problems with 802.1x - EAP-TLS
I'm having trouble at authentication using radius, openssl and
EAP-TLS, using AP CISCO 350 Series. Look at radius output.
##############LOG###########
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/raddb"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/raddb/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 256
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/raddb/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/raddb/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/openssl/misc1/servidor-key.pem"
tls: certificate_file = "/usr/local/openssl/misc1/servidor.pem"
tls: CA_file = "/usr/local/openssl/misc1/demoCA/cacert.pem"
tls: private_key_password = "registro"
tls: dh_file = "/usr/local/openssl/misc1/dh"
tls: random_file = "/usr/local/openssl/misc1/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/var/log/raddb/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
detail: detailfile =
"/var/log/raddb/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/raddb/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.0.2:1041, id=17, length=177
User-Name = "[EMAIL PROTECTED]"
Cisco-AVPair = "ssid=TESTEFR"
NAS-IP-Address = 172.16.0.2
Called-Station-Id = "004096544cbc"
Calling-Station-Id = "000cf1516d62"
NAS-Identifier = "AP350-544cbc"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x0239001801726567697374726f403137322e31362e302e31
Message-Authenticator = 0x538b10a9e0546f1135890e951ae1dbec
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/var/log/raddb/radacct/172.16.0.2/auth-detail-20050510'
rlm_detail: /var/log/raddb/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/raddb/radacct/172.16.0.2/auth-detail-20050510
modcall[authorize]: module "auth_log" returns ok for request 0
rlm_realm: Looking up realm "172.16.0.1" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm "172.16.0.1"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 57 length 24
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall[authorize]: module "files" returns notfound for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 17 to 172.16.0.2:1041
EAP-Message = 0x013a00060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfcc6ff6dedae304bd9ff13c405208a18
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.16.0.2:1042, id=18, length=251
User-Name = "[EMAIL PROTECTED]"
Cisco-AVPair = "ssid=TESTEFR"
NAS-IP-Address = 172.16.0.2
Called-Station-Id = "004096544cbc"
Calling-Station-Id = "000cf1516d62"
NAS-Identifier = "AP350-544cbc"
NAS-Port = 37
Framed-MTU = 1400
State = 0xfcc6ff6dedae304bd9ff13c405208a18
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message =
0x023a00500d800000004616030100410100003d03014280b89cc9d9798cde65e3502c124d8b9eba237c6d6314669dc1245f76de1fbc00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xb3e8a06152224b73a731fad4b775c42a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat: '/var/log/raddb/radacct/172.16.0.2/auth-detail-20050510'
rlm_detail: /var/log/raddb/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/raddb/radacct/172.16.0.2/auth-detail-20050510
modcall[authorize]: module "auth_log" returns ok for request 1
rlm_realm: Looking up realm "172.16.0.1" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm "172.16.0.1"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 58 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall[authorize]: module "files" returns notfound for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 03df], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00ab], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 18 to 172.16.0.2:1042
EAP-Message =
0x013b040a0dc0000004e3160301004a0200004603014280b8c621ca6a04519aa72eee2578a420d5a1aaf6feb3bf61649e71d85a70f7206865243d938b7e97b31bfe83870d8a1eb76a45cd100f2f0b4e868329e7ae7d2c00040016030103df0b0003db0003d80003d5308203d13082033aa003020102020103300d06092a864886f70d0101040500308199310b3009060355040613024252311230100603550408130953616f205061756c6f311230100603550407130953616f205061756c6f31143012060355040a130b526567697374726f20425231143012060355040b130b526567697374726f2042523111300f0603550403130872656769737472
EAP-Message =
0x6f3123302106092a864886f70d01090116146f70657261646f7240726567697374726f2e6272301e170d3035303432393030313031345a170d3036303432393030313031345a308199310b3009060355040613024252311230100603550408130953616f205061756c6f311230100603550407130953616f205061756c6f31143012060355040a130b526567697374726f20425231143012060355040b130b526567697374726f2042523111300f06035504031308726567697374726f3123302106092a864886f70d01090116146f70657261646f7240726567697374726f2e627230819f300d06092a864886f70d010101050003818d003081890281
EAP-Message =
0x81009a54a72fd8086941545f68d0545b7f6e302b8f64d0495a9947fe3a5fc271051e97260bdd73098804f8213e37b69c29a476b9ac7f24d5aebfc90d5a3c79a8a478ae7ef872d67e25dd886f1c11f1da066e94249720adf39c145fccbeda9d4989d0769977ee3130e4dac0fa067e25f59c228def7f2a12831f1eca775afcb3d4e4b10203010001a38201253082012130090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414edf961cd84c7ad4c1432c98464ac3f30507c97393081c60603551d230481be3081bb8014a870f94a04f0
EAP-Message =
0x666076f58683622b6c9daaacef45a1819fa4819c308199310b3009060355040613024252311230100603550408130953616f205061756c6f311230100603550407130953616f205061756c6f31143012060355040a130b526567697374726f20425231143012060355040b130b526567697374726f2042523111300f06035504031308726567697374726f3123302106092a864886f70d01090116146f70657261646f7240726567697374726f2e6272820100300d06092a864886f70d0101040500038181001957374aa695a34df252001b3d855fd4598c9b5f61ed0245b46e1278b62ec3cf2af83c27379b33f004d8c76d70b569c88cfa756bed8d49
EAP-Message = 0xc28dc46044f0a5f044ec4d1542bfb6726057d1eb3e53
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2332e69b6edb0f5f4ab61cf0a5faddf8
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.16.0.2:1043, id=19, length=177
User-Name = "[EMAIL PROTECTED]"
Cisco-AVPair = "ssid=TESTEFR"
NAS-IP-Address = 172.16.0.2
Called-Station-Id = "004096544cbc"
Calling-Station-Id = "000cf1516d62"
NAS-Identifier = "AP350-544cbc"
NAS-Port = 37
Framed-MTU = 1400
State = 0x2332e69b6edb0f5f4ab61cf0a5faddf8
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x023b00060d00
Message-Authenticator = 0x154b747b7e4373067b4fb062ca0a3ef0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/var/log/raddb/radacct/172.16.0.2/auth-detail-20050510'
rlm_detail: /var/log/raddb/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/raddb/radacct/172.16.0.2/auth-detail-20050510
modcall[authorize]: module "auth_log" returns ok for request 2
rlm_realm: Looking up realm "172.16.0.1" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm "172.16.0.1"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 59 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall[authorize]: module "files" returns notfound for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 19 to 172.16.0.2:1043
EAP-Message =
0x013c00ed0d80000004e38237eaf7880b068b460ddbd2261adc8d59bd30cc239ded22283dd27df46b28f7f2428a3811d30578d1a4950df1b58e712fab8216030100ab0d0000a3020102009e009c308199310b3009060355040613024252311230100603550408130953616f205061756c6f311230100603550407130953616f205061756c6f31143012060355040a130b526567697374726f20425231143012060355040b130b526567697374726f2042523111300f06035504031308726567697374726f3123302106092a864886f70d01090116146f70657261646f7240726567697374726f2e62720e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x96120aa4b02b8c5ff04209db298efd1a
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.16.0.2:1044, id=20, length=1498
User-Name = "[EMAIL PROTECTED]"
Cisco-AVPair = "ssid=TESTEFR"
NAS-IP-Address = 172.16.0.2
Called-Station-Id = "004096544cbc"
Calling-Station-Id = "000cf1516d62"
NAS-Identifier = "AP350-544cbc"
NAS-Port = 37
Framed-MTU = 1400
State = 0x96120aa4b02b8c5ff04209db298efd1a
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message =
0x023c05250d800000051b16030104eb0b0003db0003d80003d5308203d13082033aa003020102020104300d06092a864886f70d0101040500308199310b3009060355040613024252311230100603550408130953616f205061756c6f311230100603550407130953616f205061756c6f31143012060355040a130b526567697374726f20425231143012060355040b130b526567697374726f2042523111300f06035504031308726567697374726f3123302106092a864886f70d01090116146f70657261646f7240726567697374726f2e6272301e170d3035303432393030353534395a170d3036303432393030353534395a308199310b30090603
EAP-Message =
0x55040613024252311230100603550408130953616f205061756c6f311230100603550407130953616f205061756c6f31143012060355040a130b526567697374726f20425231143012060355040b130b526567697374726f2042523111300f06035504031308726567697374726f3123302106092a864886f70d01090116146f70657261646f7240726567697374726f2e627230819f300d06092a864886f70d010101050003818d0030818902818100d7899bb64777601a498fccaffc163ba9fcc1e8a3fdf2db09f28deea572332998b5e2c92c261871567252e54037b812388c83b313a7acec320ece838af61e3776bc2942466ea9a85377ebf17194
EAP-Message =
0x16bdbe8e3dbedee663c0ff30a0a5402ae9b2aa4eead19e0a3808705eeb39ee115b9a0d6601461dbb4f25f0c85f583f9d1b2dbd0203010001a38201253082012130090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604141219cdbe7f71815d1f9ee897caf9aead2e96cf663081c60603551d230481be3081bb8014a870f94a04f0666076f58683622b6c9daaacef45a1819fa4819c308199310b3009060355040613024252311230100603550408130953616f205061756c6f311230100603550407130953616f205061756c6f311430
EAP-Message =
0x12060355040a130b526567697374726f20425231143012060355040b130b526567697374726f2042523111300f06035504031308726567697374726f3123302106092a864886f70d01090116146f70657261646f7240726567697374726f2e6272820100300d06092a864886f70d0101040500038181006d739a758b706d31eadd83e9d5c79861c6a9cc3a7898ff4f77b2fa82fb5144d5ab8d936b7072665562ca5b4293a99fd20319be28e9be46d4abfe84eb4689fbcdf73509ab8dc5a91557557b8b35e60888fadb6f725aa19750fd8003f49797d14a14f8790221dcd36d462bcb12e75ea39bb51cefaad34f33589e7c7b6f3cc9c076100000820080
EAP-Message =
0x7eb4547b1f3db566c130ea5724565b401a2077965c8c73f921741143b940608485efd0c97d347813f79d06e93102fb8360724bc712437ddea30493cf3919a54d4ae180dd30d73787cb93123ed2049e9dde0e32c9b13ea08267cc94481bacc4d15628c462b560f00be7c57d8d34abd430d8d6885019a75cbd5eeb4ac892e0d87a0f0000820080704fcd1a3240f1cd7fd16197dfc98bfcb49131c6371a0b8af003ca65b5535fd46ebbaa93612e45470432d09f86ccd3345d24bae00fdf136a0a06a40acc5f45d82719d62dcc7066bb5893d7ebc697d63bd30b7e60847d77e389ba211dc852f46403f06dec333ace9f34e748a859e3bdc5d1451e1bdb263a
EAP-Message =
0x5dff9248c1d03d76c0140301000101160301002002edbc2f77f3aa0710a7da4ca5c84c7d3e7631dea7615960728e1bc1d727e576
Message-Authenticator = 0x6d83b27900e6fc2c9fd89d4b269ded37
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/var/log/raddb/radacct/172.16.0.2/auth-detail-20050510'
rlm_detail: /var/log/raddb/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/raddb/radacct/172.16.0.2/auth-detail-20050510
modcall[authorize]: module "auth_log" returns ok for request 3
rlm_realm: Looking up realm "172.16.0.1" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm "172.16.0.1"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 60 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall[authorize]: module "files" returns notfound for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 03df], Certificate
chain-depth=1,
error=0
--> User-Name = [EMAIL PROTECTED]
--> BUF-Name = registro
--> subject = /C=BR/ST=Sao Paulo/L=Sao Paulo/O=Teste BR/OU=Teste
BR/CN=registro/[EMAIL PROTECTED]
--> issuer = /C=BR/ST=Sao Paulo/L=Sao Paulo/O=Teste BR/OU=Teste
BR/CN=registro/[EMAIL PROTECTED]
--> verify return:1
chain-depth=0,
error=0
--> User-Name = [EMAIL PROTECTED]
--> BUF-Name = registro
--> subject = /C=BR/ST=Sao Paulo/L=Sao Paulo/O=Teste BR/OU=Teste
BR/CN=registro/[EMAIL PROTECTED]
--> issuer = /C=BR/ST=Sao Paulo/L=Sao Paulo/O=Teste BR/OU=Teste
BR/CN=registro/[EMAIL PROTECTED]
--> verify return:1
TLS_accept: SSLv3 read client certificate A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify
TLS_accept: SSLv3 read certificate verify A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 20 to 172.16.0.2:1044
EAP-Message =
0x013d00350d800000002b1403010001011603010020b354d5618ce3410f4fcd0213badac95e81c7d0c5596e031d3ffe72451ee4a904
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x393ab2c490d15f1d67d77e819d83e363
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
