Hi Alan, I'm facing the issue with configuration EAP-TTLS, LDAP and Perl and using test client as "eapol_test".
Please find the debug logs below: rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=0, length=206 User-Name = "xxxxxxxx" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020000360175736572317676746e746b6a6b636b76656469756366767672636e657563756b6c766465637475726a646a666b676e7267 Message-Authenticator = 0x065b1291e4b6cff7cecc69db3a9b5b83 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 54 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01 rlm_perl: Added pair Message-Authenticator = 0x065b1291e4b6cff7cecc69db3a9b5b83 rlm_perl: Added pair User-Name = xxxxxxxx rlm_perl: Added pair EAP-Message = 0x020000360175736572317676746e746b6a6b636b76656469756366767672636e657563756b6c766465637475726a646a666b676e7267 rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b rlm_perl: Added pair EAP-Type = Identity rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair Framed-MTU = 1400 rlm_perl: Added pair Auth-Type = EAP ++[perl] returns ok ++[files] returns noop [ldap] performing user authorization for xxxxxxxx [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> xxxxxxxx [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=xxxxxxxx) [ldap] expand: dc=example,dc=com -> dc=example,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to 192.168.1.103:389, authentication 0 [ldap] bind as cn=admin,dc=example,dc=com/xxxxxxxx to 192.168.1.103:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=example,dc=com, with filter (uid=xxxxxxxx) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Cleartext-Password == "xxxxxxxx" [ldap] userPassword -> Password-With-Header == "xxxxxxxx" [ldap] looking for reply items in directory... [ldap] user xxxxxxxx authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok [pap] Config already contains "known good" password. Ignoring Password-With-Header [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group EAP {...} rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01 rlm_perl: Added pair Message-Authenticator = 0x065b1291e4b6cff7cecc69db3a9b5b83 rlm_perl: Added pair User-Name = xxxxxxxx rlm_perl: Added pair EAP-Message = 0x020000360175736572317676746e746b6a6b636b76656469756366767672636e657563756b6c766465637475726a646a666b676e7267 rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b rlm_perl: Added pair EAP-Type = Identity rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair Framed-MTU = 1400 rlm_perl: Added pair h323-credit-amount = 100 rlm_perl: Added pair Cleartext-Password = xxxxxxxx rlm_perl: Added pair Password-With-Header = xxxxxxxx rlm_perl: Added pair Ldap-UserDn = uid=xxxxxxxx,ou=people,dc=example,dc=com rlm_perl: Added pair Auth-Type = EAP ++[perl] returns ok [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 127.0.0.1 port 45673 h323-credit-amount = "100" EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2a7f4cbf2a7e5963e2206d31c110709d Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=1, length=271 User-Name = "xxxxxxxx" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100651500160301005a010000560301507c49a86cfabf980d6b3d94daf27fe3f600a2320dbc3427626ca4b918ad885f00002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000 State = 0x2a7f4cbf2a7e5963e2206d31c110709d Message-Authenticator = 0x7984af4d41a5bfd6c39d9a472fe0cc17 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 101 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group EAP {...} rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair State = 0x2a7f4cbf2a7e5963e2206d31c110709d rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01 rlm_perl: Added pair Message-Authenticator = 0x7984af4d41a5bfd6c39d9a472fe0cc17 rlm_perl: Added pair User-Name = xxxxxxxx rlm_perl: Added pair EAP-Message = 0x020100651500160301005a010000560301507c49a86cfabf980d6b3d94daf27fe3f600a2320dbc3427626ca4b918ad885f00002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000 rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b rlm_perl: Added pair EAP-Type = EAP-TTLS rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair Framed-MTU = 1400 rlm_perl: Added pair h323-credit-amount = 100 rlm_perl: Added pair Auth-Type = EAP ++[perl] returns ok [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] <<< TLS 1.0 Handshake [length 005a], ClientHello [ttls] TLS_accept: SSLv3 read client hello A [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello [ttls] TLS_accept: SSLv3 write server hello A [ttls] >>> TLS 1.0 Handshake [length 02cd], Certificate [ttls] TLS_accept: SSLv3 write certificate A [ttls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange [ttls] TLS_accept: SSLv3 write key exchange A [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 1 to 127.0.0.1 port 45673 h323-credit-amount = "100" EAP-Message = 0x0102040015c0000004a316030100310200002d0301507c49a876d497d9f77288e6caa927ae9f07fcb259dfeb517d0ddbfa14c671c3000039010005ff0100010016030102cd0b0002c90002c60002c3308202bf308202280209008b00025017ffafe4300d06092a864886f70d01010505003081a3310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e310c300a060355040b130378797a312830260603550403141f224578616d706c6520436572746966696361746520417574686f72697479223120301e06092a86 EAP-Message = 0x4886f70d010901161161646d696e406578616d706c652e636f6d301e170d3132303931343136313931335a170d3133303931343136313931335a3081a3310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e310c300a060355040b130378797a312830260603550403141f224578616d706c6520436572746966696361746520417574686f72697479223120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100 EAP-Message = 0xc3d1b3c57f4c72c389bb132649aea31dd2d59953c56dc5e6a9630e5bf0902e8fbf68719eac848433d850602060ebc642c7cf0e121703ba1c152e713977216eef5f764473beafa4c53f51c96df814b4ab3b9de7ea22ba81d9b638d6333300a3fec763da2ad7f78574ac58c496749cbd1b22a732116ee9a25ae1131ce99ea00d310203010001300d06092a864886f70d01010505000381810007b898f0f249f93acd6b72df3a831a47c0a50b974b73da77b1824a9d77e8ce517299175fdc0c5e1610da5ad53fe266a585f30b23db1c980cc717acacc6f50ada63ca95daebed12b1ee47b704e6ccc2a84a44b27b0a17e14f19036e703a18c93687bdbe2b7e EAP-Message = 0x78e990b1fb0ab9c489ccde5194eeee3974c42c7c3b0e3bfb5b2901160301018d0c0001890080c51c91cdb5dca84043ba6593725729e34c8db0986ef811b01d68d07c6f04b760bbc897fd296a98bce2a9e42f042c06074b2196d7eed711f388cab4e53eaac23a9f6b0244de91671659f446ce85bb8898dfd490c60e0d313ba5a59f7718c43a8b5864192b3edd5a3c4a696b93fa28559d52cc52de8db8dcbff46d809a46bf34c300010200804321e02ced80d60dbdce5f94fe118280f401a58c2a9841bf073318ec6ac528ddddf128849ad36365c3a60b90e234dc959e312c6ad8d02bb330e66686b6dafe243a8188d46b270abd9a30d3a6f6e7e4454dcc EAP-Message = 0xb3c45b3ea56942954e0dbb66 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2a7f4cbf2b7d5963e2206d31c110709d Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=2, length=176 User-Name = "xxxxxxxx" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200061500 State = 0x2a7f4cbf2b7d5963e2206d31c110709d Message-Authenticator = 0x4d08a46158ad21253a616e97ad9ded18 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group EAP {...} rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair State = 0x2a7f4cbf2b7d5963e2206d31c110709d rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01 rlm_perl: Added pair Message-Authenticator = 0x4d08a46158ad21253a616e97ad9ded18 rlm_perl: Added pair User-Name = xxxxxxxx rlm_perl: Added pair EAP-Message = 0x020200061500 rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b rlm_perl: Added pair EAP-Type = EAP-TTLS rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair Framed-MTU = 1400 rlm_perl: Added pair h323-credit-amount = 100 rlm_perl: Added pair Auth-Type = EAP ++[perl] returns ok [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 2 to 127.0.0.1 port 45673 h323-credit-amount = "100" EAP-Message = 0x010300b71580000004a3f4da3a4fff56705c0118ee01841f0b363c07293ebcf69d05e1092c3e054bbdea541f00803a833293f40d96e86f2c849b5cdf9887eb868d3cac267e53b77c5ebe63b3a5e5989c08510c398b8dc3281bfdb5ae3578214cb26716be3557ca7f35d1a46a9a37b7b4d1eae9a10cace3b13dc194fb72249724b4b59c7dd62e66718bd50dcdb6ec376c57e4556cf4c44daa9c0adcf284e5c865714a7f71db352238d81e4207798016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2a7f4cbf287c5963e2206d31c110709d Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=3, length=374 User-Name = "xxxxxxxx" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300cc1500160301008610000082008090fd20bda5d27eb2d4deee9e076d8f77a8b14a91f33c6620eb5a3896f8280acd0bbd5bb0da405e5b09a842867e6083d21ee749f7f0ba637c2dd89005b8b98bb354742b01d83c676aee9a014355fbeff4b546055a2e0c39fd5a43ddac2031b42f81902efe3f17199e8f8be74683d1b0e05f2f126d7650a084e2800d62f26ab50f1403010001011603010030ccdda6df2d462f7b0b12cc43b02ee696b4cde6befa312d4147968c9af09c1e95b3ee38f8bd2b2521d88f4ed09e2f6969 State = 0x2a7f4cbf287c5963e2206d31c110709d Message-Authenticator = 0x3cee3f55cea92deefa2591caaea03633 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 204 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group EAP {...} rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair State = 0x2a7f4cbf287c5963e2206d31c110709d rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01 rlm_perl: Added pair Message-Authenticator = 0x3cee3f55cea92deefa2591caaea03633 rlm_perl: Added pair User-Name = xxxxxxxx rlm_perl: Added pair EAP-Message = 0x020300cc1500160301008610000082008090fd20bda5d27eb2d4deee9e076d8f77a8b14a91f33c6620eb5a3896f8280acd0bbd5bb0da405e5b09a842867e6083d21ee749f7f0ba637c2dd89005b8b98bb354742b01d83c676aee9a014355fbeff4b546055a2e0c39fd5a43ddac2031b42f81902efe3f17199e8f8be74683d1b0e05f2f126d7650a084e2800d62f26ab50f1403010001011603010030ccdda6df2d462f7b0b12cc43b02ee696b4cde6befa312d4147968c9af09c1e95b3ee38f8bd2b2521d88f4ed09e2f6969 rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b rlm_perl: Added pair EAP-Type = EAP-TTLS rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair Framed-MTU = 1400 rlm_perl: Added pair h323-credit-amount = 100 rlm_perl: Added pair Auth-Type = EAP ++[perl] returns ok [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [ttls] TLS_accept: SSLv3 read client key exchange A [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [ttls] <<< TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 read finished A [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [ttls] TLS_accept: SSLv3 write change cipher spec A [ttls] >>> TLS 1.0 Handshake [length 0010], Finished [ttls] TLS_accept: SSLv3 write finished A [ttls] TLS_accept: SSLv3 flush data [ttls] (other): SSL negotiation finished successfully SSL Connection Established [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 3 to 127.0.0.1 port 45673 h323-credit-amount = "100" EAP-Message = 0x0104004515800000003b140301000101160301003044e95766bb9308bc45e92fa37e082e248aa382cb961ee973693c1e7c695c35e664de49304756c6e6430fe00e640ea5c4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2a7f4cbf297b5963e2206d31c110709d Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 45673, id=4, length=394 User-Name = "xxxxxxxx" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400e0150017030100207c1f492109c1413df90458ac8bc6e2a363b5f4ef4a1b6b8e7e722ce41b4ac2fa17030100b0d13c2711852a1deb05113832a62cce19b446645bda91d1e8cb46d1339a44896b5ea3eee06c87e3309539d37d19c3c3ffa1cf4f32273143254278ad1bfafca9aa36d7f01fef67759698d74aa1d4aacf8ed329a53e24196b1817b85710bec6030ab55b2c69ce39ea67d900e7d392948b935cac44d35fa78211a54d318e60f1653c05103fcf515aa61da4e66b4ae43b9d4db728d023a9fcd03d6d4fa2e315a78021974d7f8b6df36a6f75442e2f8fe33712 State = 0x2a7f4cbf297b5963e2206d31c110709d Message-Authenticator = 0x90ceee8718eb32ddcf5b3a9d56136a94 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 224 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group EAP {...} rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair State = 0x2a7f4cbf297b5963e2206d31c110709d rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01 rlm_perl: Added pair Message-Authenticator = 0x90ceee8718eb32ddcf5b3a9d56136a94 rlm_perl: Added pair User-Name = xxxxxxxx rlm_perl: Added pair EAP-Message = 0x020400e0150017030100207c1f492109c1413df90458ac8bc6e2a363b5f4ef4a1b6b8e7e722ce41b4ac2fa17030100b0d13c2711852a1deb05113832a62cce19b446645bda91d1e8cb46d1339a44896b5ea3eee06c87e3309539d37d19c3c3ffa1cf4f32273143254278ad1bfafca9aa36d7f01fef67759698d74aa1d4aacf8ed329a53e24196b1817b85710bec6030ab55b2c69ce39ea67d900e7d392948b935cac44d35fa78211a54d318e60f1653c05103fcf515aa61da4e66b4ae43b9d4db728d023a9fcd03d6d4fa2e315a78021974d7f8b6df36a6f75442e2f8fe33712 rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b rlm_perl: Added pair EAP-Type = EAP-TTLS rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair Framed-MTU = 1400 rlm_perl: Added pair h323-credit-amount = 100 rlm_perl: Added pair Auth-Type = EAP ++[perl] returns ok [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "xxxxxxxx" MS-CHAP-Challenge = 0x059b04af3b71d9387b15f96b14a7a4c2 MS-CHAP2-Response = 0x77005d91d477265941c389c2b9f9372a1a5000000000000000003459aea6d0b65a6173735fa334560fb0bb2190a33f9b3b88 FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "xxxxxxxx" MS-CHAP-Challenge = 0x059b04af3b71d9387b15f96b14a7a4c2 MS-CHAP2-Response = 0x77005d91d477265941c389c2b9f9372a1a5000000000000000003459aea6d0b65a6173735fa334560fb0bb2190a33f9b3b88 FreeRADIUS-Proxied-To = 127.0.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "02-00-00-00-00-01" Connect-Info = "CONNECT 11Mbps 802.11b" NAS-IP-Address = 127.0.0.1 Framed-MTU = 1400 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "xxxxxxxx", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair Calling-Station-Id = 02-00-00-00-00-01 rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1 rlm_perl: Added pair MS-CHAP-Challenge = 0x059b04af3b71d9387b15f96b14a7a4c2 rlm_perl: Added pair User-Name = xxxxxxxx rlm_perl: Added pair MS-CHAP2-Response = 0x77005d91d477265941c389c2b9f9372a1a5000000000000000003459aea6d0b65a6173735fa334560fb0bb2190a33f9b3b88 rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair Framed-MTU = 1400 rlm_perl: Added pair Auth-Type = MSCHAP rlm_perl: Added pair Proxy-To-Realm = LOCAL ++[perl] returns ok ++[files] returns noop [ldap] performing user authorization for xxxxxxxx [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> xxxxxxxx [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=xxxxxxxx) [ldap] expand: dc=example,dc=com -> dc=example,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=example,dc=com, with filter (uid=xxxxxxxx) [ldap] object not found [ldap] search failed [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns notfound ++[pap] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: xxxxxxxx [mschap] Told to do MS-CHAPv2 for xxxxxxxx with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. *[mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject Failed to authenticate the user. } # server inner-tunnel [ttls] Got tunneled reply code 3 MS-CHAP-Error = "wE=691 R=1" [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user.* Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> xxxxxxxx attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 4 for 1 seconds Going to the next request Waking up in 0.2 seconds. Sending delayed reject for request 4 Sending Access-Reject of id 4 to 127.0.0.1 port 45673 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 0 ID 0 with timestamp +2 Cleaning up request 1 ID 1 with timestamp +3 Cleaning up request 2 ID 2 with timestamp +3 Cleaning up request 3 ID 3 with timestamp +3 Waking up in 1.0 seconds. Cleaning up request 4 ID 4 with timestamp +3 Ready to process requests. Thanks and best regards, Nand.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html