tag:old.nabble.com,2006:forum-1102
Nabble - FreeRadius
2009-12-21T14:16:55Z
FreeRadius home is <a href="http://www.freeradius.org/" target="_top" rel="nofollow">here</a>.
tag:old.nabble.com,2006:post-26880926
Re: Virtual Server not setting attributes on reply
2009-12-21T14:16:55Z
2009-12-21T14:16:55Z
Alan Buxey
Hi,
<div class='shrinkable-quote'><br>> I think we're getting too far into the detail and losing sight of the
<br>> problem I was trying to report initially.
<br>>
<br>> I'd expect the only difference between the proxying to a remote server,
<br>> and proxying to a virtual server to be efficency / ports used, not
<br>> functionality, aka it's more efficnt to use virtual_server= rather
<br>> than define a remote radius server, then have the virtual server
<br>> listen on odd numbered ports on localhost.
<br>>
<br>> There seems to be a functionality difference when proxied to a virtual server.
</div><br>well, looking from the log, your virtual_server doesnt appear to set any attribute
<br>in its post-auth stage. calling the right thing or SQL table?
<br><br>my initial thought was your attr_filter wasnt allowing that attribute
<br>through from the virtual_server (much like it would strip it out
<br>if the domain/realm wasnt allowed - check pre-proxy and post-proxy parts)
<br><br>alan
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26879351
Re: Virtual Server not setting attributes on reply
2009-12-21T12:08:59Z
2009-12-21T12:08:59Z
Timothy-45
I think we're getting too far into the detail and losing sight of the
<br>problem I was trying to report initially.
<br><br>I'd expect the only difference between the proxying to a remote server,
<br>and proxying to a virtual server to be efficency / ports used, not
<br>functionality, aka it's more efficnt to use virtual_server= rather
<br>than define a remote radius server, then have the virtual server
<br>listen on odd numbered ports on localhost.
<br><br>There seems to be a functionality difference when proxied to a virtual server.
<br><br>Tim
<br><br>2009/12/21 Alan Buxey <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26879351&i=0" target="_top" rel="nofollow">A.L.M.Buxey@...</a>>:
<div class='shrinkable-quote'><br>> Hi,
<br>>
<br>>> Not the default virtual server. The test virtual server
<br>>> The flow is client -> default virtual server acting as a proxy -> test
<br>>> virtual server
<br>>> If the test virtual server is configured as a remote radius server
<br>>> then things work great. If it's configured as a virtual server using
<br>>> the "virtual_server=name" then things break.
<br>>
<br>> test virtual server not setting the options byt he looks of it...
<br>> post-auth is called in that virtual server - so how should it be getting/setting
<br>> that attribute?
<br>>
<br>> alan
<br>> -
<br>> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br>>
</div>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26879333
Re: Virtual Server not setting attributes on reply
2009-12-21T12:08:31Z
2009-12-21T12:08:31Z
Timothy-45
I think we're getting too far into the detail and losing sight of the
<br>problem I was trying to report initially.
<br><br>I'd expect the only difference between the proxying to a remote server,
<br>and proxying to a virtual server to be efficency / ports used, not
<br>functionality, aka it's more efficnt to use virtual_server= rather
<br>than define a remote radius server, then have the virtual server
<br>listen on odd numbered ports on localhost.
<br><br>There seems to be a functionality difference when proxied to a virtual server.
<br><br>Tim
<br><br>Alan Buxey wrote:
<div class='shrinkable-quote'><br>> Hi,
<br>>
<br>>> Not the default virtual server. The test virtual server
<br>>> The flow is client -> default virtual server acting as a proxy -> test
<br>>> virtual server
<br>>> If the test virtual server is configured as a remote radius server
<br>>> then things work great. If it's configured as a virtual server using
<br>>> the "virtual_server=name" then things break.
<br>>
<br>> test virtual server not setting the options byt he looks of it...
<br>> post-auth is called in that virtual server - so how should it be getting/setting
<br>> that attribute?
<br>>
<br>> alan
<br>> -
<br>> List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a></div>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26879223
Re: MAC authentication bypass --- How am I supposed to?edit?theusers?file to include multiple MAC addresses??
2009-12-21T11:58:44Z
2009-12-21T11:58:44Z
Arran Cudbard-Bell
On 21/12/2009 09:05, Alexander Clouter wrote:
<div class='shrinkable-quote'><div class='shrinkable-quote'><br>> Arran Cudbard-Bell <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26879223&i=0" target="_top" rel="nofollow">a.cudbard-bell@...</a>> wrote:
<br>>
<br>>>>
<br>>>> the real answer is to get the vendors to sort their cheap shoddy kit out ;-)
<br>>>>
<br>>>
<br>>> Ahem *Vendor :P - - Sorry I have to do it or they beat me :(
<br>>>
<br>>>
<br>> ....dare I ask why you do not use you new 'formal' email address? ;)
<br>>
</div>Because i'm not on site, they've not worked out how to do webmail
</div>outside of the
<br>intranet, and they've disabled the entourage connector in exchange.
<br><br>arran.cudbard-bell@popular british manufacturer of tomatoe and brown
<br>sauce.com
<br><br>Should be back for January *sigh*.
<br><br><br><br><br><br /> <br />-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>signature.asc</strong> (266 bytes) <a href="http://old.nabble.com/attachment/26879223/0/signature.asc" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26879164
Re: MAC authentication bypass --- How am I supposed to?edit?theusers file to include multiple MAC addresses??
2009-12-21T11:52:57Z
2009-12-21T11:52:57Z
Arran Cudbard-Bell
On 21/12/2009 09:15, Alan Buxey wrote:
<div class='shrinkable-quote'><div class='shrinkable-quote'><br>> Hi,
<br>>
<br>>
<br>>>> yep - but a user could just as easily log in with the user-name of
<br>>>> 00:11:22:33:44:55 ;-)
<br>>>>
<br>>>>
<br>>> Not when you say !EAP-Message too :)
<br>>>
<br>> ...and how does that stop, lets just say for example, some user coming
<br>> along with 802.1X configured on their wired interface and logging it
<br>> with 00:11:22:33:44:55 as their user-name with EAP-MD5 ? ;-)
<br>>
</div>Last time I checked EAP-MD5-Response was still carried in the
</div>EAP-Message attribute,
<br>and the documentation in the wiki suggests that the username and
<br>Calling-Station-ID
<br>are canonicalized and compared before attempting Mac-Auth, so you need
<br>to fake
<br>the mac-address in your EAPOL frames too.
<br>>> Although it does nothing about the legacy guff, it stops new guff
<br>>> connecting.
<br>>>
<br>> thats true in so much that it controls those things...but lets more evil
<br>> people on due to it being a nice new hole. oh well.
<br>>
<br>>
<br>Well no. You need to know the Mac-Address of a target machine before you
<br>can connect to the network/VLAN.
<br>In order to find out the Mac-Address you need to physically locate
<br>yourself at a terminal, if you can
<br>physically locate yourself at a terminal, you generally have access to
<br>the network connection of the
<br>terminal anyway.
<br><br>The only thing it lets you do which you could do before, is to do your
<br>cracking in a cafe instead
<br>of in a cluster room :).
<br><br>The real danger is someone gaining access to the uplink from one your
<br>switches...
<br>which is why 802.1X-REV/Mac-Sec is so frickin awesome!
<br><br>-Arran
<br><br><br /> <br />-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><div class="small"><br/><img src="http://old.nabble.com/images/icon_attachment.gif" > <strong>signature.asc</strong> (266 bytes) <a href="http://old.nabble.com/attachment/26879164/0/signature.asc" target="_top">Download Attachment</a></div><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26878601
Re: STILL Trying to get tunneling to work
2009-12-21T11:09:19Z
2009-12-21T11:09:19Z
Alan DeKok-2
Mike Bernhardt wrote:
<br>> ERROR: Failed to create a new socket for proxying requests.
<br>> ERROR: Failed inserting request into proxy hash.
<br><br> Install 2.1.8 when it comes out. That should be tomorrow, or maybe
<br>Wednesday.
<br><br> Alan DeKok.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26878585
Re: ttls+eap-md5
2009-12-21T11:07:55Z
2009-12-21T11:07:55Z
Alan DeKok-2
anyi_9 wrote:
<div class='shrinkable-quote'><br>> Please help!I've to resolve this problem before tommorrow.
<br>> My task is to cofigure the freeradius using TTLS+EAP-MD5 to
<br>> authenticate users.I've found
<br>> much information about how to configure this type on Internet,but there
<br>> are some differences
<br>> between different vesions.
<br>> My freeradius version is:*2.1.7*
<br>> Please tell me the specific steps to configure the freeradius.Which
<br>> files do I need to modify and
<br>> how?Thank you very much!
</div><br> (a) install the server
<br><br> (b) run it in debugging mode to get the default certificates
<br><br> (c) add a "known good" password (e.g. see the FAQ)
<br><br> (d) TTLS + EAP-MD5 will work.
<br><br> Alan DeKok.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26878464
Re: RADIUS 2.x - modules not loaded correctly
2009-12-21T10:56:23Z
2009-12-21T10:56:23Z
Josip Rodin-7
On Mon, Dec 21, 2009 at 03:39:24PM +0000, Alan Buxey wrote:
<br>> that makes the modules go into modules-available - but then you need
<br>> to create the modules-enabled directory and put links into there...
<br>> by default the server needs at least a handful of the modules to be present
<br>> for its default config to load/work - i know - i've looked at this in the past.
<br>> you'll also need to patch the radiusd.conf to read in modules-enabled/*
<br><br>Yes, of course, I just sent the patch as the preliminary intro into the idea
<br>(OP's idea instead had no separate directories and symlinks in mind, it
<br>talked of suffixes).
<br><br>As it stands, all entries in current modules/ are harmless when enabled
<br>(by default), so that part could stay as is, functionally.
<br><br>--
<br> 2. That which causes joy or happiness.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26877325
ttls+eap-md5
2009-12-21T09:36:01Z
2009-12-21T09:36:01Z
anyi_9
<div>Hello,all!<br> Please help!I've to resolve this problem before tommorrow.<br> My task is to cofigure the freeradius using TTLS+EAP-MD5 to authenticate users.I've found<br>much information about how to configure this type on Internet,but there are some differences<br>between different vesions.<br> My freeradius version is:<b>2.1.7</b><br> Please tell me the specific steps to configure the freeradius.Which files do I need to modify and<br>how?Thank you very much!<br><br></div><br><br><span title="neteasefooter" /></span><br />-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26877255
STILL Trying to get tunneling to work
2009-12-21T09:30:44Z
2009-12-21T09:30:44Z
Mike Bernhardt
<div class='shrinkable-quote'>>From: <a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26877255&i=0" target="_top" rel="nofollow">tnt@...</a> [mailto:<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26877255&i=1" target="_top" rel="nofollow">tnt@...</a>]
<br>>Sent: Thursday, December 10, 2009 5:05 PM
<br>>To: FreeRadius users mailing list
<br>>Subject: Re: Trying to get tunneling to work
<br>>
<br>>> I am trying to set up freeradius to proxy requests 802.11 MSCHAPv2 to an
<br>>> IAS
<br>>> server. The IAS requests are authenticated by a Safeword server, which
<br>>> doesn't support 802.11. So the idea is that freeradius takes the request,
<br>>> proxies it to IAS as if it was a non-802.11 client, IAS passes it to the
<br>>> integrated Safeword server, and everything is happy.
<br>>>
<br>>> My configuration works from a 802.11 supplicant if the user exist locally
<br>>> in
<br>>> freeradius, but no proxying happens when the user doesn't exist locally.
<br>>
<br>>Read comments in peap section of eap.conf. Replace LOCAL in Proxy-To-Realm
<br>>statement in inner-tunnel virtual server with the name of the realm
<br>>pointing to IAS server.
<br>>
<br>>Ivan Kalik
</div><br>As far as I know, this is the case. It is replaced in the users file. I did
<br>a little cleanup on the other config files too. Here is the new output,
<br>though the result is the same. The request is never forwarded out from
<br>freeeradius. Help, anyone?
<br><br><br>radiusd: #### Loading Realms and Home Servers ####
<br> proxy server {
<br> retry_delay = 5
<br> retry_count = 3
<br> default_fallback = no
<br> dead_time = 120
<br> wake_all_if_all_dead = no
<br> }
<br> realm safeword.eng {
<br> authhost = 192.168.30.29:1812
<br> accthost = 192.168.30.29:1813
<br> secret = Testing_Testing
<br> }
<br> home_server localhost {
<br> ipaddr = 127.0.0.1
<br> port = 1812
<br> type = "auth"
<br> secret = "testing123"
<br> response_window = 20
<br> max_outstanding = 65536
<br> require_message_authenticator = no
<br> zombie_period = 40
<br> status_check = "status-server"
<br> ping_interval = 30
<br> check_interval = 30
<br> num_answers_to_alive = 3
<br> num_pings_to_alive = 3
<br> revive_interval = 120
<br> status_check_timeout = 4
<br> irt = 2
<br> mrt = 16
<br> mrc = 5
<br> mrd = 30
<br> }
<br> home_server_pool my_auth_failover {
<br> type = fail-over
<br> home_server = localhost
<br> }
<br>radiusd: #### Loading Clients ####
<br> client 192.168.7.139/32 {
<br> require_message_authenticator = no
<br> secret = "Testing_Testing"
<br> }
<br> client 127.0.0.1/32 {
<br> require_message_authenticator = no
<br> secret = "testing123"
<br> }
<br><br>radiusd: #### Loading Virtual Servers ####
<br>server inner-tunnel {
<br> modules {
<br> Module: Checking authenticate {...} for more modules to load
<br> Module: Linked to module rlm_pap
<br> Module: Instantiating pap
<br> pap {
<br> encryption_scheme = "auto"
<br> auto_header = no
<br> }
<br> Module: Linked to module rlm_chap
<br> Module: Instantiating chap
<br> Module: Linked to module rlm_mschap
<br> Module: Instantiating mschap
<br> mschap {
<br> use_mppe = yes
<br> require_encryption = no
<br> require_strong = no
<br> with_ntdomain_hack = no
<br> }
<br> Module: Linked to module rlm_unix
<br> Module: Instantiating unix
<br> unix {
<br> radwtmp = "/usr/local/var/log/radius/radwtmp"
<br> }
<br> Module: Linked to module rlm_eap
<br> Module: Instantiating eap
<br> eap {
<br> default_eap_type = "peap"
<br> timer_expire = 60
<br> ignore_unknown_eap_types = no
<br> cisco_accounting_username_bug = no
<br> max_sessions = 2048
<br> }
<br> Module: Linked to sub-module rlm_eap_md5
<br> Module: Instantiating eap-md5
<br> Module: Linked to sub-module rlm_eap_leap
<br> Module: Instantiating eap-leap
<br> Module: Linked to sub-module rlm_eap_gtc
<br> Module: Instantiating eap-gtc
<br> gtc {
<br> challenge = "Password: "
<br> auth_type = "PAP"
<br> }
<br> Module: Linked to sub-module rlm_eap_tls
<br> Module: Instantiating eap-tls
<br> tls {
<br> rsa_key_exchange = no
<br> dh_key_exchange = yes
<br> rsa_key_length = 512
<br> dh_key_length = 512
<br> verify_depth = 0
<br> pem_file_type = yes
<br> private_key_file = "/usr/local/etc/raddb/certs/server.pem"
<br> certificate_file = "/usr/local/etc/raddb/certs/server.pem"
<br> CA_file = "/usr/local/etc/raddb/certs/ca.pem"
<br> private_key_password = "whatever"
<br> dh_file = "/usr/local/etc/raddb/certs/dh"
<br> random_file = "/usr/local/etc/raddb/certs/random"
<br> fragment_size = 1024
<br> include_length = yes
<br> check_crl = no
<br> cipher_list = "DEFAULT"
<br> make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
<br> cache {
<br> enable = no
<br> lifetime = 24
<br> max_entries = 255
<br> }
<br> }
<br> Module: Linked to sub-module rlm_eap_ttls
<br> Module: Instantiating eap-ttls
<br> ttls {
<br> default_eap_type = "md5"
<br> copy_request_to_tunnel = no
<br> use_tunneled_reply = no
<br> virtual_server = "inner-tunnel"
<br> include_length = yes
<br> }
<br> Module: Linked to sub-module rlm_eap_peap
<br> Module: Instantiating eap-peap
<br> peap {
<br> default_eap_type = "mschapv2"
<br> copy_request_to_tunnel = yes
<br> use_tunneled_reply = yes
<br> proxy_tunneled_request_as_eap = no
<br> virtual_server = "inner-tunnel"
<br> }
<br> Module: Linked to sub-module rlm_eap_mschapv2
<br> Module: Instantiating eap-mschapv2
<br> mschapv2 {
<br> with_ntdomain_hack = no
<br> }
<br> Module: Checking authorize {...} for more modules to load
<br> Module: Linked to module rlm_realm
<br> Module: Instantiating suffix
<br> realm suffix {
<br> format = "suffix"
<br> delimiter = "@"
<br> ignore_default = no
<br> ignore_null = no
<br> }
<br> Module: Linked to module rlm_files
<br> Module: Instantiating files
<br> files {
<br> usersfile = "/usr/local/etc/raddb/users"
<br> acctusersfile = "/usr/local/etc/raddb/acct_users"
<br> preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
<br> compat = "no"
<br> }
<br> Module: Checking session {...} for more modules to load
<br> Module: Linked to module rlm_radutmp
<br> Module: Instantiating radutmp
<br> radutmp {
<br> filename = "/usr/local/var/log/radius/radutmp"
<br> username = "%{User-Name}"
<br> case_sensitive = yes
<br> check_with_nas = yes
<br> perm = 384
<br> callerid = yes
<br> }
<br> Module: Checking post-proxy {...} for more modules to load
<br> Module: Checking post-auth {...} for more modules to load
<br> Module: Linked to module rlm_attr_filter
<br> Module: Instantiating attr_filter.access_reject
<br> attr_filter attr_filter.access_reject {
<br> attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
<br> key = "%{User-Name}"
<br> }
<br> } # modules
<br>} # server
<br>server {
<br> modules {
<br> Module: Checking authenticate {...} for more modules to load
<br> Module: Checking authorize {...} for more modules to load
<br> Module: Linked to module rlm_preprocess
<br> Module: Instantiating preprocess
<br> preprocess {
<br> huntgroups = "/usr/local/etc/raddb/huntgroups"
<br> hints = "/usr/local/etc/raddb/hints"
<br> with_ascend_hack = no
<br> ascend_channels_per_line = 23
<br> with_ntdomain_hack = no
<br> with_specialix_jetstream_hack = no
<br> with_cisco_vsa_hack = no
<br> with_alvarion_vsa_hack = no
<br> }
<br> Module: Checking preacct {...} for more modules to load
<br> Module: Linked to module rlm_acct_unique
<br> Module: Instantiating acct_unique
<br> acct_unique {
<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address,
<br>Client-IP-Address, NAS-Port"
<br> }
<br> Module: Checking accounting {...} for more modules to load
<br> Module: Linked to module rlm_detail
<br> Module: Instantiating detail
<br> detail {
<br> detailfile =
<br>"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
<br> header = "%t"
<br> detailperm = 384
<br> dirperm = 493
<br> locking = no
<br> log_packet_header = no
<br> }
<br> Module: Instantiating attr_filter.accounting_response
<br> attr_filter attr_filter.accounting_response {
<br> attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
<br> key = "%{User-Name}"
<br> }
<br> Module: Checking session {...} for more modules to load
<br> Module: Checking post-proxy {...} for more modules to load
<br> Module: Checking post-auth {...} for more modules to load
<br> } # modules
<br>} # server
<br>radiusd: #### Opening IP addresses and Ports ####
<br>listen {
<br> type = "auth"
<br> ipaddr = *
<br> port = 0
<br>}
<br>listen {
<br> type = "acct"
<br> ipaddr = *
<br> port = 0
<br>}
<br>listen {
<br> type = "control"
<br> listen {
<br> socket = "/usr/local/var/run/radiusd/radiusd.sock"
<br> }
<br>}
<br>Listening on authentication address * port 1812
<br>Listening on accounting address * port 1813
<br>Listening on command file /usr/local/var/run/radiusd/radiusd.sock
<br>Listening on proxy address * port 1814
<br>Listening on proxy address 127.0.0.1 port 35452
<br>Ready to process requests.
<br><br>rad_recv: Access-Request packet from host 192.168.7.139 port 1645, id=148,
<br>length=152
<br> User-Name = "mbernhardt"
<br> Framed-MTU = 1400
<br> Called-Station-Id = "000a.f4e2.2a00"
<br> Calling-Station-Id = "0021.6a46.b0cc"
<br> Service-Type = Login-User
<br> Message-Authenticator = 0x26cd48e5b9fc61664cee336cc1792ccc
<br> EAP-Message = 0x020700061900
<br> NAS-Port-Type = Wireless-802.11
<br> NAS-Port = 3292
<br> State = 0xc871db2ccc76c2f4ed36eeb8b11d50cb
<br> NAS-IP-Address = 192.168.7.139
<br> NAS-Identifier = "lks15w-ap350"
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 7 length 6
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] Received TLS ACK
<br>[peap] ACK handshake is finished
<br>[peap] eaptls_verify returned 3
<br>[peap] eaptls_process returned 3
<br>[peap] EAPTLS_SUCCESS
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 148 to 192.168.7.139 port 1645
<br> EAP-Message =
<br>0x0108002019001703010015ec4896e2cabf793395eed36c929b08a15179a89940
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0xc871db2ccd79c2f4ed36eeb8b11d50cb
<br>Finished request 21.
<br>Going to the next request
<br>Waking up in 2.2 seconds.
<br>rad_recv: Access-Request packet from host 192.168.7.139 port 1645, id=149,
<br>length=184
<br> User-Name = "mbernhardt"
<br> Framed-MTU = 1400
<br> Called-Station-Id = "000a.f4e2.2a00"
<br> Calling-Station-Id = "0021.6a46.b0cc"
<br> Service-Type = Login-User
<br> Message-Authenticator = 0x6a4dbd84e5ab9893eeba02d1c466b5f2
<br> EAP-Message =
<br>0x020800261900170301001be14c477ed7b3337d1f7a595cbfe47a98ceb6bbac01a2b8d714fb
<br>21
<br> NAS-Port-Type = Wireless-802.11
<br> NAS-Port = 3292
<br> State = 0xc871db2ccd79c2f4ed36eeb8b11d50cb
<br> NAS-IP-Address = 192.168.7.139
<br> NAS-Identifier = "lks15w-ap350"
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 8 length 38
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] eaptls_verify returned 7
<br>[peap] Done initial handshake
<br>[peap] eaptls_process returned 7
<br>[peap] EAPTLS_OK
<br>[peap] Session established. Decoding tunneled attributes.
<br>[peap] Identity - mbernhardt
<br>[peap] Got tunneled request
<br> EAP-Message = 0x0208000f016d6265726e6861726474
<br>server {
<br> PEAP: Got tunneled identity of mbernhardt
<br> PEAP: Setting default EAP type for tunneled EAP session.
<br> PEAP: Setting User-Name to mbernhardt
<br>Sending tunneled request
<br> EAP-Message = 0x0208000f016d6265726e6861726474
<br> FreeRADIUS-Proxied-To = 127.0.0.1
<br> User-Name = "mbernhardt"
<br> Framed-MTU = 1400
<br> Called-Station-Id = "000a.f4e2.2a00"
<br> Calling-Station-Id = "0021.6a46.b0cc"
<br> Service-Type = Login-User
<br> NAS-Port-Type = Wireless-802.11
<br> NAS-Port = 3292
<br> NAS-IP-Address = 192.168.7.139
<br> NAS-Identifier = "lks15w-ap350"
<br>server inner-tunnel {
<br>+- entering group authorize {...}
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>++[unix] returns updated
<br>[suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>++[control] returns noop
<br>[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
<br>++[eap] returns noop
<br>[files] users: Matched entry DEFAULT at line 3
<br>++[files] returns ok
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>} # server inner-tunnel
<br>[peap] Got tunneled reply code 0
<br> PEAP: Calling authenticate in order to initiate tunneled EAP session.
<br>+- entering group authenticate {...}
<br>[eap] EAP Identity
<br>[eap] processing type mschapv2
<br>rlm_eap_mschapv2: Issuing Challenge
<br>++[eap] returns handled
<br> PEAP: Cancelling proxy to realm safeword.eng until the tunneled EAP
<br>session has been established
<br>[peap] Got tunneled reply RADIUS code 11
<br> EAP-Message =
<br>0x010900241a0109001f10421fda5c741f99bbbd660650209f40a16d6265726e6861726474
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x3dd5fbf33ddce1440d05495c582e500e
<br>[peap] Got tunneled Access-Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 149 to 192.168.7.139 port 1645
<br> EAP-Message =
<br><br>0x0109003b190017030100307e4b0e6a672924f75bbb213a62d8e08842877ff9e84d690b7bf5
<br>5531e4eced9572a2c0f4f230db301d3
<br><br>ac0e43d4ec15e
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0xc871db2cce78c2f4ed36eeb8b11d50cb
<br>Finished request 22.
<br>Going to the next request
<br>Waking up in 2.2 seconds.
<br>rad_recv: Access-Request packet from host 192.168.7.139 port 1645, id=150,
<br>length=238
<br> User-Name = "mbernhardt"
<br> Framed-MTU = 1400
<br> Called-Station-Id = "000a.f4e2.2a00"
<br> Calling-Station-Id = "0021.6a46.b0cc"
<br> Service-Type = Login-User
<br> Message-Authenticator = 0x29cb8c7c5e0ea13931129b5404267fbd
<br> EAP-Message =
<br><br>0x0209005c19001703010051da572ed9a75ebdddd39a40408f8c6eb4f537f65470fba05b8b82
<br>c174224dcd6de968b259232794f361d
<br><br>51ab246ab8b41b50bd8dac1777fc412c4f78b4015250d700441464b71f7c27aa6c3901adfff3
<br>1a7
<br> NAS-Port-Type = Wireless-802.11
<br> NAS-Port = 3292
<br> State = 0xc871db2cce78c2f4ed36eeb8b11d50cb
<br> NAS-IP-Address = 192.168.7.139
<br> NAS-Identifier = "lks15w-ap350"
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 9 length 92
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] eaptls_verify returned 7
<br>[peap] Done initial handshake
<br>[peap] eaptls_process returned 7
<br>[peap] EAPTLS_OK
<br>[peap] Session established. Decoding tunneled attributes.
<br>[peap] EAP type mschapv2
<br>[peap] Got tunneled request
<br> EAP-Message =
<br><br>0x020900451a0209004031b326572c085e1b042802b27f632ddc860000000000000000914fa3
<br>c6b927312212cb1ae7675131d7f1a75
<br><br>7e2a0deaeab006d6265726e6861726474
<br>server {
<br> PEAP: Setting User-Name to mbernhardt
<br>Sending tunneled request
<br> EAP-Message =
<br><br>0x020900451a0209004031b326572c085e1b042802b27f632ddc860000000000000000914fa3
<br>c6b927312212cb1ae7675131d7f1a75
<br><br>7e2a0deaeab006d6265726e6861726474
<br> FreeRADIUS-Proxied-To = 127.0.0.1
<br> User-Name = "mbernhardt"
<br> State = 0x3dd5fbf33ddce1440d05495c582e500e
<br> Framed-MTU = 1400
<br> Called-Station-Id = "000a.f4e2.2a00"
<br> Calling-Station-Id = "0021.6a46.b0cc"
<br> Service-Type = Login-User
<br> NAS-Port-Type = Wireless-802.11
<br> NAS-Port = 3292
<br> NAS-IP-Address = 192.168.7.139
<br> NAS-Identifier = "lks15w-ap350"
<br>server inner-tunnel {
<br>+- entering group authorize {...}
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>++[unix] returns updated
<br>[suffix] No '@' in User-Name = "mbernhardt", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>++[control] returns noop
<br>[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
<br>++[eap] returns noop
<br>[files] users: Matched entry DEFAULT at line 3
<br>++[files] returns ok
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>} # server inner-tunnel
<br>[peap] Got tunneled reply code 0
<br> PEAP: Calling authenticate in order to initiate tunneled EAP session.
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/mschapv2
<br>[eap] processing type mschapv2
<br>[eap] Not-EAP proxy set. Not composing EAP
<br>++[eap] returns handled
<br> PEAP: Tunneled authentication will be proxied to safeword.eng
<br> PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
<br>[eap] Tunneled session will be proxied. Not doing EAP.
<br>++[eap] returns handled
<br> WARNING: Empty section. Using default return values.
<br>ERROR: Failed to create a new socket for proxying requests.
<br>ERROR: Failed inserting request into proxy hash.
<br>ERROR: Failed to proxy request 23
<br>There was no response configured: rejecting request 23
<br>Using Post-Auth-Type Reject
<br>+- entering group REJECT {...}
<br>[attr_filter.access_reject] expand: %{User-Name} -> mbernhardt
<br> attr_filter: Matched entry DEFAULT at line 11
<br>++[attr_filter.access_reject] returns updated
<br>Delaying reject of request 23 for 1 seconds
<br>Going to the next request
<br>Waking up in 0.9 seconds.
<br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26877236
Re: RADIUS 2.x - modules not loaded correctly
2009-12-21T09:30:38Z
2009-12-21T09:30:38Z
Alan DeKok-2
Josip Rodin wrote:
<br>> I was thinking we should use the mods-{available,enabled}, also mimicking
<br>> apache2 and sites-*. That way we can worry less about the admin editing and
<br>> leaving junk in one directory, when only the other one is supposed to be
<br>> clean. Something like this?
<br><br> For 2.2.0, yes.
<br><br> Alan DeKok.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26876941
Re: Multiple clients on same IP address
2009-12-21T08:37:32Z
2009-12-21T08:37:32Z
Alexander Clouter
Fahd Kasri <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26876941&i=0" target="_top" rel="nofollow">fahd.kasri@...</a>> wrote:
<br>>
<br>> That's what I thought. I tried the first solution (wanting to avoid the two
<br>> others), and apparently the configuration works. Just wanted to know if
<br>> there could be any problems with two or more clients using the exact some
<br>> configuration. Thanks for the info.
<br>>
<br>Depends on what you want to do with the accounting data. You might find
<br>that tracking your users when NAS-IP-Address is the same becomes really
<br>awkward[1]. Anything that keys off that attribute (such as
<br>Acct-Unique-Session-Id, as Acct-Session-Id is rarely unique) might cause
<br>your grief.
<br><br>So, authentication should work...you might have some problems with
<br>simulateous logins *possibly* and your accounting records might be a
<br>pain to work with.
<br><br>You need to define what 'work' means for yourself and decide from there.
<br><br>Cheers
<br><br>[1] then you hope your venduh lets you amend the NAS-Identifier
<br> attribute
<br><br>--
<br>Alexander Clouter
<br>.sigmonster says: TAILFINS!! ... click ...
<br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26875665
Re: RADIUS 2.x - modules not loaded correctly
2009-12-21T07:39:24Z
2009-12-21T07:39:24Z
Alan Buxey
Hi,
<br><br>> I was thinking we should use the mods-{available,enabled}, also mimicking
<br>> apache2 and sites-*. That way we can worry less about the admin editing and
<br>> leaving junk in one directory, when only the other one is supposed to be
<br>> clean. Something like this?
<br>>
<br>> git mv raddb/modules raddb/mods-available
<br>> patch -p1 < mods.diff # attached
<br><br>that makes the modules go into modules-available - but then you need
<br>to create the modules-enabled directory and put links into there...
<br>by default the server needs at least a handful of the modules to be present
<br>for its default config to load/work - i know - i've looked at this in the past.
<br>you'll also need to patch the radiusd.conf to read in modules-enabled/*
<br><br>alan
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26875550
Re: RADIUS 2.x - modules not loaded correctly
2009-12-21T07:29:09Z
2009-12-21T07:29:09Z
Josip Rodin-7
On Tue, Dec 15, 2009 at 09:03:33AM +0100, Alan DeKok wrote:
<br>> Axel Vogel wrote:
<br>> > Please look at the configuration of virtual hosts in apache2.
<br>> > The httpd.conf incudes only files with a well defined suffix
<br>> > vhosts.d/*.conf
<br>>
<br>> Sure. Send a patch.
<br><br>I was thinking we should use the mods-{available,enabled}, also mimicking
<br>apache2 and sites-*. That way we can worry less about the admin editing and
<br>leaving junk in one directory, when only the other one is supposed to be
<br>clean. Something like this?
<br><br>git mv raddb/modules raddb/mods-available
<br>patch -p1 < mods.diff # attached
<br><br>--
<br> 2. That which causes joy or happiness.
<br><br /><hr align="left" width="300" /><tt>diff --git a/raddb/Makefile b/raddb/Makefile
<br>index 01d3f03..9a3e5b5 100644
<br>--- a/raddb/Makefile
<br>+++ b/raddb/Makefile
<br>@@ -33,9 +33,9 @@ install:
<br> $(INSTALL) -d -m 750 $(R)$(raddbdir)
<br> $(INSTALL) -d -m 750 $(R)$(raddbdir)/sites-available
<br> $(INSTALL) -d -m 750 $(R)$(raddbdir)/sites-enabled
<br>- $(INSTALL) -d -m 750 $(R)$(raddbdir)/modules
<br>+ $(INSTALL) -d -m 750 $(R)$(raddbdir)/mods-available
<br> @echo "Creating/updating files in $(R)$(raddbdir)"; \
<br>- for i in $(FILES) `find sites-available/ modules/ -type f -print | sed 's/.*CVS.*//;s/.*~//;s/.*#.*//' `; do \
<br>+ for i in $(FILES) `find sites-available/ mods-available/ -type f -print | sed 's/.*CVS.*//;s/.*~//;s/.*#.*//' `; do \
<br> [ ! -f $(R)$(raddbdir)/$$i ] && $(INSTALL) -m 640 $$i $(R)$(raddbdir)/$$i; \
<br> if [ "`find $$i -newer $(R)$(raddbdir)/$$i`" ]; then \
<br> echo "** $(R)$(raddbdir)/$$i"; \
<br>@@ -85,6 +85,12 @@ install:
<br> cd $(R)$(raddbdir)/sites-enabled/; \
<br> ln -s ../sites-available/control-socket; \
<br> fi
<br>+ @for m in `cd mods-available/ && ls -1 | sed 's/.*CVS.*//;s/.*~//;s/.*#.*//' `; do \
<br>+ if [ ! -L $(R)$(raddbdir)/$$m ]; then \
<br>+ echo "** Enabling default module $(R)$(raddbdir)/$$m"; \
<br>+ ln -s ../mods-available/$$m $(R)$(raddbdir)/$$m; \
<br>+ fi; \
<br>+ done
<br>
<br> clean:
<br> rm -rf sites-enabled/inner-tunnel sites-enabled/default
<br></tt><hr align="left" width="300" /><br />-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26875394
Re: Multiple clients on same IP address
2009-12-21T07:18:24Z
2009-12-21T07:18:24Z
Fahd Kasri
That's what I thought. I tried the first solution (wanting to avoid the two others), and apparently the configuration works. Just wanted to know if there could be any problems with two or more clients using the exact some configuration. Thanks for the info.<br>
<br><div class="gmail_quote">2009/12/21 Alexander Clouter <span dir="ltr"><<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26875394&i=0" target="_top" rel="nofollow">alex@...</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5">Fahd Kasri <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26875394&i=1" target="_top" rel="nofollow">fahd.kasri@...</a>> wrote:<br>
><br>
> Is it possible to have multiple Radius clients behind a router connect to a<br>
> distant Freeradius server (these clients would therefore have the same IP<br>
> address and be the same client in clients.conf)?<br>
> I've this and apparently it works, but could there be any problems in the<br>
> long run?<br>
><br>
</div></div>They would either:<br>
* need to use the same shared secret<br>
* connect to different IP's provisioned by FreeRADIUS (the server is<br>
bind()'ed to more than one address)<br>
* send traffic to different port numbers being listened to by<br>
FreeRADIUS (listens on ports other than the 'official' ones)<br>
<br>
You can use a combination of the above (if you are crazy), but you will<br>
need to use at lease *one*. The alternative is to kill NAT...for it is<br>
evil[1].<br>
<br>
Cheers<br>
<br>
[1] if the network is 'trusted' then use an IPIP/GRE tunnel to get the<br>
traffic to the RADIUS server<br>
<font color="#888888"><br>
--<br>
Alexander Clouter<br>
.sigmonster says: A dead man cannot bite.<br>
-- Gnaeus Pompeius (Pompey)<br>
</font><div><div></div><div class="h5"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank" rel="nofollow">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Fahd Kasri<br>Directeur Technique<br>Weblib<br><a href="http://www.weblib.eu" target="_top" rel="nofollow">http://www.weblib.eu</a><br>
<br />-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26875248
Re: Multiple clients on same IP address
2009-12-21T06:48:55Z
2009-12-21T06:48:55Z
Alexander Clouter
Fahd Kasri <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26875248&i=0" target="_top" rel="nofollow">fahd.kasri@...</a>> wrote:
<br>>
<br>> Is it possible to have multiple Radius clients behind a router connect to a
<br>> distant Freeradius server (these clients would therefore have the same IP
<br>> address and be the same client in clients.conf)?
<br>> I've this and apparently it works, but could there be any problems in the
<br>> long run?
<br>>
<br>They would either:
<br> * need to use the same shared secret
<br> * connect to different IP's provisioned by FreeRADIUS (the server is
<br> bind()'ed to more than one address)
<br> * send traffic to different port numbers being listened to by
<br> FreeRADIUS (listens on ports other than the 'official' ones)
<br><br>You can use a combination of the above (if you are crazy), but you will
<br>need to use at lease *one*. The alternative is to kill NAT...for it is
<br>evil[1].
<br><br>Cheers
<br><br>[1] if the network is 'trusted' then use an IPIP/GRE tunnel to get the
<br> traffic to the RADIUS server
<br><br>--
<br>Alexander Clouter
<br>.sigmonster says: A dead man cannot bite.
<br> -- Gnaeus Pompeius (Pompey)
<br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26874970
Re: Virtual Server not setting attributes on reply
2009-12-21T06:48:00Z
2009-12-21T06:48:00Z
Alan Buxey
Hi,
<br><br>> Not the default virtual server. The test virtual server
<br>> The flow is client -> default virtual server acting as a proxy -> test
<br>> virtual server
<br>> If the test virtual server is configured as a remote radius server
<br>> then things work great. If it's configured as a virtual server using
<br>> the "virtual_server=name" then things break.
<br><br>test virtual server not setting the options byt he looks of it...
<br>post-auth is called in that virtual server - so how should it be getting/setting
<br>that attribute?
<br><br>alan
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26874690
Re: Pre-release of Version 2.1.8
2009-12-21T06:27:02Z
2009-12-21T06:27:02Z
Alan DeKok-2
Alexander Clouter wrote:
<br>> Want to put it down to a neutrino burst? :)
<br><br> Been there. Done that.
<br><br> <a href="http://www.sno.phy.queensu.ca/sno/papers/nim_paper_99.pdf" target="_top" rel="nofollow">http://www.sno.phy.queensu.ca/sno/papers/nim_paper_99.pdf</a><br><br> 9th author, on the first page.
<br><br> Alan DeKok.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26874272
Re: Virtual Server not setting attributes on reply
2009-12-21T05:55:11Z
2009-12-21T05:55:11Z
Timothy-45
2009/12/21 Alan Buxey <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26874272&i=0" target="_top" rel="nofollow">A.L.M.Buxey@...</a>>:
<div class='shrinkable-quote'><br>> Hi,
<br>>
<br>>> If I authenticate to TEST1/user
<br>>> My response is "only" a successful auth.
<br>>>
<br>>> If I authenticate to TEST2/user
<br>>> My response is a successful auth WITH Attributes (in this case the
<br>>> attribute I'm setting is
<br>>> Cisco-AVPair = "shell:priv-lvl=15"
<br>>
<br>> where are you setting that attribute? in the default virtual_server
<br>> in the post-auth?
</div><br>Not the default virtual server. The test virtual server
<br>The flow is client -> default virtual server acting as a proxy -> test
<br>virtual server
<br>If the test virtual server is configured as a remote radius server
<br>then things work great. If it's configured as a virtual server using
<br>the "virtual_server=name" then things break.
<br><br>I'm setting the attribues in the test virtual server via post-auth.
<br><br>The idea would be to have the different virtual servers using tables /
<br>databases for their own user list.
<br><br>>> It appears to me that using the virtual server is stripping the
<br>>> attributes from the reply.
<br><br>> check your attr filter - check that those attributes arent cleared - if
<br>> you run in full debug mode you should see everything that is happening
<br>> and exactly where it gets set and where it gets wiped
<br><br>The attributes just don't look to be getting set. I'm guessing that
<br>the post-auth section isn't being used with you proxy to a "virtual
<br>server" rather than to a "real" server
<br><br>realm TEST1 using "virtual server"
<br><br>rad_recv: Access-Request packet from host 192.168.183.20 port 2530,
<br>id=16, length=106
<br> User-Name = "TEST1/default"
<br> Acct-Session-Id = "1261403370P17nsl"
<br> NAS-IP-Address = 127.0.0.1
<br> NAS-Identifier = "Localhost"
<br> NAS-Port = 0
<br> Calling-Station-Id = "1115551212"
<br> User-Password = "password"
<br>+- entering group authorize
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br> rlm_realm: Looking up realm "TEST1" for User-Name = "TEST1/default"
<br> rlm_realm: Found realm "TEST1"
<br> rlm_realm: Adding Stripped-User-Name = "default"
<br> rlm_realm: Adding Realm = "TEST1"
<br> rlm_realm: Proxying request from user default to realm TEST1
<br> rlm_realm: Preparing to proxy authentication request to realm "TEST1"
<br>++[slash] returns updated
<br> rlm_realm: Request already proxied. Ignoring.
<br>++[suffix] returns noop
<br> rlm_eap: No EAP-Message, not doing EAP
<br>++[eap] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>>>> Sending proxied request internally to virtual server.
<br>server test {
<br>+- entering group authorize
<br> expand: %{Stripped-User-Name} -> default
<br> expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> default
<br>rlm_sql (sql): sql_set_user escaped user --> 'default'
<br>rlm_sql (sql): Reserving sql socket id: 3
<br> expand: SELECT id, username, attribute, value, op
<br>FROM radcheck WHERE username = '%{SQL-User-Name}'
<br>ORDER BY id -> SELECT id, username, attribute, value, op
<br>FROM radcheck WHERE username = 'default' ORDER BY
<br>id
<br>rlm_sql_mysql: query: SELECT id, username, attribute, value, op
<br> FROM radcheck WHERE username = 'default' ORDER
<br>BY id
<br>rlm_sql (sql): User found in radcheck table
<br> expand: SELECT id, username, attribute, value, op
<br>FROM radreply WHERE username = '%{SQL-User-Name}'
<br>ORDER BY id -> SELECT id, username, attribute, value, op
<br>FROM radreply WHERE username = 'default' ORDER BY
<br>id
<br>rlm_sql_mysql: query: SELECT id, username, attribute, value, op
<br> FROM radreply WHERE username = 'default' ORDER
<br>BY id
<br> expand: SELECT groupname FROM radusergroup
<br>WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
<br>SELECT groupname FROM radusergroup WHERE username
<br>= 'default' ORDER BY priority
<br>rlm_sql_mysql: query: SELECT groupname FROM radusergroup
<br> WHERE username = 'default' ORDER BY priority
<br> expand: SELECT id, groupname, attribute, Value, op
<br> FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
<br> ORDER BY id -> SELECT id, groupname, attribute,
<br>Value, op FROM radgroupcheck WHERE groupname =
<br>'shells' ORDER BY id
<br>rlm_sql_mysql: query: SELECT id, groupname, attribute,
<br>Value, op FROM radgroupcheck WHERE groupname =
<br>'shells' ORDER BY id
<br>rlm_sql (sql): User found in group shells
<br> expand: SELECT id, groupname, attribute, value, op
<br> FROM radgroupreply WHERE groupname = '%{Sql-Group}'
<br> ORDER BY id -> SELECT id, groupname, attribute,
<br>value, op FROM radgroupreply WHERE groupname =
<br>'shells' ORDER BY id
<br>rlm_sql_mysql: query: SELECT id, groupname, attribute,
<br>value, op FROM radgroupreply WHERE groupname =
<br>'shells' ORDER BY id
<br>rlm_sql (sql): Released sql socket id: 3
<br>++[sql] returns ok
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>rlm_pap: Normalizing MD5-Password from hex encoding
<br>++[pap] returns updated
<br> rad_check_password: Found Auth-Type
<br>auth: type "PAP"
<br>+- entering group PAP
<br>rlm_pap: login attempt with password "password"
<br>rlm_pap: Using MD5 encryption.
<br>rlm_pap: User authenticated successfully
<br>++[pap] returns ok
<br>Login OK: [default/password] (from client desktop port 0 cli
<br>1115551212 via TLS tunnel)
<br>+- entering group post-auth
<br>rlm_sql (sql): Processing sql_postauth
<br> expand: %{Stripped-User-Name} -> default
<br> expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> default
<br>rlm_sql (sql): sql_set_user escaped user --> 'default'
<br> expand: %{User-Password} -> password
<br> expand: INSERT INTO radpostauth
<br>(username, pass, reply, authdate) VALUES (
<br> '%{User-Name}',
<br>'%{%{User-Password}:-%{Chap-Password}}',
<br>'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
<br> (username, pass, reply, authdate)
<br> VALUES ( 'default',
<br> 'password', 'Access-Accept', '2009-12-21
<br>13:49:30')
<br> expand: /var/log/freeradius/sqltrace.sql ->
<br>/var/log/freeradius/sqltrace.sql
<br>rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
<br> (username, pass, reply, authdate)
<br> VALUES ( 'default',
<br> 'password', 'Access-Accept',
<br>'2009-12-21 13:49:30')
<br>rlm_sql (sql): Reserving sql socket id: 2
<br>rlm_sql_mysql: query: INSERT INTO radpostauth
<br> (username, pass, reply, authdate) VALUES (
<br> 'default',
<br>'password', 'Access-Accept', '2009-12-21
<br>13:49:30')
<br>rlm_sql (sql): Released sql socket id: 2
<br>++[sql] returns ok
<br>} # server test
<br>Going to the next request
<br><<< Received proxied response from internal virtual server.
<br>+- entering group authorize
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br> rlm_realm: Proxy reply, or no User-Name. Ignoring.
<br>++[slash] returns noop
<br> rlm_realm: Proxy reply, or no User-Name. Ignoring.
<br>++[suffix] returns noop
<br>++[eap] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br> rad_check_password: Found Auth-Type
<br> rad_check_password: Auth-Type = Accept, accepting the user
<br>Login OK: [TEST1/default/password] (from client desktop port 0 cli 1115551212)
<br>+- entering group post-auth
<br>++[exec] returns noop
<br>Sending Access-Accept of id 16 to 192.168.183.20 port 2530
<br>Finished request 0.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>Cleaning up request 0 ID 16 with timestamp +11
<br>Ready to process requests.
<br><br><br>realm TEST2 using "real" server
<br><br><br>rad_recv: Access-Request packet from host 192.168.183.20 port 2535,
<br>id=17, length=106
<br> User-Name = "TEST2/default"
<br> Acct-Session-Id = "1261403531L18dgh"
<br> NAS-IP-Address = 127.0.0.1
<br> NAS-Identifier = "Localhost"
<br> NAS-Port = 0
<br> Calling-Station-Id = "1115551212"
<br> User-Password = "password"
<br>+- entering group authorize
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br> rlm_realm: Looking up realm "TEST2" for User-Name = "TEST2/default"
<br> rlm_realm: Found realm "TEST2"
<br> rlm_realm: Adding Stripped-User-Name = "default"
<br> rlm_realm: Adding Realm = "TEST2"
<br> rlm_realm: Proxying request from user default to realm TEST2
<br> rlm_realm: Preparing to proxy authentication request to realm "TEST2"
<br>++[slash] returns updated
<br> rlm_realm: Request already proxied. Ignoring.
<br>++[suffix] returns noop
<br> rlm_eap: No EAP-Message, not doing EAP
<br>++[eap] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>Sending Access-Request of id 34 to 127.0.0.1 port 11812
<br> User-Name = "default"
<br> Acct-Session-Id = "1261403531L18dgh"
<br> NAS-IP-Address = 127.0.0.1
<br> NAS-Identifier = "Localhost"
<br> NAS-Port = 0
<br> Calling-Station-Id = "1115551212"
<br> User-Password = "password"
<br> Proxy-State = 0x3137
<br>Proxying request 1 to home server 127.0.0.1 port 11812
<br>Sending Access-Request of id 34 to 127.0.0.1 port 11812
<br> User-Name = "default"
<br> Acct-Session-Id = "1261403531L18dgh"
<br> NAS-IP-Address = 127.0.0.1
<br> NAS-Identifier = "Localhost"
<br> NAS-Port = 0
<br> Calling-Station-Id = "1115551212"
<br> User-Password = "password"
<br> Proxy-State = 0x3137
<br>Going to the next request
<br>Waking up in 0.9 seconds.
<br>rad_recv: Access-Request packet from host 127.0.0.1 port 1814, id=34, length=104
<br> User-Name = "default"
<br> Acct-Session-Id = "1261403531L18dgh"
<br> NAS-IP-Address = 127.0.0.1
<br> NAS-Identifier = "Localhost"
<br> NAS-Port = 0
<br> Calling-Station-Id = "1115551212"
<br> User-Password = "password"
<br> Proxy-State = 0x3137
<br>server test {
<br>+- entering group authorize
<br> expand: %{Stripped-User-Name} ->
<br> expand: %{User-Name} -> default
<br> expand: %{%{User-Name}:-DEFAULT} -> default
<br> expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> default
<br>rlm_sql (sql): sql_set_user escaped user --> 'default'
<br>rlm_sql (sql): Reserving sql socket id: 1
<br> expand: SELECT id, username, attribute, value, op
<br>FROM radcheck WHERE username = '%{SQL-User-Name}'
<br>ORDER BY id -> SELECT id, username, attribute, value, op
<br>FROM radcheck WHERE username = 'default' ORDER BY
<br>id
<br>rlm_sql_mysql: query: SELECT id, username, attribute, value, op
<br> FROM radcheck WHERE username = 'default' ORDER
<br>BY id
<br>rlm_sql (sql): User found in radcheck table
<br> expand: SELECT id, username, attribute, value, op
<br>FROM radreply WHERE username = '%{SQL-User-Name}'
<br>ORDER BY id -> SELECT id, username, attribute, value, op
<br>FROM radreply WHERE username = 'default' ORDER BY
<br>id
<br>rlm_sql_mysql: query: SELECT id, username, attribute, value, op
<br> FROM radreply WHERE username = 'default' ORDER
<br>BY id
<br> expand: SELECT groupname FROM radusergroup
<br>WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
<br>SELECT groupname FROM radusergroup WHERE username
<br>= 'default' ORDER BY priority
<br>rlm_sql_mysql: query: SELECT groupname FROM radusergroup
<br> WHERE username = 'default' ORDER BY priority
<br> expand: SELECT id, groupname, attribute, Value, op
<br> FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
<br> ORDER BY id -> SELECT id, groupname, attribute,
<br>Value, op FROM radgroupcheck WHERE groupname =
<br>'shells' ORDER BY id
<br>rlm_sql_mysql: query: SELECT id, groupname, attribute,
<br>Value, op FROM radgroupcheck WHERE groupname =
<br>'shells' ORDER BY id
<br>rlm_sql (sql): User found in group shells
<br> expand: SELECT id, groupname, attribute, value, op
<br> FROM radgroupreply WHERE groupname = '%{Sql-Group}'
<br> ORDER BY id -> SELECT id, groupname, attribute,
<br>value, op FROM radgroupreply WHERE groupname =
<br>'shells' ORDER BY id
<br>rlm_sql_mysql: query: SELECT id, groupname, attribute,
<br>value, op FROM radgroupreply WHERE groupname =
<br>'shells' ORDER BY id
<br>rlm_sql (sql): Released sql socket id: 1
<br>++[sql] returns ok
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>rlm_pap: Normalizing MD5-Password from hex encoding
<br>++[pap] returns updated
<br> rad_check_password: Found Auth-Type
<br>auth: type "PAP"
<br>+- entering group PAP
<br>rlm_pap: login attempt with password "password"
<br>rlm_pap: Using MD5 encryption.
<br>rlm_pap: User authenticated successfully
<br>++[pap] returns ok
<br>Login OK: [default/password] (from client LocalHost port 0 cli 1115551212)
<br>+- entering group post-auth
<br>rlm_sql (sql): Processing sql_postauth
<br> expand: %{Stripped-User-Name} ->
<br> expand: %{User-Name} -> default
<br> expand: %{%{User-Name}:-DEFAULT} -> default
<br> expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> default
<br>rlm_sql (sql): sql_set_user escaped user --> 'default'
<br> expand: %{User-Password} -> password
<br> expand: INSERT INTO radpostauth
<br>(username, pass, reply, authdate) VALUES (
<br> '%{User-Name}',
<br>'%{%{User-Password}:-%{Chap-Password}}',
<br>'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
<br> (username, pass, reply, authdate)
<br> VALUES ( 'default',
<br> 'password', 'Access-Accept', '2009-12-21
<br>13:52:11')
<br> expand: /var/log/freeradius/sqltrace.sql ->
<br>/var/log/freeradius/sqltrace.sql
<br>rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
<br> (username, pass, reply, authdate)
<br> VALUES ( 'default',
<br> 'password', 'Access-Accept',
<br>'2009-12-21 13:52:11')
<br>rlm_sql (sql): Reserving sql socket id: 0
<br>rlm_sql_mysql: query: INSERT INTO radpostauth
<br> (username, pass, reply, authdate) VALUES (
<br> 'default',
<br>'password', 'Access-Accept', '2009-12-21
<br>13:52:11')
<br>rlm_sql (sql): Released sql socket id: 0
<br>++[sql] returns ok
<br>} # server test
<br>Sending Access-Accept of id 34 to 127.0.0.1 port 1814
<br> Service-Type = NAS-Prompt-User
<br> Cisco-AVPair = "shell:priv-lvl=15"
<br> APC-Service-Type = Admin
<br> Proxy-State = 0x3137
<br>Finished request 2.
<br>Going to the next request
<br>Waking up in 0.9 seconds.
<br>rad_recv: Access-Accept packet from host 127.0.0.1 port 11812, id=34, length=67
<br> Service-Type = NAS-Prompt-User
<br> Cisco-AVPair = "shell:priv-lvl=15"
<br> APC-Service-Type = Admin
<br> Proxy-State = 0x3137
<br>+- entering group post-proxy
<br> rlm_eap: No pre-existing handler found
<br>++[eap] returns noop
<br>+- entering group authorize
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br> rlm_realm: Proxy reply, or no User-Name. Ignoring.
<br>++[slash] returns noop
<br> rlm_realm: Proxy reply, or no User-Name. Ignoring.
<br>++[suffix] returns noop
<br>++[eap] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br> rad_check_password: Found Auth-Type
<br> rad_check_password: Auth-Type = Accept, accepting the user
<br>Login OK: [TEST2/default/password] (from client desktop port 0 cli 1115551212)
<br>+- entering group post-auth
<br>++[exec] returns noop
<br>Sending Access-Accept of id 17 to 192.168.183.20 port 2535
<br> Service-Type = NAS-Prompt-User
<br> Cisco-AVPair = "shell:priv-lvl=15"
<br> APC-Service-Type = Admin
<br>Finished request 1.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>Cleaning up request 2 ID 34 with timestamp +172
<br>Cleaning up request 1 ID 17 with timestamp +172
<br>Ready to process requests.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26874156
Multiple clients on same IP address
2009-12-21T05:45:51Z
2009-12-21T05:45:51Z
Fahd Kasri
Hi,<div><br></div><div>Is it possible to have multiple Radius clients behind a router connect to a distant Freeradius server (these clients would therefore have the same IP address and be the same client in clients.conf)?</div>
<div>I've this and apparently it works, but could there be any problems in the long run?</div><div><br></div><div>Thanks.<br clear="all"><br>-- <br>Fahd <br>
</div>
<br />-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26873979
Re: Virtual Server not setting attributes on reply
2009-12-21T05:29:29Z
2009-12-21T05:29:29Z
Alan Buxey
Hi,
<br><br>> If I authenticate to TEST1/user
<br>> My response is "only" a successful auth.
<br>>
<br>> If I authenticate to TEST2/user
<br>> My response is a successful auth WITH Attributes (in this case the
<br>> attribute I'm setting is
<br>> Cisco-AVPair = "shell:priv-lvl=15"
<br><br>where are you setting that attribute? in the default virtual_server
<br>in the post-auth?
<br><br>> It appears to me that using the virtual server is stripping the
<br>> attributes from the reply.
<br><br>check your attr filter - check that those attributes arent cleared - if
<br>you run in full debug mode you should see everything that is happening
<br>and exactly where it gets set and where it gets wiped
<br><br>alan
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26874432
Re: Pre-release of Version 2.1.8
2009-12-21T05:21:55Z
2009-12-21T05:21:55Z
Alexander Clouter
Alan DeKok <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26874432&i=0" target="_top" rel="nofollow">aland@...</a>> wrote:
<div class='shrinkable-quote'><br>>
<br>>> Then shortly after restarting it:
<br>>> ----
<br>>> Program received signal SIGABRT, Aborted.
<br>>> [Switching to Thread 0x4f492950 (LWP 23808)]
<br>>> 0x00007f0060554ed5 in raise () from /lib/libc.so.6
<br>>> (gdb) wher
<br>>> #0 0x00007f0060554ed5 in raise () from /lib/libc.so.6
<br>>> #1 0x00007f00605563f3 in abort () from /lib/libc.so.6
<br>>> #2 0x00000000004281f2 in rad_assert_fail (file=0x4455ef "threads.c", line=406,
<br>>> expr=0x445628 "(*request)->magic == REQUEST_MAGIC") at util.c:363
<br>>> #3 0x0000000000426adf in request_dequeue (request=0x7f004c006f30, fun=0x4f491d30) at threads.c:406
<br>>
<br>> That shouldn't happen... ever!
<br>>
<br>> In fact, I've never seen it happen. It can occur only when memory is
<br>> free'd, and still used.
<br>>
<br>> [snipped]
<br>>
<br>>> As for the latter one, that's new to me. Alas it is going to be
<br>>> difficult to repeat this 'experiment' as I would have to turn power off
<br>>> to one of our server rooms...tends to annoy the yokels.
<br>>
<br>> It should either happen a lot, or not at all.
<br>>
</div>Well as I said it is the first time I have seen it and I have been
<br>running this code straight since that commit came out on the 5th. So we
<br>cannot say 'not at all'.
<br><br>Want to put it down to a neutrino burst? :)
<br><br>Cheers
<br><br>--
<br>Alexander Clouter
<br>.sigmonster says: Shut off engine before fueling.
<br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26873731
Re: Pre-release of Version 2.1.8
2009-12-21T04:59:08Z
2009-12-21T04:59:08Z
Alan DeKok-2
Alexander Clouter wrote:
<div class='shrinkable-quote'><br>> Not quite on the pre-release but running
<br>> f691b0ec7d4c92919bdd4dc81e8a86b211c00832 from the stable branch I got
<br>> these after a 'hiccup' this morning on the network:
<br>> ----
<br>> Program received signal SIGPIPE, Broken pipe.
<br>> [Switching to Thread 0x411b9950 (LWP 18045)]
<br>> 0x00007fa8a156b75b in write () from /lib/libpthread.so.0
<br>> (gdb) bt
<br>> #0 0x00007fa8a156b75b in write () from /lib/libpthread.so.0
<br>> #1 0x00007fa89e51c1a9 in ?? () from /usr/lib/liblber-2.4.so.2
<br>> #2 0x00007fa89e06f4b9 in _gnutls_io_write_buffered () from /usr/lib/libgnutls.so.26
</div><br> Ugh.
<br><div class='shrinkable-quote'><br>> Then shortly after restarting it:
<br>> ----
<br>> Program received signal SIGABRT, Aborted.
<br>> [Switching to Thread 0x4f492950 (LWP 23808)]
<br>> 0x00007f0060554ed5 in raise () from /lib/libc.so.6
<br>> (gdb) wher
<br>> #0 0x00007f0060554ed5 in raise () from /lib/libc.so.6
<br>> #1 0x00007f00605563f3 in abort () from /lib/libc.so.6
<br>> #2 0x00000000004281f2 in rad_assert_fail (file=0x4455ef "threads.c", line=406,
<br>> expr=0x445628 "(*request)->magic == REQUEST_MAGIC") at util.c:363
<br>> #3 0x0000000000426adf in request_dequeue (request=0x7f004c006f30, fun=0x4f491d30) at threads.c:406
</div><br> That shouldn't happen... ever!
<br><br> In fact, I've never seen it happen. It can occur only when memory is
<br>free'd, and still used.
<br><br>> The former one I have seen before and assuemd it was a bug in libldap,
<br>> however I guess maybe freeradius should be catching the SIGPIPE there?
<br><br> Nope. The libraries usually re-set the signal handlers.
<br><br>> As for the latter one, that's new to me. Alas it is going to be
<br>> difficult to repeat this 'experiment' as I would have to turn power off
<br>> to one of our server rooms...tends to annoy the yokels.
<br><br> It should either happen a lot, or not at all.
<br><br> Alan DeKok.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26873711
Virtual Server not setting attributes on reply
2009-12-21T04:58:53Z
2009-12-21T04:58:53Z
Timothy-45
Hi,
<br><br>I'm having problems when using a virtual server.
<br>When using the "virtual_server" I'm not getting the reply attributes set.
<br><br>It may be a config thing, but I haven't been able to find where the
<br>problem is from the documentation. And I can't understand why there
<br>would be the difference.
<br><br>I have 2 realms set using the same virtual server. The only difference is
<br>realm TEST1 {
<br> virtual_server = test
<br>}
<br>realm TEST2 {
<br> type = radius
<br> format = prefix
<br> delimiter = "/"
<br> authhost = 127.0.0.1:11812
<br> accthost = 127.0.0.1:11813
<br> secret = secret
<br>}
<br><br>If I authenticate to TEST1/user
<br>My response is "only" a successful auth.
<br><br>If I authenticate to TEST2/user
<br>My response is a successful auth WITH Attributes (in this case the
<br>attribute I'm setting is
<br>Cisco-AVPair = "shell:priv-lvl=15"
<br><br>It appears to me that using the virtual server is stripping the
<br>attributes from the reply.
<br><br>Can anyone tell me
<br>a) The approprate documentation covering this is so I know.
<br>b) What I have done wrong (and where to find the answers)
<br>or
<br>c) This is an actual bug and someone will look at it
<br><br>Thanks
<br>Timothy
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26873653
Re: Debian, EAP, and the OpenSSL and GPL incompatibility
2009-12-21T04:57:38Z
2009-12-21T04:57:38Z
Alan DeKok-2
Bjørn Mork wrote:
<br>> Just noticed:
<br>...
<div class='shrinkable-quote'><br>> Add OpenSSL license exception
<br>>
<br>> commit 5ed6809aad46a999db022d9a0be417178b93dff6
<br>> Author: Alan T. DeKok <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26873653&i=0" target="_top" rel="nofollow">aland@...</a>>
<br>> Date: Mon Dec 21 10:49:50 2009 +0100
<br>>
<br>> Synced with upstream debian
<br>>
<br>>
<br>>
<br>> Thanks!
</div><br> More to come. :)
<br><br> Alan DeKok.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26872877
Re: Debian, EAP, and the OpenSSL and GPL incompatibility
2009-12-21T03:41:15Z
2009-12-21T03:41:15Z
Bjørn Mork
Just noticed:
<br><br>commit 48674ba26a39620448723f5852aa30a899d515ac
<br>Author: Alan T. DeKok <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26872877&i=0" target="_top" rel="nofollow">aland@...</a>>
<br>Date: Mon Dec 21 12:07:08 2009 +0100
<br><br> Add OpenSSL license exception
<br><br>commit 5ed6809aad46a999db022d9a0be417178b93dff6
<br>Author: Alan T. DeKok <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26872877&i=1" target="_top" rel="nofollow">aland@...</a>>
<br>Date: Mon Dec 21 10:49:50 2009 +0100
<br><br> Synced with upstream debian
<br><br><br><br>Thanks!
<br><br><br><br>Bjørn
<br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26872534
Re: Pre-release of Version 2.1.8
2009-12-21T02:31:36Z
2009-12-21T02:31:36Z
Alexander Clouter
Alan DeKok <<a href="http://old.nabble.com/user/SendEmail.jtp?type=post&post=26872534&i=0" target="_top" rel="nofollow">aland@...</a>> wrote:
<div class='shrinkable-quote'><br>>
<br>> I've put a pre-release of version 2.1.8 on the web site:
<br>>
<br>> <a href="http://git.freeradius.org/pre/" target="_top" rel="nofollow">http://git.freeradius.org/pre/</a><br>>
<br>> Please do some sanity checks, and see if it works for you.
<br>>
<br>> This version is from the new "v2.1.x" branch, which is Version 2.1.7,
<br>> plus *only* bug fixes. The "stable" branch is now planned to become
<br>> version 2.2.0 in January. It will include TCP transport, among other
<br>> new features.
<br>>
<br>> If there are no major issues, we can release 2.1.8 next week.
<br>>
</div>Not quite on the pre-release but running
<br>f691b0ec7d4c92919bdd4dc81e8a86b211c00832 from the stable branch I got
<br>these after a 'hiccup' this morning on the network:
<br>----
<br>Program received signal SIGPIPE, Broken pipe.
<br>[Switching to Thread 0x411b9950 (LWP 18045)]
<br>0x00007fa8a156b75b in write () from /lib/libpthread.so.0
<br>(gdb) bt
<br>#0 0x00007fa8a156b75b in write () from /lib/libpthread.so.0
<br>#1 0x00007fa89e51c1a9 in ?? () from /usr/lib/liblber-2.4.so.2
<br>#2 0x00007fa89e06f4b9 in _gnutls_io_write_buffered () from /usr/lib/libgnutls.so.26
<br>#3 0x00007fa89e06c601 in _gnutls_send_int () from /usr/lib/libgnutls.so.26
<br>#4 0x00007fa89e08a6e0 in gnutls_alert_send () from /usr/lib/libgnutls.so.26
<br>#5 0x00007fa89e06c90f in gnutls_bye () from /usr/lib/libgnutls.so.26
<br>#6 0x00007fa89e754c30 in ?? () from /usr/lib/libldap_r-2.4.so.2
<br>#7 0x00007fa89e51c6ec in ber_int_sb_close () from /usr/lib/liblber-2.4.so.2
<br>#8 0x00007fa89e745f5d in ldap_free_connection () from /usr/lib/libldap_r-2.4.so.2
<br>#9 0x00007fa89e73c8cf in ldap_ld_free () from /usr/lib/libldap_r-2.4.so.2
<br>#10 0x00007fa89e96e1c1 in perform_search (instance=0x1f2a0e0, conn=0x1f2a5b0,
<br> search_basedn=0x260b3e0 "ou=Networks,ou=LanWarden,o=soas", scope=1,
<br> filter=0x27f6fc0 "(&(objectClass=lanwardenNetwork)(member=cn=001e4fe171de,ou=users-staff,ou=imported,ou=Hosts,ou=LanWarden,o=soas))", attrs=0x2676c70, result=0x411b7050) at rlm_ldap.c:811
<br>#11 0x00007fa89e96f6ab in ldap_xlat (instance=0x1f2a0e0, request=0x7fa894002530,
<br> fmt=0x2de8ae0 "ldap:///ou=Networks,ou=LanWarden,o=soas?cn?one?(&(objectClass=lanwardenNetwork)(member=%{control:MAC-Address-LdapDn}))", out=0x411b7840 "", freespace=254, func=0x42ba4c <xlat_copy>) at rlm_ldap.c:1199
<br>#12 0x000000000042b89b in decode_attribute (from=0x411b76d0, to=0x411b76c8, freespace=254, open_p=0x411b765c,
<br> request=0x7fa894002530, func=0x42ba4c <xlat_copy>) at xlat.c:911
<br>#13 0x000000000042bd4f in radius_xlat (out=0x411b7840 "", outlen=254,
<br> fmt=0x2288d30 "%{ldap_autz_soasauth-nd1:ldap:///ou=Networks,ou=LanWarden,o=soas?cn?one?(&(objectClass=lanwardenNetwork)(member=%{control:MAC-Address-LdapDn}))}", request=0x7fa894002530, func=0x42ba4c <xlat_copy>) at xlat.c:1086
<br>#14 0x00007fa89be8b4bb in do_attr_rewrite (instance=0x2288680, request=0x7fa894002530) at rlm_attr_rewrite.c:179
<br>#15 0x00007fa89be8c0c8 in attr_rewrite_postauth (instance=0x2288680, request=0x7fa894002530)
<br> at rlm_attr_rewrite.c:453
<br>#16 0x0000000000420655 in call_modsingle (component=7, sp=0x2288540, request=0x7fa894002530) at modcall.c:297
<br>#17 0x00000000004214ac in modcall (component=7, c=0x2287f50, request=0x7fa894002530) at modcall.c:669
<br>#18 0x000000000041ec68 in indexed_modcall (comp=7, idx=0, request=0x7fa894002530) at modules.c:691
<br>#19 0x00000000004200ff in module_post_auth (postauth_type=0, request=0x7fa894002530) at modules.c:1533
<br>#20 0x000000000040a148 in rad_postauth (request=0x7fa894002530) at auth.c:421
<br>#21 0x000000000040ac45 in rad_authenticate (request=0x7fa894002530) at auth.c:811
<br>#22 0x0000000000434ef7 in radius_handle_request (request=0x7fa894002530, fun=0x40a194 <rad_authenticate>)
<br> at event.c:4097
<br>#23 0x0000000000426cb3 in request_handler_thread (arg=0x7fa8940023d0) at threads.c:492
<br>#24 0x00007fa8a1564fc7 in start_thread () from /lib/libpthread.so.0
<br>#25 0x00007fa8a08af5ad in clone () from /lib/libc.so.6
<br>#26 0x0000000000000000 in ?? ()
<br>(gdb)
<br>----
<br><br>Then shortly after restarting it:
<br>----
<br>Program received signal SIGABRT, Aborted.
<br>[Switching to Thread 0x4f492950 (LWP 23808)]
<br>0x00007f0060554ed5 in raise () from /lib/libc.so.6
<br>(gdb) wher
<br>#0 0x00007f0060554ed5 in raise () from /lib/libc.so.6
<br>#1 0x00007f00605563f3 in abort () from /lib/libc.so.6
<br>#2 0x00000000004281f2 in rad_assert_fail (file=0x4455ef "threads.c", line=406,
<br> expr=0x445628 "(*request)->magic == REQUEST_MAGIC") at util.c:363
<br>#3 0x0000000000426adf in request_dequeue (request=0x7f004c006f30, fun=0x4f491d30) at threads.c:406
<br>#4 0x0000000000426c3d in request_handler_thread (arg=0x7f004c006f00) at threads.c:483
<br>#5 0x00007f00612a7fc7 in start_thread () from /lib/libpthread.so.0
<br>#6 0x00007f00605f25ad in clone () from /lib/libc.so.6
<br>#7 0x0000000000000000 in ?? ()
<br>(gdb)
<br>----
<br><br>The former one I have seen before and assuemd it was a bug in libldap,
<br>however I guess maybe freeradius should be catching the SIGPIPE there?
<br><br>As for the latter one, that's new to me. Alas it is going to be
<br>difficult to repeat this 'experiment' as I would have to turn power off
<br>to one of our server rooms...tends to annoy the yokels.
<br><br>Cheers
<br><br>--
<br>Alexander Clouter
<br>.sigmonster says: BOFH excuse #276:
<br> U.S. Postal Service
<br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26872077
Re: Pre-release of Version 2.1.8
2009-12-21T02:19:19Z
2009-12-21T02:19:19Z
Alan Buxey
Hi,
<br>> Alan Buxey wrote:
<br>> > aye - there were some questions relating to getting some of the older
<br>> > requested patches put into 2.1.8 too - has that been addressed?
<br>>
<br>> Which patches?
<br><br>there were a couple cant remember exactly - i know one was '17' - the CHAP one.
<br>I applied it locally to my pre 2.1.8 - it didnt go in 100% clean because
<br>it was written some time back....things appear to be okay after it went in.
<br><br>wasnt there also an SQL one and a proxy one?
<br><br>alan
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26872052
Re: Pre-release of Version 2.1.8
2009-12-21T02:15:00Z
2009-12-21T02:15:00Z
Alan DeKok-2
Bjørn Mork wrote:
<br>> The v2.1.x branch from github up to and including commit
<br>> 1d80707880c1bf94ad1e87be74221a6c7b4cb4c7 has now been running stable for
<br>> more than 5 days for me. All the previously reported problems seem to
<br>> be gone. So I'd say it makes a good 2.1.8 release for Christmas.
<br><br> Thanks. I've added a bunch more minor changes (docs, checks from
<br>static analysis tools, etc.) But no more code changes.
<br><br> It should be good to go...
<br><br> Alan DeKok.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26872031
Re: Pre-release of Version 2.1.8
2009-12-21T02:14:02Z
2009-12-21T02:14:02Z
Alan DeKok-2
Alan Buxey wrote:
<br>> aye - there were some questions relating to getting some of the older
<br>> requested patches put into 2.1.8 too - has that been addressed?
<br><br> Which patches?
<br><br> Alan DeKok.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26871993
Re: Certificate not valid in PEAP
2009-12-21T02:10:31Z
2009-12-21T02:10:31Z
Alan DeKok-2
Fernando Calvelo Vazquez wrote:
<br>> Hi folks:
<br>>
<br>> I'm still trying to configure any authentication method that includes a
<br>> client certificate validation (PEAP, EAP-TTLS... ) behind my
<br>> window-vista supplicant software client, but unfortunately no successfully.
<br>> Attached to this mail is the output of one PEAP try.
<br>> The authentication starts once and again forever, in a loop, but never
<br>> ends successfully.
<br><br> There are two ways to figure out what's going on.
<br><br>1) test it with a real client to be sure it works.
<br><br> See <a href="http://deployingradius.com/" target="_top" rel="nofollow">http://deployingradius.com/</a> for instructions on using eapol_test.
<br> You can also use client certificates. See the wpa_supplicant docs for
<br>more information.
<br><br>2) debug Windows
<br><br><a href="http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx" target="_top" rel="nofollow">http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx</a><br><br><br> If (1) works with client certs, then the issue is only (2).
<br><br>> I'm a bit frustrated with this "certificates" locking point.
<br><br> Blame Microsoft. They put great effort into breaking
<br>inter-operability, and in ensuring that it's nearly impossible for
<br>administrators to quickly discover the cause of the problem.
<br><br> Alan DeKok.
<br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26871949
Re: Pre-release of Version 2.1.8
2009-12-21T02:03:40Z
2009-12-21T02:03:40Z
Alan Buxey
Hi,
<br><br>> The v2.1.x branch from github up to and including commit
<br>> 1d80707880c1bf94ad1e87be74221a6c7b4cb4c7 has now been running stable for
<br>> more than 5 days for me. All the previously reported problems seem to
<br>> be gone. So I'd say it makes a good 2.1.8 release for Christmas.
<br><br>aye - there were some questions relating to getting some of the older
<br>requested patches put into 2.1.8 too - has that been addressed?
<br><br>alan
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26871925
Re: Certificate not valid in PEAP
2009-12-21T02:02:24Z
2009-12-21T02:02:24Z
Alan Buxey
hi,
<br><br>not sure about your mix of PEAP or EAP-TTLS iwht client certificate -
<br>usually these systems use another form of user auth - such
<br>as password, generic token card etc ....
<br><br>what you need is the server certificate and you also need to ensure that the
<br>CA that signed the servr cert is installed on the windows system - plenty
<br>of sites that say how to do this - or you can simply google for
<br>eg wireless setup instructions (most universities are starting to have
<br>very good pages ;-) )
<br><br>EAP-TLS uses client certificates - and if you eg put the matching
<br>entry for the CN into the users file then it'd know that user/cert is valid
<br>(to reject you need to revoke the cert)
<br><br>alan
<br>
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><br><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26871830
Certificate not valid in PEAP
2009-12-21T01:50:56Z
2009-12-21T01:50:56Z
swatzy
Hi folks:
<br><br>I'm still trying to configure any authentication method that includes a
<br>client certificate validation (PEAP, EAP-TTLS... ) behind my
<br>window-vista supplicant software client, but unfortunately no successfully.
<br>Attached to this mail is the output of one PEAP try.
<br>The authentication starts once and again forever, in a loop, but never
<br>ends successfully.
<br>I have verify that the client certificate include the Microsoft extensions
<br># openssl x509 -text -in client.pem
<br> X509v3 extensions:
<br> X509v3 Extended Key Usage:
<br> TLS Web Client Authentication
<br>and also... I have signed certificates by using the Makefile from
<br>version 2.1.8 (latest one)
<br><br>I'm a bit frustrated with this "certificates" locking point.
<br>Thanks a lot in advance for your help.
<br>Regards,
<br><br> Fernando.
<br><br />FreeRADIUS Version 2.1.7, for host x86_64-unknown-linux-gnu, built on Nov 16 2009 at 14:08:53
<br>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
<br>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
<br>PARTICULAR PURPOSE.
<br>You may redistribute copies of FreeRADIUS under the terms of the
<br>GNU General Public License v2.
<br>Starting - reading configuration files ...
<br>including configuration file /usr/local/etc/raddb/radiusd.conf
<br>including configuration file /usr/local/etc/raddb/proxy.conf
<br>including configuration file /usr/local/etc/raddb/clients.conf
<br>including files in directory /usr/local/etc/raddb/modules/
<br>including configuration file /usr/local/etc/raddb/modules/pam
<br>including configuration file /usr/local/etc/raddb/modules/counter
<br>including configuration file /usr/local/etc/raddb/modules/cui
<br>including configuration file /usr/local/etc/raddb/modules/wimax
<br>including configuration file /usr/local/etc/raddb/modules/sradutmp
<br>including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
<br>including configuration file /usr/local/etc/raddb/modules/etc_group
<br>including configuration file /usr/local/etc/raddb/modules/logintime
<br>including configuration file /usr/local/etc/raddb/modules/policy
<br>including configuration file /usr/local/etc/raddb/modules/digest
<br>including configuration file /usr/local/etc/raddb/modules/pap
<br>including configuration file /usr/local/etc/raddb/modules/acct_unique
<br>including configuration file /usr/local/etc/raddb/modules/unix
<br>including configuration file /usr/local/etc/raddb/modules/smbpasswd
<br>including configuration file /usr/local/etc/raddb/modules/detail.log
<br>including configuration file /usr/local/etc/raddb/modules/files
<br>including configuration file /usr/local/etc/raddb/modules/ippool
<br>including configuration file /usr/local/etc/raddb/modules/realm
<br>including configuration file /usr/local/etc/raddb/modules/ldap
<br>including configuration file /usr/local/etc/raddb/modules/linelog
<br>including configuration file /usr/local/etc/raddb/modules/sql_log
<br>including configuration file /usr/local/etc/raddb/modules/chap
<br>including configuration file /usr/local/etc/raddb/modules/mac2ip
<br>including configuration file /usr/local/etc/raddb/modules/attr_rewrite
<br>including configuration file /usr/local/etc/raddb/modules/preprocess
<br>including configuration file /usr/local/etc/raddb/modules/detail.example.com
<br>including configuration file /usr/local/etc/raddb/modules/detail
<br>including configuration file /usr/local/etc/raddb/modules/expiration
<br>including configuration file /usr/local/etc/raddb/modules/otp
<br>including configuration file /usr/local/etc/raddb/modules/exec
<br>including configuration file /usr/local/etc/raddb/modules/inner-eap
<br>including configuration file /usr/local/etc/raddb/modules/mac2vlan
<br>including configuration file /usr/local/etc/raddb/modules/passwd
<br>including configuration file /usr/local/etc/raddb/modules/attr_filter
<br>including configuration file /usr/local/etc/raddb/modules/expr
<br>including configuration file /usr/local/etc/raddb/modules/smsotp
<br>including configuration file /usr/local/etc/raddb/modules/krb5
<br>including configuration file /usr/local/etc/raddb/modules/radutmp
<br>including configuration file /usr/local/etc/raddb/modules/checkval
<br>including configuration file /usr/local/etc/raddb/modules/echo
<br>including configuration file /usr/local/etc/raddb/modules/perl
<br>including configuration file /usr/local/etc/raddb/modules/always
<br>including configuration file /usr/local/etc/raddb/modules/mschap
<br>including configuration file /usr/local/etc/raddb/eap.conf
<br>including configuration file /usr/local/etc/raddb/policy.conf
<br>including files in directory /usr/local/etc/raddb/sites-enabled/
<br>including configuration file /usr/local/etc/raddb/sites-enabled/default
<br>including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
<br>including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
<br>including dictionary file /usr/local/etc/raddb/dictionary
<br>main {
<br> prefix = "/usr/local"
<br> localstatedir = "/usr/local/var"
<br> logdir = "/usr/local/var/log/radius"
<br> libdir = "/usr/local/lib"
<br> radacctdir = "/usr/local/var/log/radius/radacct"
<br> hostname_lookups = no
<br> max_request_time = 30
<br> cleanup_delay = 5
<br> max_requests = 1024
<br> allow_core_dumps = no
<br> pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
<br> checkrad = "/usr/local/sbin/checkrad"
<br> debug_level = 0
<br> proxy_requests = yes
<br> log {
<br> stripped_names = no
<br> auth = no
<br> auth_badpass = no
<br> auth_goodpass = no
<br> }
<br> security {
<br> max_attributes = 200
<br> reject_delay = 1
<br> status_server = yes
<br> }
<br>}
<br>radiusd: #### Loading Realms and Home Servers ####
<br> proxy server {
<br> retry_delay = 5
<br> retry_count = 3
<br> default_fallback = no
<br> dead_time = 120
<br> wake_all_if_all_dead = no
<br> }
<br> home_server localhost {
<br> ipaddr = 127.0.0.1
<br> port = 1812
<br> type = "auth"
<br> response_window = 20
<br> max_outstanding = 65536
<br> require_message_authenticator = no
<br> zombie_period = 40
<br> status_check = "status-server"
<br> ping_interval = 30
<br> check_interval = 30
<br> num_answers_to_alive = 3
<br> num_pings_to_alive = 3
<br> revive_interval = 120
<br> status_check_timeout = 4
<br> irt = 2
<br> mrt = 16
<br> mrc = 5
<br> mrd = 30
<br> }
<br> home_server_pool my_auth_failover {
<br> type = fail-over
<br> home_server = localhost
<br> }
<br> realm example.com {
<br> auth_pool = my_auth_failover
<br> }
<br> realm LOCAL {
<br> }
<br>radiusd: #### Loading Clients ####
<br> client localhost {
<br> ipaddr = 127.0.0.1
<br> require_message_authenticator = no
<br> nastype = "other"
<br> }
<br> client X.X.X.X {
<br> require_message_authenticator = no
<br> shortname = "xxxxxx"
<br> nastype = "other"
<br> }
<br>radiusd: #### Instantiating modules ####
<br> instantiate {
<br> Module: Linked to module rlm_exec
<br> Module: Instantiating exec
<br> exec {
<br> wait = no
<br> input_pairs = "request"
<br> shell_escape = yes
<br> }
<br> Module: Linked to module rlm_expr
<br> Module: Instantiating expr
<br> Module: Linked to module rlm_expiration
<br> Module: Instantiating expiration
<br> expiration {
<br> reply-message = "Password Has Expired "
<br> }
<br> Module: Linked to module rlm_logintime
<br> Module: Instantiating logintime
<br> logintime {
<br> reply-message = "You are calling outside your allowed timespan "
<br> minimum-timeout = 60
<br> }
<br> }
<br>radiusd: #### Loading Virtual Servers ####
<br>server inner-tunnel {
<br> modules {
<br> Module: Checking authenticate {...} for more modules to load
<br> Module: Linked to module rlm_pap
<br> Module: Instantiating pap
<br> pap {
<br> encryption_scheme = "auto"
<br> auto_header = no
<br> }
<br> Module: Linked to module rlm_chap
<br> Module: Instantiating chap
<br> Module: Linked to module rlm_mschap
<br> Module: Instantiating mschap
<br> mschap {
<br> use_mppe = yes
<br> require_encryption = no
<br> require_strong = no
<br> with_ntdomain_hack = no
<br> }
<br> Module: Linked to module rlm_unix
<br> Module: Instantiating unix
<br> unix {
<br> radwtmp = "/usr/local/var/log/radius/radwtmp"
<br> }
<br> Module: Linked to module rlm_eap
<br> Module: Instantiating eap
<br> eap {
<br> default_eap_type = "md5"
<br> timer_expire = 60
<br> ignore_unknown_eap_types = no
<br> cisco_accounting_username_bug = no
<br> max_sessions = 2048
<br> }
<br> Module: Linked to sub-module rlm_eap_md5
<br> Module: Instantiating eap-md5
<br> Module: Linked to sub-module rlm_eap_leap
<br> Module: Instantiating eap-leap
<br> Module: Linked to sub-module rlm_eap_gtc
<br> Module: Instantiating eap-gtc
<br> gtc {
<br> challenge = "Password: "
<br> auth_type = "PAP"
<br> }
<br> Module: Linked to sub-module rlm_eap_tls
<br> Module: Instantiating eap-tls
<br> tls {
<br> rsa_key_exchange = no
<br> dh_key_exchange = yes
<br> rsa_key_length = 512
<br> dh_key_length = 512
<br> verify_depth = 0
<br> pem_file_type = yes
<br> private_key_file = "/usr/local/etc/raddb/certs/server.pem"
<br> certificate_file = "/usr/local/etc/raddb/certs/server.pem"
<br> CA_file = "/usr/local/etc/raddb/certs/ca.pem"
<br> private_key_password = "xxxxxxx"
<br> dh_file = "/usr/local/etc/raddb/certs/dh"
<br> random_file = "/usr/local/etc/raddb/certs/random"
<br> fragment_size = 1024
<br> include_length = yes
<br> check_crl = no
<br> cipher_list = "DEFAULT"
<br> make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
<br> cache {
<br> enable = no
<br> lifetime = 24
<br> max_entries = 255
<br> }
<br> }
<br> Module: Linked to sub-module rlm_eap_ttls
<br> Module: Instantiating eap-ttls
<br> ttls {
<br> default_eap_type = "md5"
<br> copy_request_to_tunnel = no
<br> use_tunneled_reply = no
<br> virtual_server = "inner-tunnel"
<br> include_length = yes
<br> }
<br> Module: Linked to sub-module rlm_eap_peap
<br> Module: Instantiating eap-peap
<br> peap {
<br> default_eap_type = "mschapv2"
<br> copy_request_to_tunnel = no
<br> use_tunneled_reply = no
<br> proxy_tunneled_request_as_eap = yes
<br> virtual_server = "inner-tunnel"
<br> }
<br> Module: Linked to sub-module rlm_eap_mschapv2
<br> Module: Instantiating eap-mschapv2
<br> mschapv2 {
<br> with_ntdomain_hack = no
<br> }
<br> Module: Checking authorize {...} for more modules to load
<br> Module: Linked to module rlm_realm
<br> Module: Instantiating suffix
<br> realm suffix {
<br> format = "suffix"
<br> delimiter = "@"
<br> ignore_default = no
<br> ignore_null = no
<br> }
<br> Module: Linked to module rlm_files
<br> Module: Instantiating files
<br> files {
<br> usersfile = "/usr/local/etc/raddb/users"
<br> acctusersfile = "/usr/local/etc/raddb/acct_users"
<br> preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
<br> compat = "no"
<br> }
<br> Module: Checking session {...} for more modules to load
<br> Module: Linked to module rlm_radutmp
<br> Module: Instantiating radutmp
<br> radutmp {
<br> filename = "/usr/local/var/log/radius/radutmp"
<br> username = "%{User-Name}"
<br> case_sensitive = yes
<br> check_with_nas = yes
<br> perm = 384
<br> callerid = yes
<br> }
<br> Module: Checking post-proxy {...} for more modules to load
<br> Module: Checking post-auth {...} for more modules to load
<br> Module: Linked to module rlm_attr_filter
<br> Module: Instantiating attr_filter.access_reject
<br> attr_filter attr_filter.access_reject {
<br> attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
<br> key = "%{User-Name}"
<br> }
<br> } # modules
<br>} # server
<br>server {
<br> modules {
<br> Module: Checking authenticate {...} for more modules to load
<br> Module: Checking authorize {...} for more modules to load
<br> Module: Linked to module rlm_preprocess
<br> Module: Instantiating preprocess
<br> preprocess {
<br> huntgroups = "/usr/local/etc/raddb/huntgroups"
<br> hints = "/usr/local/etc/raddb/hints"
<br> with_ascend_hack = no
<br> ascend_channels_per_line = 23
<br> with_ntdomain_hack = no
<br> with_specialix_jetstream_hack = no
<br> with_cisco_vsa_hack = no
<br> with_alvarion_vsa_hack = no
<br> }
<br> Module: Checking preacct {...} for more modules to load
<br> Module: Linked to module rlm_acct_unique
<br> Module: Instantiating acct_unique
<br> acct_unique {
<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
<br> }
<br> Module: Checking accounting {...} for more modules to load
<br> Module: Linked to module rlm_detail
<br> Module: Instantiating detail
<br> detail {
<br> detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
<br> header = "%t"
<br> detailperm = 384
<br> dirperm = 493
<br> locking = no
<br> log_packet_header = no
<br> }
<br> Module: Instantiating attr_filter.accounting_response
<br> attr_filter attr_filter.accounting_response {
<br> attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
<br> key = "%{User-Name}"
<br> }
<br> Module: Checking session {...} for more modules to load
<br> Module: Checking post-proxy {...} for more modules to load
<br> Module: Checking post-auth {...} for more modules to load
<br> } # modules
<br>} # server
<br>radiusd: #### Opening IP addresses and Ports ####
<br>listen {
<br> type = "auth"
<br> ipaddr = *
<br> port = 0
<br>}
<br>listen {
<br> type = "acct"
<br> ipaddr = *
<br> port = 0
<br>}
<br>listen {
<br> type = "control"
<br> listen {
<br> socket = "/usr/local/var/run/radiusd/radiusd.sock"
<br> }
<br>}
<br>Listening on authentication address * port 1812
<br>Listening on accounting address * port 1813
<br>Listening on command file /usr/local/var/run/radiusd/radiusd.sock
<br>Listening on proxy address * port 1814
<br>Ready to process requests.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=118, length=188
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x0202001501737761747a7930312e657372662e6672
<br> Message-Authenticator = 0x54c3b407a4e5f674fdddef648d64929d
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 2 length 21
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[unix] returns notfound
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] EAP Identity
<br>[eap] processing type md5
<br>rlm_eap_md5: Issuing Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 118 to X.X.X.252 port 32769
<br> EAP-Message = 0x0103001604107f7d11ec3b0ab49d581bf7b34c80c28a
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d4636987ca6f7bd81569582da
<br>Finished request 0.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=119, length=191
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020300060319
<br> State = 0x46359c0d4636987ca6f7bd81569582da
<br> Message-Authenticator = 0x33129fee7264d338478ba2014579ff92
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 3 length 6
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[unix] returns notfound
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP NAK
<br>[eap] EAP-NAK asked for EAP-Type/peap
<br>[eap] processing type tls
<br>[tls] Initiate
<br>[tls] Start returned 1
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 119 to X.X.X.252 port 32769
<br> EAP-Message = 0x010400061920
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d4731857ca6f7bd81569582da
<br>Finished request 1.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=120, length=312
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x0204007f19800000007516030100700100006c03014b2f2f919f25d4d668184f7c5857cbe41cb1e31423aaaafee5a843885d02dcd8000018002f00350005000ac009c00ac013c01400320038001300040100002b000000150013000010737761747a7930312e657372662e6672000a00080006001700180019000b00020100
<br> State = 0x46359c0d4731857ca6f7bd81569582da
<br> Message-Authenticator = 0x36ee14e3f9fe3620c3a4daa7a0b3a833
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 4 length 127
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br> TLS Length 117
<br>[peap] Length Included
<br>[peap] eaptls_verify returned 11
<br>[peap] (other): before/accept initialization
<br>[peap] TLS_accept: before/accept initialization
<br>[peap] <<< TLS 1.0 Handshake [length 0070], ClientHello
<br>[peap] TLS_accept: SSLv3 read client hello A
<br>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
<br>[peap] TLS_accept: SSLv3 write server hello A
<br>[peap] >>> TLS 1.0 Handshake [length 07d3], Certificate
<br>[peap] TLS_accept: SSLv3 write certificate A
<br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
<br>[peap] TLS_accept: SSLv3 write server done A
<br>[peap] TLS_accept: SSLv3 flush data
<br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
<br>In SSL Handshake Phase
<br>In SSL Accept mode
<br>[peap] eaptls_process returned 13
<br>[peap] EAPTLS_HANDLED
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 120 to X.X.X.252 port 32769
<br> EAP-Message = 0x0105040019c000000810160301002a0200002603014b2f2f91d2cd14e81cbd8b2062cf6afac049f6b57c2e90945e69a7ac38c1200c00002f0016030107d30b0007cf0007cc00035d3082035930820241a003020102020114300d06092a864886f70d0101040500307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672301e170d3039313232313038303833395a170d313031
<br> EAP-Message = 0x3232313038303833395a3049310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246311b301906035504031312726164697573736572762e657372662e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100df65e73bb432b019abe63c0a455e5053aa65ee5cdebb77dba90300b7933a6e1ddc3b764bf3d4305ab36530461cc0ade6ca4a916bfeb68ec9103ef74b02dcefbbb5553ce4f88225f43a7ff26195b0c2fd70a4620ead334a2c5d3c6f576b3eec5229cac9ab7ce3a7ffed9d70ee905be62a351dd2ee354c22773dea7ab1eeed05316aa5f33c7ca4cd
<br> EAP-Message = 0x1c92b20e08f50bb97033f29eb4f40985a8857170ad6f857f78f12fe394111de60ff71eccdf912dfdd0fd0f153fc6fe9593e15d914725f9b0968acfffcb35a2fb91c5298ac632a38014c778b509531292171a42e8308efc729f02454eaf5c71c0a4384b51081e6ce67f769ec52a38397c87e3b1bbd012fdb4d70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101001705f81c5cfb5f42fb060d784d6d4dda29ce188c6f0203ffc1382b0fb3bd755fedde13cb3010fa4c753409b525d172921a1c19ef77f49f6ab490c1bd751ab5f0aea4d702c4b92b5b2e45485d77e80114762d
<br> EAP-Message = 0x87c80af1b6c317546180ebf118b164616baaaad68601e6fdcc895e328f39ca693b551da66ba9a748e205e67fd05430eefd1ca8a204bb56994ac3a0abf00d546e19263b678b72b04e1286cf1db63e93c089c8072bfe446d1b5e9b08940c6b6fcec73c5953ceeccb4d53b3b2bae39878ef00597f96df75b59776e176ccf328f22312d696524d43a62a623dc9af8c13b270e932bc7afcc456b7574f719d6f21faf4669390cd604dc28d850bc3c349fa000469308204653082034da003020102020900c42387580a65a3a9300d06092a864886f70d0101050500307e310b3009060355040613024652310e300c0603550408130549736572653111300f0603
<br> EAP-Message = 0x55040713084772656e6f626c
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d4430857ca6f7bd81569582da
<br>Finished request 2.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=121, length=191
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020500061900
<br> State = 0x46359c0d4430857ca6f7bd81569582da
<br> Message-Authenticator = 0x7282abc649eadba24affcf74b028b2a5
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 5 length 6
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] Received TLS ACK
<br>[peap] ACK handshake fragment handler
<br>[peap] eaptls_verify returned 1
<br>[peap] eaptls_process returned 13
<br>[peap] EAPTLS_HANDLED
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 121 to X.X.X.252 port 32769
<br> EAP-Message = 0x010603fc194065310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672301e170d3039313232313038303833395a170d3130313232313038303833395a307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e667230820122300d0609
<br> EAP-Message = 0x2a864886f70d01010105000382010f003082010a0282010100c25f8b67f6b1f5aebce7e017fcf1dbd9e027cd040146f4c752c8429d861556ee71236f9926c7880f14bc905aec227e9436f0f02ee5131351f5f071b58d4d6202245bc1f2ae74bbd2c50a56808fe156b5ee6dde5820b60a891549c041e2f8665237ec3f0584317c72a8cb32b3becb163d4f5b4158e5e5e0dfe49de7d3a04cab4998cfaa2a72518b01567bc1fec46fa490e7eff48ac90ab70532c82853ca357cf4a1160345e449c99c87883ded457241389e8112d37c5526e9e8f08af8c1fd6f6c8fb353c91bba3c13efe18db05216c009ee8cc07999d5179eec2dd38953454f3b6cd6484b
<br> EAP-Message = 0x0055d4af83cc339028b218b6262a13ca67895896480f03327f83a51b0203010001a381e53081e2301d0603551d0e04160414dd265c63fcb0cc9c87e17c3e9885e845d3f01a003081b20603551d230481aa3081a78014dd265c63fcb0cc9c87e17c3e9885e845d3f01a00a18183a48180307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672820900c42387580a65a3a9300c
<br> EAP-Message = 0x0603551d13040530030101ff300d06092a864886f70d010105050003820101000708462f6ec64718c578592e84ac1dbec8980249800450058e6fb7c852f778494710902fa631aded3df802be82f37a2b6e8423a236f635b22e2e4cc0735f05bf1445b7049b09becb46eedf0a5f4c79f94032503f35a6e35f95ea3a10a3668971c8d353edb4a8b3b9426804526922afa0ef25e7aa59a24b1c612182419df1ab9aab47fa49ce1e7d445d53110fe28ec7960bf4caee3f37b6f8114fb2bf8d048a7e89d7a8f3ed48363958dbf9075ce04811712d1b917bf9677c4998d68f903378795bf5998bd8f555bdf147acc156725c3009ed02af9a2a0d6fe91f303dca
<br> EAP-Message = 0x6f8613faa3ea6a53
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d4533857ca6f7bd81569582da
<br>Finished request 3.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=122, length=191
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020600061900
<br> State = 0x46359c0d4533857ca6f7bd81569582da
<br> Message-Authenticator = 0x0710c430239292b61d333bb41a1245e9
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 6 length 6
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] Received TLS ACK
<br>[peap] ACK handshake fragment handler
<br>[peap] eaptls_verify returned 1
<br>[peap] eaptls_process returned 13
<br>[peap] EAPTLS_HANDLED
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 122 to X.X.X.252 port 32769
<br> EAP-Message = 0x0107002a1900cc510e88825921db807711b7fe7fe9a180b6f46304e78cfbc168b616030100040e000000
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d4232857ca6f7bd81569582da
<br>Finished request 4.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=123, length=523
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x0207015019800000014616030101061000010201009c87a815535c3457d6915d93e5cfaa1a1ae764ec4225c1eda185ff9fc193d3f0526941d3419418a340ed490f4b84f35aa9c3477dc8845d8740b89b69954cfc39185da0784e3d01e556dd6a013ca1f9bd2b369bfe2f24105c3da50cfa49f07206017441a0de9eeb6f42d5fec6833889b1c7e94c8f09e7b3eaf70ab81297d2bf3b88b985256262bf63b55519dbb6a2ae4e1e0192e458113fc413cd69f5b10cd7dc1c881c59d91ad4496f701b87e1463918c4bd6f1dc834d39af949d11b9b02b823c16fbc82c80c21beadec5d68f8d3d34a210d5395fb161c4c02a7c94e311bc911dcb7294c2f33bfa9
<br> EAP-Message = 0xeb08e8e300c8eb82a8a3f2fd13cb4191d5c00dc8b7f9edd814030100010116030100303cef0d4fe6b2882e1fa19eeb636a5a63cb986b1ba3cc3110db4c11750477f27b59fd3cbdb644f93da1b486fa8276abd0
<br> State = 0x46359c0d4232857ca6f7bd81569582da
<br> Message-Authenticator = 0x560336581ffd72d0e6e2ecbb437d3cab
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 7 length 253
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br> TLS Length 326
<br>[peap] Length Included
<br>[peap] eaptls_verify returned 11
<br>[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
<br>[peap] TLS_accept: SSLv3 read client key exchange A
<br>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
<br>[peap] <<< TLS 1.0 Handshake [length 0010], Finished
<br>[peap] TLS_accept: SSLv3 read finished A
<br>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
<br>[peap] TLS_accept: SSLv3 write change cipher spec A
<br>[peap] >>> TLS 1.0 Handshake [length 0010], Finished
<br>[peap] TLS_accept: SSLv3 write finished A
<br>[peap] TLS_accept: SSLv3 flush data
<br>[peap] (other): SSL negotiation finished successfully
<br>SSL Connection Established
<br>[peap] eaptls_process returned 13
<br>[peap] EAPTLS_HANDLED
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 123 to X.X.X.252 port 32769
<br> EAP-Message = 0x0108004119001403010001011603010030d069d412a34b6a0b26c3c38a980446a97e02c024df348da0b869c5f5ade2c7b8598179ef787821e8215b7ebf412ee2ac
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d433d857ca6f7bd81569582da
<br>Finished request 5.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=124, length=191
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020800061900
<br> State = 0x46359c0d433d857ca6f7bd81569582da
<br> Message-Authenticator = 0xec5fd30fa1b5b90002d609171cc0cda9
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 8 length 6
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] Received TLS ACK
<br>[peap] ACK handshake is finished
<br>[peap] eaptls_verify returned 3
<br>[peap] eaptls_process returned 3
<br>[peap] EAPTLS_SUCCESS
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 124 to X.X.X.252 port 32769
<br> EAP-Message = 0x0109002b1900170301002038848f6cbb0bee715a49cfd809074a5bcca13224be315b374d60a0a444c90cd9
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d403c857ca6f7bd81569582da
<br>Finished request 6.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=125, length=244
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x0209003b190017030100304b728cd734f9da6b5b67f6830edb3cccf6815843a45e65c9e465d2756a895e361a1a6fd80dec223de521348349791609
<br> State = 0x46359c0d403c857ca6f7bd81569582da
<br> Message-Authenticator = 0xc5c43156063130ebd6e28b2d5219efc7
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 9 length 59
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] eaptls_verify returned 7
<br>[peap] Done initial handshake
<br>[peap] eaptls_process returned 7
<br>[peap] EAPTLS_OK
<br>[peap] Session established. Decoding tunneled attributes.
<br>[peap] Identity - client.example.com
<br>[peap] Got tunneled request
<br> EAP-Message = 0x0209001501737761747a7930312e657372662e6672
<br>server {
<br> PEAP: Got tunneled identity of client.example.com
<br> PEAP: Setting default EAP type for tunneled EAP session.
<br> PEAP: Setting User-Name to client.example.com
<br>Sending tunneled request
<br> EAP-Message = 0x0209001501737761747a7930312e657372662e6672
<br> FreeRADIUS-Proxied-To = 127.0.0.1
<br> User-Name = "client.example.com"
<br>server inner-tunnel {
<br>+- entering group authorize {...}
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>++[unix] returns notfound
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>++[control] returns noop
<br>[eap] EAP packet type response id 9 length 21
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] EAP Identity
<br>[eap] processing type mschapv2
<br>rlm_eap_mschapv2: Issuing Challenge
<br>++[eap] returns handled
<br>} # server inner-tunnel
<br>[peap] Got tunneled reply code 11
<br> EAP-Message = 0x010a002a1a010a00251070aeff47a14f6016c9d19acee5b09bbd737761747a7930312e657372662e6672
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x9dc695d19dcc8f1400b4f084f7eacc22
<br>[peap] Got tunneled reply RADIUS code 11
<br> EAP-Message = 0x010a002a1a010a00251070aeff47a14f6016c9d19acee5b09bbd737761747a7930312e657372662e6672
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x9dc695d19dcc8f1400b4f084f7eacc22
<br>[peap] Got tunneled Access-Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 125 to X.X.X.252 port 32769
<br> EAP-Message = 0x010a004b190017030100409a732f0a95380f8915554a7049f6ca123b5ec8082c19d38261e2df58127e9383fd0b95e94694594d4e2ebb98e38558e0bafb40194ec767ca5125409caf7c9187
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d413f857ca6f7bd81569582da
<br>Finished request 7.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=126, length=228
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020a002b190017030100204261c50537c3a175f949869fc579790700757ca2edf3fe4ecc43fd8fa16849c8
<br> State = 0x46359c0d413f857ca6f7bd81569582da
<br> Message-Authenticator = 0x7dd04cbb26e2690166ee675fc0c54fe2
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 10 length 43
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] eaptls_verify returned 7
<br>[peap] Done initial handshake
<br>[peap] eaptls_process returned 7
<br>[peap] EAPTLS_OK
<br>[peap] Session established. Decoding tunneled attributes.
<br>[peap] EAP type nak
<br>[peap] Got tunneled request
<br> EAP-Message = 0x020a0006030d
<br>server {
<br> PEAP: Setting User-Name to client.example.com
<br>Sending tunneled request
<br> EAP-Message = 0x020a0006030d
<br> FreeRADIUS-Proxied-To = 127.0.0.1
<br> User-Name = "client.example.com"
<br> State = 0x9dc695d19dcc8f1400b4f084f7eacc22
<br>server inner-tunnel {
<br>+- entering group authorize {...}
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>++[unix] returns notfound
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>++[control] returns noop
<br>[eap] EAP packet type response id 10 length 6
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP NAK
<br>[eap] EAP-NAK asked for EAP-Type/tls
<br>[eap] processing type tls
<br>[tls] Requiring client certificate
<br>[tls] Initiate
<br>[tls] Start returned 1
<br>++[eap] returns handled
<br>} # server inner-tunnel
<br>[peap] Got tunneled reply code 11
<br> EAP-Message = 0x010b00060d20
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x9dc695d19ccd981400b4f084f7eacc22
<br>[peap] Got tunneled reply RADIUS code 11
<br> EAP-Message = 0x010b00060d20
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x9dc695d19ccd981400b4f084f7eacc22
<br>[peap] Got tunneled Access-Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 126 to X.X.X.252 port 32769
<br> EAP-Message = 0x010b002b190017030100207de3853f28e8a60d509e0e8103d2f98e08f35e08266254dd4a93fe3e5751150a
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d4e3e857ca6f7bd81569582da
<br>Finished request 8.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=127, length=340
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020b009b19001703010090a04fea07b30ca56bdaebf98e6225b2f955813991d8bb99e6213d8c6fd905972e8086eec1ac01df372544961fa89ae0cd0f95f83d90dff8457667d9e39f9b2b7252fe107296afb377526c19464794c56ba77385d6c44c1cae140119da9cad1d89ceabc3841f9c67a4fbb65644d1a3d85b6bad4c6a22c687c399c3eeced63321eaa630674609996e98d6a44c1d6e1be0fc
<br> State = 0x46359c0d4e3e857ca6f7bd81569582da
<br> Message-Authenticator = 0x8961cb15acfbd5a45fd18af3a47e7904
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 11 length 155
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] eaptls_verify returned 7
<br>[peap] Done initial handshake
<br>[peap] eaptls_process returned 7
<br>[peap] EAPTLS_OK
<br>[peap] Session established. Decoding tunneled attributes.
<br>[peap] EAP type tls
<br>[peap] Got tunneled request
<br> EAP-Message = 0x020b007f0d800000007516030100700100006c03014b2f2f92d5aef8573e86787f0410ed66e074505158fd3465df76f6a5db6d0aa4000018002f00350005000ac009c00ac013c01400320038001300040100002b000000150013000010737761747a7930312e657372662e6672000a00080006001700180019000b00020100
<br>server {
<br> PEAP: Setting User-Name to client.example.com
<br>Sending tunneled request
<br> EAP-Message = 0x020b007f0d800000007516030100700100006c03014b2f2f92d5aef8573e86787f0410ed66e074505158fd3465df76f6a5db6d0aa4000018002f00350005000ac009c00ac013c01400320038001300040100002b000000150013000010737761747a7930312e657372662e6672000a00080006001700180019000b00020100
<br> FreeRADIUS-Proxied-To = 127.0.0.1
<br> User-Name = "client.example.com"
<br> State = 0x9dc695d19ccd981400b4f084f7eacc22
<br>server inner-tunnel {
<br>+- entering group authorize {...}
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>++[unix] returns notfound
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>++[control] returns noop
<br>[eap] EAP packet type response id 11 length 127
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/tls
<br>[eap] processing type tls
<br>[tls] Authenticate
<br>[tls] processing EAP-TLS
<br> TLS Length 117
<br>[tls] Length Included
<br>[tls] eaptls_verify returned 11
<br>[tls] (other): before/accept initialization
<br>[tls] TLS_accept: before/accept initialization
<br>[tls] <<< TLS 1.0 Handshake [length 0070], ClientHello
<br>[tls] TLS_accept: SSLv3 read client hello A
<br>[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
<br>[tls] TLS_accept: SSLv3 write server hello A
<br>[tls] >>> TLS 1.0 Handshake [length 07d3], Certificate
<br>[tls] TLS_accept: SSLv3 write certificate A
<br>[tls] >>> TLS 1.0 Handshake [length 008f], CertificateRequest
<br>[tls] TLS_accept: SSLv3 write certificate request A
<br>[tls] TLS_accept: SSLv3 flush data
<br>[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A
<br>In SSL Handshake Phase
<br>In SSL Accept mode
<br>[tls] eaptls_process returned 13
<br>++[eap] returns handled
<br>} # server inner-tunnel
<br>[peap] Got tunneled reply code 11
<br> EAP-Message = 0x010c04000dc00000089b160301002a0200002603014b2f2f91474c71c1cdb3329748a1007493635a1d09b4d8a8c22170eb24b8147900002f0016030107d30b0007cf0007cc00035d3082035930820241a003020102020114300d06092a864886f70d0101040500307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672301e170d3039313232313038303833395a170d313031
<br> EAP-Message = 0x3232313038303833395a3049310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246311b301906035504031312726164697573736572762e657372662e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100df65e73bb432b019abe63c0a455e5053aa65ee5cdebb77dba90300b7933a6e1ddc3b764bf3d4305ab36530461cc0ade6ca4a916bfeb68ec9103ef74b02dcefbbb5553ce4f88225f43a7ff26195b0c2fd70a4620ead334a2c5d3c6f576b3eec5229cac9ab7ce3a7ffed9d70ee905be62a351dd2ee354c22773dea7ab1eeed05316aa5f33c7ca4cd
<br> EAP-Message = 0x1c92b20e08f50bb97033f29eb4f40985a8857170ad6f857f78f12fe394111de60ff71eccdf912dfdd0fd0f153fc6fe9593e15d914725f9b0968acfffcb35a2fb91c5298ac632a38014c778b509531292171a42e8308efc729f02454eaf5c71c0a4384b51081e6ce67f769ec52a38397c87e3b1bbd012fdb4d70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101001705f81c5cfb5f42fb060d784d6d4dda29ce188c6f0203ffc1382b0fb3bd755fedde13cb3010fa4c753409b525d172921a1c19ef77f49f6ab490c1bd751ab5f0aea4d702c4b92b5b2e45485d77e80114762d
<br> EAP-Message = 0x87c80af1b6c317546180ebf118b164616baaaad68601e6fdcc895e328f39ca693b551da66ba9a748e205e67fd05430eefd1ca8a204bb56994ac3a0abf00d546e19263b678b72b04e1286cf1db63e93c089c8072bfe446d1b5e9b08940c6b6fcec73c5953ceeccb4d53b3b2bae39878ef00597f96df75b59776e176ccf328f22312d696524d43a62a623dc9af8c13b270e932bc7afcc456b7574f719d6f21faf4669390cd604dc28d850bc3c349fa000469308204653082034da003020102020900c42387580a65a3a9300d06092a864886f70d0101050500307e310b3009060355040613024652310e300c0603550408130549736572653111300f0603
<br> EAP-Message = 0x55040713084772656e6f626c
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x9dc695d19fca981400b4f084f7eacc22
<br>[peap] Got tunneled reply RADIUS code 11
<br> EAP-Message = 0x010c04000dc00000089b160301002a0200002603014b2f2f91474c71c1cdb3329748a1007493635a1d09b4d8a8c22170eb24b8147900002f0016030107d30b0007cf0007cc00035d3082035930820241a003020102020114300d06092a864886f70d0101040500307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672301e170d3039313232313038303833395a170d313031
<br> EAP-Message = 0x3232313038303833395a3049310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246311b301906035504031312726164697573736572762e657372662e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100df65e73bb432b019abe63c0a455e5053aa65ee5cdebb77dba90300b7933a6e1ddc3b764bf3d4305ab36530461cc0ade6ca4a916bfeb68ec9103ef74b02dcefbbb5553ce4f88225f43a7ff26195b0c2fd70a4620ead334a2c5d3c6f576b3eec5229cac9ab7ce3a7ffed9d70ee905be62a351dd2ee354c22773dea7ab1eeed05316aa5f33c7ca4cd
<br> EAP-Message = 0x1c92b20e08f50bb97033f29eb4f40985a8857170ad6f857f78f12fe394111de60ff71eccdf912dfdd0fd0f153fc6fe9593e15d914725f9b0968acfffcb35a2fb91c5298ac632a38014c778b509531292171a42e8308efc729f02454eaf5c71c0a4384b51081e6ce67f769ec52a38397c87e3b1bbd012fdb4d70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101001705f81c5cfb5f42fb060d784d6d4dda29ce188c6f0203ffc1382b0fb3bd755fedde13cb3010fa4c753409b525d172921a1c19ef77f49f6ab490c1bd751ab5f0aea4d702c4b92b5b2e45485d77e80114762d
<br> EAP-Message = 0x87c80af1b6c317546180ebf118b164616baaaad68601e6fdcc895e328f39ca693b551da66ba9a748e205e67fd05430eefd1ca8a204bb56994ac3a0abf00d546e19263b678b72b04e1286cf1db63e93c089c8072bfe446d1b5e9b08940c6b6fcec73c5953ceeccb4d53b3b2bae39878ef00597f96df75b59776e176ccf328f22312d696524d43a62a623dc9af8c13b270e932bc7afcc456b7574f719d6f21faf4669390cd604dc28d850bc3c349fa000469308204653082034da003020102020900c42387580a65a3a9300d06092a864886f70d0101050500307e310b3009060355040613024652310e300c0603550408130549736572653111300f0603
<br> EAP-Message = 0x55040713084772656e6f626c
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x9dc695d19fca981400b4f084f7eacc22
<br>[peap] Got tunneled Access-Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 127 to X.X.X.252 port 32769
<br> EAP-Message = 0x010c040019c000000425170301042095608ecabdb44109836f43847ba8be704bcb51264fb229b78a304f52101bf7d8f9f0e415cf115a0bd8d90d847f02ef231dc6189d81869a40cc791434e8a9775a00f23e35a025e6846e1ecbad74d7813a0f28be5c3cc50644735884a653e3f94571ca692f65fe77061a1e5f1e03c3691a600eeb04497ecf944a803ecc26e23bf276e23f37b9dc9cc548abdabdf8a630ee605dabeb4e3239456882d85a469985f1e06f9668502668e7f7aae97d23076873b760e3c5e463133158d4057087114935217f2c5ef69b4b079b881e9275dc5c4554495a0ff8cf9189303b52cc305d6c80cb799f4e2522ceb617e674ecf102
<br> EAP-Message = 0x80379ab65f330e250b9d57fd02b45d0c5d07a6f64e8920618475b6d967110ea714d851ed7064bdb4e2c01e6044ab34b387bcc6eea78a7fc216d75973f26c1b0cbcc08ded2f74ec4f432f4c27febb552934c6db5df2906deb0946496f5cd9bc726b456bc4c51b2d2e48df35e6dfa6147f20c6549c310ef46406543e2326460f98236efb95a7d645b023b5e4da894b5e3e7f51578cb62b87e82a0583eb2ef1351d38e6e6d01e4f4064a5296aa25505f054ae1c3288e3362f391e074dae98fdce29cf7a9993d5454b217cd860d94629450189f85106dbebdce40a8afa50935ac0122f6b31d1ff65a8c9dda0356a5fce6521ed5ab6980e6e142b8e0c1c2f44
<br> EAP-Message = 0x50315eb5d5b31c218c2a4dfbcb996a8e760f3c426619433d34edd4abaaaeba09f8a560a91b088af45a703925c38a00c986241c9edf2fe6c58e7c0ecbb71bf3a6a167856d3ec48002a4a5458a3cd332c59eca4a8f70274474e74689b2620525f3d298fed9b4d6ce521171403b6227885ace8a36ae6f754a0f8f8e5f37f23161792caeff79be28e182e1f07f14abee8ddfce71ad251a22a1966fdefc2634926f38bf202444aa252d078469d60c4a5fd9f55e915cb7bda216a146c80410a75ec292cc39d291be03511da8397aeefaf7f4653a0961c652628051af27fb7f32b637fb8b2a047d579c89ced314bd4def14fd51bf4057dc28c2a043a63bbd055c
<br> EAP-Message = 0x9293ea3c188f7654975adea976d64cdd57a3698fd24026686aed02de2438bd914db7bc209b2ccd3ee15c7e7b174b86be42905800b1a463867dac4a05f5e4d57c9eda5bb338aba5b963900e994ea521814c2e197df24b45b58c188f2a15e31f32d9eb1237fc1392e2813dd6d08b3f43005e1011f6f8e1ea7d0acca6e906a955540a8c67473113fac899d39254a2f2d558335bc6507bdc64175afbc6d3aac2bea4f20ae8b18f0a0670a31a4af836e441b6f53efaf119beb641fbeeec62077b0bb62dae32af34ab2fcfe4fade6cc87d223fd6f54b41ef94657821350d8757cf6a8d3e462febfa289e5700a5445160ea69c238b412e93ada97d6b045fc73ea
<br> EAP-Message = 0x06588ed8fb2a427c1e2399f2
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x46359c0d4f39857ca6f7bd81569582da
<br>Finished request 9.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>Cleaning up request 0 ID 118 with timestamp +9
<br>Cleaning up request 1 ID 119 with timestamp +9
<br>Cleaning up request 2 ID 120 with timestamp +9
<br>Cleaning up request 3 ID 121 with timestamp +9
<br>Cleaning up request 4 ID 122 with timestamp +9
<br>Cleaning up request 5 ID 123 with timestamp +9
<br>Cleaning up request 6 ID 124 with timestamp +9
<br>Cleaning up request 7 ID 125 with timestamp +9
<br>Cleaning up request 8 ID 126 with timestamp +9
<br>Cleaning up request 9 ID 127 with timestamp +9
<br>Ready to process requests.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=128, length=188
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x0202001501737761747a7930312e657372662e6672
<br> Message-Authenticator = 0x74a8efb3e526fbc354da58481f383cb8
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 2 length 21
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[unix] returns notfound
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] EAP Identity
<br>[eap] processing type md5
<br>rlm_eap_md5: Issuing Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 128 to X.X.X.252 port 32769
<br> EAP-Message = 0x01030016041047a243aeb61433e9a1ca015aadee525b
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378e1dd5750acddef276754aa3
<br>Finished request 10.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=129, length=191
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020300060319
<br> State = 0x8e1ed1378e1dd5750acddef276754aa3
<br> Message-Authenticator = 0xb7dd923beddd491b003dfc078382cc51
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 3 length 6
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[unix] returns notfound
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP NAK
<br>[eap] EAP-NAK asked for EAP-Type/peap
<br>[eap] processing type tls
<br>[tls] Initiate
<br>[tls] Start returned 1
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 129 to X.X.X.252 port 32769
<br> EAP-Message = 0x010400061920
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378f1ac8750acddef276754aa3
<br>Finished request 11.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=130, length=312
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x0204007f19800000007516030100700100006c03014b2f2fa403c18a1c536dd9c44b3943cbaeb85b77ae6bb1b934538031c0a160d8000018002f00350005000ac009c00ac013c01400320038001300040100002b000000150013000010737761747a7930312e657372662e6672000a00080006001700180019000b00020100
<br> State = 0x8e1ed1378f1ac8750acddef276754aa3
<br> Message-Authenticator = 0xf8af489b45178ea77e42bc439e9bc867
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 4 length 127
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br> TLS Length 117
<br>[peap] Length Included
<br>[peap] eaptls_verify returned 11
<br>[peap] (other): before/accept initialization
<br>[peap] TLS_accept: before/accept initialization
<br>[peap] <<< TLS 1.0 Handshake [length 0070], ClientHello
<br>[peap] TLS_accept: SSLv3 read client hello A
<br>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
<br>[peap] TLS_accept: SSLv3 write server hello A
<br>[peap] >>> TLS 1.0 Handshake [length 07d3], Certificate
<br>[peap] TLS_accept: SSLv3 write certificate A
<br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
<br>[peap] TLS_accept: SSLv3 write server done A
<br>[peap] TLS_accept: SSLv3 flush data
<br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
<br>In SSL Handshake Phase
<br>In SSL Accept mode
<br>[peap] eaptls_process returned 13
<br>[peap] EAPTLS_HANDLED
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 130 to X.X.X.252 port 32769
<br> EAP-Message = 0x0105040019c000000810160301002a0200002603014b2f2fa473ae358614f6f782a1cc79ad60c38b750bc0665e32b1bfaa545cf04400002f0016030107d30b0007cf0007cc00035d3082035930820241a003020102020114300d06092a864886f70d0101040500307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672301e170d3039313232313038303833395a170d313031
<br> EAP-Message = 0x3232313038303833395a3049310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246311b301906035504031312726164697573736572762e657372662e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100df65e73bb432b019abe63c0a455e5053aa65ee5cdebb77dba90300b7933a6e1ddc3b764bf3d4305ab36530461cc0ade6ca4a916bfeb68ec9103ef74b02dcefbbb5553ce4f88225f43a7ff26195b0c2fd70a4620ead334a2c5d3c6f576b3eec5229cac9ab7ce3a7ffed9d70ee905be62a351dd2ee354c22773dea7ab1eeed05316aa5f33c7ca4cd
<br> EAP-Message = 0x1c92b20e08f50bb97033f29eb4f40985a8857170ad6f857f78f12fe394111de60ff71eccdf912dfdd0fd0f153fc6fe9593e15d914725f9b0968acfffcb35a2fb91c5298ac632a38014c778b509531292171a42e8308efc729f02454eaf5c71c0a4384b51081e6ce67f769ec52a38397c87e3b1bbd012fdb4d70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101001705f81c5cfb5f42fb060d784d6d4dda29ce188c6f0203ffc1382b0fb3bd755fedde13cb3010fa4c753409b525d172921a1c19ef77f49f6ab490c1bd751ab5f0aea4d702c4b92b5b2e45485d77e80114762d
<br> EAP-Message = 0x87c80af1b6c317546180ebf118b164616baaaad68601e6fdcc895e328f39ca693b551da66ba9a748e205e67fd05430eefd1ca8a204bb56994ac3a0abf00d546e19263b678b72b04e1286cf1db63e93c089c8072bfe446d1b5e9b08940c6b6fcec73c5953ceeccb4d53b3b2bae39878ef00597f96df75b59776e176ccf328f22312d696524d43a62a623dc9af8c13b270e932bc7afcc456b7574f719d6f21faf4669390cd604dc28d850bc3c349fa000469308204653082034da003020102020900c42387580a65a3a9300d06092a864886f70d0101050500307e310b3009060355040613024652310e300c0603550408130549736572653111300f0603
<br> EAP-Message = 0x55040713084772656e6f626c
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378c1bc8750acddef276754aa3
<br>Finished request 12.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=131, length=191
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020500061900
<br> State = 0x8e1ed1378c1bc8750acddef276754aa3
<br> Message-Authenticator = 0x60967d8edd9706c379efc363d03f7831
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 5 length 6
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] Received TLS ACK
<br>[peap] ACK handshake fragment handler
<br>[peap] eaptls_verify returned 1
<br>[peap] eaptls_process returned 13
<br>[peap] EAPTLS_HANDLED
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 131 to X.X.X.252 port 32769
<br> EAP-Message = 0x010603fc194065310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672301e170d3039313232313038303833395a170d3130313232313038303833395a307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e667230820122300d0609
<br> EAP-Message = 0x2a864886f70d01010105000382010f003082010a0282010100c25f8b67f6b1f5aebce7e017fcf1dbd9e027cd040146f4c752c8429d861556ee71236f9926c7880f14bc905aec227e9436f0f02ee5131351f5f071b58d4d6202245bc1f2ae74bbd2c50a56808fe156b5ee6dde5820b60a891549c041e2f8665237ec3f0584317c72a8cb32b3becb163d4f5b4158e5e5e0dfe49de7d3a04cab4998cfaa2a72518b01567bc1fec46fa490e7eff48ac90ab70532c82853ca357cf4a1160345e449c99c87883ded457241389e8112d37c5526e9e8f08af8c1fd6f6c8fb353c91bba3c13efe18db05216c009ee8cc07999d5179eec2dd38953454f3b6cd6484b
<br> EAP-Message = 0x0055d4af83cc339028b218b6262a13ca67895896480f03327f83a51b0203010001a381e53081e2301d0603551d0e04160414dd265c63fcb0cc9c87e17c3e9885e845d3f01a003081b20603551d230481aa3081a78014dd265c63fcb0cc9c87e17c3e9885e845d3f01a00a18183a48180307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672820900c42387580a65a3a9300c
<br> EAP-Message = 0x0603551d13040530030101ff300d06092a864886f70d010105050003820101000708462f6ec64718c578592e84ac1dbec8980249800450058e6fb7c852f778494710902fa631aded3df802be82f37a2b6e8423a236f635b22e2e4cc0735f05bf1445b7049b09becb46eedf0a5f4c79f94032503f35a6e35f95ea3a10a3668971c8d353edb4a8b3b9426804526922afa0ef25e7aa59a24b1c612182419df1ab9aab47fa49ce1e7d445d53110fe28ec7960bf4caee3f37b6f8114fb2bf8d048a7e89d7a8f3ed48363958dbf9075ce04811712d1b917bf9677c4998d68f903378795bf5998bd8f555bdf147acc156725c3009ed02af9a2a0d6fe91f303dca
<br> EAP-Message = 0x6f8613faa3ea6a53
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378d18c8750acddef276754aa3
<br>Finished request 13.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=132, length=191
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020600061900
<br> State = 0x8e1ed1378d18c8750acddef276754aa3
<br> Message-Authenticator = 0x867d0a6b82f6ad0f2ef811154922500a
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 6 length 6
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] Received TLS ACK
<br>[peap] ACK handshake fragment handler
<br>[peap] eaptls_verify returned 1
<br>[peap] eaptls_process returned 13
<br>[peap] EAPTLS_HANDLED
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 132 to X.X.X.252 port 32769
<br> EAP-Message = 0x0107002a1900cc510e88825921db807711b7fe7fe9a180b6f46304e78cfbc168b616030100040e000000
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378a19c8750acddef276754aa3
<br>Finished request 14.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=133, length=523
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x0207015019800000014616030101061000010201009cf2b38faff7076f26c3d0fe94a76398b8ea28eb945ed88810b70e2e64bb31fdd1349eaec0d41cdadc4f96f67462735680cfa5fc622103b84971c7d27a58e3d5186587dd63b5705e330a6c1cd3c0c186b8644a1337aea88fcaf15c2cf27ccffbe250a0281e239ee07fa22dca6ecf826aeb32e1ef47444b3ace42626aca72f57fc9564b171ce53d2a911fd9db57c2e3def8fe6cbb70c14c907e476328facbaa2081fa0f8f0f3309b466727c68761953758506e5f24f7b3011b6626b98cbccea3ab5783f79cd6bf29e476682cc80bf651052d5dd6abb48317d332137aa51cf7bb6c3d7ed19794907cc
<br> EAP-Message = 0x4d9d115848ae8e9680b690fc1a77ea70f4bf31d6cbb418b01403010001011603010030ff787676e10bd417e0324b3bc835f28aa381123c26afe55a224f911ffdef86a008f89309543deaceb9b0860476f8b873
<br> State = 0x8e1ed1378a19c8750acddef276754aa3
<br> Message-Authenticator = 0x44ec9fc03737043834799e0d683989ec
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 7 length 253
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br> TLS Length 326
<br>[peap] Length Included
<br>[peap] eaptls_verify returned 11
<br>[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
<br>[peap] TLS_accept: SSLv3 read client key exchange A
<br>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
<br>[peap] <<< TLS 1.0 Handshake [length 0010], Finished
<br>[peap] TLS_accept: SSLv3 read finished A
<br>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
<br>[peap] TLS_accept: SSLv3 write change cipher spec A
<br>[peap] >>> TLS 1.0 Handshake [length 0010], Finished
<br>[peap] TLS_accept: SSLv3 write finished A
<br>[peap] TLS_accept: SSLv3 flush data
<br>[peap] (other): SSL negotiation finished successfully
<br>SSL Connection Established
<br>[peap] eaptls_process returned 13
<br>[peap] EAPTLS_HANDLED
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 133 to X.X.X.252 port 32769
<br> EAP-Message = 0x0108004119001403010001011603010030fb8e93a4ea40e56bbbc6c7f664d2216a753417515ce8465b0e3bb40cb7482c5fb5c177e6a5703c4504509ff0dab8cc50
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378b16c8750acddef276754aa3
<br>Finished request 15.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=134, length=191
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020800061900
<br> State = 0x8e1ed1378b16c8750acddef276754aa3
<br> Message-Authenticator = 0x448e4cae008e458991e1e5a40c8eae90
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 8 length 6
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] Received TLS ACK
<br>[peap] ACK handshake is finished
<br>[peap] eaptls_verify returned 3
<br>[peap] eaptls_process returned 3
<br>[peap] EAPTLS_SUCCESS
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 134 to X.X.X.252 port 32769
<br> EAP-Message = 0x0109002b19001703010020b50db97fab5cc7bed43d021d7b893a92180f1183b52eac9cdc95368efe95a457
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378817c8750acddef276754aa3
<br>Finished request 16.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=135, length=244
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x0209003b190017030100306926f4ed02b49062761d0cb8562726a944dbb0bfaa444f01f67e9c8126a2558fc067654f856d2f951d96535c2df0b535
<br> State = 0x8e1ed1378817c8750acddef276754aa3
<br> Message-Authenticator = 0xbb33462fb6654a927be6b522b4cfb6bb
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 9 length 59
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] eaptls_verify returned 7
<br>[peap] Done initial handshake
<br>[peap] eaptls_process returned 7
<br>[peap] EAPTLS_OK
<br>[peap] Session established. Decoding tunneled attributes.
<br>[peap] Identity - client.example.com
<br>[peap] Got tunneled request
<br> EAP-Message = 0x0209001501737761747a7930312e657372662e6672
<br>server {
<br> PEAP: Got tunneled identity of client.example.com
<br> PEAP: Setting default EAP type for tunneled EAP session.
<br> PEAP: Setting User-Name to client.example.com
<br>Sending tunneled request
<br> EAP-Message = 0x0209001501737761747a7930312e657372662e6672
<br> FreeRADIUS-Proxied-To = 127.0.0.1
<br> User-Name = "client.example.com"
<br>server inner-tunnel {
<br>+- entering group authorize {...}
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>++[unix] returns notfound
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>++[control] returns noop
<br>[eap] EAP packet type response id 9 length 21
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] EAP Identity
<br>[eap] processing type mschapv2
<br>rlm_eap_mschapv2: Issuing Challenge
<br>++[eap] returns handled
<br>} # server inner-tunnel
<br>[peap] Got tunneled reply code 11
<br> EAP-Message = 0x010a002a1a010a002510204478db37cf99c8c84b00dfeffa2bd7737761747a7930312e657372662e6672
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0xde734795de795d3c8b258f5d9a0478ed
<br>[peap] Got tunneled reply RADIUS code 11
<br> EAP-Message = 0x010a002a1a010a002510204478db37cf99c8c84b00dfeffa2bd7737761747a7930312e657372662e6672
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0xde734795de795d3c8b258f5d9a0478ed
<br>[peap] Got tunneled Access-Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 135 to X.X.X.252 port 32769
<br> EAP-Message = 0x010a004b19001703010040046a986768b916030ce5dc08d42e8c74176b9821274cd40c9cb674e3358447de1c5d1571713eca5b7af051da3da576080541861b3cb613481c3d2ee8981561d8
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378914c8750acddef276754aa3
<br>Finished request 17.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=136, length=228
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020a002b19001703010020d9e10c04760aade02739c6c0ca51102b3a3533099e9660d5463f4b17dfd043d7
<br> State = 0x8e1ed1378914c8750acddef276754aa3
<br> Message-Authenticator = 0xa8b64880f1705ab922726493e731dcf6
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 10 length 43
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] eaptls_verify returned 7
<br>[peap] Done initial handshake
<br>[peap] eaptls_process returned 7
<br>[peap] EAPTLS_OK
<br>[peap] Session established. Decoding tunneled attributes.
<br>[peap] EAP type nak
<br>[peap] Got tunneled request
<br> EAP-Message = 0x020a0006030d
<br>server {
<br> PEAP: Setting User-Name to client.example.com
<br>Sending tunneled request
<br> EAP-Message = 0x020a0006030d
<br> FreeRADIUS-Proxied-To = 127.0.0.1
<br> User-Name = "client.example.com"
<br> State = 0xde734795de795d3c8b258f5d9a0478ed
<br>server inner-tunnel {
<br>+- entering group authorize {...}
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>++[unix] returns notfound
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>++[control] returns noop
<br>[eap] EAP packet type response id 10 length 6
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP NAK
<br>[eap] EAP-NAK asked for EAP-Type/tls
<br>[eap] processing type tls
<br>[tls] Requiring client certificate
<br>[tls] Initiate
<br>[tls] Start returned 1
<br>++[eap] returns handled
<br>} # server inner-tunnel
<br>[peap] Got tunneled reply code 11
<br> EAP-Message = 0x010b00060d20
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0xde734795df784a3c8b258f5d9a0478ed
<br>[peap] Got tunneled reply RADIUS code 11
<br> EAP-Message = 0x010b00060d20
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0xde734795df784a3c8b258f5d9a0478ed
<br>[peap] Got tunneled Access-Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 136 to X.X.X.252 port 32769
<br> EAP-Message = 0x010b002b1900170301002093ef759481e6f76a647cfee24e43ee11e05a50261d13ee182e2af0c624f1f6d1
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378615c8750acddef276754aa3
<br>Finished request 18.
<br>Going to the next request
<br>Waking up in 4.9 seconds.
<br>rad_recv: Access-Request packet from host X.X.X.252 port 32769, id=137, length=340
<br> User-Name = "client.example.com"
<br> Calling-Station-Id = "00-1d-e0-7f-c7-bd"
<br> Called-Station-Id = "00-26-cb-4c-f7-c0:Bidon"
<br> NAS-Port = 13
<br> NAS-IP-Address = X.X.X.252
<br> NAS-Identifier = "xxxxx"
<br> Airespace-Wlan-Id = 6
<br> Service-Type = Framed-User
<br> Framed-MTU = 1300
<br> NAS-Port-Type = Wireless-802.11
<br> Tunnel-Type:0 = VLAN
<br> Tunnel-Medium-Type:0 = IEEE-802
<br> Tunnel-Private-Group-Id:0 = "82"
<br> EAP-Message = 0x020b009b19001703010090c9fbe143e32e97dd4bb650fabbdc63bc2c76d23227aa5a414264dc29a31ce7849df85aa4d3126417464a8f11d379f801be1755d19ed5769bc5b6bc16f65c3e390464c78b56c5c91ae19ff2b0051bf8592328667265d66e1cbd77905c39d1544f2dc4b2556de35eefdff4357dd98e811c7a5429e1eeb9a3ddaeef0d4714780c7b0efab3e42cd601fccad521666b701288
<br> State = 0x8e1ed1378615c8750acddef276754aa3
<br> Message-Authenticator = 0x50d09514f80922fe59a09136639bd436
<br>+- entering group authorize {...}
<br>++[preprocess] returns ok
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>[eap] EAP packet type response id 11 length 155
<br>[eap] Continuing tunnel setup.
<br>++[eap] returns ok
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/peap
<br>[eap] processing type peap
<br>[peap] processing EAP-TLS
<br>[peap] eaptls_verify returned 7
<br>[peap] Done initial handshake
<br>[peap] eaptls_process returned 7
<br>[peap] EAPTLS_OK
<br>[peap] Session established. Decoding tunneled attributes.
<br>[peap] EAP type tls
<br>[peap] Got tunneled request
<br> EAP-Message = 0x020b007f0d800000007516030100700100006c03014b2f2fa40ec7775cfa70ff805e35e0a846cc28429be6b506cd3094f1bd33f0c7000018002f00350005000ac009c00ac013c01400320038001300040100002b000000150013000010737761747a7930312e657372662e6672000a00080006001700180019000b00020100
<br>server {
<br> PEAP: Setting User-Name to client.example.com
<br>Sending tunneled request
<br> EAP-Message = 0x020b007f0d800000007516030100700100006c03014b2f2fa40ec7775cfa70ff805e35e0a846cc28429be6b506cd3094f1bd33f0c7000018002f00350005000ac009c00ac013c01400320038001300040100002b000000150013000010737761747a7930312e657372662e6672000a00080006001700180019000b00020100
<br> FreeRADIUS-Proxied-To = 127.0.0.1
<br> User-Name = "client.example.com"
<br> State = 0xde734795df784a3c8b258f5d9a0478ed
<br>server inner-tunnel {
<br>+- entering group authorize {...}
<br>++[chap] returns noop
<br>++[mschap] returns noop
<br>++[unix] returns notfound
<br>[suffix] No '@' in User-Name = "client.example.com", looking up realm NULL
<br>[suffix] No such realm "NULL"
<br>++[suffix] returns noop
<br>++[control] returns noop
<br>[eap] EAP packet type response id 11 length 127
<br>[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br>++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/tls
<br>[eap] processing type tls
<br>[tls] Authenticate
<br>[tls] processing EAP-TLS
<br> TLS Length 117
<br>[tls] Length Included
<br>[tls] eaptls_verify returned 11
<br>[tls] (other): before/accept initialization
<br>[tls] TLS_accept: before/accept initialization
<br>[tls] <<< TLS 1.0 Handshake [length 0070], ClientHello
<br>[tls] TLS_accept: SSLv3 read client hello A
<br>[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
<br>[tls] TLS_accept: SSLv3 write server hello A
<br>[tls] >>> TLS 1.0 Handshake [length 07d3], Certificate
<br>[tls] TLS_accept: SSLv3 write certificate A
<br>[tls] >>> TLS 1.0 Handshake [length 008f], CertificateRequest
<br>[tls] TLS_accept: SSLv3 write certificate request A
<br>[tls] TLS_accept: SSLv3 flush data
<br>[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A
<br>In SSL Handshake Phase
<br>In SSL Accept mode
<br>[tls] eaptls_process returned 13
<br>++[eap] returns handled
<br>} # server inner-tunnel
<br>[peap] Got tunneled reply code 11
<br> EAP-Message = 0x010c04000dc00000089b160301002a0200002603014b2f2fa4ae31c82430ef4091d8c8d39427242606cd13ffbd478f89cc5271eb1000002f0016030107d30b0007cf0007cc00035d3082035930820241a003020102020114300d06092a864886f70d0101040500307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672301e170d3039313232313038303833395a170d313031
<br> EAP-Message = 0x3232313038303833395a3049310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246311b301906035504031312726164697573736572762e657372662e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100df65e73bb432b019abe63c0a455e5053aa65ee5cdebb77dba90300b7933a6e1ddc3b764bf3d4305ab36530461cc0ade6ca4a916bfeb68ec9103ef74b02dcefbbb5553ce4f88225f43a7ff26195b0c2fd70a4620ead334a2c5d3c6f576b3eec5229cac9ab7ce3a7ffed9d70ee905be62a351dd2ee354c22773dea7ab1eeed05316aa5f33c7ca4cd
<br> EAP-Message = 0x1c92b20e08f50bb97033f29eb4f40985a8857170ad6f857f78f12fe394111de60ff71eccdf912dfdd0fd0f153fc6fe9593e15d914725f9b0968acfffcb35a2fb91c5298ac632a38014c778b509531292171a42e8308efc729f02454eaf5c71c0a4384b51081e6ce67f769ec52a38397c87e3b1bbd012fdb4d70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101001705f81c5cfb5f42fb060d784d6d4dda29ce188c6f0203ffc1382b0fb3bd755fedde13cb3010fa4c753409b525d172921a1c19ef77f49f6ab490c1bd751ab5f0aea4d702c4b92b5b2e45485d77e80114762d
<br> EAP-Message = 0x87c80af1b6c317546180ebf118b164616baaaad68601e6fdcc895e328f39ca693b551da66ba9a748e205e67fd05430eefd1ca8a204bb56994ac3a0abf00d546e19263b678b72b04e1286cf1db63e93c089c8072bfe446d1b5e9b08940c6b6fcec73c5953ceeccb4d53b3b2bae39878ef00597f96df75b59776e176ccf328f22312d696524d43a62a623dc9af8c13b270e932bc7afcc456b7574f719d6f21faf4669390cd604dc28d850bc3c349fa000469308204653082034da003020102020900c42387580a65a3a9300d06092a864886f70d0101050500307e310b3009060355040613024652310e300c0603550408130549736572653111300f0603
<br> EAP-Message = 0x55040713084772656e6f626c
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0xde734795dc7f4a3c8b258f5d9a0478ed
<br>[peap] Got tunneled reply RADIUS code 11
<br> EAP-Message = 0x010c04000dc00000089b160301002a0200002603014b2f2fa4ae31c82430ef4091d8c8d39427242606cd13ffbd478f89cc5271eb1000002f0016030107d30b0007cf0007cc00035d3082035930820241a003020102020114300d06092a864886f70d0101040500307e310b3009060355040613024652310e300c0603550408130549736572653111300f060355040713084772656e6f626c65310d300b060355040a1304455352463120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d311b301906035504031312726164697573736572762e657372662e6672301e170d3039313232313038303833395a170d313031
<br> EAP-Message = 0x3232313038303833395a3049310b3009060355040613024652310e300c060355040813054973657265310d300b060355040a130445535246311b301906035504031312726164697573736572762e657372662e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100df65e73bb432b019abe63c0a455e5053aa65ee5cdebb77dba90300b7933a6e1ddc3b764bf3d4305ab36530461cc0ade6ca4a916bfeb68ec9103ef74b02dcefbbb5553ce4f88225f43a7ff26195b0c2fd70a4620ead334a2c5d3c6f576b3eec5229cac9ab7ce3a7ffed9d70ee905be62a351dd2ee354c22773dea7ab1eeed05316aa5f33c7ca4cd
<br> EAP-Message = 0x1c92b20e08f50bb97033f29eb4f40985a8857170ad6f857f78f12fe394111de60ff71eccdf912dfdd0fd0f153fc6fe9593e15d914725f9b0968acfffcb35a2fb91c5298ac632a38014c778b509531292171a42e8308efc729f02454eaf5c71c0a4384b51081e6ce67f769ec52a38397c87e3b1bbd012fdb4d70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101001705f81c5cfb5f42fb060d784d6d4dda29ce188c6f0203ffc1382b0fb3bd755fedde13cb3010fa4c753409b525d172921a1c19ef77f49f6ab490c1bd751ab5f0aea4d702c4b92b5b2e45485d77e80114762d
<br> EAP-Message = 0x87c80af1b6c317546180ebf118b164616baaaad68601e6fdcc895e328f39ca693b551da66ba9a748e205e67fd05430eefd1ca8a204bb56994ac3a0abf00d546e19263b678b72b04e1286cf1db63e93c089c8072bfe446d1b5e9b08940c6b6fcec73c5953ceeccb4d53b3b2bae39878ef00597f96df75b59776e176ccf328f22312d696524d43a62a623dc9af8c13b270e932bc7afcc456b7574f719d6f21faf4669390cd604dc28d850bc3c349fa000469308204653082034da003020102020900c42387580a65a3a9300d06092a864886f70d0101050500307e310b3009060355040613024652310e300c0603550408130549736572653111300f0603
<br> EAP-Message = 0x55040713084772656e6f626c
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0xde734795dc7f4a3c8b258f5d9a0478ed
<br>[peap] Got tunneled Access-Challenge
<br>++[eap] returns handled
<br>Sending Access-Challenge of id 137 to X.X.X.252 port 32769
<br> EAP-Message = 0x010c040019c00000042517030104204d382413619f84e22d48330e6254f82f390b14c9c8b5511efe168d291cf3a8f7a5b9a7d87e3e81eb169aac580a4487917d33cd82df23a99457fee93913c787a13251d32618b7859009f5a5b8539c09a98307f933e742565c7f2c2768c1b95f6ba5e05b5bb5e92dadc6b399f8da7709f68e08fbf42dda43ff570d005ba980fe2c8e77be4bf6c19426f4787bc7a3613c9a82d2221d05a30a263d77f2d38d4b0d6774ff18b5e4696348189855d0e8140d62f9b83b941ad3d98881cfea337607e7223d85f9bd933fa3fc3862b16008f9b61f8d8ee651a79fdce9e19877b7a3b781d811ed54b2229d72c3e3fbe59dcfad
<br> EAP-Message = 0xe007cf32d6b1cc8d88f3408dca7406e67cbc50ab771b1cbe34ddb73ec24d78681715179b7c09013ebb2d174929964b84038fc04e500ebdebe7febbceda9ad4e1dee9b46158c45a6ee28ad0c9f685bea62ee3fc2978f4261c31b44b4dbdf8d35f9735589e1e651668473a7fc2c9e640ff0d0e0946afe1a2d41d8f06cabcb75f30901136cb5f40f15a23b969d4a4e72d31bd7aee93fc611742f63b47d1c0ef23629fc9ca21d88607d16ed83e1d1d55d5c064960c5bd3f78ffe6bcca77419499a7d9fd2bd2a6711825e0ae42cb5edc8267a3f2638f5ae370d0a0bcb00626599f6c82c6e8c38ae781ef8f96db0019c39f3acc56fdf5cb6c7caae1c9e5e97f2
<br> EAP-Message = 0xc418e432012b8206c2fc66da4664402e8835a99f29c3988a9fd97f2fee1c569d806207ea660f7285a0d69d60979f9b425129edabd51c3d97870a7e94b019315eb3513bf77fa61237efc53e3d63640357b23712b0fe6ee274539f6c6e0bef8b0312a963c5ffa57aff3ba0968d500702b7330481f7f19b3bb2d191e478a44dd4bf179062939fae6f97e19c3b909a3f7f71cb0bb9630b905a46a81ee5b8a5af45244bba0968cc665254b00a522bf871174d42f9acb7f664f8ecba424fa1a79403603b6c627e7d55c1dc9d1208da3accfd55b33fef856a8bfeb22bd9ad4de3f87108866e36e65b2a041c0968e353c7f53aa30957ccca0b597c7ec9d70c0580
<br> EAP-Message = 0x207cb2acbb749d514e3f6e30fa5097ab07f4ccf472b43a4bd5be7a93a906ce1b4c432c61cf1dfd9bac9c39b94f3db59a22dec7d2adfa9388d265295c8075becd872bed18eafa822343e44a2d4b8386d5fc0eeddb2249e832260661978c81e081d3b61a230c94a365af0b82b1f03edc8f7b135c4ea6921e7d2934f091d9830cc576fb222dd23755ad9c3e5e5b56507b81c4173a7d280454f31aaca99528a302d8e2189df59b7bffb36e8b8b0fcd87f0cea2e36663aac18ba250f8a3d883f05fe54f78e7c26102f1643fbd4c756b45a57fa5671e3a8da15fde58d541e5ac6cae0e1a4070f0313bb1811f01390d8946bebc730d2eb3eded6efc05aba91314
<br> EAP-Message = 0x76b31a0a8bb72aa2e5b813ff
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br> State = 0x8e1ed1378712c8750acddef276754aa3
<br>Finished request 19.
<br>Going to the next request
<br>Waking up in 4.8 seconds.
<br>Cleaning up request 10 ID 128 with timestamp +28
<br>Cleaning up request 11 ID 129 with timestamp +28
<br>Cleaning up request 12 ID 130 with timestamp +28
<br>Cleaning up request 13 ID 131 with timestamp +28
<br>Cleaning up request 14 ID 132 with timestamp +28
<br>Cleaning up request 15 ID 133 with timestamp +28
<br>Cleaning up request 16 ID 134 with timestamp +28
<br>Cleaning up request 17 ID 135 with timestamp +28
<br>Cleaning up request 18 ID 136 with timestamp +28
<br>Cleaning up request 19 ID 137 with timestamp +28
<br>Ready to process requests.
<br><br />-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>
tag:old.nabble.com,2006:post-26871672
Re: Pre-release of Version 2.1.8
2009-12-21T01:31:30Z
2009-12-21T01:31:30Z
Bjørn Mork
I'm probably stupid as I never learn, but I'm going to take my chances
<br>reporting succcess again....
<br><br>The v2.1.x branch from github up to and including commit
<br>1d80707880c1bf94ad1e87be74221a6c7b4cb4c7 has now been running stable for
<br>more than 5 days for me. All the previously reported problems seem to
<br>be gone. So I'd say it makes a good 2.1.8 release for Christmas.
<br><br><br><br>Bjørn
<br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow">http://www.freeradius.org/list/users.html</a><p>From forum: <a href="http://old.nabble.com/FreeRadius---User-f1104.html" embed="fixTarget[1104]" target="_top" >FreeRadius - User</a></p>