Hi All,
I have set up freeradius server 1.0.1 and I am using
windows XP 802.1x client. The authenticator is an HP
2524 switch.
In the 802.1x windows xp client I want to setup PEAP
and instead of using MSCHAPV2, I want to use the
certificates as follows
Under Authentication, EAP type ->(Protected EAP
(PEAP)), the click on Properties. Select
Authentication Method -> Smart Card or other
certificates, I clicked "Validate server certificate
and also select the RooT CA from the list.
I was using freeradius for peap with mschapv2 before
this and in eap.conf, peap looks as follows,
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
I thought I should chnage "default_eap_type" to tls
under peap so I changed peap in eap.conf as following.
peap {
default_eap_type = tls
copy_request_to_tunnel = yes
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
But i am getting the following errors ..
--------------------------------------------------
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok
for request 7
modcall[authorize]: module "chap" returns noop for
request 7
modcall[authorize]: module "mschap" returns noop for
request 7
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 7
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 7
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding
tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid
for request 7
modcall: group authenticate returns invalid for
request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
---------------------------------------------
I will appreciate any help in this regard. I am unable
to find any example configuration for this on the
freeradius mailing list .
Best Regards
Khurram
The output of radiusd -X -A is as follows
**********************************************
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
/usr/local/etc/raddb/proxy.conf
Config: including file:
/usr/local/etc/raddb/clients.conf
Config: including file:
/usr/local/etc/raddb/snmp.conf
Config: including file:
/usr/local/etc/raddb/eap.conf
Config: including file:
/usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir =
"/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file =
"/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will
go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/1x/khurram.pem"
tls: certificate_file = "/etc/1x/khurram.pem"
tls: CA_file = "/etc/1x/root.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/1x/DH"
tls: random_file = "/etc/1x/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "tls"
peap: copy_request_to_tunnel = yes
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups =
"/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile =
"/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename =
"/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=31, length=202
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
User-Name = "dell1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
EAP-Message = 0x0201000a0164656c6c31
Message-Authenticator =
0xe9ae81b174d8210b4ddc905aaf8c6c45
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok
for request 0
modcall[authorize]: module "chap" returns noop for
request 0
modcall[authorize]: module "mschap" returns noop for
request 0
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 0
rlm_eap: EAP packet type response id 1 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 0
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled
for request 0
modcall: group authenticate returns handled for
request 0
Sending Access-Challenge of id 31 to 10.0.1.20:1024
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message =
0x010200160410ef3a4525c0b4b6557d3c472536eaf5fc
Message-Authenticator =
0x00000000000000000000000000000000
State = 0xa4e9e63ea53e6d8f738d70b0d3db77c2
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=32, length=216
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
User-Name = "dell1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
State = 0xa4e9e63ea53e6d8f738d70b0d3db77c2
EAP-Message = 0x020200060319
Message-Authenticator =
0xe06beccb877bc0b153f6a83784188e0f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for
request 1
modcall[authorize]: module "chap" returns noop for
request 1
modcall[authorize]: module "mschap" returns noop for
request 1
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 1
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 1
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled
for request 1
modcall: group authenticate returns handled for
request 1
Sending Access-Challenge of id 32 to 10.0.1.20:1024
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message = 0x010300061920
Message-Authenticator =
0x00000000000000000000000000000000
State = 0xfa934347abf826aa943039e9f1bfbd8e
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=33, length=290
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
User-Name = "dell1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
State = 0xfa934347abf826aa943039e9f1bfbd8e
EAP-Message =
0x0203005019800000004616030100410100003d0301416e89b7bbb222a9f1f04a6c769d0cce3035f72e52050055ad17b3afa9f3697c00001600040005000a000900640062000300060013001200630100
Message-Authenticator =
0x13eed67520205f0217a604720f70d576
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok
for request 2
modcall[authorize]: module "chap" returns noop for
request 2
modcall[authorize]: module "mschap" returns noop for
request 2
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 2
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 2
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041],
ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a],
ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 05ea],
Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004],
ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled
for request 2
modcall: group authenticate returns handled for
request 2
Sending Access-Challenge of id 33 to 10.0.1.20:1024
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message =
0x0104040a19c000000647160301004a020000460301416e8faab74c619bdb99fd88313f1c14e3c9861964330a27c15c2c05dd6e6abb209f1763a80fab39805c10ef77ddb68ffe708e62f64c06b2bd15ba99f22c865c6200040016030105ea0b0005e60005e300028d30820289308201f2a003020102020101300d06092a864886f70d0101040500307d310b3009060355040613025345311230100603550408130953746f636b686f6c6d310e300c060355040713054b69737461310f300d060355040a1306546865736973310b3009060355040b13024b4a310e300c060355040313054b4a204341311c301a06092a864886f70d010901160d6b68616e
EAP-Message =
0x406b68616e2e636f6d301e170d3034303933303038353530385a170d3035303933303038353530385a307f310b3009060355040613025345311230100603550408130953746f636b686f6c6d310e300c060355040713054b69737461310f300d060355040a1306546865736973310b3009060355040b13024b4a3110300e060355040313076b68757272616d311c301a06092a864886f70d010901160d6b68616e406b68616e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d3d4742e6c46a2a6bc1f31ba47032b59212f03a3938ba1676f1b2cfc99b88584f98b45b4ad793ac52b25d7737e3d1903537955c431f4
EAP-Message =
0xd42267955f0a043be9fe4f99b4298f8e735162114722ec1c1ea85cf4896c018b8c7102d2ac28fe1455a230dbcbcae516adfd94524fc94fbb30f75800881d8a11945df7be6e366ea9360f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181003359dc24de4ac87092f419ae709d394e52212a6d7d35db7cdcb8a9e12779471d7d9cf3fc4d6a2647b1dbde8e635c4b8be56a83183be0bf5dca2d42c6a625258bc4032f66b3fd7225a5ab43081337fe6c9559581d24a90cd99ac80f867beb52b3453298a9ee0f635cc5f74b6bc1f3c7307f7065c9662cb3ed77e4a58df5801fe20003
EAP-Message =
0x503082034c308202b5a003020102020100300d06092a864886f70d0101040500307d310b3009060355040613025345311230100603550408130953746f636b686f6c6d310e300c060355040713054b69737461310f300d060355040a1306546865736973310b3009060355040b13024b4a310e300c060355040313054b4a204341311c301a06092a864886f70d010901160d6b68616e406b68616e2e636f6d301e170d3034303933303038353332355a170d3034313033303038353332355a307d310b3009060355040613025345311230100603550408130953746f636b686f6c6d310e300c060355040713054b69737461310f300d060355040a1306
EAP-Message =
0x546865736973310b3009060355040b13024b4a310e30
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x8f367db0d36eddb78738a5268b9611c9
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=34, length=216
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
User-Name = "dell1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
State = 0x8f367db0d36eddb78738a5268b9611c9
EAP-Message = 0x020400061900
Message-Authenticator =
0xe055b76b153b2c5a2123826cbbc77ba7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok
for request 3
modcall[authorize]: module "chap" returns noop for
request 3
modcall[authorize]: module "mschap" returns noop for
request 3
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 3
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 3
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled
for request 3
modcall: group authenticate returns handled for
request 3
Sending Access-Challenge of id 34 to 10.0.1.20:1024
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message =
0x0105024d19000c060355040313054b4a204341311c301a06092a864886f70d010901160d6b68616e406b68616e2e636f6d30819f300d06092a864886f70d010101050003818d003081890281810097ddec3873badfdd9f23dd328b2685c588e8c4e7022c503f707d9db81234c685fcd178ac890559c6bc67c177b988c66907163e61ca162981499ab7feeb768f2ae6c5d8e3ba7c1843cac4c0e2004bde4e9dc85018bad27749179e817fd857a3735ad0ad1c5443a0cfad99a5417bd9b55e49e8653947b0b75b7fd2374bf69923730203010001a381db3081d8301d0603551d0e04160414455d7441ee4ab9072a97934cc16b13498e3b79af3081a80603
EAP-Message =
0x551d230481a030819d8014455d7441ee4ab9072a97934cc16b13498e3b79afa18181a47f307d310b3009060355040613025345311230100603550408130953746f636b686f6c6d310e300c060355040713054b69737461310f300d060355040a1306546865736973310b3009060355040b13024b4a310e300c060355040313054b4a204341311c301a06092a864886f70d010901160d6b68616e406b68616e2e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038181002b58172ca40a7b4fd47b0f0951763a689be5410a453830990c89d363ac3afb4bed951bd9c9255a29006af60c9549d87ec2eee8e2546f
EAP-Message =
0xe9104ac6c838bfca3df0257d2f24cd305925c8143574769063ce7f048f266927a88cc6a747bed1b701382d7e9a26315c9998e0e3b1e5f1d955012a96c9950e1b8d09309032bcac64e66c16030100040e000000
Message-Authenticator =
0x00000000000000000000000000000000
State = 0xc4ffff3cfb78029337dd3d2f96517fe8
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=35, length=402
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
User-Name = "dell1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
State = 0xc4ffff3cfb78029337dd3d2f96517fe8
EAP-Message =
0x020500c01980000000b61603010086100000820080848002d9bcaa09961fe87d8ba1c11963655c6204ed85d727f12b0281fa492f443885e2cea79788c43653320ac872a9d862fcdd5b0153ef3bdd7cdfa74cf171b7989530f554f8a3352780809973d26e4a94b165c26c9f6fa8d12b383e1488d07c6c1489bec4f67f0e65f62b02d190e8770d80c5179f36c342a9fe3059caaf223b1403010001011603010020f02929252a19eb4d54fbfd3cb3c610658dc536ec620032e384b85f367db76a60
Message-Authenticator =
0x0710453dc3c4f4d0f4f2cdba49b1373b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok
for request 4
modcall[authorize]: module "chap" returns noop for
request 4
modcall[authorize]: module "mschap" returns noop for
request 4
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 4
rlm_eap: EAP packet type response id 5 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 4
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086],
ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length
0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010],
Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length
0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010],
Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled
for request 4
modcall: group authenticate returns handled for
request 4
Sending Access-Challenge of id 35 to 10.0.1.20:1024
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message =
0x01060031190014030100010116030100201978bbabdd167978fd6739a7f80a7ff59d43d55ca747489feed7e952e73e19d4
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x8b2be35f68e4dcfd3e40d181dd156642
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=36, length=216
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
User-Name = "dell1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
State = 0x8b2be35f68e4dcfd3e40d181dd156642
EAP-Message = 0x020600061900
Message-Authenticator =
0xd009bcbb40d66b3df80286669aeb529e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok
for request 5
modcall[authorize]: module "chap" returns noop for
request 5
modcall[authorize]: module "mschap" returns noop for
request 5
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 5
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 5
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled
for request 5
modcall: group authenticate returns handled for
request 5
Sending Access-Challenge of id 36 to 10.0.1.20:1024
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message =
0x010700201900170301001583129b69ba1244c9595f0392a90ec7b279084524ed
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x863e1cc8b971d95daa445bcd8da34871
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=37, length=243
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
User-Name = "dell1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
State = 0x863e1cc8b971d95daa445bcd8da34871
EAP-Message =
0x02070021190017030100165fb52f53aec203b614c05991fea65108f6a0ab1566ca
Message-Authenticator =
0x4ebee783fb67ff8810cbdc0a852d030d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok
for request 6
modcall[authorize]: module "chap" returns noop for
request 6
modcall[authorize]: module "mschap" returns noop for
request 6
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 6
rlm_eap: EAP packet type response id 7 length 33
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 6
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding
tunneled attributes.
rlm_eap_peap: Identity - dell1
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0207000a0164656c6c31
PEAP: Got tunneled identity of dell1
PEAP: Setting default EAP type for tunneled EAP
session.
PEAP: Setting User-Name to dell1
PEAP: Sending tunneled request
EAP-Message = 0x0207000a0164656c6c31
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "dell1"
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok
for request 6
modcall[authorize]: module "chap" returns noop for
request 6
modcall[authorize]: module "mschap" returns noop for
request 6
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 6
rlm_eap: EAP packet type response id 7 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 6
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: Unable to tunnel TLS inside of TLS
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid
for request 6
modcall: group authenticate returns invalid for
request 6
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message = 0x04070004
Message-Authenticator =
0x00000000000000000000000000000000
PEAP: Processing from tunneled session code
0x81be9c8 3
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message = 0x04070004
Message-Authenticator =
0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled
for request 6
modcall: group authenticate returns handled for
request 6
Sending Access-Challenge of id 37 to 10.0.1.20:1024
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "10"
EAP-Message =
0x010800261900170301001b5e42e83561d6ea29af54e4e851e2cb19b9c1e56ffe91cc93340e72
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x6fcf912b7718273a3a3c02ab47d0e4a3
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=38, length=248
Framed-MTU = 1480
NAS-IP-Address = 10.0.1.20
NAS-Identifier = "Lower_Switch"
User-Name = "dell1"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 2
NAS-Port-Type = Ethernet
NAS-Port-Id = "2"
Called-Station-Id = "00-01-e6-bd-7a-22"
Calling-Station-Id = "00-0f-1f-9e-07-49"
Connect-Info = "CONNECT Ethernet 100Mbps Full
duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "30"
State = 0x6fcf912b7718273a3a3c02ab47d0e4a3
EAP-Message =
0x020800261900170301001b764de867dd1039c95c8d0761769e5400a3036f7b37d163cf6c958c
Message-Authenticator =
0x8b2988108aae06cb6ab033311e079cbc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok
for request 7
modcall[authorize]: module "chap" returns noop for
request 7
modcall[authorize]: module "mschap" returns noop for
request 7
rlm_realm: No '@' in User-Name = "dell1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 7
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 7
users: Matched dell1 at 122
modcall[authorize]: module "files" returns ok for
request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding
tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid
for request 7
modcall: group authenticate returns invalid for
request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host
10.0.1.20:1024, id=38, length=248
Sending Access-Reject of id 38 to 10.0.1.20:1024
EAP-Message = 0x04080004
Message-Authenticator =
0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 31 with timestamp 416e8faa
Cleaning up request 1 ID 32 with timestamp 416e8faa
Cleaning up request 2 ID 33 with timestamp 416e8faa
Cleaning up request 3 ID 34 with timestamp 416e8faa
Cleaning up request 4 ID 35 with timestamp 416e8faa
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 36 with timestamp 416e8fab
Cleaning up request 6 ID 37 with timestamp 416e8fab
Cleaning up request 7 ID 38 with timestamp 416e8fab
Nothing to do. Sleeping until we see a request.
__________________________________
Do you Yahoo!?
Y! Messenger - Communicate in real time. Download now.
http://messenger.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
