Hi Guys, Since freeradius2 has some major improvements I try to upgrade from 1.1.4. Unfortunately there are a few problems i encounter:
cause of some weird reason the server isn't sending back my LDAP replyItems back to the NAS along the Access-Accept packet. In short i want to authenticate using EAP/PEAP against the server, which itself checks against our LDAP Server. Additionally the server should also send back a specific replyItem stored in our LDAP. configuration looks like: authorize { preprocess eap { ok = return } ldap1 } authenticate { Auth-Type MS-CHAP { mschap } eap } in ldap.attrmap the following is configured: replyItem Airespace-Interface-Name radiusCallingStationId so LDAP-Attribute radiusCallingStationId should be transformed to an attribute called "Airespace-Interface-Name" and sent back to the NAS. As you can see in the following debug-output, at the beginning the server sends the attribute back as supposed, but for some weird reason in the access-accept packet the attribute isnt sent along. whats wrong here? Thanks in advance! debug-output: ------------------------------------------------ rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=237, length=182 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0202000d0173737065726c3232 Message-Authenticator = 0x1c08d8491b0ebb2a032ab1ebb8f7ee59 +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 2 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rlm_ldap: - authorize rlm_ldap: performing user authorization for testuser expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_)) expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.mydomain.com:389, authentication 0 rlm_ldap: bind as uid=service-user,ou=services,dc=mydomain,dc=ac,dc=at/passme to ldap.mydomain.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_)) rlm_ldap: Added User-Password = testpwd in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599" rlm_ldap: user testuser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap1] returns ok rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 237 to 10.110.101.4 port 32770 Airespace-Interface-Name = "599" EAP-Message = 0x0103001604104f56bcec8ceb0ba608af483ccb4111c9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b5046233b6000c0bb076d000b26f5e Finished request 0. Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=238, length=193 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020300060319 State = 0x33b5046233b6000c0bb076d000b26f5e Message-Authenticator = 0xae7227a437741cee122a96438eb2b8c6 +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rlm_ldap: - authorize rlm_ldap: performing user authorization for testuser expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_)) expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_)) rlm_ldap: Added User-Password = testpwd in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599" rlm_ldap: user testuser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap1] returns ok rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 238 to 10.110.101.4 port 32770 Airespace-Interface-Name = "599" EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b5046232b11d0c0bb076d000b26f5e Finished request 1. Going to the next request Waking up in 0.8 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=239, length=299 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0204007019800000006616030100610100005d030148aae3779ae468378b1a02b18a52c5e4aa225f2ea4fa778c7009ade24c04b71e209f4e050b6b3628bc21070999a9b287dd582f514b37e0dd5cdcf9544d19214cca001600040005000a000900640062000300060013001200630100 State = 0x33b5046232b11d0c0bb076d000b26f5e Message-Authenticator = 0x7fe6f515212a742a05072553d45829f1 +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 4 length 112 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 102 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085f], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 239 to 10.110.101.4 port 32770 EAP-Message = 0x0105040019c0000008bc160301004a02000046030148aae37d9c530e8b159ab7521d53d58b44eacaa5ead88c1de2ec18d5bacbf3bb20d8d13f1f14119a30919cd5b9769b22a4fbe7bb65902a16cae2bfa7003cd17cbc000400160301085f0b00085b00085800040c30820408308202f0a003020102020b0100000000010cfd027957300d06092a864886f70d0101050500305f310b300906035504061302424531133011060355040a130a4379626572747275737431173015060355040b130e456475636174696f6e616c20434131223020060355040313194379626572747275737420456475636174696f6e616c204341301e170d30363038313131 EAP-Message = 0x31333335335a170d3039303831313131333335335a3081b3310b3009060355040613024154310f300d060355040813065669656e6e61310f300d060355040713065669656e6e6131273025060355040a131e4d6564697a696e697363686520556e69766572736974616574205769656e310d300b060355040b130449545343312230200603550403131972616469757330312e6d6564756e697769656e2e61632e61743126302406092a864886f70d01090116177a6572746973406d6564756e697769656e2e61632e617430819f300d06092a864886f70d010101050003818d0030818902818100b218141a141f5ee1a7193e39ff21e19b635216e6ff EAP-Message = 0x8b3ecc95ee385b9427b118ce553f672b6574934621e236b74564094c57aa5c8e913277a712fc7234bcfc653f8a6998dde35022801e86aa4dcb6fe045e31f068ff4f65a4283093e064cca5c4a959a3d53f10365fc567a205e3df20e2c30f834d8c0ab28c07da4ec233b5a770203010001a381f33081f0300e0603551d0f0101ff0404030205a0301f0603551d230418301680146565a33dd73b11a30a072537c9424a5b767750e1301d0603551d0e041604145766eed4ad9de4c3622af482419e6f6d9a688bde303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e676c6f62616c7369676e2e6e65742f656475636174696f6e61 EAP-Message = 0x6c2e63726c304f06082b0601050507010104433041303f06082b060105050730028633687474703a2f2f7365637572652e676c6f62616c7369676e2e6e65742f6361636572742f656475636174696f6e616c2e637274301106096086480186f84201010404030206c0300d06092a864886f70d010105050003820101007d4d6f5c88760278e3d5c8d61704bf3366a7c4a3cb8b32796336751dfe3dafe1e433863f217aee63a3cafe34f44184282b62c6f5eac2de6c410ded98d2f72a2f108fb7780d5a3693da8b1e8169c9927ab649c5ae99cc1d66bac0bec02783f1ed34039783cd8039611bf0350f820dc2d00f4fc1975fe81ec1887d1731b6ebc9c3 EAP-Message = 0xd4b1a042429ceeafabf4d426 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b5046231b01d0c0bb076d000b26f5e Finished request 2. Going to the next request Waking up in 0.5 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=240, length=193 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020500061900 State = 0x33b5046231b01d0c0bb076d000b26f5e Message-Authenticator = 0x6ec4abd5178e006e61f2d81062fb224b +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 240 to 10.110.101.4 port 32770 EAP-Message = 0x010603fc194021684b7ee37f14ef584d748d3986b6838870b45c203c1281e3925d0e47db367cf132543d984f488f46fc6dadccaabe6c8386a64085b61289e343ec59a31bdddb2e79bf81621616cdfcbcaf49123ccdb267a1e167a65996d256a96c1220067a4c1571f5a6785a165dde13c1409d4d6e573063a46a00044630820442308203aba0030201020204040003fb300d06092a864886f70d01010505003075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a47 EAP-Message = 0x5445204379626572547275737420476c6f62616c20526f6f74301e170d3036303331343230333030305a170d3133303331343233353930305a305f310b300906035504061302424531133011060355040a130a4379626572747275737431173015060355040b130e456475636174696f6e616c20434131223020060355040313194379626572747275737420456475636174696f6e616c20434130820122300d06092a864886f70d01010105000382010f003082010a02820101009522a1101d4a46606e05919bdf83c2ed12b25a7cf8abe1f8505c282c7e7e003893b08b4af1c24c3c102c3cefb0eca1692fb9fccc08146b8d4f18f383d2faa9370820 EAP-Message = 0xaa5caa8060a2d5a52200cf5ae5b497dfba1ebe5c8e171966fdaf9f7c7b89b20e24d8c7ab63c495328d48e663597d04b833a8bdd75d64bc63b5f74d28fdf90672315cba459465a3d2b458ec3b615844a32f62b39b80b482fdd5c7cc5125e5953f472f307bacc8786ee2e16d27eb3dcc0182e835778dab58bb55d1d5a481568d1cd014b1b006dea09122f3f0a8341747c6e03ef60c5aac7e504bcde1696e06fc067e6a4db49599a0595c3566ecd949d417e060b05da5d71ae22a6e66f2af1d0203010001a382016f3082016b30450603551d1f043e303c303aa038a0368634687474703a2f2f7777772e7075626c69632d74727573742e636f6d2f636769 EAP-Message = 0x2d62696e2f43524c2f323031382f6364702e63726c301d0603551d0e041604146565a33dd73b11a30a072537c9424a5b767750e130530603551d20044c304a304806092b06010401b13e0100303b303906082b06010505070201162d687474703a2f2f7777772e7075626c69632d74727573742e636f6d2f4350532f4f6d6e69526f6f742e68746d6c3081890603551d23048181307fa179a4773075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379 EAP-Message = 0x6265725472757374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b5046230b31d0c0bb076d000b26f5e Finished request 3. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=241, length=193 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020600061900 State = 0x33b5046230b31d0c0bb076d000b26f5e Message-Authenticator = 0x6881af793ac72122f91ce70287a33857 +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 6 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 241 to 10.110.101.4 port 32770 EAP-Message = 0x010700d6190020476c6f62616c20526f6f74820201a5300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100300d06092a864886f70d01010505000381810043b345835471c41fdcb23c6b4ebf26f24ef2ad9a5bfa863788e8146c4118425fef653eeb0377a0b79e757a517cbb155bb8af91a0349253ed7f2a4984acb9804bb5c7b22322fbebd8fb6ec93cf3d2d1bbbec91cff6d01db69800e99a5ea9e7b97988fb7cf229cb3b85de5a9331774c697370fb4e926825f610b3f1e3d64e92b9b16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b5046237b21d0c0bb076d000b26f5e Finished request 4. Going to the next request Waking up in 0.1 seconds. Waking up in 0.1 seconds. Waking up in 0.3 seconds. Waking up in 0.1 seconds. Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=242, length=379 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020700c01980000000b61603010086100000820080759587d78c0703551ff978fe519c321fe329bccd9b7fad1efd212fe2cda2a265f46e323fe03bde8fa22c7c98049a912b4c55dbe8f24c0bfde5635d31455b532773d5e4fff79737566de5ed9216a2497fab58c9828e488099754db828e64ee445427f27ad4aad14e914298450bf18de6e2b1f82513154bfd35ff62b454e460f341403010001011603010020b296349dc8161aaa497406f4effff2fc353d108b10e272a0a03e95a9896b1a48 State = 0x33b5046237b21d0c0bb076d000b26f5e Message-Authenticator = 0xd5307429c8e98f0c4aa87fa9b091c71d +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 7 length 192 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 182 rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 242 to 10.110.101.4 port 32770 EAP-Message = 0x01080031190014030100010116030100204498dbf2c565163f7e6a26fa40eb8660016e26c757d062c77fcbf95bda412553 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b5046236bd1d0c0bb076d000b26f5e Finished request 5. Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=243, length=193 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020800061900 State = 0x33b5046236bd1d0c0bb076d000b26f5e Message-Authenticator = 0xf55e760a0cce74d7d22592a62623d0ee +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 8 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 243 to 10.110.101.4 port 32770 EAP-Message = 0x01090020190017030100151926618b8833d6c30ea7a122e304c84ade54456822 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b5046235bc1d0c0bb076d000b26f5e Finished request 6. Going to the next request Waking up in 0.8 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=244, length=223 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x0209002419001703010019180323a78f7b8135a6c953f187bdffca5fa6b06c8c67df7027 State = 0x33b5046235bc1d0c0bb076d000b26f5e Message-Authenticator = 0x9b1dec6840f0b3c3b2d74fed73c20f11 +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 9 length 36 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - testuser PEAP: Got tunneled identity of testuser PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to testuser +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 9 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rlm_ldap: - authorize rlm_ldap: performing user authorization for testuser expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_)) expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_)) rlm_ldap: Added User-Password = testpwd in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599" rlm_ldap: user testuser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap1] returns ok rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 244 to 10.110.101.4 port 32770 EAP-Message = 0x010a00391900170301002e5a2ea886360afe6df6b573e2443e91c54801f93fef698c7f055c07bb71659b50cae786d192f486e08e6171a3f194 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b5046234bf1d0c0bb076d000b26f5e Finished request 7. Going to the next request Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=245, length=277 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020a005a1900170301004ff3f3ffb30ade8e919779e051585950a06e2804f6701ef53ec010c6e9e9ab369e103c6eb784d0575bd6a06d7da2e44c2d0af174ba5741c599759522c130c3311fe02969c6e4d9b52dc0d6888ec199c7 State = 0x33b5046234bf1d0c0bb076d000b26f5e Message-Authenticator = 0xaabb7129311a55137500d443e6743e86 +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 10 length 90 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to testuser +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 10 length 67 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rlm_ldap: - authorize rlm_ldap: performing user authorization for testuser expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_)) expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_)) rlm_ldap: Added User-Password = testpwd in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599" rlm_ldap: user testuser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap1] returns ok rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 245 to 10.110.101.4 port 32770 EAP-Message = 0x010b004a1900170301003fb978ce95576c24b8c9c4ed486e94f68a05ce98749d9a5b454e45f6874163e0542fe11ba1c72ccf25ddf99cf584609da7b5def8fe14a02036064d577dc835c8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b504623bbe1d0c0bb076d000b26f5e Finished request 8. Going to the next request Waking up in 0.4 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=246, length=216 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020b001d190017030100128029c36ca067214c72016b581f2a833e6f76 State = 0x33b504623bbe1d0c0bb076d000b26f5e Message-Authenticator = 0x3dfe36504d966fcdd7abcfcd39772580 +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 11 length 29 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to testuser +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated rlm_ldap: - authorize rlm_ldap: performing user authorization for testuser expand: (|(uid=%u)(uid=%U)) -> (|(uid=testuser)(uid=_)) expand: dc=mydomain,dc=ac,dc=at -> dc=mydomain,dc=ac,dc=at rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=mydomain,dc=ac,dc=at, with filter (|(uid=testuser)(uid=_)) rlm_ldap: Added User-Password = testpwd in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Airespace-Interface-Name = "599" rlm_ldap: user testuser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap1] returns ok rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler ++[eap] returns ok Login OK: [testuser/<via Auth-Type = EAP>] (from client wism port 0) PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS ++[eap] returns handled Sending Access-Challenge of id 246 to 10.110.101.4 port 32770 EAP-Message = 0x010c00261900170301001b0b0e7060107185be702bb1b626fafe2809eaed7d3ce4e32dc4d269 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33b504623ab91d0c0bb076d000b26f5e Finished request 9. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 10.110.101.4 port 32770, id=247, length=225 User-Name = "testuser" Calling-Station-Id = "00-0E-35-AE-DB-DF" Called-Station-Id = "00-1A-30-2E-C9-60:wlan-test" NAS-Port = 29 NAS-IP-Address = 10.110.101.4 NAS-Identifier = "WiSM-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "995" EAP-Message = 0x020c00261900170301001bdeb9ab7c06db2649499c19ad9bce23935a0b22d50b8e76768c84fe State = 0x33b504623ab91d0c0bb076d000b26f5e Message-Authenticator = 0xec5e5f7d3cd9c702aaf2a92a72d0dd0d +- entering group authorize ++[preprocess] returns ok rlm_eap: EAP packet type response id 12 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Success rlm_eap: Freeing handler ++[eap] returns ok Login OK: [testuser/<via Auth-Type = EAP>] (from client wism port 29 cli 00-0E-35-AE-DB-DF) Sending Access-Accept of id 247 to 10.110.101.4 port 32770 MS-MPPE-Recv-Key = 0x86dbea1332577adf8f730aefa33ae6fb35895997395317210fd146031f39ee43 MS-MPPE-Send-Key = 0xb4be9f7f22a1911de9c1faf3ab43ab54bda9efa245a749ef7e3ab155979f268b EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 10. Going to the next request Waking up in 0.1 seconds. Waking up in 0.1 seconds. Waking up in 0.2 seconds. Waking up in 0.1 seconds. Waking up in 0.1 seconds. Waking up in 1.2 seconds. Cleaning up request 0 ID 237 with timestamp +34 Cleaning up request 1 ID 238 with timestamp +34 Waking up in 0.3 seconds. Cleaning up request 2 ID 239 with timestamp +34 Waking up in 0.1 seconds. Cleaning up request 3 ID 240 with timestamp +34 Waking up in 0.2 seconds. Cleaning up request 4 ID 241 with timestamp +35 Waking up in 0.9 seconds. Cleaning up request 5 ID 242 with timestamp +36 Waking up in 0.1 seconds. Cleaning up request 6 ID 243 with timestamp +36 Waking up in 0.1 seconds. Cleaning up request 7 ID 244 with timestamp +36 Waking up in 0.2 seconds. Cleaning up request 8 ID 245 with timestamp +36 Waking up in 0.1 seconds. Cleaning up request 9 ID 246 with timestamp +36 Waking up in 0.2 seconds. Cleaning up request 10 ID 247 with timestamp +36 Ready to process requests. -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html