here is my conf file "users"
DEFAULT Auth-Type = EAP, EAP-Type == EAP-PEAP
DEFAULT Auth-Type = LDAP
there to different situation , in both of them authentication section about LDAP and EAP are uncommented.
++++First : If I uncomment "eap" in authorize section of radiusd.conf :
# This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
# authentication.
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
eap
I've got that kind of error :
-----------------------------------------------
lm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client Access_Point_3COM port 1 cli 004096a1ce69)
Delaying request 7 for 1 seconds
Finished request 7
------------------------------------------
Authorize part with ldap works well but not the authentification one with eap (the tls handshake works well)
++++Second : If I comment "eap" in authorize section of radiusd.conf
I've got a long output attached in that mail.
As a conclusion if I edit the users config file like that :
I hope you could help I'm blocked on that problem for 2 weeks and the end of my training period is close and I would like to finish it before :).
Thank you
2006/6/6, Alan DeKok <[EMAIL PROTECTED]>:
"thomas hahusseau" <[EMAIL PROTECTED]> wrote:
> modcall: entering group Auth-Type for request 6
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
This means that the server has no clear-text password. i.e. it
wasn't retrieved from LDAP. See the rest of the debug log to see what
was retrieved from LDAP.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /opt/freeradius/etc/raddb/clients.conf
Config: including file: /opt/freeradius/etc/raddb/eap.conf
main: prefix = "/opt/freeradius"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/opt/freeradius/lib"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/opt/freeradius/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /opt/freeradius/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded LDAP
ldap: server = "localhost"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = ""
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = ""
ldap: basedn = "dc=dist,dc=demo,dc=net"
ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "uid"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/opt/freeradius/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/opt/freeradius/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP userPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
conns: 0x8152010
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type leap
tls: rsa_key_exchange = yes
tls: dh_key_exchange = yes
tls: rsa_key_length = 2048
tls: dh_key_length = 1024
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/opt/freeradius/etc/raddb/radcerts/dist-aaa.key.pem"
tls: certificate_file = "/opt/freeradius/etc/raddb/radcerts/dist-aaa.crt.pem"
tls: CA_file = "/opt/freeradius/etc/raddb/radcerts/DEMO.NET.pem"
tls: private_key_password = "AZert12@"
tls: dh_file = "/opt/freeradius/etc/raddb/radcerts/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/opt/freeradius/etc/raddb/huntgroups"
preprocess: hints = "/opt/freeradius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = yes
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
realm: format = "prefix"
realm: delimiter = "\"
realm: ignore_default = yes
realm: ignore_null = yes
Module: Instantiated realm (ntdomain)
Module: Loaded files
files: usersfile = "/opt/freeradius/etc/raddb/users"
files: acctusersfile = "/opt/freeradius/etc/raddb/acct_users"
files: preproxy_usersfile = "/opt/freeradius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (reply_log)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.5:3314, id=139, length=116
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
EAP-Message = 0x020100090174657374
Message-Authenticator = 0x04e30ce26d28e459d6f26e8cefe9c11b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 0
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 139 to 192.168.0.5:3314
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe2babc9392179f148e247671f72305a5
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3315, id=140, length=231
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0xe2babc9392179f148e247671f72305a5
EAP-Message =
0x0202006a198000000060160301005b010000570301448582e62696a93ad9f85a6479619877a5bba09e5759d86527f1f93e6be0a6fc00003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100
Message-Authenticator = 0x992f0055961626e9b956aab6309c6cd6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 1
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 057c], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 140 to 192.168.0.5:3315
EAP-Message =
0x0103040a19c0000005d9160301004a0200004603014485ccf27a934f8e54aed80b8318b512e34a72e2324bb62a6eec2e281671685b205a4549dfb51f96dbcf1a2fc980af56892b7b846608521bcf28458ad1b0df756f003500160301057c0b00057800057500030c3082030830820271a003020102020200be300d06092a864886f70d0101050500302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e4554301e170d3036303630363132333234365a170d3037303630363132333234365a30133111300f06035504031308444953542d41414130819f300d06092a864886f70d0101
EAP-Message =
0x01050003818d0030818902818100c1b030c295f8a7f7e9f7abd3f8b71689751760134fd5fb5df1593b6b1cdc86c6b0860eabccd56de45d84e6552785c74d73ffa0850f089f27bbf07dae30282ccdb5bfefc143cc558ded6750a336d6d15b08708e74868528f719b30da9b72b769ad235f5e798559396f04e2454c8fd4454a82174648f451853c190bc9541122a350203010001a382014d3082014930320603551d12042b30298613687474703a2f2f7777772e64656d6f2e6e65748112706b692e61646d696e4064656d6f2e6e657430210603551d11041a30188216646973742d6161612e646973742e64656d6f2e6e6574300c0603551d130101ff04
EAP-Message =
0x023000300e0603551d0f0101ff0404030205e030130603551d25040c300a06082b06010505070301301106096086480186f8420101040403020640301d0603551d0e0416041428172fdf3387a4a92b5a3d36051a8f6741e8251b30570603551d230450304e801431dace396ed49614cd8f3319ca8eef3bc73bc266a133a431302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e455482010130320603551d1f042b30293027a025a0238621687474703a2f2f7065612d706b692f63726c2f64656d6f6e65742d63612e63726c300d06092a864886f70d01010505000381810052f7f4
EAP-Message =
0x754b9a6cce0bf6cdf3c5124f5e0e19aa4c6d08fa2efb2c0c367426067f6e954277922f03200825710a5e19789946052bee720df75b51b44260f5b22a29d8b524f16b16bab1abcac475a2c7bddfdd302b859d75dc7944d66904f11baf6de789a1966bae39d51c1746bc2468609d27d98b913e1a00ff8d3ffe16be82c4d90002633082025f308201c8a003020102020101300d06092a864886f70d0101050500302f310b3009060355040613024652310d300b060355040a130444454d4f3111300f060355040b130844454d4f2e4e4554301e170d3035303131313233303030305a170d3135303131313233303030305a302f310b300906035504061302
EAP-Message = 0x4652310d300b060355040a130444454d4f3111300f06
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9fb8632237c591687df8a547dfa52813
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3316, id=141, length=131
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x9fb8632237c591687df8a547dfa52813
EAP-Message = 0x020300061900
Message-Authenticator = 0xbcec195ea2780d126608bd15249630f4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 2
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 141 to 192.168.0.5:3316
EAP-Message =
0x010401df19000355040b130844454d4f2e4e455430819f300d06092a864886f70d010101050003818d0030818902818100ee2768d790e52a0c45ab78147c99e54bfda0e5800a195914de98837d1ed7e95a7ac8a038b81fef29d5e6a732c4db1e00bbd8da7568a56ca131245664f39780607bcd5ca499c436e26344250635f5da06bc806ad217a1b121e818159205e91b28471f755b529dbbc1a7befa7931e9ce1b4cfb86411cdbdb6e1fc3b5a505d4f28f0203010001a3818a30818730320603551d11042b30298613687474703a2f2f7777772e64656d6f2e6e65748112706b692e61646d696e4064656d6f2e6e6574300f0603551d130101ff040530
EAP-Message =
0x030101ff300e0603551d0f0101ff040403020106301106096086480186f8420101040403020007301d0603551d0e0416041431dace396ed49614cd8f3319ca8eef3bc73bc266300d06092a864886f70d01010505000381810081629fb4a5a981a2b5d379e7255fa66fd89f4b8633caf740811fcd8fe30cac5271e2a4602eaee83cfa85f4c4a24c633290763d33c13e774f8c2e8860fd6ba39b7dd53d96c39c1c47353c42505b5f2cb9aae3416bd03fd32fdd8da78e4fe90518ca909530fcd3d95b2350a4d6a6b5cc54feedbf4448fad8c67274bf10cb7a98c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x03dd52501ef84ed73033ff48b051003a
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3317, id=142, length=333
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x03dd52501ef84ed73033ff48b051003a
EAP-Message =
0x020400d01980000000c616030100861000008200800649870266020468f6e16a3871866f124269221f94d74b49b4e72b91767f5c57effbf208e798c082d62a5cf8ac89be33be026471ec4dcf0ae489affee52ddb9797d7d7d685218701711ba089805ff6244bb99639cc5f8078ae23ae48b4945ae3343c59475753bc72a81081aa5db2b243bc8553e6de15a6469b88b8f5be165f71140301000101160301003073efb355587a1ec5eabeb6897a5bed979a447634e768df8fff527881ad1de1a76334f5906df16c18164654314f63d0be
Message-Authenticator = 0xb5f904f764096b757d272c14599f2a91
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 3
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns ok for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 142 to 192.168.0.5:3317
EAP-Message =
0x0105004119001403010001011603010030b8b9dc269f2e472af82680c5913f1041b77683e211936bd49ac4d96d3b68df3a40c9b60e6794a654e1644b90da5582c7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf2927c8675e70ce765bb95f8c0b06815
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3318, id=143, length=131
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0xf2927c8675e70ce765bb95f8c0b06815
EAP-Message = 0x020500061900
Message-Authenticator = 0x0b5e01918e895755c7029b917e16c034
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 4
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns ok for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 143 to 192.168.0.5:3318
EAP-Message =
0x0106005019001703010020d86c6100f4b1153d4f31e19dce57eda8640d534c385891c31f9c71889f8369301703010020161eb07affd44a8a07ebcf3fd73cb15410559dd2d1f621bed896bd10be6989c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x15421a936c003ca505f7926331cf807f
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3319, id=144, length=205
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x15421a936c003ca505f7926331cf807f
EAP-Message =
0x020600501900170301002050d109c9bd7aa09cd72266171ae319c8892383aef5dc4ed96a60c86947e5aab317030100207715ebe05bf12f0561a2e2bec1211b99f22e290404fc32d4757c2e47716eb1cf
Message-Authenticator = 0xa23e39f4f568fc98391c8f95f081b389
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 5
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - test
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of test
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to test
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 5
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 144 to 192.168.0.5:3319
EAP-Message =
0x0107006019001703010020b4535b429de7c20b3b85b130159d84d1f052623b5ef630d16205b79a1e2d384517030100306318b7160fdcdc4654750d74e6484e49cb224c5b3c6ea564f459f3a29c5e2e6df9529f16f227f0c86a360e6513bb1ab6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3d2a6faf63b792b94c0e6d40197cf833
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3320, id=145, length=253
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x3d2a6faf63b792b94c0e6d40197cf833
EAP-Message =
0x02070080190017030100209634618e4eb61d40690211ba511b58ca94fc377a92fe404cdb730a588854677a1703010050d6f9645bf5085bb28a1caf327ea103b184078f22e264ac35134f5c4d1afb907d5d9121d3229da20861eebdf623c6e269959cecc963e8c8a6c38079ffa1b37d45abc11161561785f68f5a610666d3110c
Message-Authenticator = 0x70b4890f54b099c69712d1cc8223fec8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 6
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to test
PEAP: Adding old state with 9a 3d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 6
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client localhost
port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 145 to 192.168.0.5:3320
EAP-Message =
0x010800501900170301002016434d9c118208f1dd2377baa2d9c09021a3e5da0f3558b0426328dac50ae6a7170301002057a477397eec22f9515f6b170b3c4c550faebdc5a05d501d81c8207d8b16a632
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x168fbbea61f6fad33ae78c898d68ebd2
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.0.5:3321, id=146, length=205
NAS-IP-Address = 192.168.0.5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "test"
Calling-Station-Id = "004096a1ce69"
Called-Station-Id = "000fcb00f04c"
NAS-Identifier = "DIST-AP"
State = 0x168fbbea61f6fad33ae78c898d68ebd2
EAP-Message =
0x0208005019001703010020e35fd95fa1fa68fd53abc23d627780adee7a91d9e9cefb34fc21cef97433326817030100206d0389c712254567cf0405f811b8c141f689f681ee326f5fb631cd0e30e39169
Message-Authenticator = 0x6d5a37c42f0a8f95513faf8834be2006
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.5/auth-detail-20060606
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_realm: No '\' in User-Name = "test", skipping NULL due to config.
modcall[authorize]: module "ntdomain" returns noop for request 7
users: Matched entry DEFAULT at line 215
modcall[authorize]: module "files" returns ok for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat: '(uid=test)'
radius_xlat: 'dc=dist,dc=demo,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=dist,dc=demo,dc=net, with filter (uid=test)
rlm_ldap: checking if remote access for test is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 7
modcall: group authorize returns ok for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [test/<no User-Password attribute>] (from client
Access_Point_3COM port 1 cli 004096a1ce69)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 139 with timestamp 4485ccf2
Cleaning up request 1 ID 140 with timestamp 4485ccf2
Cleaning up request 2 ID 141 with timestamp 4485ccf2
Sending Access-Reject of id 146 to 192.168.0.5:3321
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 142 with timestamp 4485ccf3
Cleaning up request 4 ID 143 with timestamp 4485ccf3
Cleaning up request 5 ID 144 with timestamp 4485ccf3
Cleaning up request 6 ID 145 with timestamp 4485ccf3
Cleaning up request 7 ID 146 with timestamp 4485ccf3
Nothing to do. Sleeping until we see a request.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
