdb0ec > ef655a78107a86ce327d51d84fb858490131e5c8 > EAP-Message = > 0x4fdfa622a41c66fd40edceb1c3cc99f33a0591a75a1c419d681403010001011603 > 010030183a1d1ce2e805a60d16d91940d4b659bc1ecda540c675ea25f530b5c3eb > e4114d5553609074df1351384da76ab4f78a > State = 0xc4b1fdf8c7b5e4f9163ffe27c4915746 > Message-Authenticator = > 0xef9d2df3d5a31b39f3ddf68d687d6b5c > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 4 length 252 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > TLS Length 326 > [peap] Length Included > [peap] eaptls_verify returned 11 > [peap] <<< TLS 1.0 Handshake [length 0106], > ClientKeyExchange > [peap] TLS_accept: SSLv3 read client key exchange A > [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] > [peap] <<< TLS 1.0 Handshake [length 0010], Finished > [peap] TLS_accept: SSLv3 read finished A > [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] > [peap] TLS_accept: SSLv3 write change cipher spec A > [peap] >>> TLS 1.0 Handshake [length 0010], Finished > [peap] TLS_accept: SSLv3 write finished A > [peap] TLS_accept: SSLv3 flush data > [peap] (other): SSL negotiation finished successfully > SSL Connection Established > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = > 0x0105004119001403010001011603010030c5ca03d2a20ef23d2e6375c8153c3e6 > c1afa2151b0232004998802bece4070cb14b8a1bffac3874c849f89a1f8450de2 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0xc4b1fdf8c0b4e4f9163ffe27c4915746 > Finished request 4. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=277 > Cleaning up request 4 ID 66 with timestamp +39 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = 0x0206000b016b7465737435 > Message-Authenticator = > 0x7667edddd0b6ae7ddec276f6fc0d09fd > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 6 length 11 > [eap] No EAP Start, assuming it's an on-going EAP > conversation > ++[eap] returns updated > ++[unix] returns notfound > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the > user. Authentication may fail because of this. > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type tls > [tls] Initiate > [tls] Start returned 1 > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = 0x010700061920 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0x8791eff18796f6b55a0a76adc31036d5 > Finished request 5. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=420 > Cleaning up request 5 ID 66 with timestamp +42 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = > 0x0207008819800000007e16030100790100007503014d2e034fe43eb22c54e9c3 > 0587e009b69a0a7712664fc62b7754d5321207a9e700003ac00ac009c007c008c01 > 3c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009 > 000300080033003900160015001401000012000a00080006001700180019000b000 > 20100 > State = 0x8791eff18796f6b55a0a76adc31036d5 > Message-Authenticator = > 0xdd954eaa01deac01b7a9d0973e934401 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 7 length 136 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > TLS Length 126 > [peap] Length Included > [peap] eaptls_verify returned 11 > [peap] (other): before/accept initialization > [peap] TLS_accept: before/accept initialization > [peap] <<< TLS 1.0 Handshake [length 0079], ClientHello > [peap] TLS_accept: SSLv3 read client hello A > [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello > [peap] TLS_accept: SSLv3 write server hello A > [peap] >>> TLS 1.0 Handshake [length 085e], Certificate > [peap] TLS_accept: SSLv3 write certificate A > [peap] >>> TLS 1.0 Handshake [length 0004], > ServerHelloDone > [peap] TLS_accept: SSLv3 write server done A > [peap] TLS_accept: SSLv3 flush data > [peap] TLS_accept: Need to read more data: SSLv3 read > client certificate A > In SSL Handshake Phase > In SSL Accept mode > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = > 0x0108040019c00000089b160301002a0200002603014d2e033cabdd48cf6a4f062 > f86f5947a33952f7547e4871741c1b81a7c7ae51e00002f00160301085e0b00085a > 0008570003a6308203a23082028aa003020102020101300d06092a864886f70d010 > 1040500308193310b3009060355040613024652310f300d06035504081306526164 > 6975733112301006035504071309536f6d65776865726531153013060355040a130 > c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d6 > 96e406578616d706c652e636f6d312630240603550403131d4578616d706c65204 > 36572746966696361746520417574686f72697479 > EAP-Message = > 0x301e170d3131303131323138353335325a170d3132303131323138353335325a > 307c310b3009060355040613024652310f300d06035504081306526164697573311 > 53013060355040a130c4578616d706c6520496e632e312330210603550403131a45 > 78616d706c65205365727665722043657274696669636174653120301e06092a864 > 886f70d010901161161646d696e406578616d706c652e636f6d30820122300d060 > 92a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451 > d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8 > b1f81044272b76dbaa079cbd3dd727461dfd7a5 > EAP-Message = > 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c > 8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c8 > 1c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee4 > 67f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e3 > 3fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c > 354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001 > a317301530130603551d25040c300a06082b06010505070301300d06092a864886f > 70d01010405000382010100904c9828165a2de337 > EAP-Message = > 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8b > cb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9 > cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b742 > 5818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd2 > 24c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45 > c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71eb > bd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bf > d34797fbefa47a4eed95cca895860004ab308204 > EAP-Message = 0xa73082038fa0030201020209 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0x8791eff18699f6b55a0a76adc31036d5 > Finished request 6. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=290 > Cleaning up request 6 ID 66 with timestamp +42 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = 0x020800061900 > State = 0x8791eff18699f6b55a0a76adc31036d5 > Message-Authenticator = > 0x806cd522495a9dea0f1b63c2c7612616 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 8 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake fragment handler > [peap] eaptls_verify returned 1 > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = > 0x010903fc194000ae0fc87b0b841be2300d06092a864886f70d010105050030819 > 3310b3009060355040613024652310f300d06035504081306526164697573311230 > 1006035504071309536f6d65776865726531153013060355040a130c4578616d706 > c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616 > d706c652e636f6d312630240603550403131d4578616d706c652043657274696669 > 6361746520417574686f72697479301e170d3131303131323138353335315a170d3 > 132303131323138353335315a308193310b3009060355040613024652310f300d06 > 0355040813065261646975733112301006035504 > EAP-Message = > 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496 > e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652 > e636f6d312630240603550403131d4578616d706c65204365727469666963617465 > 20417574686f7269747930820122300d06092a864886f70d01010105000382010f0 > 03082010a0282010100d73060bc3e4f3bacd8c526ff5efa081cbfd333963c0a90272 > e83d654b8d1a16a25c9e1358b347d3f91d49ed29d387fd6de5ba5fe18c43b4806 > 5e8f1bb9dcb22d1a8679925af0bdc049d32199ba543f1d40a7c6b3578892efcaea > 646bdde6442593b17cb4713fb4d6f0616a5db38d9b > EAP-Message = > 0xfd1d6e9dd30b6e536ba717a75adaa7c87fd019e83bea06f5eacb6a09fa9954b6 > 0ccc92116455610a2674a03a4ecacee05ce914a72a27965d55471df19c8751fdb69 > fe66426bb236f7d57cfffe41822e7d8ddfc6c1c8f5b45e6010c896918c4f11162697 > 9b280ddf2219099024cb0efb17c9660df9fc642edc9874074cb83e93349b19a2c16 > 409b7444545ee27b2a52bb9d0203010001a381fb3081f8301d0603551d0e041604 > 14872c00a6ed850850f4e202b4d86a1d663b35fd8e3081c80603551d230481c030 > 81bd8014872c00a6ed850850f4e202b4d86a1d663b35fd8ea18199a48196308193 > 310b3009060355040613024652310f300d06035504 > EAP-Message = > 0x0813065261646975733112301006035504071309536f6d6577686572653115301 > 3060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d0109 > 01161161646d696e406578616d706c652e636f6d312630240603550403131d4578 > 616d706c6520436572746966696361746520417574686f72697479820900ae0fc87 > b0b841be2300c0603551d13040530030101ff300d06092a864886f70d0101050500 > 0382010100a5c0c601e1cb4606aa986dc240b7488bb4afd8c0e81ba0361530d556 > ad117222cdcc5a57a13fe3eb073ca72dff40db0a58c8d835ec110485bd158ab6cd1 > d8583cd575710b49070b3794384d2cff45f22b81e > EAP-Message = 0x2dc327be959645c8 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0x8791eff18598f6b55a0a76adc31036d5 > Finished request 7. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=290 > Cleaning up request 7 ID 66 with timestamp +43 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = 0x020900061900 > State = 0x8791eff18598f6b55a0a76adc31036d5 > Message-Authenticator = > 0xf2ec741c480f9339eaa13537cadc59e4 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 9 length 6 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > [peap] Received TLS ACK > [peap] ACK handshake fragment handler > [peap] eaptls_verify returned 1 > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = > 0x010a00b51900387bb57f237040a0b009495fcb1c4460694c6214f871d93a5afdd > fcc7aa7727e9ce657d22551e936e9415eea3a0ce78a7ea4b121f711fc19e2b505b > 4fa004bcc2952effdc18d0cd1ec6fe10bf431e8a189a5cbefcaebd9beab4e75c230 > 9b55de25a9e392112915ad1c7b866a902f091b366eb96e7aa6ab544889069e70fd > a7ad8a9ec9eb729a6db3aeeb3ca9965daf0d515783a89a0947b6004eaad452777 > ae3413772aa2f5f16030100040e000000 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0x8791eff1849bf6b55a0a76adc31036d5 > Finished request 8. > Going to the next request > Waking up in 4.9 seconds. > Cleaning up request 8 ID 66 with timestamp +43 > Ready to process requests. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=277 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = 0x0201000b016b7465737435 > Message-Authenticator = > 0xacd1f25254d19ef7ef878a3a79e240be > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 1 length 11 > [eap] No EAP Start, assuming it's an on-going EAP > conversation > ++[eap] returns updated > ++[unix] returns notfound > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the > user. Authentication may fail because of this. > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type tls > [tls] Initiate > [tls] Start returned 1 > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = 0x010200061920 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0x119bd5731199cc528cc4c05b9703cffa > Finished request 9. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 10.1.1.1 port > 38428, id=66, length=420 > Cleaning up request 9 ID 66 with timestamp +48 > User-Name = "ktest5" > NAS-IP-Address = 127.0.4.1 > NAS-Port = 259 > Framed-MTU = 1400 > Called-Station-Id = "00:1f:45:7f:83:fa" > Calling-Station-Id = "58:b0:35:28:19:ad" > NAS-Port-Type = Wireless-802.11 > NAS-Identifier = "KASD_TEST" > Service-Type = Framed-User > Vendor-4329-Attr-3 = > 0x30353030303130313433303532333035 > Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 > Vendor-4329-Attr-4 = 0x4b4153445f54455354 > Vendor-4329-Attr-5 = 0x4b4153445f54455354 > Vendor-4329-Attr-6 = > 0x30303a31663a34353a37663a38333a6661 > Vendor-4329-Attr-7 = 0x53747564656e7473 > Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 > EAP-Message = > 0x0202008819800000007e16030100790100007503014d2e0355d881daaa7bc48a > b53b8cbf1877d5045d28d27e8bc56439c8160f2d2e00003ac00ac009c007c008c01 > 3c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009 > 000300080033003900160015001401000012000a00080006001700180019000b000 > 20100 > State = 0x119bd5731199cc528cc4c05b9703cffa > Message-Authenticator = > 0x502685c6634bcf13076884276d720178 > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > [suffix] No '@' in User-Name = "ktest5", looking up realm > NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] EAP packet type response id 2 length 136 > [eap] Continuing tunnel setup. > ++[eap] returns ok > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/peap > [eap] processing type peap > [peap] processing EAP-TLS > TLS Length 126 > [peap] Length Included > [peap] eaptls_verify returned 11 > [peap] (other): before/accept initialization > [peap] TLS_accept: before/accept initialization > [peap] <<< TLS 1.0 Handshake [length 0079], ClientHello > [peap] TLS_accept: SSLv3 read client hello A > [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello > [peap] TLS_accept: SSLv3 write server hello A > [peap] >>> TLS 1.0 Handshake [length 085e], Certificate > [peap] TLS_accept: SSLv3 write certificate A > [peap] >>> TLS 1.0 Handshake [length 0004], > ServerHelloDone > [peap] TLS_accept: SSLv3 write server done A > [peap] TLS_accept: SSLv3 flush data > [peap] TLS_accept: Need to read more data: SSLv3 read > client certificate A > In SSL Handshake Phase > In SSL Accept mode > [peap] eaptls_process returned 13 > [peap] EAPTLS_HANDLED > ++[eap] returns handled > Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 > EAP-Message = > 0x0103040019c00000089b160301002a0200002603014d2e0342163fcd54d6877c3 > 4fe6b48bf4ada483c9daaeb893988fd2bdc1ee46300002f00160301085e0b00085 > a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d01 > 01040500308193310b3009060355040613024652310f300d0603550408130652616 > 46975733112301006035504071309536f6d65776865726531153013060355040a13 > 0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d > 696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520 > 436572746966696361746520417574686f72697479 > EAP-Message = > 0x301e170d3131303131323138353335325a170d3132303131323138353335325a > 307c310b3009060355040613024652310f300d06035504081306526164697573311 > 53013060355040a130c4578616d706c6520496e632e312330210603550403131a45 > 78616d706c65205365727665722043657274696669636174653120301e06092a864 > 886f70d010901161161646d696e406578616d706c652e636f6d30820122300d060 > 92a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451 > d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8 > b1f81044272b76dbaa079cbd3dd727461dfd7a5 > EAP-Message = > 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c > 8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c8 > 1c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee4 > 67f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e3 > 3fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c > 354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001 > a317301530130603551d25040c300a06082b06010505070301300d06092a864886f > 70d01010405000382010100904c9828165a2de337 > EAP-Message = > 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8b > cb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9 > cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b742 > 5818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd2 > 24c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45 > c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71eb > bd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bf > d34797fbefa47a4eed95cca895860004ab308204 > EAP-Message = 0xa73082038fa0030201020209 > Message-Authenticator = > 0x00000000000000000000000000000000 > State = 0x119bd5731098cc528cc4c05b9703cffa > Finished request 10. > Going to the next request > Waking up in 4.9 seconds. > Cleaning up request 10 ID 66 with timestamp +48 > Ready to process requests. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html