I'm using PEAP to authenticate by Windows client
There's an account IOT/IOT in "users" (detail configuration is in below)
The messages show that login is OK but it seems continuouly processing the request
Can anyone give me some suggestion where errors may be?
Followings are my system messages, eap.conf, and users
Thanks
=== Part of system messages after "Ready to process requests" ===
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=37, length=148
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0x
EAP-Message = 0x0212000801494f54
Message-Authenticator = 0x11a6ee0a445fabef995d579e653ef367
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 18 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 37 to 172.19.0.10:1812
Called-Station-Id == "RSNA:Sanity3"
Tunnel-Private-Group-Id:0 = "RSNA"
EAP-Message = 0x011300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80c18c662cdbcee42a9d5d0428125e5c
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=38, length=268
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0x80c18c662cdbcee42a9d5d0428125e5c
EAP-Message = 0x0213007019800000006616030100610100005d03014254ac168df0f9249967eda814a019f999c1beb683eda61e9ded8cba6b32f1222063d8b5caeab55c0b4ba416ccfa679144bfeab75e7189e5b95e80229c98e0551c001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x78734de8ef02e7925e969d256eb53eb2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 19 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 056c], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 38 to 172.19.0.10:1812
Called-Station-Id == "RSNA:Sanity3"
Tunnel-Private-Group-Id:0 = "RSNA"
EAP-Message = 0x0114040a19c0000005c9160301004a02000046030142531e1c8f3e23601bbb9f6b75e80b61cded97b8c5f6b417bdb92a4b8b886e12208f3b000569e44d6aa30cc1d725d582fe01540ab1f5ed3e19b40daf9c33131048000400160301056c0b00056800056500026b30820267308201d0a003020102020106300d06092a864886f70d0101040500305f310b3009060355040613025457311330110603550408130a536f6d652d5374617465310f300d06035504071306546169706569310c300a060355040a13034e5455310b3009060355040b1302494d310f300d06035504031306566963746f72301e170d3035303332343033313135345a170d3036
EAP-Message = 0x303332343033313135345a307b310b30090603550406130254573111300f0603550408130850726f76696e6365310f300d06035504071306546169706569310c300a060355040a13034e54553119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cbb669c836bc1195d00bab7a692c16b4752012b675bce9c0bed058ed7fbda2cd6e7ce7e5ec0a1b6be5e2fee9e67e7fa46c121fe4963fc463bdeee9947ea12c6f1fe7a935d6d7cb3e96f29708026f01e30eb0b29f4c29502b
EAP-Message = 0x218a333753df0664bcad5207c98eec524f3e119174fb3a02e5e74d0f3585a4c118348dccf885b30d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181008c889be8f14b935f236f72ca072d7a82ad03769b9e9f20e23864ac12aa284abba7c55bda41eb2d8df13c027160d8cb5604832c1caa0332c89afa8b0c3e5d72d0fc5bafc913a649de4e440eb8b4ed5db27b17b4cb6beccd5852d28c726412b08e144caa0e79630ec3e7096d27eb031fe05eaf8865d7bc7103a2802775d851c3100002f4308202f030820259a003020102020100300d06092a864886f70d0101040500305f
EAP-Message = 0x310b3009060355040613025457311330110603550408130a536f6d652d5374617465310f300d06035504071306546169706569310c300a060355040a13034e5455310b3009060355040b1302494d310f300d06035504031306566963746f72301e170d3035303332333133333834355a170d3135303332313133333834355a305f310b3009060355040613025457311330110603550408130a536f6d652d5374617465310f300d06035504071306546169706569310c300a060355040a13034e5455310b3009060355040b1302494d310f300d06035504031306566963746f7230819f300d06092a864886f70d010101050003818d0030818902818100
EAP-Message = 0xe253f7e35e677cf9447dbae8c6bb3e2f9d62c53f1227
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7b4ae092bd6ff8c952ebab98b227d5f0
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=39, length=162
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0x7b4ae092bd6ff8c952ebab98b227d5f0
EAP-Message = 0x021400061900
Message-Authenticator = 0x1b1b8adba783795f16929af33579ca24
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 20 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 39 to 172.19.0.10:1812
Called-Station-Id == "RSNA:Sanity3"
Tunnel-Private-Group-Id:0 = "RSNA"
EAP-Message = 0x011501cf190068238a29ed87a4544127421b5609ba6b1c42fcf70dc1592fe3db8759046af4944a33444404876ae902a737d5cbb36738be097fdfd25fc44d9b54116abcd07932f31d030572b040ae2aac9dffc0aca44b5729d3b536aaa9a33bad5cca338a4bbabdc9502cd9923c1a59930203010001a381bb3081b8301d0603551d0e04160414557f06515414143987dd94d6a019aa728350f2f63081880603551d23048180307e8014557f06515414143987dd94d6a019aa728350f2f6a163a461305f310b3009060355040613025457311330110603550408130a536f6d652d5374617465310f300d06035504071306546169706569310c300a060355
EAP-Message = 0x040a13034e5455310b3009060355040b1302494d310f300d06035504031306566963746f72820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038181004b395d7c765e6d52a95118505f39c9b38030377b9c81ad186bb543fcd837e514be0fff2a3751f18bb9ec40f32b33c9414d6b83d76b70e50ce725cd51408a9615d3ab45dadecf6726a231e687d020d4e4b566e7cc0d64d5d0690113797a1ce8b681eb02c3da7edf259006177a43aec44b9f0b6d961f2df9e1623f151210f0122216030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0dd97206729a49590d9ae5a45d32c146
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=40, length=348
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0x0dd97206729a49590d9ae5a45d32c146
EAP-Message = 0x021500c01980000000b6160301008610000082008007c532a393b6a1fae0cf41a20ead92d2a278d9f18b4e216e45bf457915b5ec798364abb62defbf87cc0e9911e98f54d180df6a429287fc67bbf9ab517919147282b994f535d2d7e5407e180769697d755f4fc5bcdb6575b0f0fde5e1818333490547ddb4ddb51497d383f1ce09980dffcfe89edea5c4443b03179e08a2f60300140301000101160301002015d12737ded3e8162dd55202716e935abdf4707c32d63daf2d8a178289644183
Message-Authenticator = 0x66f99f36b4faf7eda163d4616e34fdc7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 21 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 40 to 172.19.0.10:1812
Called-Station-Id == "RSNA:Sanity3"
Tunnel-Private-Group-Id:0 = "RSNA"
EAP-Message = 0x0116003119001403010001011603010020276f45179caeb5eab59cab4622f1d8397a1bd6f6ebcf6dc7f5f804ca8f3b759d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa6d6a8793e376cfa9ac18d1f3e2641b5
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=41, length=162
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0xa6d6a8793e376cfa9ac18d1f3e2641b5
EAP-Message = 0x021600061900
Message-Authenticator = 0x28d90751ef1db72deaeecfa494a24a87
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 22 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 41 to 172.19.0.10:1812
Called-Station-Id == "RSNA:Sanity3"
Tunnel-Private-Group-Id:0 = "RSNA"
EAP-Message = 0x01170020190017030100154b4d15272a5b43e2fd2c50fba0178a641612e8d468
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5ed2b16315cebb568c31cf624cefc1c
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=42, length=187
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0xb5ed2b16315cebb568c31cf624cefc1c
EAP-Message = 0x0217001f190017030100149d3af29be344c383e7d0262f6b916f7c51dbec56
Message-Authenticator = 0xbac60443c26c6ddaa4fd620d84b4e64d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 23 length 31
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - IOT
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of IOT
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to IOT
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 23 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 42 to 172.19.0.10:1812
Called-Station-Id == "RSNA:Sanity3"
Tunnel-Private-Group-Id:0 = "RSNA"
EAP-Message = 0x0118003419001703010029354c8e805c69795b44094ed449115c1e297419d37f5df019f1c0a5107e3d0d3969a408d01b93c3c815
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x83e056297601f57229806ddb8c6e488a
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=43, length=241
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0x83e056297601f57229806ddb8c6e488a
EAP-Message = 0x021800551900170301004a5a8f74d8bfb825fe90b9bd5749266dffb91e41c39b8dd0da5b8637433ce01999df5592b96c0f59c6328056b7f11fc5536486c1f6aa80964ed52c51289b23bdb813b11f2e796fa1f3987a
Message-Authenticator = 0x9f773f3823c79b34e5aba74d5abf9190
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 24 length 85
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to IOT
PEAP: Adding old state with 8c 90
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 24 length 62
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: Told to do MS-CHAPv2 for IOT with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 6
modcall: group Auth-Type returns ok for request 6
MSCHAP Success
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 43 to 172.19.0.10:1812
Called-Station-Id == "RSNA:Sanity3"
Tunnel-Private-Group-Id:0 = "RSNA"
EAP-Message = 0x0119004a1900170301003fe94867f136898bfa30abf566c891bfc14832342785913b872959ba21e6de58e3281dc08f0be65331ff6b50818e543cb3944eedbb4ef92e560b217ce0f8730f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd0d4e8b80c739bd5edad62a166938c76
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=44, length=185
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0xd0d4e8b80c739bd5edad62a166938c76
EAP-Message = 0x0219001d19001703010012b7a3f684c155d20917bd58aadfb50fc30514
Message-Authenticator = 0xbbc8b052d8fca0f44a701d3fa7913c09
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 25 length 29
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to IOT
PEAP: Adding old state with 2c 6b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 25 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 7
modcall: group authenticate returns ok for request 7
Login OK: [IOT/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 44 to 172.19.0.10:1812
Called-Station-Id == "RSNA:Sanity3"
Tunnel-Private-Group-Id:0 = "RSNA"
EAP-Message = 0x011a00261900170301001b74be167997ff9ea28836435d7404e18b23533e72ca34a7a7224e83
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x49658e1d883603c6793ea476a2afe036
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.19.0.10:1812, id=45, length=194
Framed-MTU = 1400
Calling-Station-Id = "0020a64f13ca"
Called-Station-Id = "RSNA:Sanity"
Acct-Session-Id = "000e40992fb60020a64f13ca0000000000000002"
User-Name = "IOT"
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
NAS-IP-Address = 172.19.0.10
State = 0x49658e1d883603c6793ea476a2afe036
EAP-Message = 0x021a00261900170301001bd34dc54776e768312e8269228de10666285f2db9f926a77d6846e5
Message-Authenticator = 0xde0527cd90a35139b46bcd8b603c9714
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "IOT", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 26 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry IOT at line 161
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 8
modcall: group authenticate returns ok for request 8
=== users ===
IOT User-Password == "IOT" Called-Station-ID == "RSNA:Sanity", Tunnel-Private-Group-ID = "RSNA"
=== eap.conf ===
eap {default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
challenge = test
auth_type = PAP
}
tls {
private_key_password = test
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = yes
use_tunneled_reply = yes
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
