sorry for starting a sidetrack, but you implicitly indicate that you
compiled CVS pre 1.0.2 successfully under Solaris, especially
the libltdl directory.
Well, we tried several pre-1.0.2 and I think several others, too
and it seems many got into the same trouble with libltdl.
I think some people would be highly interested to learn what
you did to compile it successfully, including libltdl.
Checked your output:
If I remember correctly the 1.0.1 failed at decoding the tunnel;
this seems is entirely related to the NT password itself.
> rlm_mschap: NT Domain delimeter found, should we have enabled
with_ntdomain_hack?
> rlm_mschap: Told to do MS-CHAPv2 for EI2F-ENDL1\Tech_Support
with NT-Password
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
--with_ntdomain_hack necessary ?
Matthias Rumitz
TC Unix / Netzwerke
ADIVA Computertechnologie GmbH
Norsk-Data-Str. 1
D-61352 Bad Homburg v.d.H.
Fon: +49(0) 61 72 / 48 61 - 0
Fax: +49(0) 61 72 / 48 61 - 700
Web: http://www.adiva.de eMail: [EMAIL PROTECTED]
Diese E-Mail Nachricht enthält vertrauliche und/oder rechtlich geschützte
Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
This e-mail message may contain confidential and/or privileged
information.
If you are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail.
----- Originalnachricht -----
Von: [EMAIL PROTECTED]
Datum: Dienstag, Februar 1, 2005 2:52 pm
Betreff: CVS 1.0.2 PEAP MSCHAPv2
--- Begin Message ---
We have been unsuccessful in integrating a wireless environment utilizing a
Windows XP SP2 supplicant, a Cisco 1100 AP, and a freeradius server running
on Solaris 2.8. Specifically, we have been testing the developmental
version 1.0.2 after using the CVS snapshot suggested by Alan. This version
was being tested because of initial Windows NT password issues experienced
during the rlm_mschap module execution. The security environment we are
using is PEAP/MSCHAPv2 using the root certificate that comes with the
freeRadius software. The specific error in MSCHAPv2 has to do with the
Windows NT password and is identical to the error we received when using
1.0.1. Alan stated there are known issues using the 1.0.1 release on a
Solaris platform. The expectation of running the developmental 1.0.2 build
was to correct the errors we experienced. Is there any way we can assist
debugging this error efficiently? In addition, has anyone determined
specifically which module receives the NT_Password from the supplicant
before it is packaged in the VALUE_PAIR structure? We have been spending
time trying to determine the problem and any further assistance would be
helpful. Here is a log output of the latest run. Thanks
Chris
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = yes
tls: check_cert_cn = "%{User-Name}"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=141,
length=170
User-Name = "EI2F-ENDL1\\Tech_Support"
Framed-MTU = 1400
Called-Station-Id = "0011.5c81.b2e0"
Calling-Station-Id = "000f.f736.3068"
Message-Authenticator = 0x4f1cd52f88e41340fbf99f3b81eff15a
EAP-Message =
0x0201001c01454932462d454e444c315c546563685f537570706f7274
NAS-Port-Type = Wireless-802.11
NAS-Port = 462
Service-Type = Framed-User
NAS-IP-Address = 12.1.10.16
NAS-Identifier = "EI2F_ENDL_AP1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 28
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 141 to 12.1.10.16:21654
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb05f77dc5b1e696c3f63fbf922cd512e
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=142,
length=240
User-Name = "EI2F-ENDL1\\Tech_Support"
Framed-MTU = 1400
Called-Station-Id = "0011.5c81.b2e0"
Calling-Station-Id = "000f.f736.3068"
Message-Authenticator = 0x677a270ef14aca4c5abea0f07592ebb3
EAP-Message =
0x0202005019800000004616030100410100003d03014161979dd4a57f971a46a5bda7d9edb44cfc459900814162881fe3ca3c5b25b200001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 462
State = 0xb05f77dc5b1e696c3f63fbf922cd512e
Service-Type = Framed-User
NAS-IP-Address = 12.1.10.16
NAS-Identifier = "EI2F_ENDL_AP1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 142 to 12.1.10.16:21654
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message =
0x0103040a19c0000006f1160301004a0200004603014161dd25da51b74a720c605b349d2034c532701415f99daaafe96eb204ff230020f01bceadf4bd18d1ce36474eb6732c3d1c413cd1a19cc8748acfb5145a99637300040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe963215ba29dbd326e60667f315bbadd
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=143,
length=166
User-Name = "EI2F-ENDL1\\Tech_Support"
Framed-MTU = 1400
Called-Station-Id = "0011.5c81.b2e0"
Calling-Station-Id = "000f.f736.3068"
Message-Authenticator = 0x3567c6bef51bb3c8c9f25f2c992f0b1e
EAP-Message = 0x020300061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 462
State = 0xe963215ba29dbd326e60667f315bbadd
Service-Type = Framed-User
NAS-IP-Address = 12.1.10.16
NAS-Identifier = "EI2F_ENDL_AP1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 143 to 12.1.10.16:21654
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message =
0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75e05d99601e8d6fbd6e082495be7422
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=144,
length=352
User-Name = "EI2F-ENDL1\\Tech_Support"
Framed-MTU = 1400
Called-Station-Id = "0011.5c81.b2e0"
Calling-Station-Id = "000f.f736.3068"
Message-Authenticator = 0x2d7474f9be215e67c19c0aceea5beb28
EAP-Message =
0x020400c01980000000b616030100861000008200806eda92fe9e1e5f40763bd6439e09b0c9ef984338b057a340c6d852715a746e7a293fe34f6f0a768d5195f8f74cfeeb31b2c85a0e8a41b04b78d5ad5b01c9100812b01927a7b821656407075270cafd770fac93255c7d062200a0b3cc5b2f5c9cf43085d0d41fed3dc35b8a60884f57252cf28e4cd6228595d767a82337068fde1403010001011603010020298cd03169fd50e2b166aea4f3169c7e92c7c8fdac8e3d411700df0848303485
NAS-Port-Type = Wireless-802.11
NAS-Port = 462
State = 0x75e05d99601e8d6fbd6e082495be7422
Service-Type = Framed-User
NAS-IP-Address = 12.1.10.16
NAS-Identifier = "EI2F_ENDL_AP1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 144 to 12.1.10.16:21654
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message =
0x01050031190014030100010116030100200bc50e117d7f194e12cf43578c39d539ce5979addfccffe7a3328e9823f53125
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0f668c90d84f9cdc11216ca225d21440
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 141 with timestamp 4161dd25
Cleaning up request 1 ID 142 with timestamp 4161dd25
Cleaning up request 2 ID 143 with timestamp 4161dd25
Cleaning up request 3 ID 144 with timestamp 4161dd25
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=145,
length=166
User-Name = "EI2F-ENDL1\\Tech_Support"
Framed-MTU = 1400
Called-Station-Id = "0011.5c81.b2e0"
Calling-Station-Id = "000f.f736.3068"
Message-Authenticator = 0x6e80b9e746b37ec631d6158671a36e7c
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 462
State = 0x0f668c90d84f9cdc11216ca225d21440
Service-Type = Framed-User
NAS-IP-Address = 12.1.10.16
NAS-Identifier = "EI2F_ENDL_AP1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 145 to 12.1.10.16:21654
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message =
0x01060020190017030100154d880c6197eb52711209f9a70d118d33b96d988b47
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x46b2c6e1a5865835a156910c3682b33f
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=146,
length=211
User-Name = "EI2F-ENDL1\\Tech_Support"
Framed-MTU = 1400
Called-Station-Id = "0011.5c81.b2e0"
Calling-Station-Id = "000f.f736.3068"
Message-Authenticator = 0x11cc07755afb4352ae87e1083c514d3b
EAP-Message =
0x020600331900170301002865d1fc04bffb948d849f1ab65a2a79a89c2bf36ee7ea0fa01cf9ca1cd4416dbe7970526afe06cb87
NAS-Port-Type = Wireless-802.11
NAS-Port = 462
State = 0x46b2c6e1a5865835a156910c3682b33f
Service-Type = Framed-User
NAS-IP-Address = 12.1.10.16
NAS-Identifier = "EI2F_ENDL_AP1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 51
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - EI2F-ENDL1\Tech_Support
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x0206001c01454932462d454e444c315c546563685f537570706f7274
PEAP: Got tunneled identity of EI2F-ENDL1\Tech_Support
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to EI2F-ENDL1\Tech_Support
PEAP: Sending tunneled request
EAP-Message =
0x0206001c01454932462d454e444c315c546563685f537570706f7274
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "EI2F-ENDL1\\Tech_Support"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 28
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled reply RADIUS code 11
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message =
0x010700311a0107002c10ed71a464b623d3aee1d7c6cba9db8fdd454932462d454e444c315c546563685f537570706f7274
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdd7b7e6a3584a80abf65ecf41b894306
PEAP: Processing from tunneled session code 201f80 11
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message =
0x010700311a0107002c10ed71a464b623d3aee1d7c6cba9db8fdd454932462d454e444c315c546563685f537570706f7274
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdd7b7e6a3584a80abf65ecf41b894306
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 146 to 12.1.10.16:21654
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message =
0x010700481900170301003d871298ece4d4485b782291cb6d1a3c5a3f59b0f0df24bdfc154f8b6aab4fd3ef2fc2ae2c4a0dcae8d393b595afde3d69161c0aa16ed1f3eeb2ce009fcd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe151bb487cc9c9d7c21b12e166171139
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=147,
length=254
User-Name = "EI2F-ENDL1\\Tech_Support"
Framed-MTU = 1400
Called-Station-Id = "0011.5c81.b2e0"
Calling-Station-Id = "000f.f736.3068"
Message-Authenticator = 0x4f7dba68e8f058a005cf972865d45e47
EAP-Message =
0x0207005e19001703010053790a4cd2e399b68976e6162ae756841a58ae67610af7f77c781b9a529429e998652d883ecddf8ff19efa70d0e7fe786a2dff4823a0f98a303b30dc30172b1abf82b5bb3bcf431de3a4ef379e9e8cd06097d42b
NAS-Port-Type = Wireless-802.11
NAS-Port = 462
State = 0xe151bb487cc9c9d7c21b12e166171139
Service-Type = Framed-User
NAS-IP-Address = 12.1.10.16
NAS-Identifier = "EI2F_ENDL_AP1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 94
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020700471a0207004231a6acc6a8981884df72795e19426bf6750000000000000000af149e03eb6616b77f4afadd3c8daee77b8545ca6d4c988100546563685f537570706f7274
PEAP: Setting User-Name to EI2F-ENDL1\Tech_Support
PEAP: Adding old state with dd 7b
PEAP: Sending tunneled request
EAP-Message =
0x020700471a0207004231a6acc6a8981884df72795e19426bf6750000000000000000af149e03eb6616b77f4afadd3c8daee77b8545ca6d4c988100546563685f537570706f7274
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "EI2F-ENDL1\\Tech_Support"
State = 0xdd7b7e6a3584a80abf65ecf41b894306
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 71
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: NT Domain delimeter found, should we have enabled
with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for EI2F-ENDL1\Tech_Support with
NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 1f0390 3
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 147 to 12.1.10.16:21654
Framed-IP-Address = 12.1.10.20
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1500
Reply-Message = "Hello, %u"
EAP-Message =
0x010800261900170301001bfadb3611f6021742df97f92b6bbd60a730dd2cd8c3a21f688d717c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0fb603950a4e7f5db2a503c7529ec91c
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=148,
length=198
User-Name = "EI2F-ENDL1\\Tech_Support"
Framed-MTU = 1400
Called-Station-Id = "0011.5c81.b2e0"
Calling-Station-Id = "000f.f736.3068"
Message-Authenticator = 0xfc8eec8125cceae758b72a1ad094ca48
EAP-Message =
0x020800261900170301001b886c09e6ce520033beef4f0d83941ee2ac15521986148ba6942113
NAS-Port-Type = Wireless-802.11
NAS-Port = 462
State = 0x0fb603950a4e7f5db2a503c7529ec91c
Service-Type = Framed-User
NAS-IP-Address = 12.1.10.16
NAS-Identifier = "EI2F_ENDL_AP1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/12.1.10.16
/auth-detail-20041004
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up
realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry EI2F-ENDL1\Tech_Support at line 94
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 12.1.10.16:21654, id=148,
length=198
Sending Access-Reject of id 148 to 12.1.10.16:21654
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Reply-Message = "Hello, %u"
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 145 with timestamp 4161dd3c
Cleaning up request 5 ID 146 with timestamp 4161dd3c
Cleaning up request 6 ID 147 with timestamp 4161dd3c
Cleaning up request 7 ID 148 with timestamp 4161dd3c
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--- End Message ---