sorry for starting a sidetrack, but you implicitly indicate that you compiled CVS pre 1.0.2 successfully under Solaris, especially the libltdl directory.
Well, we tried several pre-1.0.2 and I think several others, too and it seems many got into the same trouble with libltdl. I think some people would be highly interested to learn what you did to compile it successfully, including libltdl. Checked your output: If I remember correctly the 1.0.1 failed at decoding the tunnel; this seems is entirely related to the NT password itself. > rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? > rlm_mschap: Told to do MS-CHAPv2 for EI2F-ENDL1\Tech_Support with NT-Password > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect --with_ntdomain_hack necessary ? Matthias Rumitz TC Unix / Netzwerke ADIVA Computertechnologie GmbH Norsk-Data-Str. 1 D-61352 Bad Homburg v.d.H. Fon: +49(0) 61 72 / 48 61 - 0 Fax: +49(0) 61 72 / 48 61 - 700 Web: http://www.adiva.de eMail: [EMAIL PROTECTED] Diese E-Mail Nachricht enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. This e-mail message may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. ----- Originalnachricht ----- Von: [EMAIL PROTECTED] Datum: Dienstag, Februar 1, 2005 2:52 pm Betreff: CVS 1.0.2 PEAP MSCHAPv2
--- Begin Message ---We have been unsuccessful in integrating a wireless environment utilizing a Windows XP SP2 supplicant, a Cisco 1100 AP, and a freeradius server running on Solaris 2.8. Specifically, we have been testing the developmental version 1.0.2 after using the CVS snapshot suggested by Alan. This version was being tested because of initial Windows NT password issues experienced during the rlm_mschap module execution. The security environment we are using is PEAP/MSCHAPv2 using the root certificate that comes with the freeRadius software. The specific error in MSCHAPv2 has to do with the Windows NT password and is identical to the error we received when using 1.0.1. Alan stated there are known issues using the 1.0.1 release on a Solaris platform. The expectation of running the developmental 1.0.2 build was to correct the errors we experienced. Is there any way we can assist debugging this error efficiently? In addition, has anyone determined specifically which module receives the NT_Password from the supplicant before it is packaged in the VALUE_PAIR structure? We have been spending time trying to determine the problem and any further assistance would be helpful. Here is a log output of the latest run. Thanks Chris Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = yes tls: check_cert_cn = "%{User-Name}" rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 12.1.10.16:21654, id=141, length=170 User-Name = "EI2F-ENDL1\\Tech_Support" Framed-MTU = 1400 Called-Station-Id = "0011.5c81.b2e0" Calling-Station-Id = "000f.f736.3068" Message-Authenticator = 0x4f1cd52f88e41340fbf99f3b81eff15a EAP-Message = 0x0201001c01454932462d454e444c315c546563685f537570706f7274 NAS-Port-Type = Wireless-802.11 NAS-Port = 462 Service-Type = Framed-User NAS-IP-Address = 12.1.10.16 NAS-Identifier = "EI2F_ENDL_AP1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 28 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 141 to 12.1.10.16:21654 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb05f77dc5b1e696c3f63fbf922cd512e Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 12.1.10.16:21654, id=142, length=240 User-Name = "EI2F-ENDL1\\Tech_Support" Framed-MTU = 1400 Called-Station-Id = "0011.5c81.b2e0" Calling-Station-Id = "000f.f736.3068" Message-Authenticator = 0x677a270ef14aca4c5abea0f07592ebb3 EAP-Message = 0x0202005019800000004616030100410100003d03014161979dd4a57f971a46a5bda7d9edb44cfc459900814162881fe3ca3c5b25b200001600040005000a000900640062000300060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 462 State = 0xb05f77dc5b1e696c3f63fbf922cd512e Service-Type = Framed-User NAS-IP-Address = 12.1.10.16 NAS-Identifier = "EI2F_ENDL_AP1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 142 to 12.1.10.16:21654 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x0103040a19c0000006f1160301004a0200004603014161dd25da51b74a720c605b349d2034c532701415f99daaafe96eb204ff230020f01bceadf4bd18d1ce36474eb6732c3d1c413cd1a19cc8748acfb5145a99637300040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe963215ba29dbd326e60667f315bbadd Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 12.1.10.16:21654, id=143, length=166 User-Name = "EI2F-ENDL1\\Tech_Support" Framed-MTU = 1400 Called-Station-Id = "0011.5c81.b2e0" Calling-Station-Id = "000f.f736.3068" Message-Authenticator = 0x3567c6bef51bb3c8c9f25f2c992f0b1e EAP-Message = 0x020300061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 462 State = 0xe963215ba29dbd326e60667f315bbadd Service-Type = Framed-User NAS-IP-Address = 12.1.10.16 NAS-Identifier = "EI2F_ENDL_AP1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 143 to 12.1.10.16:21654 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75e05d99601e8d6fbd6e082495be7422 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 12.1.10.16:21654, id=144, length=352 User-Name = "EI2F-ENDL1\\Tech_Support" Framed-MTU = 1400 Called-Station-Id = "0011.5c81.b2e0" Calling-Station-Id = "000f.f736.3068" Message-Authenticator = 0x2d7474f9be215e67c19c0aceea5beb28 EAP-Message = 0x020400c01980000000b616030100861000008200806eda92fe9e1e5f40763bd6439e09b0c9ef984338b057a340c6d852715a746e7a293fe34f6f0a768d5195f8f74cfeeb31b2c85a0e8a41b04b78d5ad5b01c9100812b01927a7b821656407075270cafd770fac93255c7d062200a0b3cc5b2f5c9cf43085d0d41fed3dc35b8a60884f57252cf28e4cd6228595d767a82337068fde1403010001011603010020298cd03169fd50e2b166aea4f3169c7e92c7c8fdac8e3d411700df0848303485 NAS-Port-Type = Wireless-802.11 NAS-Port = 462 State = 0x75e05d99601e8d6fbd6e082495be7422 Service-Type = Framed-User NAS-IP-Address = 12.1.10.16 NAS-Identifier = "EI2F_ENDL_AP1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 144 to 12.1.10.16:21654 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x01050031190014030100010116030100200bc50e117d7f194e12cf43578c39d539ce5979addfccffe7a3328e9823f53125 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0f668c90d84f9cdc11216ca225d21440 Finished request 3 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 141 with timestamp 4161dd25 Cleaning up request 1 ID 142 with timestamp 4161dd25 Cleaning up request 2 ID 143 with timestamp 4161dd25 Cleaning up request 3 ID 144 with timestamp 4161dd25 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 12.1.10.16:21654, id=145, length=166 User-Name = "EI2F-ENDL1\\Tech_Support" Framed-MTU = 1400 Called-Station-Id = "0011.5c81.b2e0" Calling-Station-Id = "000f.f736.3068" Message-Authenticator = 0x6e80b9e746b37ec631d6158671a36e7c EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 462 State = 0x0f668c90d84f9cdc11216ca225d21440 Service-Type = Framed-User NAS-IP-Address = 12.1.10.16 NAS-Identifier = "EI2F_ENDL_AP1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 145 to 12.1.10.16:21654 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x01060020190017030100154d880c6197eb52711209f9a70d118d33b96d988b47 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x46b2c6e1a5865835a156910c3682b33f Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 12.1.10.16:21654, id=146, length=211 User-Name = "EI2F-ENDL1\\Tech_Support" Framed-MTU = 1400 Called-Station-Id = "0011.5c81.b2e0" Calling-Station-Id = "000f.f736.3068" Message-Authenticator = 0x11cc07755afb4352ae87e1083c514d3b EAP-Message = 0x020600331900170301002865d1fc04bffb948d849f1ab65a2a79a89c2bf36ee7ea0fa01cf9ca1cd4416dbe7970526afe06cb87 NAS-Port-Type = Wireless-802.11 NAS-Port = 462 State = 0x46b2c6e1a5865835a156910c3682b33f Service-Type = Framed-User NAS-IP-Address = 12.1.10.16 NAS-Identifier = "EI2F_ENDL_AP1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 51 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - EI2F-ENDL1\Tech_Support rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0206001c01454932462d454e444c315c546563685f537570706f7274 PEAP: Got tunneled identity of EI2F-ENDL1\Tech_Support PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to EI2F-ENDL1\Tech_Support PEAP: Sending tunneled request EAP-Message = 0x0206001c01454932462d454e444c315c546563685f537570706f7274 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "EI2F-ENDL1\\Tech_Support" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 28 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 PEAP: Got tunneled reply RADIUS code 11 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x010700311a0107002c10ed71a464b623d3aee1d7c6cba9db8fdd454932462d454e444c315c546563685f537570706f7274 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdd7b7e6a3584a80abf65ecf41b894306 PEAP: Processing from tunneled session code 201f80 11 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x010700311a0107002c10ed71a464b623d3aee1d7c6cba9db8fdd454932462d454e444c315c546563685f537570706f7274 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdd7b7e6a3584a80abf65ecf41b894306 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 146 to 12.1.10.16:21654 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x010700481900170301003d871298ece4d4485b782291cb6d1a3c5a3f59b0f0df24bdfc154f8b6aab4fd3ef2fc2ae2c4a0dcae8d393b595afde3d69161c0aa16ed1f3eeb2ce009fcd Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe151bb487cc9c9d7c21b12e166171139 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 12.1.10.16:21654, id=147, length=254 User-Name = "EI2F-ENDL1\\Tech_Support" Framed-MTU = 1400 Called-Station-Id = "0011.5c81.b2e0" Calling-Station-Id = "000f.f736.3068" Message-Authenticator = 0x4f7dba68e8f058a005cf972865d45e47 EAP-Message = 0x0207005e19001703010053790a4cd2e399b68976e6162ae756841a58ae67610af7f77c781b9a529429e998652d883ecddf8ff19efa70d0e7fe786a2dff4823a0f98a303b30dc30172b1abf82b5bb3bcf431de3a4ef379e9e8cd06097d42b NAS-Port-Type = Wireless-802.11 NAS-Port = 462 State = 0xe151bb487cc9c9d7c21b12e166171139 Service-Type = Framed-User NAS-IP-Address = 12.1.10.16 NAS-Identifier = "EI2F_ENDL_AP1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 94 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020700471a0207004231a6acc6a8981884df72795e19426bf6750000000000000000af149e03eb6616b77f4afadd3c8daee77b8545ca6d4c988100546563685f537570706f7274 PEAP: Setting User-Name to EI2F-ENDL1\Tech_Support PEAP: Adding old state with dd 7b PEAP: Sending tunneled request EAP-Message = 0x020700471a0207004231a6acc6a8981884df72795e19426bf6750000000000000000af149e03eb6616b77f4afadd3c8daee77b8545ca6d4c988100546563685f537570706f7274 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "EI2F-ENDL1\\Tech_Support" State = 0xdd7b7e6a3584a80abf65ecf41b894306 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? rlm_mschap: Told to do MS-CHAPv2 for EI2F-ENDL1\Tech_Support with NT-Password rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: group Auth-Type returns reject for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: group authenticate returns reject for request 6 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 1f0390 3 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 147 to 12.1.10.16:21654 Framed-IP-Address = 12.1.10.20 Framed-IP-Netmask = 255.255.255.0 Framed-MTU = 1500 Reply-Message = "Hello, %u" EAP-Message = 0x010800261900170301001bfadb3611f6021742df97f92b6bbd60a730dd2cd8c3a21f688d717c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0fb603950a4e7f5db2a503c7529ec91c Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 12.1.10.16:21654, id=148, length=198 User-Name = "EI2F-ENDL1\\Tech_Support" Framed-MTU = 1400 Called-Station-Id = "0011.5c81.b2e0" Calling-Station-Id = "000f.f736.3068" Message-Authenticator = 0xfc8eec8125cceae758b72a1ad094ca48 EAP-Message = 0x020800261900170301001b886c09e6ce520033beef4f0d83941ee2ac15521986148ba6942113 NAS-Port-Type = Wireless-802.11 NAS-Port = 462 State = 0x0fb603950a4e7f5db2a503c7529ec91c Service-Type = Framed-User NAS-IP-Address = 12.1.10.16 NAS-Identifier = "EI2F_ENDL_AP1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 radius_xlat: '/usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/12.1.10.16 /auth-detail-20041004 modcall[authorize]: module "auth_log" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "EI2F-ENDL1\Tech_Support", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry EI2F-ENDL1\Tech_Support at line 94 modcall[authorize]: module "files" returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: group authenticate returns invalid for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 12.1.10.16:21654, id=148, length=198 Sending Access-Reject of id 148 to 12.1.10.16:21654 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Reply-Message = "Hello, %u" --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 145 with timestamp 4161dd3c Cleaning up request 5 ID 146 with timestamp 4161dd3c Cleaning up request 6 ID 147 with timestamp 4161dd3c Cleaning up request 7 ID 148 with timestamp 4161dd3c Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--- End Message ---
