Hi all. I think I'm near to correctly configure my server... but I incur in a situation that IIUC should be related to win clients only: I get -8<-- WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x6ac8f8c260c3e171 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -8<-- message and *eapol_test* (run from a *linux* machine!) gives up after about 10 seconds. I checked the FAQ, but couldn't find anything useful. The certs I'm using are from internal CA (actually from an internal intermediate CA, cert chain is certs/ca.pem and is 4.5k; root CA's self-signed cert is pointed by ca_cert= in eapol_test's config file).
Server is a plain Debian Squeeze, plus SAMBA 3.5.6 and FreeRADIUS 2.1.10 . Domain is correctly joined and winbindd is running. I followed steps described in http://deployingradius.com/documents/configuration/active_directory.html (then noticed that the two references to ntlm_auth in authenticate sections aren't needed for mschapv2: ntlm_auth gets called by mschap module). The complete output from freeradius -X is: FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 14 2010 at 21:12:30 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 137.204.65.161 { require_message_authenticator = no secret = "testing123qaz" } client 137.204.65.96 { require_message_authenticator = no secret = "testing123qaz" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = no require_encryption = no require_strong = no with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:User-Name}:-%{User-Name:-None}} --domain=%{%{mschap:NT-Domain}:-PERSONALE} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" cache { enable = no lifetime = 24 max_entries = 255 } verify { } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { # from file /etc/freeradius/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/modules/digest Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=0, length=154 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200001c01504552534f4e414c455c646965676f2e7a75636361746f Message-Authenticator = 0xc68141559c87212c55a2b2741272d0dd # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 28 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 137.204.65.96 port 37126 EAP-Message = 0x010100160410dc4a25c479305ea4fe8c21f192a4dca4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683543ee6c2a6e7507d0df55eb21 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=1, length=150 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0x43ef683543ee6c2a6e7507d0df55eb21 Message-Authenticator = 0x4edf220dd0140e17c8aa0857f1b5e29d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 1 to 137.204.65.96 port 37126 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683542ed712a6e7507d0df55eb21 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=2, length=362 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200da1980000000d016030100cb010000c703014f16ccffb3c34f03f4a77654249ab0c21036cd3ece504dc05416ca3a2aea6a2900005ac014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 State = 0x43ef683542ed712a6e7507d0df55eb21 Message-Authenticator = 0x4c68e829881215fc01e273ba9cf55d20 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 218 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 208 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00cb], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 11ab], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 2 to 137.204.65.96 port 37126 EAP-Message = 0x0103040019c00000138116030100310200002d03014f16ccfd1c402dae323a0ef21e5d8a5afe0821a5d3dda9f1705e28a95d80f6f9000039000005ff0100010016030111ab0b0011a70011a40004d6308204d2308202baa003020102020112300d06092a864886f70d01010505003081ba310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d69613120301e06035504031317417374726f6e6f6d6961202d20 EAP-Message = 0x434120536572766572733122302006092a864886f70d0109011613646970617374722e736940756e69626f2e69743020170d3131313130383030303030305a180f39393939313233313233353935395a3081bd310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d6961312330210603550403131a7261646975732e617374726f6e6f6d69612e756e69626f2e69743122302006092a864886f70d0109011613 EAP-Message = 0x646970617374722e736940756e69626f2e697430819f300d06092a864886f70d010101050003818d0030818902818100c1c3b4a6e9b5fce7249f5440a7511ece035a791f3f621a91d6acbbbb5798f2f1ead6707f98fbeafe84b1593dd3a3794c69b43bff8314a380f52a44db1260043aea665a33823ef1772256b84440d6133ef83f7f2c38b5faf7f1643263c305d7c0fc140c5775b4ea392689908388fa8b973e1e58eb51512e695a011a6d01a3bf970203010001a360305e300c0603551d130101ff04023000301d0603551d0e041604146da6e750d66a1d54e6bbd913a5d85f72e4107999300b0603551d0f0404030205e0300f0603551d11040830 EAP-Message = 0x06870489cc4163301106096086480186f8420101040403020640300d06092a864886f70d0101050500038202010044824e99f11f014714ccfbccd8cba334673d130458ed773eb9fcf1749119e6cbdbbf6195b3e4985e0feaf58ee9f3c2dd284c2b44c5234d23b9428967b822917a65176be6b47985c4ba224df66a5f3b8627f855b53a867e7c8148327dbd43558c9352dc61fbdf59c0570118c2c3c6bc191198b2fa3dc5b4f3cf07b26c1245016c75823bd3e8ea1bd2c7a1dc3fda0ae658ea9a6609a0120f51bd34c64d82b2d094cd3ed063efc2272d0bf6d9440021b9c6827f561656de9b9197c76fc8597ac7b2ac50cd259cdf6145ff80951bdb41a0 EAP-Message = 0xf4833fe432eb73f52556205b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683541ec712a6e7507d0df55eb21 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=3, length=150 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300061900 State = 0x43ef683541ec712a6e7507d0df55eb21 Message-Authenticator = 0xe97e4b03dcea854e92f7807e5a1fec21 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 3 to 137.204.65.96 port 37126 EAP-Message = 0x010403fc194013bef304b9b36fd11da95506f7d0ab98d840cc7954ad54619d25a1c07b212902891f1794db9f34496061f993fc975d3383950d58532953b20a516368420d7a1e7b6aaf99cdd32751ea6284092c12b409661afd56165ba3631aceb357115c0de589b66b975930ec93b4f5b1f3bb61858933eb89948a83c0c36d04dd42b59be638427449adba16a390966e64142fc1ba27dba01edd849b8ec8b4ccbbc794c32b0d810a246a8474e0f6b1e49f5cbc8989187f88dd3236507943a11c9ef419c54f05087b6bb0d33e6cb8ee517969594ff8b5e645141c9728786e4d5cb7442bc1ea464003af25294dc9f995b66fe32f25d057592181ef6e91d0 EAP-Message = 0xe7d75768520aef64038d6fba149898a05526ceadd05589b6dde0088d47baff4351da66d5f9f1f40ed2e3b31d09d00006643082066030820448a003020102020102300d06092a864886f70d01010505003081b7310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d6961311d301b06035504031314417374726f6e6f6d6961202d20526f6f742043413122302006092a864886f70d0109011613646970617374 EAP-Message = 0x722e736940756e69626f2e6974301e170d3131303431333130333730305a170d3231303431333130333430305a3081ba310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d69613120301e06035504031317417374726f6e6f6d6961202d20434120536572766572733122302006092a864886f70d0109011613646970617374722e736940756e69626f2e697430820222300d06092a864886f70d0101010500 EAP-Message = 0x0382020f003082020a0282020100c9a65b653687e1f4bf0d007c1b3aae71b27e2ff3b067da0b00dfbcbf0caf2c00604895c08456621a269599dcc830617f93d9c1deab2811dfd06be62d67b54ca64a5949b6bd8497ec291da11d93f2a2e587db880d812a98c5fda02b3679a241c7cdce479bbc700f03838935a1c53798e14992dce210fad9e9ba9bfd11dc190b32974bd4be6ae0df5c7dce19c7361a16457a3ca455d03d5cdc779d16683f7341e91aecc7700d227730e266b59b9c7e60b44d40a65bbfec45ba31ec7b02123c27edf85863965edf64b3baf16fc717fff7a1e3e836cce5af3998c1f652b61e94ad3c0d929b94dc29a23cf4a4756c786055 EAP-Message = 0x57c1c75cb275e2dc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683540eb712a6e7507d0df55eb21 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=4, length=150 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061900 State = 0x43ef683540eb712a6e7507d0df55eb21 Message-Authenticator = 0x9e08902da5fd2b646400ed4b41e91a21 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 137.204.65.96 port 37126 EAP-Message = 0x010503fc1940497db7ae62ebca425e91325041df3a0972986b9982f7371bd4b07e006d76de0b75c503345e77d85993d80e68402d8066603ccf88e2a2d326c6ebc6a7af4ee4fc20e5e9db1d9453305b2ed641b1aa87eeaebd1f19a814b71b8b217f93de4891037d8ace80d28d00228cacb32fac30040ee1d17085b30fdbc11703f26fec9db2e33c058fcbbd69e6504b2bd43b292c32f1b1848892dd33e3439d7f1d3e4375e030ec9be5a2ef407d6d85591c43208690b9c257bdb61e0b6e68b9bf1359ea4d08b11ba6a90019e964b3190c4005bf032c72408d3ae0c1b87fa069ed65c7cc25e0de88ab5b723cc11a10d0bc6c6e2e48f11e1c2c8932bb35bc EAP-Message = 0x5bdaf7c2cc256a9dc7993d847f302df8eccf0203010001a3723070300f0603551d130101ff040530030101ff301d0603551d0e04160414bb0d326895f83bd24f85fcfaeabee6cc8a5e5686300b0603551d0f040403020106301106096086480186f8420101040403020007301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d0101050500038202010069f6c733df3066b2cf7705a1f4deb879d2c43ccab1b3d44fb22287067333f0517f99f9a07f62b5978fa9e902900370d50c0564d7855beed40c88831d65d07ca6698d4ee10305e0c488e88c1edd57ff1c02a0679cab0af5417459f650aeef EAP-Message = 0x63d5f84fe63dccfc660b1381be5b08341ae7c60ac2c7a5ae1804c253c108bae37c3841472c01cc4fdff69ec7f4636dd47d07836933d9d00cfd445419d2877c82e0a8cea2da6b1f03cd1c583a0873cfa4570ec0aff784d75f5524b66ddf3b0ea2d76d2d51d665c8976babf7fabf17898b3863a6046de6c4e577a726531a141a298c901279807ec540bb6bd07421c74b5ee3e7c0b0002e41e8ae1466b53026a26f95bfa23ae5b3d8b8cdb4bc559a180ffb6bfe375900350f2828889e3c7534fd0efd544b2784efe655c6d8c6fb6d3afe60c877533bef905dca4eacf5a049d76e9f8276cd0eccabc0eccdb1e1e84652ebc8fe6336de3cb78cdb2972929135 EAP-Message = 0xc1fb48eb425e4cbadee88635e5d31cd6f92e459a8060931ca72220f652ecdb6158e6a8362f958d3cda07254a07fa4ead61be4c045ea160919d6b54425411f8871810b5ec45fe79cd08c696dd86f561b15fc6e990d40c14876cb49be71ddbe5a0e884a7a9f418f3a900d72287f2749d4d7a3110aab60298f2b187d3b2e4240ddebdbc520cfa91ddf780f8ab925af7685f5d226b696b58a84a9337b192147712f03b9bd36b320006613082065d30820445a003020102020101300d06092a864886f70d01010505003081b7310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c EAP-Message = 0x060355040a131555 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683547ea712a6e7507d0df55eb21 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=5, length=150 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020500061900 State = 0x43ef683547ea712a6e7507d0df55eb21 Message-Authenticator = 0x91d8e3c1b56da793b962e80700e26bf2 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 5 to 137.204.65.96 port 37126 EAP-Message = 0x010603fc19406e697665727369746120646920426f6c6f676e6131233021060355040b131a446970617274696d656e746f20646920417374726f6e6f6d6961311d301b06035504031314417374726f6e6f6d6961202d20526f6f742043413122302006092a864886f70d0109011613646970617374722e736940756e69626f2e6974301e170d3131303431333130333430305a170d3231303431333130333430305a3081b7310b3009060355040613024954310e300c060355040813054974616c793110300e06035504071307426f6c6f676e61311e301c060355040a1315556e697665727369746120646920426f6c6f676e6131233021060355040b EAP-Message = 0x131a446970617274696d656e746f20646920417374726f6e6f6d6961311d301b06035504031314417374726f6e6f6d6961202d20526f6f742043413122302006092a864886f70d0109011613646970617374722e736940756e69626f2e697430820222300d06092a864886f70d01010105000382020f003082020a0282020100b572b5d8c13ea37504ee78aa1797f2fd41bae7fcdbbe347b2e82ccb435e534ba0f3a86e855325864418e9a257c6ba9a235490a863d975525a0c61686bacc4c6a2bd72ae802168723c92e69ec9c607c14bab310d68a22d50bc26b67256530554e90110e50adda28f09bb2eb39287b0515b3d5647d28d45de0f483998a15 EAP-Message = 0x71276b02173ab7fcf982697be48847eafd4f3b2a82dc48be9d5a1b5099e012455d40694118097125da6ffb233804f7cae4df233d8269c94afe552d1df57e941087cd758d3bf1a84716470b1d163e61de926f76b1d8a593484ba9e2d9a6f2dbfd2bbe6eaf0297b491c7d2963e497759c90439ef565dbb9ca07afd7acdcd4637652ab48cd2c0d0b71f84881788b1314b40d43e67729cfdefa44d078f16bbf423da10a0cc0911f46afb31ef3c9e03e2fe84808249bd9d58129a6977643b0b2ff1836c41c7f9df69879ecd99a8aacfc951d49dbf311e51ffa4b69f4ce2c0a0c1315d15c0b2c25ed37ef40dd9a1205adce6ce1a45c4e17623d4347025e11e9a EAP-Message = 0xa3284539579fce75d6bb213cb35fd75b22fa9764c34521f8e1f7eca57effa5c78145ab38278e73a25e4ab9e02da62ebe6560a65e4e9e92d35766f7aafc516acc177dbd84e56415f23b93832120a851a012534bf744c46bf37f7258f99697f7d9c7bbad728d63c7dec47b6a9cf6e1288d04e15c8d308296e645517fc297564d06d4e9c76715f10203010001a3723070300f0603551d130101ff040530030101ff301d0603551d0e04160414c82d02f0845d318f4982f8ee767edf32386b435d300b0603551d0f040403020106301106096086480186f8420101040403020007301e06096086480186f842010d0411160f78636120636572746966696361 EAP-Message = 0x7465300d06092a86 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683546e9712a6e7507d0df55eb21 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=6, length=150 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020600061900 State = 0x43ef683546e9712a6e7507d0df55eb21 Message-Authenticator = 0x077edb2d3f7d2398c30c8ca6cfcd209c # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 6 to 137.204.65.96 port 37126 EAP-Message = 0x010703af19004886f70d010105050003820201008e9eed3d5cab551c140a2f7a7dc07e8343a21484b60e617e7f9642923c8b976534393d89c5ca72ba6388e878f730f2c45e327b3e05b6bcc3d1d168f06964d9b65c3a6e57c6c376a3b571c092ad0361b0dc4c9bde733f918c41dda48051dff54a7f28616bec00e865abf462533cfd0313a0ddc716844075ed48821e50527728527548ace4f8fa1e6fba70e0bfdb68f5047e4873ebe08cd10874d51823b780ca1406d1c0e864c866888a61cffe76a81e521bbb95be971095789fa1a05b349060e38f543a94372060c15db0eceb71e6e901554a65a98ff82fb5e015af6c3f359aefce149108ba56832a76 EAP-Message = 0x0ccbf811a7b147b57abe282b2f976b874e5d874b4e68b6049f823747eaa603b1d49386876d3f30ce48cb824a34f3334ed56fd85b6b0c52839cda6fffd8a4e58612e29ab9e4790c71dcfaab93a7ba27906745479013f71482d1847cdc32a157fb224a4967d12442112d1d4cb5b27d855399b36e7a6094945cd0dd1d62c8f5b12c44577fc41ec88148a936bffc4155e2471052751decb392dc9ac949b6b571919fb73e06e2cf9fa49f651d690cb2fdd28e4fe9eac7d69e83687a361ced306d185a7c33847c4b11e898a56b46bd6cf06e91a13e77830347dce154020c99b3b1137d6eaaa9bb3e986ad58658cac5325e3205fe1e1aa40f4376ebad56e32738 EAP-Message = 0xaf4629f89f2260261926dbef1e7b538135e845ea5a3f30ca58bc160301018d0c000189008086af5afd81c88476eb4edc6626f30532fc1c25e7fada2ff7f4e984cc33c8f686d5e84b9280c055086728ae16e62b8290c7b385605b8d78891b76b90c6f4079994972d901ff1808add6780846d0764e95394517eee4210bec51c4c21ea3585ed5ccb42f551589f73c5edaec4e85096cfcb129515e33580e35c65bc9a884774f73000102008057e7a7868b2f9d6622e844bcd694740942fc76f79eafdeb7e5a28d52410ef7f5b9995ee56f8b65bed8de7a5bc66e648a48375658ce1ce1554f56b09c98863fde3c626d9e2384cc540ec794038e1d768d7b4676 EAP-Message = 0xb7377cd6c3e2bc0560065d66f46f1cf1802f5c5c309ef2d7156c4709fc094fe932a2e4f553aff9247e6cc8d1d60080209fb36f0a4e491d426154c9f662928c6445de6500998cb2b80a31771909359d6937b561e921877fb7632e2dce99a514c758abcad7e532a631a5beea379bec1cb119ae9a8fca9d8e876737f7077dbccacc5602f69445d55c5854c39e44dbb7f587d6333461ca65b220927bcbfdc01ca1c61d49a0145e663b6c763d233c29516816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683545e8712a6e7507d0df55eb21 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=7, length=352 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020700d01980000000c6160301008610000082008058cb301e009d8318a60397ed75c8861dd36756ba2532b32838c82c63fa01249f74e1c82e7135b99af9f09cbaa421dd2ce762f4ee6cd653997fa66efb83e6eaf0c759aa67254341e7757487383ca57593ad791519575b775f4621f717f33504c13fdb6d446ce886d493c4a90d876de51c7fc2c13e25ec6e5ab26fad4279f7db7614030100010116030100300dede37dfec28dc8fa13099ce8dfaf7fcb620f48ac259780509a498d305d802212a9e74110e87c0de8945581b1b76d41 State = 0x43ef683545e8712a6e7507d0df55eb21 Message-Authenticator = 0x914cd62018f2bacb1b5e43844427bfe2 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 7 to 137.204.65.96 port 37126 EAP-Message = 0x010800411900140301000101160301003077355cb0da486b0aea4ca9ed045399695f9f681ed77edc1ced530c75ee8779af5a6e22760acf506e1ff11ff69292a1c0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683544e7712a6e7507d0df55eb21 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=8, length=150 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020800061900 State = 0x43ef683544e7712a6e7507d0df55eb21 Message-Authenticator = 0x95f257485417d82e8bf94ed289656605 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 8 to 137.204.65.96 port 37126 EAP-Message = 0x0109002b1900170301002011b3a4baaef394361a7512b0601adb69cd64e7af2263a874925458c57cbb06d5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef68354be6712a6e7507d0df55eb21 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=9, length=240 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0209006019001703010020ca89e914288890073989835b87135e61d123f1b99c9e9dbb59bd00e538fe267017030100303a5233f9f866703fc729d93881a51dfafcf7c271b58e4ad2025ca975dc66e1f50926ecc360a99ed05e0484657b041e79 State = 0x43ef68354be6712a6e7507d0df55eb21 Message-Authenticator = 0x53a08dffdbbacff3b1b6fba2481f6a23 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - PERSONALE\diego.zuccato [peap] Got inner identity 'PERSONALE\diego.zuccato' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0209001c01504552534f4e414c455c646965676f2e7a75636361746f server { PEAP: Setting User-Name to PERSONALE\diego.zuccato Sending tunneled request EAP-Message = 0x0209001c01504552534f4e414c455c646965676f2e7a75636361746f FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "PERSONALE\\diego.zuccato" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 28 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010a00311a010a002c107cfe362585aadb4fa23845b02bcfe01d504552534f4e414c455c646965676f2e7a75636361746f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd1443252d14e285c0e8360ebb6b84386 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a00311a010a002c107cfe362585aadb4fa23845b02bcfe01d504552534f4e414c455c646965676f2e7a75636361746f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd1443252d14e285c0e8360ebb6b84386 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 9 to 137.204.65.96 port 37126 EAP-Message = 0x010a005b19001703010050f9cbc0b02898cb8b33b5aadcf2e5d786e51996bf476af50b8bac872bf606a14a926337af4751a874a5d9847d53369d80d8176dcc4b04a7d78c9d24b8793710676b922857e73b358ee7614e9ff31ff80a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef68354ae5712a6e7507d0df55eb21 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.204.65.96 port 37126, id=10, length=304 User-Name = "PERSONALE\\diego.zuccato" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020a00a01900170301002008596c1f4e70f289a40e621c9dcf0ca40054e79c53f3e2388597359078fe736f1703010070f7b6bde3723b7339008514fd27e63539ac816a7ad2b544ba51e6d690a98eb2985001bb97e6f4ece90a0f0ce5f8680c419e69036afd840b4d9db82fbf2d7f23ec150e3f114d9dfa21a178c3fe04182c840280a7c9a3881db001030c51d19214a245322d9693b21991dc342a7c361803e6 State = 0x43ef68354ae5712a6e7507d0df55eb21 Message-Authenticator = 0x87426031892e2deae424d6c68b5add28 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 160 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020a00521a020a004d315a07b47ea772821852bfa4a104f82bda000000000000000060eb877432cb1abb8ee542673b52a0350cf856409285d6ac00504552534f4e414c455c646965676f2e7a75636361746f server { PEAP: Setting User-Name to PERSONALE\diego.zuccato Sending tunneled request EAP-Message = 0x020a00521a020a004d315a07b47ea772821852bfa4a104f82bda000000000000000060eb877432cb1abb8ee542673b52a0350cf856409285d6ac00504552534f4e414c455c646965676f2e7a75636361746f FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "PERSONALE\\diego.zuccato" State = 0xd1443252d14e285c0e8360ebb6b84386 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "PERSONALE\diego.zuccato", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 10 length 82 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: diego.zuccato [mschap] Told to do MS-CHAPv2 for diego.zuccato with NT-Password [mschap] expand: %{mschap:User-Name} -> diego.zuccato [mschap] expand: --username=%{%{mschap:User-Name}:-%{User-Name:-None}} -> --username=diego.zuccato [mschap] expand: %{mschap:NT-Domain} -> PERSONALE [mschap] expand: --domain=%{%{mschap:NT-Domain}:-PERSONALE} -> --domain=PERSONALE [mschap] mschap2: 7c [mschap] Creating challenge hash with username: diego.zuccato [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=a386f8c169a1c226 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=60eb877432cb1abb8ee542673b52a0350cf856409285d6ac Exec-Program output: NT_KEY: 9BB45778B8201310A484C797422B8D27 Exec-Program-Wait: plaintext: NT_KEY: 9BB45778B8201310A484C797422B8D27 Exec-Program: returned: 0 ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010b00331a030a002e533d37343331453632374644453739373334444344324534393334414138303431343633384142373037 Message-Authenticator = 0x00000000000000000000000000000000 [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: diego.zuccato [mschap] Told to do MS-CHAPv2 for diego.zuccato with NT-Password [mschap] expand: %{mschap:User-Name} -> diego.zuccato [mschap] expand: --username=%{%{mschap:User-Name}:-%{User-Name:-None}} -> --username=diego.zuccato [mschap] expand: %{mschap:NT-Domain} -> PERSONALE [mschap] expand: --domain=%{%{mschap:NT-Domain}:-PERSONALE} -> --domain=PERSONALE [mschap] mschap2: 7c [mschap] Creating challenge hash with username: diego.zuccato [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=a386f8c169a1c226 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=60eb877432cb1abb8ee542673b52a0350cf856409285d6ac Exec-Program output: NT_KEY: 9BB45778B8201310A484C797422B8D27 Exec-Program-Wait: plaintext: NT_KEY: 9BB45778B8201310A484C797422B8D27 Exec-Program: returned: 0 ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010b00331a030a002e533d37343331453632374644453739373334444344324534393334414138303431343633384142373037 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd1443252d04f285c0e8360ebb6b84386 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010b00331a030a002e533d37343331453632374644453739373334444344324534393334414138303431343633384142373037 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd1443252d04f285c0e8360ebb6b84386 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 10 to 137.204.65.96 port 37126 EAP-Message = 0x010b005b1900170301005045ddd3dfa215dc299b05eb6e78c8401b338a72d790e0c9a68dda5b5b37965481bc9986b0305597baa1886b95b644924146f8e906975675912df555716751ebb66b407cc46ceb46a84c17ac8b178aa6c1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x43ef683549e4712a6e7507d0df55eb21 Finished request 10. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 0 with timestamp +8 Cleaning up request 1 ID 1 with timestamp +8 Cleaning up request 2 ID 2 with timestamp +8 Cleaning up request 3 ID 3 with timestamp +8 Cleaning up request 4 ID 4 with timestamp +8 Cleaning up request 5 ID 5 with timestamp +8 Cleaning up request 6 ID 6 with timestamp +8 Cleaning up request 7 ID 7 with timestamp +8 Cleaning up request 8 ID 8 with timestamp +8 Cleaning up request 9 ID 9 with timestamp +8 Cleaning up request 10 ID 10 with timestamp +8 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x43ef683549e4712a did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. Any hint? TIA! Diego. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html