Hello,
I've got 3Com access-point (7250) with 3Com USB wireles adapters.
Configured with freeradius for WPA-TKIP EAP-PEAP auth protocol.
Problem is, that freeradius gets 'weird' requests from the AP,
like they are directly from calling stations and not from AP.
Once in a while there comes proper access-request which is properly
answered with access-accept after negotiations.
Log follows:
Starting - reading configuration files ...
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/var/log/freeradius/radius.log"
main: log_destination = "files"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: debug_level = 0
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "EAP"
mschap: ntlm_auth = "/usr/bin/ntlm_auth "
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/freeradius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/freeradius/certs/cert-srv.pem"
tls: certificate_file = "/etc/freeradius/certs/cert-srv.pem"
tls: CA_file = "/etc/freeradius/certs/demoCA/cacert.pem"
tls: private_key_password = "weglocrap"
tls: dh_file = "/etc/freeradius/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/freeradius/huntgroups"
preprocess: hints = "/etc/freeradius/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded files
files: usersfile = "/etc/freeradius/users"
files: acctusersfile = "/etc/freeradius/acct_users"
files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (reply_log)
Initializing the thread pool...
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 172.20.254.51:2501, id=178, length=52
User-Name = "000fcbc09602"
User-Password = "000fcbc09602"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry 000fcbc09602 at line 8
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail for request 0
modcall: group authenticate returns fail for request 0
auth: Failed to validate the user.
Login incorrect: [000fcbc09602/000fcbc09602] (from client weglokoks port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:2499, id=177, length=52
User-Name = "000fcbc095f1"
User-Password = "000fcbc095f1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry 000fcbc095f1 at line 9
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail for request 1
modcall: group authenticate returns fail for request 1
auth: Failed to validate the user.
Login incorrect: [000fcbc095f1/000fcbc095f1] (from client weglokoks port 0)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 3 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:2527, id=189, length=52
User-Name = "000fcbc095f1"
User-Password = "000fcbc095f1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
modcall[authorize]: module "preprocess" returns ok for request 16
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 16
users: Matched entry 000fcbc095f1 at line 9
modcall[authorize]: module "files" returns ok for request 16
modcall: group authorize returns ok for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail for request 16
modcall: group authenticate returns fail for request 16
auth: Failed to validate the user.
Login incorrect: [000fcbc095f1/000fcbc095f1] (from client weglokoks port 0)
Delaying request 16 for 1 seconds
Finished request 16
Going to the next request
etc...
and then proper request:
Waking up in 3 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1066, id=7, length=128
NAS-IP-Address = 172.20.254.51
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "jkjk"
Calling-Station-Id = "000fcbc095e4"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point 1"
EAP-Message = 0x02010009016a6b6a6b
Message-Authenticator = 0xdb4b9bddc766eab4d7b8d388eff89f32
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 62
modcall[authorize]: module "preprocess" returns ok for request 62
rlm_eap: EAP packet type response id 1 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 62
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 62
modcall: group authorize returns updated for request 62
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 62
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 62
modcall: group authenticate returns handled for request 62
Sending Access-Challenge of id 7 to 172.20.254.51:1066
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1b7f89b3aa1986ab14d8b6943038c856
Finished request 62
Going to the next request
Waking up in 3 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1067, id=8, length=249
NAS-IP-Address = 172.20.254.51
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "jkjk"
Calling-Station-Id = "000fcbc095e4"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point 1"
State = 0x1b7f89b3aa1986ab14d8b6943038c856
EAP-Message =
0x0202007019800000006616030100610100005d030141dd3771ada075675bb184b483244f78053392e0d6d2ad8530725f44d20fa43200003600390038003500160013000a00330032002f0007006600050004006300620061001500120009006500640060001400110008000600030100
Message-Authenticator = 0xa3eac0157a70657ca315af00a379d27c
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 63
modcall[authorize]: module "preprocess" returns ok for request 63
rlm_eap: EAP packet type response id 2 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 63
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 63
modcall: group authorize returns updated for request 63
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 63
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0288], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 63
modcall: group authenticate returns handled for request 63
Sending Access-Challenge of id 8 to 172.20.254.51:1067
EAP-Message =
0x010302eb1900160301004a02000046030141dd37caea4de77741811f8459ef1d942a7e81a0b39ba0b486062b07501c128e2071fbfb303b2e777fe2bd01d05f0cf89dbf78575479cb3af557d3a25bbb16faa100350016030102880b00028400028100027e3082027a308201e3a003020102020900cf496406ea378c43300d06092a864886f70d01010405003077310b300906035504061302504c3110300e0603550408130753696c657369613111300f060355040713084b61746f7769636531153013060355040a130c5765676c6f6b6f6b7320534131153013060355040b130c5765676c6f6b6f6b73205341311530130603550403130c5765676c6f
EAP-Message =
0x6b6f6b73205341301e170d3034313231343032323531385a170d3035313231343032323531385a306e310b300906035504061302504c3110300e0603550408130753696c657369613111300f060355040713084b61746f7769636531123010060355040a13095765676c6f6b6f6b7331123010060355040b13095765676c6f6b6f6b7331123010060355040313095765676c6f6b6f6b7330819f300d06092a864886f70d010101050003818d0030818902818100a96c6868bdfbced51daed9727b57b90562757053c012131b97dc6706b19d01866d49cbd7c1476e17a2950d15ef1f13249690f3b1dc871baf3bc27ecb9465f0a5e5e3cc066ae304b61c
EAP-Message =
0x6127e129f857943042133bb73171541e82fdbad3036e136768c6c0c1a3770ebdfcf1d28a2535e17cba770b58e87addfe2cc80ff10106670203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181003cd4d0a1339f9bad726c2bdf1f25621a1e4dfd2a71009261b9ae96b0422108a3932dc6ebb20be1fc4a255a7b8ecf9abaeda49ef7a5726b80eb7c3b02ba7cec25aa48c0ece6c77d87b1836368c4852f55ace960e7b420da1dc57237f371c6c36a4986728d9f39df18e8801aa106b7d0cf2e7dc88477cf85b0cc17f88ecca910ef16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x49aa413583cce7ef541353fbcb800758
Finished request 63
Going to the next request
--- Walking the entire request list ---
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1068, id=9, length=345
NAS-IP-Address = 172.20.254.51
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "jkjk"
Calling-Station-Id = "000fcbc095e4"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point 1"
State = 0x49aa413583cce7ef541353fbcb800758
EAP-Message =
0x020300d01980000000c616030100861000008200806ed05cbbe19776fa23aac2a104988048b404d7a6673007eeba7267324162a81be0a3ccc61dd787e2ea113d21d9966dd0c6f160af0f6ebe6c27f820bedad7f29e35c34e0424a75e6c6b0cae7c63677b059a2d5d411bc6ba18f0e698a708d1a72dd42bafde39ba537785d9b164bb63c9e9612df14fb5f181952ca7765c14a35e311403010001011603010030521ecc8115c5182982f8f5b6dffb8b1ddacb439dd97b976863acda7a3b086c54a8f510dd131d9d9af726b20e6289f018
Message-Authenticator = 0x4d4bdfb337d51b201845410046595a8d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 64
modcall[authorize]: module "preprocess" returns ok for request 64
rlm_eap: EAP packet type response id 3 length 208
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 64
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 64
modcall: group authorize returns updated for request 64
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 64
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 64
modcall: group authenticate returns handled for request 64
Sending Access-Challenge of id 9 to 172.20.254.51:1068
EAP-Message =
0x0104004119001403010001011603010030b830c22e9d6ab24f50d29c8fbca4187f889380e9a254a3f0f3c1a446065553c1398b2272d3a3f92915b27d657ffa9e21
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x83c60fb8beca6c94e3fb7ce6dd6befa6
Finished request 64
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1069, id=10, length=143
NAS-IP-Address = 172.20.254.51
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "jkjk"
Calling-Station-Id = "000fcbc095e4"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point 1"
State = 0x83c60fb8beca6c94e3fb7ce6dd6befa6
EAP-Message = 0x020400061900
Message-Authenticator = 0x8751fa036bd5ed75a2247aed0188e766
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 65
modcall[authorize]: module "preprocess" returns ok for request 65
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 65
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 65
modcall: group authorize returns updated for request 65
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 65
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 65
modcall: group authenticate returns handled for request 65
Sending Access-Challenge of id 10 to 172.20.254.51:1069
EAP-Message =
0x0105005019001703010020bcae712a2ea3ff6500fcef6af7014f8a8079bb01019c7f410cd6f8b67849a42817030100205cf46416972b8b5154820a07ba5ddd18848d506aa478032c0803e66a815b86b2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7466b94a22d720dc791e416e3f4d27b4
Finished request 65
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1071, id=11, length=52
User-Name = "000fcbc09602"
User-Password = "000fcbc09602"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 66
modcall[authorize]: module "preprocess" returns ok for request 66
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 66
users: Matched entry 000fcbc09602 at line 8
modcall[authorize]: module "files" returns ok for request 66
modcall: group authorize returns ok for request 66
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 66
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail for request 66
modcall: group authenticate returns fail for request 66
auth: Failed to validate the user.
Login incorrect: [000fcbc09602/000fcbc09602] (from client weglokoks port 0)
Delaying request 66 for 1 seconds
Finished request 66
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1073, id=12, length=217
NAS-IP-Address = 172.20.254.51
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "jkjk"
Calling-Station-Id = "000fcbc095e4"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point 1"
State = 0x7466b94a22d720dc791e416e3f4d27b4
EAP-Message =
0x0205005019001703010020ef98676aac849f818f702afa4048a4a8f0ee8c42ab9f7b1157da82568925611917030100209317be07c9e536e5b9a2c09995c95f4cc1625dad2f6f3f520bbaf7907daae57a
Message-Authenticator = 0xe142b0dc0f68acceb99cbf9e9f43580d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 67
modcall[authorize]: module "preprocess" returns ok for request 67
rlm_eap: EAP packet type response id 5 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 67
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 67
modcall: group authorize returns updated for request 67
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 67
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - jkjk
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x02050009016a6b6a6b
PEAP: Got tunneled identity of jkjk
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to jkjk
PEAP: Sending tunneled request
EAP-Message = 0x02050009016a6b6a6b
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "jkjk"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 67
modcall[authorize]: module "preprocess" returns ok for request 67
rlm_eap: EAP packet type response id 5 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 67
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 67
modcall: group authorize returns updated for request 67
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 67
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 67
modcall: group authenticate returns handled for request 67
PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x0106001e1a0106001910fb098e2cfc07d5fcd7cf1d18ae4cbbdd6a6b6a6b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x28763e658575912bb77e47066e30bb22
PEAP: Processing from tunneled session code 0x819c018 11
EAP-Message =
0x0106001e1a0106001910fb098e2cfc07d5fcd7cf1d18ae4cbbdd6a6b6a6b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x28763e658575912bb77e47066e30bb22
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 67
modcall: group authenticate returns handled for request 67
Sending Access-Challenge of id 12 to 172.20.254.51:1073
EAP-Message =
0x0106006019001703010020a3450373e10e29c1306f3e717a35d16abbde87b08c45a96e0c7f00f34759e9591703010030edbf05b1c1bd8da025653819a9c4c04ec91283679108faa5325bc7a365238d7fe695654e6ed65d9413bf5c8b1f9ccb71
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x96e7056d0ae4f318a7e3bc0aaf544f06
Finished request 67
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1075, id=13, length=265
NAS-IP-Address = 172.20.254.51
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "jkjk"
Calling-Station-Id = "000fcbc095e4"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point 1"
State = 0x96e7056d0ae4f318a7e3bc0aaf544f06
EAP-Message =
0x02060080190017030100205535ac6fa84377140550deb6ca1c97c72b8863556f1f6bbbff536ce865ad5d98170301005075b1bbccff32dfebc64a3e9f108e6466c3ba206d905f6cc54ec47fd165acd9ad496756844bb10905361da064cc945a30fcd847035edcd9e8cc877361fad45fbc1a9fb0b18de6c0d9eb901c91eca17466
Message-Authenticator = 0x5e467774ddd9e8e774e8c9f8be044301
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 68
modcall[authorize]: module "preprocess" returns ok for request 68
rlm_eap: EAP packet type response id 6 length 128
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 68
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 68
modcall: group authorize returns updated for request 68
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 68
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x0206003f1a0206003a31fb098e2cfc07d5fcd7cf1d18ae4cbbdd0000000000000000e91e2fb629075750b6a0d4d37835485c8a47bfb567cce18e006a6b6a6b
PEAP: Setting User-Name to jkjk
PEAP: Adding old state with 28 76
PEAP: Sending tunneled request
EAP-Message =
0x0206003f1a0206003a31fb098e2cfc07d5fcd7cf1d18ae4cbbdd0000000000000000e91e2fb629075750b6a0d4d37835485c8a47bfb567cce18e006a6b6a6b
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "jkjk"
State = 0x28763e658575912bb77e47066e30bb22
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 68
modcall[authorize]: module "preprocess" returns ok for request 68
rlm_eap: EAP packet type response id 6 length 63
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 68
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 68
modcall: group authorize returns updated for request 68
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 68
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 68
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for jkjk with NT-Password
Exec-Program output: NT_KEY: 0137B71A98047507417EAF50CFAC29C3
Exec-Program-Wait: plaintext: NT_KEY: 0137B71A98047507417EAF50CFAC29C3
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
rlm_mschap: mppe_add_reply MS-MPPE-Recv-Key
rlm_mschap: mppe_add_reply MS-MPPE-Send-Key
rlm_mschap: wygenerowane i niby dodane klucze
modcall[authenticate]: module "mschap" returns ok for request 68
modcall: group Auth-Type returns ok for request 68
MSCHAP Success
modcall[authenticate]: module "eap" returns handled for request 68
modcall: group authenticate returns handled for request 68
PEAP: Got tunneled reply RADIUS code 11
MS-CHAP2-Success =
0x06533d41384131464537353732434232393245343031344138363431304334364238383439393734313236
EAP-Message =
0x010700331a0306002e533d41384131464537353732434232393245343031344138363431304334364238383439393734313236
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d474ffc8d9a6c750e4a600ec3ad3f9a
PEAP: Processing from tunneled session code 0x81780f8 11
MS-CHAP2-Success =
0x06533d41384131464537353732434232393245343031344138363431304334364238383439393734313236
EAP-Message =
0x010700331a0306002e533d41384131464537353732434232393245343031344138363431304334364238383439393734313236
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d474ffc8d9a6c750e4a600ec3ad3f9a
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 68
modcall: group authenticate returns handled for request 68
Sending Access-Challenge of id 13 to 172.20.254.51:1075
EAP-Message =
0x01070080190017030100209cc76b19885c041d873258b971759f2f56926c5780129d8cf5e0eb9f864507171703010050c383e862f63c0a561bcf05a5be20fd124fec33c0dc8d210e827efba1edaaedde7146b619a7d62d37f59f70eb3bd2b0c024fa15d520923436418c23bcf32ed523d14a2b6c43fb7acff8ee0a3a1b43c474
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd5c529d3c77f1494e3ed78efed594582
Finished request 68
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1078, id=14, length=217
NAS-IP-Address = 172.20.254.51
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "jkjk"
Calling-Station-Id = "000fcbc095e4"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point 1"
State = 0xd5c529d3c77f1494e3ed78efed594582
EAP-Message =
0x02070050190017030100207cd5b5fea8eb07e845b58ccf38b93c1e87c50297dc9c477d70a6271db37b5df8170301002049099f140b5b2d668a4c8b8f6dcf303b54cd4d5c5d01559f664c20c9138720e0
Message-Authenticator = 0xc2536ae5c22bacd7c77d12dc884674fe
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 69
modcall[authorize]: module "preprocess" returns ok for request 69
rlm_eap: EAP packet type response id 7 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 69
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 69
modcall: group authorize returns updated for request 69
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 69
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020700061a03
PEAP: Setting User-Name to jkjk
PEAP: Adding old state with 9d 47
PEAP: Sending tunneled request
EAP-Message = 0x020700061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "jkjk"
State = 0x9d474ffc8d9a6c750e4a600ec3ad3f9a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 69
modcall[authorize]: module "preprocess" returns ok for request 69
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 69
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 69
modcall: group authorize returns updated for request 69
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 69
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 69
modcall: group authenticate returns ok for request 69
Login OK: [jkjk/<via Auth-Type = EAP>] (from client localhost port 0)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 69
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/reply-detail-20050106'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to
/var/log/freeradius/radacct/127.0.0.1/reply-detail-20050106
modcall[post-auth]: module "reply_log" returns ok for request 69
modcall: group post-auth returns ok for request 69
PEAP: Got tunneled reply RADIUS code 2
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "jkjk"
PEAP: Processing from tunneled session code 0x8178790 2
EAP-Message = 0x03070004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "jkjk"
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
modcall[authenticate]: module "eap" returns handled for request 69
modcall: group authenticate returns handled for request 69
Sending Access-Challenge of id 14 to 172.20.254.51:1078
EAP-Message =
0x0108005019001703010020c78aeea74cff944d0f9ab621c31d374e078fd8963b9a7336578890cfb818385117030100206804d1d32d754141f1dd685b65d9aaf7608264841cc16ebcfabd2825dd7bb899
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3e88773372c70482fd508316369dca40
Finished request 69
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1081, id=15, length=217
NAS-IP-Address = 172.20.254.51
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "jkjk"
Calling-Station-Id = "000fcbc095e4"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point 1"
State = 0x3e88773372c70482fd508316369dca40
EAP-Message =
0x0208005019001703010020ce6d7adf9a237a84a99b4c1d04860d0f1b6622258a39430fc02d734e484234f917030100201914cc961b772c54b311ccfb4b58d2555842732a2440f72a2048afde2fd791f9
Message-Authenticator = 0xaeff77c42d9177ed71fbe4016c562c2e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 70
modcall[authorize]: module "preprocess" returns ok for request 70
rlm_eap: EAP packet type response id 8 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 70
users: Matched entry DEFAULT at line 52
modcall[authorize]: module "files" returns ok for request 70
modcall: group authorize returns updated for request 70
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 70
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 70
modcall: group authenticate returns ok for request 70
Login OK: [jkjk/<via Auth-Type = EAP>] (from client weglokoks port 2 cli
000fcbc095e4)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 70
radius_xlat: '/var/log/freeradius/radacct/172.20.254.51/reply-detail-20050106'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to
/var/log/freeradius/radacct/172.20.254.51/reply-detail-20050106
modcall[post-auth]: module "reply_log" returns ok for request 70
modcall: group post-auth returns ok for request 70
Sending Access-Accept of id 15 to 172.20.254.51:1081
MS-MPPE-Recv-Key =
0x65495a41ce04cc837bb731b44c9fe9a5330b95709da526779bf74992d2f9a47e
MS-MPPE-Send-Key =
0x6d9443c8a135d96125f907189ba3cf8c978cee5b1c7c46e8c29ff82cd1937cf8
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "jkjk"
Finished request 70
Going to the next request
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 60 ID 5 with timestamp 41dd37c6
Sending Access-Reject of id 11 to 172.20.254.51:1071
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 61 ID 6 with timestamp 41dd37c7
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.20.254.51:1085, id=16, length=52
User-Name = "000fcbc09602"
User-Password = "000fcbc09602"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 71
modcall[authorize]: module "preprocess" returns ok for request 71
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 71
users: Matched entry 000fcbc09602 at line 8
modcall[authorize]: module "files" returns ok for request 71
modcall: group authorize returns ok for request 71
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 71
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail for request 71
modcall: group authenticate returns fail for request 71
auth: Failed to validate the user.
Login incorrect: [000fcbc09602/000fcbc09602] (from client weglokoks port 0)
Delaying request 71 for 1 seconds
Finished request 71
Going to the next request
Waking up in 2 seconds...
Jakub Jermak
--
This is your fortune.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
