Helo gurus. I'm new to radius, but willing to learn :)
Using OpenSuSE 10.1 and freeradius-1.1.0-19 and Windows2K as AD and Alcatel Omniswitch 7800 with 802.1x and Port Mobility features enabled. I've followed the steps from: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO The authentication of WindowsXP Supplicants with EAP/PEAP is working great, now i need to assign VLANs to this setup, i've searched the list and google and found this setting for /etc/raddb/users: jose Auth-Type == EAP Tunnel-Type += VLAN, Tunnel-Medium-Type += IEEE-802, Tunnel-Private-Group-Id += 3 But the port is never assigned to VLAN 3 for the user "jose". Is it possible to assign VLAN's with Alcatel ? Do i need any extra license ? Anybody have this running ? It seems to me, that the VLAN parameters are never returned to the switch in the Access-Accept parth of this the result from radiusd -X. oxiel:/etc/raddb # radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "root" main: group = "root" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "/usr/bin/ntlm_auth --username=%{mschap:User-Name} --request-nt-key --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.10.20:1067, id=206, length=91 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 NAS-Port = 85 EAP-Message = 0x020200150153414755415041435c616d6730383731 Message-Authenticator = 0x4857fea61c5a9d66c114985dba27c8a2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 21 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 206 to 192.168.10.20 port 1067 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9d6d6f0ddf48bb99c12194dfda4a1c27 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.10.20:1067, id=207, length=168 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 State = 0x9d6d6f0ddf48bb99c12194dfda4a1c27 NAS-Port = 85 EAP-Message = 0x0203005019800000004616030100410100003d030145c3b7635173ec271fb507e42e9738c3b4f164ffc4085f6bac9ecda83ac963b300001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xb2fbd984a0e1f39320472d32182a9a49 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06e3], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 207 to 192.168.10.20 port 1067 EAP-Message = 0x0104040a19c000000740160301004a02000046030145c3b9289f95159048307de2e5d8706c092897f0ec1ac572005c17e96e26ec7f20a28e7c07be63f2cc73041f94a317f13932b2fbd6a5fe5871ef5c48cc5f66e0e500040016030106e30b0006df0006dc0002e3308202df30820248a003020102020104300d06092a864886f70d01010505003081ac310b300906035504061302424f311330110603550408130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173311630140603550403130d6164 EAP-Message = 0x6d696e6973747261746f72312c302a06092a864886f70d010901161d6d656e64657a2e616e647265734073616775617061632e636f6d2e626f301e170d3036313233303030323231335a170d3037313233303030323231335a3081a4310b300906035504061302424f311330110603550408130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173310e300c060355040313056f7869656c312c302a06092a864886f70d010901161d6d656e64657a2e616e647265734073616775617061632e636f6d EAP-Message = 0x2e626f30819f300d06092a864886f70d010101050003818d0030818902818100d4bffbbfb022a7f958b349e687938d4957a97ad7bcafb5809650d765d01756a5c00de2e70f2e8f85b11be4b9e5bef2f3ae9f1d3b0621c220b8797d1ed166e7d9a8ebeafd94917c202578632e6995ec7d71af019b0672b0b2954a482b2b692d8ddac2f4b90920f694eca2108d5cdf2a56819b7066ca84d93ce7daf81d9622850f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181004377bcfc4439739f4796cfe2f00c81d6ec2b59daf43c6e6d84c379e650ee50979acce1fff0f9b8ff2b5f4ea4 EAP-Message = 0xb0ecde0f2330b714b271df9698fdcd756f12cd137889646279b9a6f4ee7093e2dafaaa875395a366bbf9f874bad9f3ebab34b626168e0d0f3c2618916e2da198e8bccbd5ba4ad4e1370b00108e78beabfff3a0410003f3308203ef30820358a0030201020209009c7ed6d4d9c27eca300d06092a864886f70d01010505003081ac310b300906035504061302424f311330110603550408130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173311630140603550403130d61646d696e697374726174 EAP-Message = 0x6f72312c302a06092a864886f70d010901161d6d656e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3f79572080cc5e023f870a7ff061f9c0 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.10.20:1067, id=208, length=94 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 State = 0x3f79572080cc5e023f870a7ff061f9c0 NAS-Port = 85 EAP-Message = 0x020400061900 Message-Authenticator = 0x7b66c08480bde9c011c3ea836c8c7d4b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 208 to 192.168.10.20 port 1067 EAP-Message = 0x01050346190064657a2e616e647265734073616775617061632e636f6d2e626f301e170d3036313233303030323130395a170d3038313232393030323130395a3081ac310b300906035504061302424f311330110603550408130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72312c302a06092a864886f70d010901161d6d656e64657a2e616e647265734073616775617061632e636f6d2e626f30819f300d06092a864886f70d01 EAP-Message = 0x0101050003818d0030818902818100a7ac18689f583d3798fa66644e9a0779f600d95e1e22398818f6ae4e7237c9876bb1dcff55570a031544606660d7b641cd09cdd8f6d0fae1ad005631f6139ee924aa795047fc9a5ec9960fafbea87111b8a78e84b940685d65fe8ab8643ba8b43c8268198966f013a744b159786e0d7e4b47ee15777ec7c2e74dad5f055787d30203010001a382011530820111301d0603551d0e041604148e06fc719eca87d27e9e33510370513812b461ce3081e10603551d230481d93081d680148e06fc719eca87d27e9e33510370513812b461cea181b2a481af3081ac310b300906035504061302424f3113301106035504 EAP-Message = 0x08130a53616e7461204372757a311c301a0603550407131353616e7461204372757a202d204369756461643111300f060355040a130853616775617061633111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72312c302a06092a864886f70d010901161d6d656e64657a2e616e647265734073616775617061632e636f6d2e626f8209009c7ed6d4d9c27eca300c0603551d13040530030101ff300d06092a864886f70d0101050500038181004ea0901bc63f1d9e4e65fe67fca6dc432b009e35d3939dedb0c6b4910f8920a1404562099fa54a30a4169807aae290c93f2188d8b808696875ba EAP-Message = 0xab8df4968fc8672f948da1000b3a59aa766c9fa48b42a5fc5534a209c0db7bd21c1732f0377e94fe2ec09f619eb1c939d2a4275f6b812050d32901b820ff1cc88e7c0b21e5e316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x06b3a931efea56a67d3b12175eeadfc0 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.10.20:1067, id=209, length=280 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 State = 0x06b3a931efea56a67d3b12175eeadfc0 NAS-Port = 85 EAP-Message = 0x020500c01980000000b616030100861000008200800d59b5ba20edb2d54cd0d56be84aa6133a0b2628cd1ca03c0254343106a80a06ae14b39969a0feb9613d84a85a14917f95379ec54a8754d4808477557e179694065ac61dbe7841ae33223f2f8d1976886ca4f3b54e942c3fb697ba293a8fedf822348fd2c4c0a68505f1c6b67878d5c31cb5663fdd5e976675fce1ed3421e55c1403010001011603010020e023e4faf2cc10f4334474ed9751c5a959ffc9241ea03e2bf209c5f29cd8a2c3 Message-Authenticator = 0x11546e4b95a7e95f3dfdeb0f29124125 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 209 to 192.168.10.20 port 1067 EAP-Message = 0x0106003119001403010001011603010020f67af346039e8ee2405b3764ad5f918dfe61c4af3546e8ad1dd15bd21ca0d376 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x917ea9cbbe5c65d8ed6bff5fdcca7db7 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.10.20:1067, id=210, length=94 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 State = 0x917ea9cbbe5c65d8ed6bff5fdcca7db7 NAS-Port = 85 EAP-Message = 0x020600061900 Message-Authenticator = 0xa8af04dbd0c91ab153eacfb1b8b1f172 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 210 to 192.168.10.20 port 1067 EAP-Message = 0x01070020190017030100156bd5621bae4fb38c5dbe91e2c3b6c323cf23571705 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x98187c2d49a89527610d15cdff70fff3 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.10.20:1067, id=211, length=132 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 State = 0x98187c2d49a89527610d15cdff70fff3 NAS-Port = 85 EAP-Message = 0x0207002c19001703010021016436b91df2958d8e27a515af65591aa2c33e93d338a338ff2c309d65ff914296 Message-Authenticator = 0xaaadbac57d1774f3ce893f338f253858 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 44 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - MYDOMAIN\jose rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of MYDOMAIN\jose PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to MYDOMAIN\jose Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 21 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 211 to 192.168.10.20 port 1067 EAP-Message = 0x010800411900170301003630ab9d3435ef1d9c7dc7e6f242cd9270664e0e0fb207b960deb02b81bcd1b744a3888a0a56fe498640433309cac513a1bf3aa1674bde Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7a92e7a96eacd44d4fd1ff63e908e9e2 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.10.20:1067, id=212, length=186 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 State = 0x7a92e7a96eacd44d4fd1ff63e908e9e2 NAS-Port = 85 EAP-Message = 0x0208006219001703010057df9dbbc7ef4684b090bdc706cd290f6f1fef65e3cdbb93aa0b1577dede1e9be3922c12e5af05e556bd3f9802d88d1c591ae180857fc263931b085e38adfdfe9d52508d6475a8b1b95de28fcd44329a3c916a40863eb07d Message-Authenticator = 0xcefaa60b5f32ef01b79a062ee8e8f3fe Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 98 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to MYDOMAIN\jose PEAP: Adding old state with 3c ec Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 75 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for jose with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: a9 radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --username=jose --request-nt-key --domain=MYDOMAIN --challenge=23482ae45d3e185d --nt-response=144c32fdf284bad9c7d9d789db878b80428eaa7ad9ae1a42' Exec-Program: /usr/bin/ntlm_auth --username=jose --request-nt-key --domain=MYDOMAIN --challenge=23482ae45d3e185d --nt-response=144c32fdf284bad9c7d9d789db878b80428eaa7ad9ae1a42 Exec-Program output: NT_KEY: 0A83D7C2B162B94C31CE636B6CA6ECCC Exec-Program-Wait: plaintext: NT_KEY: 0A83D7C2B162B94C31CE636B6CA6ECCC Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 6 modcall: leaving group MS-CHAP (returns ok) for request 6 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 212 to 192.168.10.20 port 1067 EAP-Message = 0x0109004a1900170301003fb564a89db69f923da3b09305d5b6869317541502643d9f145c8d9a34b6b85d9665ebfc45825ac25a188472d3c2f691811a34f54f2d7b08242e961c2592bc38 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3be7bff9e8a4a52effea7ebb58c23d24 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.10.20:1067, id=213, length=117 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 State = 0x3be7bff9e8a4a52effea7ebb58c23d24 NAS-Port = 85 EAP-Message = 0x0209001d19001703010012f357dcf3cd2394e7337a3b0eaaa702c74609 Message-Authenticator = 0x022702d1f3f76c72f2b4d875449abc97 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 29 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to MYDOMAIN\jose PEAP: Adding old state with 6b 13 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 7 modcall: leaving group authenticate (returns ok) for request 7 PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 213 to 192.168.10.20 port 1067 EAP-Message = 0x010a00261900170301001b37f4320b69bebda8e841f4a55f6b41d84be0b529cb34d5a4357b38 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5597f1b859aff68c52dff25df3151a93 Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.10.20:1067, id=214, length=126 User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 State = 0x5597f1b859aff68c52dff25df3151a93 NAS-Port = 85 EAP-Message = 0x020a00261900170301001beac5a6d4d8702084479528a2ebd32267a4b66e9fbfef2b28315132 Message-Authenticator = 0x1f655acb0e50dfe0dd70edac651c8093 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 10 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 161 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 8 modcall: leaving group authenticate (returns ok) for request 8 Sending Access-Accept of id 214 to 192.168.10.20 port 1067 MS-MPPE-Recv-Key = 0x0206f3af33e5e4224da7e663dfc79d8ff204c559d839a39343e1c91ad4198502 MS-MPPE-Send-Key = 0xae765f9bcca046bb7be43f55bbb5673120009c23275ed77f1526cef3639e3272 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "MYDOMAIN\\jose" Finished request 8 Going to the next request Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 192.168.10.20:1067, id=215, length=82 Acct-Status-Type = Start User-Name = "MYDOMAIN\\jose" NAS-IP-Address = 192.168.10.20 Acct-Session-Id = "0015c5551a97" NAS-Port = 85 Xylan-Slot-Port = "3/17" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 9 modcall[preacct]: module "preprocess" returns noop for request 9 rlm_acct_unique: Hashing 'NAS-Port = 85,Client-IP-Address = 192.168.10.20,NAS-IP-Address = 192.168.10.20,Acct-Session-Id = "0015c5551a97",User-Name = "MYDOMAIN\\jose"' rlm_acct_unique: Acct-Unique-Session-ID = "eed7faa245223d13". modcall[preacct]: module "acct_unique" returns ok for request 9 rlm_realm: No '@' in User-Name = "MYDOMAIN\jose", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 9 modcall[preacct]: module "files" returns noop for request 9 modcall: leaving group preacct (returns ok) for request 9 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 9 radius_xlat: '/var/log/radius/radacct/192.168.10.20/detail-20070202' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.10.20/detail-20070202 modcall[accounting]: module "detail" returns ok for request 9 modcall[accounting]: module "unix" returns ok for request 9 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'MYDOMAIN\\jose' modcall[accounting]: module "radutmp" returns ok for request 9 modcall: leaving group accounting (returns ok) for request 9 Sending Accounting-Response of id 215 to 192.168.10.20 port 1067 Finished request 9 Going to the next request Cleaning up request 9 ID 215 with timestamp 45c3b928 Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 206 with timestamp 45c3b928 Cleaning up request 1 ID 207 with timestamp 45c3b928 Cleaning up request 2 ID 208 with timestamp 45c3b928 Cleaning up request 3 ID 209 with timestamp 45c3b928 Cleaning up request 4 ID 210 with timestamp 45c3b928 Cleaning up request 5 ID 211 with timestamp 45c3b928 Cleaning up request 6 ID 212 with timestamp 45c3b928 Cleaning up request 7 ID 213 with timestamp 45c3b928 Cleaning up request 8 ID 214 with timestamp 45c3b928 Nothing to do. Sleeping until we see a request. Thanks and best regards to all of you. Oxiel Chiacchiera con i tuoi amici in tempo reale! http://it.yahoo.com/mail_it/foot/*http://it.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
