repost forgot change subject I'm sorry I didn't include all the debug, because it was so large... anyway here the debug : Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" EAP-Message = 0x0201000c0174657374696e67 Message-Authenticator = 0xb3af6d24481b168d63e57489e22a2458 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry DEFAULT at line 183 ++[files] returns ok ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.11.7:389, authentication 0 rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to 192.168.11.7:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "Wk0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x54657374696e6731 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x54657374696e6731 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e5" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance100] returns ok ++- redundant-load-balance group redundant-load-balance returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'Wk0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 14340 ++[logintime] returns ok rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled } # server nispdot1x Framed-Compression = Van-Jacobson-TCP-IP Tunnel-Private-Group-Id:0 = "101" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Framed-Protocol = PPP Service-Type = Framed-User Session-Timeout = 14340 EAP-Message = 0x0102001604108dedf8c669040a1bcd0115afdf91dbdc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c11fa52425bd7da50678295fc0 Finished request 4. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c11fa52425bd7da50678295fc0 EAP-Message = 0x020200060319 Message-Authenticator = 0x76203b9931bdb50a703f0f50746f7ee3 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry DEFAULT at line 183 ++[files] returns ok ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "Wk0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x54657374696e6731 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x54657374696e6731 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e5" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance100] returns ok ++- redundant-load-balance group redundant-load-balance returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'Wk0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 14340 ++[logintime] returns ok rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled } # server nispdot1x Framed-Compression = Van-Jacobson-TCP-IP Tunnel-Private-Group-Id:0 = "101" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Framed-Protocol = PPP Service-Type = Framed-User Session-Timeout = 14340 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c11ea43925bd7da50678295fc0 Finished request 5. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c11ea43925bd7da50678295fc0 EAP-Message = 0x0203005019800000004616030100410100003d0301489aa4c688ae33dab29d1f856cc286c03cc9db7bf7cad627057407ea7ae7ff7600001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x281bfb9a23c4dbe800b5e8ddb8a1e450 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x0104040019c0000008bb160301004a020000460301489a9df62033f257b37183b77110cc422d4e261ec2937a49c010c2094c03402720184330036434a2cf4ed6df923cc2dbfed170e04bc387b206ddfb5f91dbd5224e000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730335a170d3039303731303038353730335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ec2f4b59fd990bb3aa49d2754c816072707ecf355f0c386b6912dcdad9ad EAP-Message = 0x4dac38aa26efc31d4f0834eb773d2382dd11765a00093fef9cabd38a9528553c78f8fb8dce9d78119e3ba62b123df0e536afeb3d5e11dda425031f69d89f7535aa322765c7918cc97b5c87bae4bd939f55caa83e664a985349eeffe852c0438d3953b0c42d84e1a27a05d265a1d531d72ce5dc8bc3177ca58e3e284021e07506f5e606f2a136ce62b3c9c4b996cfe4c5212bbd4191fcf6758585cab9002723100e5c7a582877fa12fc49dd779227d74b86e60fdfe97ecabec7d576ecdafd4a255abc15d81a18d661b5fce04d9a9c0f1dd014c0da3f81fd5704a9c71ec1b28d63caa70203010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d010104050003820101007c56fcb65c607a6487b1638c1e0aabdc6b25cd21538c199683a80f6abc1151f472999eb4fe9731ccd215606c322ba3df94fa2fa3e6d0a6b47f7b1e76ed4e1ea6567f2bb9065e82cd2d99c581aed4714a25cf9fcadc663a9bbe05aafa373a170cd5407caa2e5acdbcbe36b3e993df82a361ff2998394b294e6dd07244fe47c8491747bac377f6f8df33db3685e334a9e1e8161f770c3ef43bcc15660babb211e09d81d3762fd5872641623685bfdc077a3052050597d04e9ccc531ea011f9f781aa8346e82cf00e0a7afe69efa933d8d451f9175e5a6632c4c85d2b3f15b5877419915b31ac0c EAP-Message = 0xe7889fcefb2540ca2a830a91 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c11da33925bd7da50678295fc0 Finished request 6. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c11da33925bd7da50678295fc0 EAP-Message = 0x020400061900 Message-Authenticator = 0x30262688a22da1c1ee098b29dead42c4 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010503fc194056c741a9eb20ed7a485e12951f700004ab308204a73082038fa00302010202090093f3d8f5226c7123300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730325a170d3038303830393038353730325a308193310b30090603 EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100be264c476f850b3652a81ebc52c29d062720c552587af2c8799dd527c6c455e325aa636d3fd44d8a87b61783f420519555022a51311c835ded6eccc8a175aa5cd8724b65684a8971b94159f46cfaf6 EAP-Message = 0xecc1e9bcd4c196db3141a69e42963b0255e7b4a61d85762a03540f40cfb27164208e93b4b8f06c49d6466dedb923617bb288381d6f54762f1999bea92963f24f3fe144ebf60832ff32302ae5d8260f5e852a74c20bec698380291837083b7a32796074c7d47a9eb731d9b377fa13ba88536a06fe11a4abea0a5a7d05d62292b4f7bb428f7f22ee14ce3a5304b6f8b35ed33cffdf5b594309a2a9c9a8d86dc9d18df87b2fe32a4463677240fffd26dbc2010203010001a381fb3081f8301d0603551d0e041604141f870249b94c6f4c4a51ba0b95def93a98e062dc3081c80603551d230481c03081bd80141f870249b94c6f4c4a51ba0b95def93a98e0 EAP-Message = 0x62dca18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090093f3d8f5226c7123300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004c0887dc9d3611832e3f55c592e3b45cf553d2207647285a275174d1bdce00b3b040ddcc5e9925bd1f8f1b6ca2d0bfe61da1 EAP-Message = 0x2f31d1264b04c5b4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c11ca23925bd7da50678295fc0 Finished request 7. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c11ca23925bd7da50678295fc0 EAP-Message = 0x020500061900 Message-Authenticator = 0x59d74248b0aadbf3119dbb3eeb19b42e server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010600d51900845e93ce9ffc5452e73f653e704f16f3a5687176926863d49558a742cb84f6aeb016521bf6b5b28bfa804c0aea2719ac3a3df6629264b273d9498374bb2b5716c95c2db2c5a64b857c7f07e6f84c629730b2aceb3dddf4d50d7d549da3b9d5e03639b6881d7f75a86afbf799407cacee9100d670506bf5084ffe2d7ef5ff9c8f6d4b586d7ec9dc16f5c67e84f1a1817faff565ffc1642463ff7fdb1ecc13e9f87b9ce19d4715a693750e56ad468a453462abce15950da8ad436016bbd394128e09c47accf10816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c11ba13925bd7da50678295fc0 Finished request 8. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c11ba13925bd7da50678295fc0 EAP-Message = 0x02060140198000000136160301010610000102010068ae16d861e6d0176177801ef590398287377ea6ae9a1cfd9e0b3f4e625327a010a5d554c73483273a477798edc6bd1eaa432232961de9e7075661ff9e90fb678fd8e9a6687c44d19ff9449be9b7336779175b780d08f3c9fa16c7defe05e2c42d480d633f375406c53486a487caa06358e52d72ab25fabfd960bff9271db83261783b026b500d2a14191890487de5bb545b8fe9be3aa055f3a516928cd891b9362090b986037ed516866ffafb8d14dae8baa94ab96ee893290a624b62d9f856dd3b7c4e0357a02998b1837aa538849aa0177846cee6b5f0f149ffe1cb6f5ce1866c3a325d65509b EAP-Message = 0x74c24b32e27592aae4cf5f300d2c0ff6d2270d6d517e354a14030100010116030100200893d8c86f803d129370aa7f4d74ed825f64654040243375124d284762011ac7 Message-Authenticator = 0x3b0313d80ad2d14931da58b07de881c8 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 253 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 310 rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x0107003119001403010001011603010020ad9ae7e64760bfd2d6f845bb0d3bbc2d52fd692106a9eb9ed4cb34064db2b864 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c11aa03925bd7da50678295fc0 Finished request 9. Going to the next request Waking up in 4.7 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c11aa03925bd7da50678295fc0 EAP-Message = 0x020700061900 Message-Authenticator = 0x11836c23f609b5c4d3211d9b1f1f27f7 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled } # server nispdot1x EAP-Message = 0x0108002019001703010015f4ce316d1638ae01c009d50bcc9ebce4724655b215 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c119af3925bd7da50678295fc0 Finished request 10. Going to the next request Waking up in 4.7 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c119af3925bd7da50678295fc0 EAP-Message = 0x0208002319001703010018a04db0485b87de4eb7d2eddc7a5ce6a50d14325deef1bd91 Message-Authenticator = 0x2debf67f813086666dc007c59a814494 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 35 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - testing PEAP: Got tunneled identity of testing PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to testing +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 8 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010900381900170301002d93de421ad659f0beec711c64baecd2841ee70b243fb51b315798646770e2eb873dcc3fe78aa54d2094030f54c2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c118ae3925bd7da50678295fc0 Finished request 11. Going to the next request Waking up in 4.7 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c118ae3925bd7da50678295fc0 EAP-Message = 0x020900591900170301004eed1ff2effc4e1752902dee5fd3d3f56281045c8aea4fd46077f8f2f1afff31459f86f4a8fbb3e149d7ea91ce2bacd815be3a82d279f0533b969fe6383bdbbc520661151b64e5d073ebe9d0ed7258 Message-Authenticator = 0xea29d99ebda12bc8cee708264041d3a1 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 9 length 89 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to testing +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 9 length 66 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010a00261900170301001bf310bdd3b5003f17e6b384f8d72a7a9c7a874b3b2ae817450b07cd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1fa720c117ad3925bd7da50678295fc0 Finished request 12. Going to the next request Waking up in 4.6 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x1fa720c117ad3925bd7da50678295fc0 EAP-Message = 0x020a00261900170301001bc69a12bf5d23b5dedc2c6c8d537f8577436b7bded7dee8eb290178 Message-Authenticator = 0x2a7e10fb4deef91301ba11f38f970f39 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 10 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port 1 cli 00-16-36-5a-f1-e4) } # server nispdot1x Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> testing attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 13 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 13 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.6 seconds. Cleaning up request 4 ID 9 with timestamp +540 Cleaning up request 5 ID 10 with timestamp +540 Waking up in 0.1 seconds. Cleaning up request 6 ID 11 with timestamp +540 Cleaning up request 7 ID 12 with timestamp +540 Cleaning up request 8 ID 13 with timestamp +540 Cleaning up request 9 ID 14 with timestamp +540 Cleaning up request 10 ID 15 with timestamp +540 Cleaning up request 11 ID 16 with timestamp +540 Cleaning up request 12 ID 17 with timestamp +540 Waking up in 1.0 seconds. Cleaning up request 13 ID 18 with timestamp +540 Ready to process requests. Thank You Ryan Setiawan H -- DISCLAIMER: The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk. |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
